syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a66, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xcc, 0x0, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x6c, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xee54}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5df970d6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5d859124}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x67db4e91}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8311}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x675b5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2ba2}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x40dee0d3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1f19}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4eaf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x543e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6af9}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x44, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async, rerun: 32)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 32)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000400), r2)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r3, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async, rerun: 64)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="73697430000099271ebd000400000000", @ANYRES32=0x0, @ANYBLOB="0008803f000000000000000440e100400067000040049078e000000264010100071393e0000001ac14141cffffffff64010101940a16e371135ecff346890f0ae0000001ffffffffac1e0101"]}) (async, rerun: 64)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000300)={0xffffffffffffffff, 0x2000, 0x8, r1}) (rerun: 64)

09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x100f, 0x0, 0x13, r0, 0x10000000)

[ 2645.524263][T22864] CPU: 1 PID: 22864 Comm: syz-executor.0 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2645.534332][T22864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2645.544227][T22864] Call Trace:
[ 2645.547350][T22864]  <TASK>
[ 2645.550126][T22864]  dump_stack_lvl+0x151/0x1b7
[ 2645.554643][T22864]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2645.559932][T22864]  ? uprobe_mmap+0x19c/0x11c0
[ 2645.564451][T22864]  dump_stack+0x15/0x17
[ 2645.568440][T22864]  should_fail+0x3c0/0x510
[ 2645.572695][T22864]  should_fail_usercopy+0x1a/0x20
[ 2645.577553][T22864]  _copy_to_user+0x20/0x90
[ 2645.581807][T22864]  simple_read_from_buffer+0xdd/0x160
[ 2645.587014][T22864]  proc_fail_nth_read+0x1af/0x220
[ 2645.591872][T22864]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 2645.597342][T22864]  ? security_file_permission+0x497/0x5f0
[ 2645.602906][T22864]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 2645.608366][T22864]  vfs_read+0x299/0xd80
[ 2645.612357][T22864]  ? userfaultfd_unmap_prep+0x4d0/0x4d0
[ 2645.617735][T22864]  ? kernel_read+0x1f0/0x1f0
[ 2645.622168][T22864]  ? __kasan_check_write+0x14/0x20
[ 2645.627105][T22864]  ? mutex_lock+0xb6/0x130
[ 2645.631357][T22864]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 2645.637782][T22864]  ? __fdget_pos+0x26d/0x310
[ 2645.642209][T22864]  ? ksys_read+0x77/0x2c0
[ 2645.646375][T22864]  ksys_read+0x198/0x2c0
[ 2645.650453][T22864]  ? __kasan_check_write+0x14/0x20
[ 2645.655400][T22864]  ? vfs_write+0x1050/0x1050
[ 2645.659825][T22864]  ? fput+0x1a/0x20
[ 2645.663472][T22864]  ? debug_smp_processor_id+0x17/0x20
[ 2645.668679][T22864]  __x64_sys_read+0x7b/0x90
[ 2645.673019][T22864]  do_syscall_64+0x44/0xd0
[ 2645.677270][T22864]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2645.683000][T22864] RIP: 0033:0x7f6b8535837c
[ 2645.687255][T22864] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2645.706703][T22864] RSP: 002b:00007f6b8411a160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2645.714939][T22864] RAX: ffffffffffffffda RBX: 00007f6b854c6f80 RCX: 00007f6b8535837c
09:48:15 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)

09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x80000, 0x0, 0x13, r0, 0x10000000)

09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x100000000000000, 0x2011, r0, 0x10000000)

[ 2645.722777][T22864] RDX: 000000000000000f RSI: 00007f6b8411a1e0 RDI: 0000000000000004
[ 2645.730560][T22864] RBP: 00007f6b8411a1d0 R08: 0000000000000000 R09: 0000000010000000
[ 2645.738371][T22864] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000001
[ 2645.746191][T22864] R13: 00007ffd22e5061f R14: 00007f6b8411a300 R15: 0000000000022000
[ 2645.753999][T22864]  </TASK>
[ 2645.767167][T22902] FAULT_INJECTION: forcing a failure.
09:48:15 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:15 executing program 1:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000240)={0xffffffffffffffff, 0x5, 0x8, r0}) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000080)={0x2, 0x7})
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r2 = pidfd_getfd(r0, r1, 0x0)
sendmsg$IPVS_CMD_DEL_DAEMON(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x70, 0x0, 0xe04, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x4d2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1f}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x5}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vxcan1\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000010}, 0x11) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000200)=0x14)

09:48:15 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a66, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async, rerun: 64)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xcc, 0x0, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x6c, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xee54}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5df970d6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5d859124}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x67db4e91}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8311}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x675b5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2ba2}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x40dee0d3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1f19}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4eaf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x543e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6af9}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x44, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x24004000}, 0x0) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000400), r2) (async)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r3, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async, rerun: 64)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="73697430000099271ebd000400000000", @ANYRES32=0x0, @ANYBLOB="0008803f000000000000000440e100400067000040049078e000000264010100071393e0000001ac14141cffffffff64010101940a16e371135ecff346890f0ae0000001ffffffffac1e0101"]})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000300)={0xffffffffffffffff, 0x2000, 0x8, r1})

[ 2645.767167][T22902] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2645.796524][T22902] CPU: 0 PID: 22902 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2645.806599][T22902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2645.816490][T22902] Call Trace:
[ 2645.819616][T22902]  <TASK>
[ 2645.822391][T22902]  dump_stack_lvl+0x151/0x1b7
09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1ffff000, 0x0, 0x13, r0, 0x10000000)

09:48:15 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1004, 0x0, 0x13, r0, 0x10000000)

[ 2645.826906][T22902]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2645.832201][T22902]  dump_stack+0x15/0x17
[ 2645.836193][T22902]  should_fail+0x3c0/0x510
[ 2645.840447][T22902]  should_fail_alloc_page+0x58/0x70
[ 2645.845488][T22902]  __alloc_pages+0x1de/0x7c0
[ 2645.849907][T22902]  ? __count_vm_events+0x30/0x30
[ 2645.854687][T22902]  ? __kasan_kmalloc+0x9/0x10
[ 2645.859193][T22902]  ? __kmalloc+0x203/0x350
[ 2645.863452][T22902]  ? __vmalloc_node_range+0x2e3/0x800
[ 2645.868660][T22902]  __vmalloc_node_range+0x48f/0x800
09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x7fffdf002000, 0x0, 0x13, r0, 0x10000000)

09:48:15 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="00012abd7000fcdbdf2505000000480002800800040003000000080008000200000006000e004e2200000800050069910e7f080003000400000014000100ff01000000000000000000000000000106000b000a000000"], 0x5c}, 0x1, 0x0, 0x0, 0x8506087774735c1b}, 0x4040)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x7ffffffff000, 0x0, 0x13, r0, 0x10000000)

[ 2645.873688][T22902]  dup_task_struct+0x61f/0xa60
[ 2645.878287][T22902]  ? copy_process+0x579/0x3250
[ 2645.882885][T22902]  ? __kasan_check_write+0x14/0x20
[ 2645.887834][T22902]  copy_process+0x579/0x3250
[ 2645.892261][T22902]  ? __kasan_check_write+0x14/0x20
[ 2645.897207][T22902]  ? proc_fail_nth_write+0x213/0x290
[ 2645.902337][T22902]  ? proc_fail_nth_read+0x220/0x220
[ 2645.907364][T22902]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2645.912313][T22902]  ? vfs_write+0x9af/0x1050
[ 2645.916650][T22902]  kernel_clone+0x22d/0x990
[ 2645.920988][T22902]  ? file_end_write+0x1b0/0x1b0
09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4, 0x13, r0, 0x10000000)

[ 2645.925672][T22902]  ? __kasan_check_write+0x14/0x20
[ 2645.930621][T22902]  ? create_io_thread+0x1e0/0x1e0
[ 2645.935482][T22902]  ? __mutex_lock_slowpath+0x10/0x10
[ 2645.940691][T22902]  __x64_sys_clone+0x289/0x310
[ 2645.945297][T22902]  ? __do_sys_vfork+0x130/0x130
[ 2645.949978][T22902]  ? debug_smp_processor_id+0x17/0x20
[ 2645.955184][T22902]  do_syscall_64+0x44/0xd0
[ 2645.959438][T22902]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2645.965162][T22902] RIP: 0033:0x7f5b7e88a639
[ 2645.969417][T22902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2645.988854][T22902] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2645.997203][T22902] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2646.005008][T22902] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2646.012821][T22902] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2646.020631][T22902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:15 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)

09:48:15 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="00012abd7000fcdbdf2505000000480002800800040003000000080008000200000006000e004e2200000800050069910e7f080003000400000014000100ff01000000000000000000000000000106000b000a000000"], 0x5c}, 0x1, 0x0, 0x0, 0x8506087774735c1b}, 0x4040)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x13, r0, 0x10000000)

09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x200000000000000, 0x2011, r0, 0x10000000)

09:48:15 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x100f, 0x0, 0x13, r0, 0x10000000)

09:48:15 executing program 3:
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000180)={<r0=>0x0, 0x100000001, 0x9, 0x1})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct, <r1=>0x0}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00f0e000000000000000b7d84a9411f07f3d50b5dced2fac849ce5de3e9db22828c4a5b0f00501cdbaf5b7350b201cd851ba3570780611fa5d60a21b544acaa3f089f7dc1441e61829baa6a1497ffa36634c9ddf1e41070712b4290e83fca4f003ff933f5df447eb220c2c002f9256caebf1c122f7b582a7a4671ec0014305127830d9f6f0b220d1f099f3a7513ac2896b5fe1a0f4c1b3f0c5cf6f85d422ef3d79c353957d"], 0x14}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000100)={0xffffffffffffffff, 0x8, 0xfffffffffffffffc, 0x1af})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000980)={<r3=>0x0, 0x4, 0x8000000000000001, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000d80)={0x0, 0x3, {0x7fffffff, @struct={0x9, 0xfff}, r0, 0x800, 0xb22, 0x4, 0x3, 0x8, 0x4, @usage=0x9, 0x2, 0x0, [0xf48, 0x8000, 0x9, 0x5, 0x1, 0x2]}, {0xc3, @struct={0x9}, r1, 0x3f, 0xc91f, 0xffffffffffffff89, 0x8, 0x3, 0x11, @usage=0xf4a, 0x5, 0x15, [0x10001, 0x46, 0x2800000000000000, 0x2, 0x8000000000000000, 0x7]}, {0x4, @usage=0x80, r3, 0x80000001, 0x80000000, 0x520, 0x4, 0x5, 0x40, @struct={0x7, 0x2}, 0x2, 0x7, [0x2838b20a, 0x6, 0x6, 0x6838892c, 0xfab4, 0x10000]}, {0x2, 0x3, 0x9}})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x6152, 0x80, 0x3, 0x39e}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x400000000000000, 0x2011, r0, 0x10000000)

09:48:15 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="00012abd7000fcdbdf2505000000480002800800040003000000080008000200000006000e004e2200000800050069910e7f080003000400000014000100ff01000000000000000000000000000106000b000a000000"], 0x5c}, 0x1, 0x0, 0x0, 0x8506087774735c1b}, 0x4040) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:15 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x80000, 0x0, 0x13, r0, 0x10000000)

09:48:15 executing program 3:
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000180)={<r0=>0x0, 0x100000001, 0x9, 0x1})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct, <r1=>0x0}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00f0e000000000000000b7d84a9411f07f3d50b5dced2fac849ce5de3e9db22828c4a5b0f00501cdbaf5b7350b201cd851ba3570780611fa5d60a21b544acaa3f089f7dc1441e61829baa6a1497ffa36634c9ddf1e41070712b4290e83fca4f003ff933f5df447eb220c2c002f9256caebf1c122f7b582a7a4671ec0014305127830d9f6f0b220d1f099f3a7513ac2896b5fe1a0f4c1b3f0c5cf6f85d422ef3d79c353957d"], 0x14}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000100)={0xffffffffffffffff, 0x8, 0xfffffffffffffffc, 0x1af})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000980)={<r3=>0x0, 0x4, 0x8000000000000001, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000d80)={0x0, 0x3, {0x7fffffff, @struct={0x9, 0xfff}, r0, 0x800, 0xb22, 0x4, 0x3, 0x8, 0x4, @usage=0x9, 0x2, 0x0, [0xf48, 0x8000, 0x9, 0x5, 0x1, 0x2]}, {0xc3, @struct={0x9}, r1, 0x3f, 0xc91f, 0xffffffffffffff89, 0x8, 0x3, 0x11, @usage=0xf4a, 0x5, 0x15, [0x10001, 0x46, 0x2800000000000000, 0x2, 0x8000000000000000, 0x7]}, {0x4, @usage=0x80, r3, 0x80000001, 0x80000000, 0x520, 0x4, 0x5, 0x40, @struct={0x7, 0x2}, 0x2, 0x7, [0x2838b20a, 0x6, 0x6, 0x6838892c, 0xfab4, 0x10000]}, {0x2, 0x3, 0x9}})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x6152, 0x80, 0x3, 0x39e}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000180)={0x0, 0x100000001, 0x9, 0x1}) (async)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct}}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00f0e000000000000000b7d84a9411f07f3d50b5dced2fac849ce5de3e9db22828c4a5b0f00501cdbaf5b7350b201cd851ba3570780611fa5d60a21b544acaa3f089f7dc1441e61829baa6a1497ffa36634c9ddf1e41070712b4290e83fca4f003ff933f5df447eb220c2c002f9256caebf1c122f7b582a7a4671ec0014305127830d9f6f0b220d1f099f3a7513ac2896b5fe1a0f4c1b3f0c5cf6f85d422ef3d79c353957d"], 0x14}}, 0x0) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000100)={0xffffffffffffffff, 0x8, 0xfffffffffffffffc, 0x1af}) (async)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000980)={0x0, 0x4, 0x8000000000000001, 0x1}) (async)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000d80)={0x0, 0x3, {0x7fffffff, @struct={0x9, 0xfff}, r0, 0x800, 0xb22, 0x4, 0x3, 0x8, 0x4, @usage=0x9, 0x2, 0x0, [0xf48, 0x8000, 0x9, 0x5, 0x1, 0x2]}, {0xc3, @struct={0x9}, r1, 0x3f, 0xc91f, 0xffffffffffffff89, 0x8, 0x3, 0x11, @usage=0xf4a, 0x5, 0x15, [0x10001, 0x46, 0x2800000000000000, 0x2, 0x8000000000000000, 0x7]}, {0x4, @usage=0x80, r3, 0x80000001, 0x80000000, 0x520, 0x4, 0x5, 0x40, @struct={0x7, 0x2}, 0x2, 0x7, [0x2838b20a, 0x6, 0x6, 0x6838892c, 0xfab4, 0x10000]}, {0x2, 0x3, 0x9}}) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x6152, 0x80, 0x3, 0x39e}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

[ 2646.028441][T22902] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2646.036267][T22902]  </TASK>
[ 2646.060820][T22958] FAULT_INJECTION: forcing a failure.
[ 2646.060820][T22958] name failslab, interval 1, probability 0, space 0, times 0
[ 2646.099653][T22958] CPU: 1 PID: 22958 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2646.109722][T22958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2646.119614][T22958] Call Trace:
[ 2646.122757][T22958]  <TASK>
[ 2646.125516][T22958]  dump_stack_lvl+0x151/0x1b7
[ 2646.130029][T22958]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2646.135328][T22958]  dump_stack+0x15/0x17
[ 2646.139316][T22958]  should_fail+0x3c0/0x510
[ 2646.143572][T22958]  __should_failslab+0x9f/0xe0
09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000002)

09:48:15 executing program 1:
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@dev, @in6=@mcast2}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000080)=0xe8)
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f00000003c0)=""/206)
syz_open_dev$usbfs(&(0x7f0000000340), 0x3, 0x100)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000004c0)={0x0, 0x0, 0xfffffff8, 0x402})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x801)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000300)={0x4, 0x1, 0x5000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

[ 2646.148175][T22958]  should_failslab+0x9/0x20
[ 2646.152508][T22958]  kmem_cache_alloc+0x4f/0x2f0
[ 2646.157117][T22958]  ? dup_mm+0x29/0x330
[ 2646.161017][T22958]  dup_mm+0x29/0x330
[ 2646.164746][T22958]  copy_mm+0x108/0x1b0
[ 2646.168666][T22958]  copy_process+0x1295/0x3250
[ 2646.173175][T22958]  ? proc_fail_nth_write+0x213/0x290
[ 2646.178294][T22958]  ? proc_fail_nth_read+0x220/0x220
[ 2646.183343][T22958]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2646.188265][T22958]  ? vfs_write+0x9af/0x1050
[ 2646.192615][T22958]  kernel_clone+0x22d/0x990
[ 2646.196940][T22958]  ? file_end_write+0x1b0/0x1b0
[ 2646.201628][T22958]  ? __kasan_check_write+0x14/0x20
[ 2646.206576][T22958]  ? create_io_thread+0x1e0/0x1e0
[ 2646.211435][T22958]  ? __mutex_lock_slowpath+0x10/0x10
[ 2646.216556][T22958]  __x64_sys_clone+0x289/0x310
[ 2646.221170][T22958]  ? __do_sys_vfork+0x130/0x130
[ 2646.225857][T22958]  ? debug_smp_processor_id+0x17/0x20
[ 2646.231051][T22958]  do_syscall_64+0x44/0xd0
[ 2646.235304][T22958]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2646.241030][T22958] RIP: 0033:0x7f5b7e88a639
[ 2646.245293][T22958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2646.264725][T22958] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2646.272970][T22958] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2646.280781][T22958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2646.288593][T22958] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:15 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)

09:48:15 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1ffff000, 0x0, 0x13, r0, 0x10000000)

09:48:15 executing program 1:
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@dev, @in6=@mcast2}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000080)=0xe8)
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f00000003c0)=""/206)
syz_open_dev$usbfs(&(0x7f0000000340), 0x3, 0x100)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000004c0)={0x0, 0x0, 0xfffffff8, 0x402})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x801)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000300)={0x4, 0x1, 0x5000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@dev, @in6=@mcast2}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000080)=0xe8) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) (async)
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f00000003c0)=""/206) (async)
syz_open_dev$usbfs(&(0x7f0000000340), 0x3, 0x100) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000004c0)={0x0, 0x0, 0xfffffff8, 0x402}) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x801) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000300)={0x4, 0x1, 0x5000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf, 0x13, r0, 0x10000000)

09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000004)

09:48:15 executing program 3:
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000180)={<r0=>0x0, 0x100000001, 0x9, 0x1})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct, <r1=>0x0}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00f0e000000000000000b7d84a9411f07f3d50b5dced2fac849ce5de3e9db22828c4a5b0f00501cdbaf5b7350b201cd851ba3570780611fa5d60a21b544acaa3f089f7dc1441e61829baa6a1497ffa36634c9ddf1e41070712b4290e83fca4f003ff933f5df447eb220c2c002f9256caebf1c122f7b582a7a4671ec0014305127830d9f6f0b220d1f099f3a7513ac2896b5fe1a0f4c1b3f0c5cf6f85d422ef3d79c353957d"], 0x14}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000100)={0xffffffffffffffff, 0x8, 0xfffffffffffffffc, 0x1af})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000980)={<r3=>0x0, 0x4, 0x8000000000000001, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000d80)={0x0, 0x3, {0x7fffffff, @struct={0x9, 0xfff}, r0, 0x800, 0xb22, 0x4, 0x3, 0x8, 0x4, @usage=0x9, 0x2, 0x0, [0xf48, 0x8000, 0x9, 0x5, 0x1, 0x2]}, {0xc3, @struct={0x9}, r1, 0x3f, 0xc91f, 0xffffffffffffff89, 0x8, 0x3, 0x11, @usage=0xf4a, 0x5, 0x15, [0x10001, 0x46, 0x2800000000000000, 0x2, 0x8000000000000000, 0x7]}, {0x4, @usage=0x80, r3, 0x80000001, 0x80000000, 0x520, 0x4, 0x5, 0x40, @struct={0x7, 0x2}, 0x2, 0x7, [0x2838b20a, 0x6, 0x6, 0x6838892c, 0xfab4, 0x10000]}, {0x2, 0x3, 0x9}})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x6152, 0x80, 0x3, 0x39e}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000180)={0x0, 0x100000001, 0x9, 0x1}) (async)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct}}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00f0e000000000000000b7d84a9411f07f3d50b5dced2fac849ce5de3e9db22828c4a5b0f00501cdbaf5b7350b201cd851ba3570780611fa5d60a21b544acaa3f089f7dc1441e61829baa6a1497ffa36634c9ddf1e41070712b4290e83fca4f003ff933f5df447eb220c2c002f9256caebf1c122f7b582a7a4671ec0014305127830d9f6f0b220d1f099f3a7513ac2896b5fe1a0f4c1b3f0c5cf6f85d422ef3d79c353957d"], 0x14}}, 0x0) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000100)={0xffffffffffffffff, 0x8, 0xfffffffffffffffc, 0x1af}) (async)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000980)={0x0, 0x4, 0x8000000000000001, 0x1}) (async)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000d80)={0x0, 0x3, {0x7fffffff, @struct={0x9, 0xfff}, r0, 0x800, 0xb22, 0x4, 0x3, 0x8, 0x4, @usage=0x9, 0x2, 0x0, [0xf48, 0x8000, 0x9, 0x5, 0x1, 0x2]}, {0xc3, @struct={0x9}, r1, 0x3f, 0xc91f, 0xffffffffffffff89, 0x8, 0x3, 0x11, @usage=0xf4a, 0x5, 0x15, [0x10001, 0x46, 0x2800000000000000, 0x2, 0x8000000000000000, 0x7]}, {0x4, @usage=0x80, r3, 0x80000001, 0x80000000, 0x520, 0x4, 0x5, 0x40, @struct={0x7, 0x2}, 0x2, 0x7, [0x2838b20a, 0x6, 0x6, 0x6838892c, 0xfab4, 0x10000]}, {0x2, 0x3, 0x9}}) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x6152, 0x80, 0x3, 0x39e}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

[ 2646.296404][T22958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2646.304215][T22958] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2646.312030][T22958]  </TASK>
09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000060)

[ 2646.347175][T23000] FAULT_INJECTION: forcing a failure.
[ 2646.347175][T23000] name failslab, interval 1, probability 0, space 0, times 0
[ 2646.359940][T23000] CPU: 0 PID: 23000 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2646.369996][T23000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2646.379907][T23000] Call Trace:
[ 2646.383030][T23000]  <TASK>
[ 2646.385789][T23000]  dump_stack_lvl+0x151/0x1b7
[ 2646.390318][T23000]  ? bfq_pos_tree_add_move+0x43e/0x43e
09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10006000)

09:48:15 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10, 0x13, r0, 0x10000000)

09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1838, &(0x7f0000000000)={0x0, 0xfffffffc, 0x200, 0x0, 0x40}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x3c1840, 0x0)

09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1838, &(0x7f0000000000)={0x0, 0xfffffffc, 0x200, 0x0, 0x40}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x3c1840, 0x0)

09:48:15 executing program 5:
r0 = syz_io_uring_setup(0x1838, &(0x7f0000000000)={0x0, 0xfffffffc, 0x200, 0x0, 0x40}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x3c1840, 0x0)

[ 2646.395599][T23000]  dump_stack+0x15/0x17
[ 2646.399589][T23000]  should_fail+0x3c0/0x510
[ 2646.403844][T23000]  ? mm_init+0x392/0x960
[ 2646.407921][T23000]  __should_failslab+0x9f/0xe0
[ 2646.412521][T23000]  should_failslab+0x9/0x20
[ 2646.416861][T23000]  kmem_cache_alloc_trace+0x4a/0x310
[ 2646.421984][T23000]  mm_init+0x392/0x960
[ 2646.425890][T23000]  dup_mm+0x7d/0x330
[ 2646.429621][T23000]  copy_mm+0x108/0x1b0
[ 2646.433523][T23000]  copy_process+0x1295/0x3250
[ 2646.438033][T23000]  ? proc_fail_nth_write+0x213/0x290
[ 2646.443154][T23000]  ? proc_fail_nth_read+0x220/0x220
[ 2646.448190][T23000]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2646.453162][T23000]  ? vfs_write+0x9af/0x1050
[ 2646.457476][T23000]  kernel_clone+0x22d/0x990
[ 2646.461816][T23000]  ? file_end_write+0x1b0/0x1b0
[ 2646.466511][T23000]  ? __kasan_check_write+0x14/0x20
[ 2646.471450][T23000]  ? create_io_thread+0x1e0/0x1e0
[ 2646.476311][T23000]  ? __mutex_lock_slowpath+0x10/0x10
[ 2646.481430][T23000]  __x64_sys_clone+0x289/0x310
[ 2646.486029][T23000]  ? __do_sys_vfork+0x130/0x130
[ 2646.490716][T23000]  ? debug_smp_processor_id+0x17/0x20
[ 2646.495925][T23000]  do_syscall_64+0x44/0xd0
[ 2646.500197][T23000]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2646.505904][T23000] RIP: 0033:0x7f5b7e88a639
[ 2646.510157][T23000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2646.529601][T23000] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2646.537938][T23000] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:16 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)

09:48:16 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x60, 0x13, r0, 0x10000000)

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)={'team0', 0x32, 0x31}, 0x8)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000002, 0x110, r1, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x40010, r0, 0x10000000)

09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x7fffdf002000, 0x0, 0x13, r0, 0x10000000)

09:48:16 executing program 1:
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@dev, @in6=@mcast2}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000080)=0xe8)
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f00000003c0)=""/206) (async)
syz_open_dev$usbfs(&(0x7f0000000340), 0x3, 0x100) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 64)
ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000004c0)={0x0, 0x0, 0xfffffff8, 0x402}) (async, rerun: 64)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x801)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000300)={0x4, 0x1, 0x5000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:16 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x1, 0x100000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})

[ 2646.545741][T23000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2646.553556][T23000] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2646.561362][T23000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2646.569179][T23000] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2646.576993][T23000]  </TASK>
09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)={'team0', 0x32, 0x31}, 0x8)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000002, 0x110, r1, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x40010, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)={'team0', 0x32, 0x31}, 0x8) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000002, 0x110, r1, 0x10000000) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x40010, r0, 0x10000000) (async)

[ 2646.599370][T23052] FAULT_INJECTION: forcing a failure.
[ 2646.599370][T23052] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2646.613201][T23052] CPU: 0 PID: 23052 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2646.623266][T23052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2646.633159][T23052] Call Trace:
[ 2646.636284][T23052]  <TASK>
[ 2646.639059][T23052]  dump_stack_lvl+0x151/0x1b7
[ 2646.643574][T23052]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2646.648868][T23052]  dump_stack+0x15/0x17
[ 2646.652860][T23052]  should_fail+0x3c0/0x510
[ 2646.657126][T23052]  should_fail_alloc_page+0x58/0x70
[ 2646.662149][T23052]  __alloc_pages+0x1de/0x7c0
[ 2646.666574][T23052]  ? __count_vm_events+0x30/0x30
[ 2646.671347][T23052]  ? __kasan_kmalloc+0x9/0x10
[ 2646.675862][T23052]  ? __kmalloc+0x203/0x350
[ 2646.680113][T23052]  ? __vmalloc_node_range+0x2e3/0x800
[ 2646.685324][T23052]  __vmalloc_node_range+0x48f/0x800
[ 2646.690357][T23052]  dup_task_struct+0x61f/0xa60
[ 2646.694954][T23052]  ? copy_process+0x579/0x3250
09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140)={'team0', 0x32, 0x31}, 0x8) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000002, 0x110, r1, 0x10000000) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x40010, r0, 0x10000000)

09:48:16 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf0, 0x13, r0, 0x10000000)

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x185c40, 0x0)
r3 = open_tree(r2, &(0x7f0000000040)='./file1\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
socketpair(0x18, 0x1, 0x200, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000240)={0x3, 0x3, 0xa3, 0x0, 0x9c, 0x3, 0x9}, 0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r5, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00000000816988e100000000000001000000"], 0x14}}, 0x0)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000280))
fsetxattr$security_selinux(r3, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_io_uring_setup(0x71f2, &(0x7f0000000100)={0x0, 0x2088, 0x800, 0x3, 0x2d7, 0x0, r3}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:16 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf00, 0x13, r0, 0x10000000)

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x185c40, 0x0)
r3 = open_tree(r2, &(0x7f0000000040)='./file1\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
socketpair(0x18, 0x1, 0x200, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000240)={0x3, 0x3, 0xa3, 0x0, 0x9c, 0x3, 0x9}, 0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r5, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00000000816988e100000000000001000000"], 0x14}}, 0x0) (async)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000280))
fsetxattr$security_selinux(r3, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_io_uring_setup(0x71f2, &(0x7f0000000100)={0x0, 0x2088, 0x800, 0x3, 0x2d7, 0x0, r3}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2646.699554][T23052]  ? __kasan_check_write+0x14/0x20
[ 2646.704502][T23052]  copy_process+0x579/0x3250
[ 2646.708928][T23052]  ? __kasan_check_write+0x14/0x20
[ 2646.713873][T23052]  ? proc_fail_nth_write+0x213/0x290
[ 2646.718994][T23052]  ? proc_fail_nth_read+0x220/0x220
[ 2646.724032][T23052]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2646.728971][T23052]  ? vfs_write+0x9af/0x1050
[ 2646.733311][T23052]  kernel_clone+0x22d/0x990
[ 2646.737649][T23052]  ? file_end_write+0x1b0/0x1b0
[ 2646.742336][T23052]  ? __kasan_check_write+0x14/0x20
[ 2646.747283][T23052]  ? create_io_thread+0x1e0/0x1e0
[ 2646.752144][T23052]  ? __mutex_lock_slowpath+0x10/0x10
[ 2646.757267][T23052]  __x64_sys_clone+0x289/0x310
[ 2646.761866][T23052]  ? __do_sys_vfork+0x130/0x130
[ 2646.766552][T23052]  ? debug_smp_processor_id+0x17/0x20
[ 2646.771765][T23052]  do_syscall_64+0x44/0xd0
[ 2646.776013][T23052]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2646.781744][T23052] RIP: 0033:0x7f5b7e88a639
[ 2646.785995][T23052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2646.805434][T23052] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2646.813683][T23052] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2646.821490][T23052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2646.829304][T23052] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2646.837113][T23052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:16 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x185c40, 0x0)
r3 = open_tree(r2, &(0x7f0000000040)='./file1\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
socketpair(0x18, 0x1, 0x200, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000240)={0x3, 0x3, 0xa3, 0x0, 0x9c, 0x3, 0x9}, 0xc) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r5, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00000000816988e100000000000001000000"], 0x14}}, 0x0)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000280)) (async)
fsetxattr$security_selinux(r3, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_io_uring_setup(0x71f2, &(0x7f0000000100)={0x0, 0x2088, 0x800, 0x3, 0x2d7, 0x0, r3}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:16 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000, 0x13, r0, 0x10000000)

09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x7ffffffff000, 0x0, 0x13, r0, 0x10000000)

09:48:16 executing program 1:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0)
add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="7e874d997ca3c7448c4ca7e5f91204778a792b763a3929c1bb600ba43ab48bbd1943a3abb2a19ae43141844e578a956e1731450b5e35c0c44849d2b6036c47689f26d4a15ba1d2478603266279f22235bf90c3a5ad9242c1d2948fe9bde79e924ea2b24bfcbca360b8e4117aba431ea604860f892bc97ca8ca8e9ac2d594966586cf5ee3703e2cfda1005943441f6f1f7a432d7c12640e9e817b0ee7723dcd9b7f8fc3d2173ba3011187b7bf192cd0f4cc9c9773b174166b614009949befb17d1b0e62693bf3eb7cd8541fd43752aaa783c7a97002f44f5f9d1d139d62", 0xdd, r0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:16 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x1, 0x100000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})

[ 2646.844928][T23052] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2646.852758][T23052]  </TASK>
09:48:16 executing program 1:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='.request_key_auth\x00', 0x0) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0) (async)
add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="7e874d997ca3c7448c4ca7e5f91204778a792b763a3929c1bb600ba43ab48bbd1943a3abb2a19ae43141844e578a956e1731450b5e35c0c44849d2b6036c47689f26d4a15ba1d2478603266279f22235bf90c3a5ad9242c1d2948fe9bde79e924ea2b24bfcbca360b8e4117aba431ea604860f892bc97ca8ca8e9ac2d594966586cf5ee3703e2cfda1005943441f6f1f7a432d7c12640e9e817b0ee7723dcd9b7f8fc3d2173ba3011187b7bf192cd0f4cc9c9773b174166b614009949befb17d1b0e62693bf3eb7cd8541fd43752aaa783c7a97002f44f5f9d1d139d62", 0xdd, r0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xb33a}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:16 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async, rerun: 64)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async, rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x1, 0x100000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})

09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4, 0x13, r0, 0x10000000)

[ 2646.879505][T23113] FAULT_INJECTION: forcing a failure.
[ 2646.879505][T23113] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2646.900329][T23113] CPU: 0 PID: 23113 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2646.910389][T23113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2646.920294][T23113] Call Trace:
[ 2646.923408][T23113]  <TASK>
09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x13, r0, 0x10000000)

09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf, 0x13, r0, 0x10000000)

[ 2646.926191][T23113]  dump_stack_lvl+0x151/0x1b7
[ 2646.930707][T23113]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2646.936002][T23113]  dump_stack+0x15/0x17
[ 2646.939985][T23113]  should_fail+0x3c0/0x510
[ 2646.944246][T23113]  should_fail_alloc_page+0x58/0x70
[ 2646.949279][T23113]  __alloc_pages+0x1de/0x7c0
[ 2646.953699][T23113]  ? __count_vm_events+0x30/0x30
[ 2646.958481][T23113]  ? __kasan_kmalloc+0x9/0x10
[ 2646.962984][T23113]  ? __kmalloc+0x203/0x350
[ 2646.967238][T23113]  ? __vmalloc_node_range+0x2e3/0x800
[ 2646.972450][T23113]  __vmalloc_node_range+0x48f/0x800
[ 2646.977481][T23113]  dup_task_struct+0x61f/0xa60
[ 2646.982081][T23113]  ? copy_process+0x579/0x3250
[ 2646.986679][T23113]  ? __kasan_check_write+0x14/0x20
[ 2646.991630][T23113]  copy_process+0x579/0x3250
[ 2646.996056][T23113]  ? __kasan_check_write+0x14/0x20
[ 2647.001005][T23113]  ? proc_fail_nth_write+0x213/0x290
[ 2647.006118][T23113]  ? proc_fail_nth_read+0x220/0x220
[ 2647.011149][T23113]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2647.016098][T23113]  ? vfs_write+0x9af/0x1050
[ 2647.020436][T23113]  kernel_clone+0x22d/0x990
[ 2647.024776][T23113]  ? file_end_write+0x1b0/0x1b0
[ 2647.029462][T23113]  ? __kasan_check_write+0x14/0x20
[ 2647.034410][T23113]  ? create_io_thread+0x1e0/0x1e0
[ 2647.039272][T23113]  ? __mutex_lock_slowpath+0x10/0x10
[ 2647.044391][T23113]  __x64_sys_clone+0x289/0x310
[ 2647.049000][T23113]  ? __do_sys_vfork+0x130/0x130
[ 2647.053677][T23113]  ? debug_smp_processor_id+0x17/0x20
[ 2647.058884][T23113]  do_syscall_64+0x44/0xd0
[ 2647.063142][T23113]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2647.068871][T23113] RIP: 0033:0x7f5b7e88a639
[ 2647.073121][T23113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2647.092560][T23113] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2647.100808][T23113] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2647.108616][T23113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2647.116426][T23113] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:16 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)

09:48:16 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10, 0x13, r0, 0x10000000)

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xb33a}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:16 executing program 1:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0)
add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="7e874d997ca3c7448c4ca7e5f91204778a792b763a3929c1bb600ba43ab48bbd1943a3abb2a19ae43141844e578a956e1731450b5e35c0c44849d2b6036c47689f26d4a15ba1d2478603266279f22235bf90c3a5ad9242c1d2948fe9bde79e924ea2b24bfcbca360b8e4117aba431ea604860f892bc97ca8ca8e9ac2d594966586cf5ee3703e2cfda1005943441f6f1f7a432d7c12640e9e817b0ee7723dcd9b7f8fc3d2173ba3011187b7bf192cd0f4cc9c9773b174166b614009949befb17d1b0e62693bf3eb7cd8541fd43752aaa783c7a97002f44f5f9d1d139d62", 0xdd, r0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='.request_key_auth\x00', 0x0) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0) (async)
add_key$user(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="7e874d997ca3c7448c4ca7e5f91204778a792b763a3929c1bb600ba43ab48bbd1943a3abb2a19ae43141844e578a956e1731450b5e35c0c44849d2b6036c47689f26d4a15ba1d2478603266279f22235bf90c3a5ad9242c1d2948fe9bde79e924ea2b24bfcbca360b8e4117aba431ea604860f892bc97ca8ca8e9ac2d594966586cf5ee3703e2cfda1005943441f6f1f7a432d7c12640e9e817b0ee7723dcd9b7f8fc3d2173ba3011187b7bf192cd0f4cc9c9773b174166b614009949befb17d1b0e62693bf3eb7cd8541fd43752aaa783c7a97002f44f5f9d1d139d62", 0xdd, r0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:16 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000, 0x13, r0, 0x10000000)

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xb33a}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:16 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x60, 0x13, r0, 0x10000000)

[ 2647.124257][T23113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2647.132051][T23113] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2647.139863][T23113]  </TASK>
09:48:16 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:16 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x40, 0x0, 0xfffffffc, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r2, 0x10000000)

09:48:16 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x40, 0x0, 0xfffffffc, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r2, 0x10000000)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x40, 0x0, 0xfffffffc, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r2, 0x10000000) (async)

[ 2647.198425][T23167] FAULT_INJECTION: forcing a failure.
[ 2647.198425][T23167] name failslab, interval 1, probability 0, space 0, times 0
[ 2647.224335][T23167] CPU: 1 PID: 23167 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2647.234398][T23167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2647.244286][T23167] Call Trace:
[ 2647.247522][T23167]  <TASK>
[ 2647.250299][T23167]  dump_stack_lvl+0x151/0x1b7
[ 2647.254814][T23167]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2647.260125][T23167]  dump_stack+0x15/0x17
[ 2647.264100][T23167]  should_fail+0x3c0/0x510
[ 2647.268373][T23167]  __should_failslab+0x9f/0xe0
[ 2647.272953][T23167]  should_failslab+0x9/0x20
[ 2647.277296][T23167]  kmem_cache_alloc+0x4f/0x2f0
[ 2647.281891][T23167]  ? vm_area_dup+0x26/0x1d0
[ 2647.286234][T23167]  vm_area_dup+0x26/0x1d0
[ 2647.290397][T23167]  dup_mmap+0x6b8/0xea0
[ 2647.294389][T23167]  ? __delayed_free_task+0x20/0x20
[ 2647.299339][T23167]  ? mm_init+0x807/0x960
[ 2647.303424][T23167]  dup_mm+0x91/0x330
[ 2647.307148][T23167]  copy_mm+0x108/0x1b0
[ 2647.311054][T23167]  copy_process+0x1295/0x3250
[ 2647.315578][T23167]  ? proc_fail_nth_write+0x213/0x290
[ 2647.320686][T23167]  ? proc_fail_nth_read+0x220/0x220
[ 2647.325722][T23167]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2647.330683][T23167]  ? vfs_write+0x9af/0x1050
[ 2647.335031][T23167]  kernel_clone+0x22d/0x990
[ 2647.339354][T23167]  ? file_end_write+0x1b0/0x1b0
[ 2647.344033][T23167]  ? __kasan_check_write+0x14/0x20
[ 2647.348981][T23167]  ? create_io_thread+0x1e0/0x1e0
[ 2647.353848][T23167]  ? __mutex_lock_slowpath+0x10/0x10
[ 2647.358962][T23167]  __x64_sys_clone+0x289/0x310
[ 2647.363560][T23167]  ? __do_sys_vfork+0x130/0x130
[ 2647.368261][T23167]  ? debug_smp_processor_id+0x17/0x20
[ 2647.373458][T23167]  do_syscall_64+0x44/0xd0
[ 2647.377708][T23167]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2647.383436][T23167] RIP: 0033:0x7f5b7e88a639
[ 2647.387690][T23167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2647.407131][T23167] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2647.415374][T23167] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2647.423186][T23167] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2647.430997][T23167] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2647.438810][T23167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:16 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)

09:48:16 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:16 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x6000, 0x13, r0, 0x10000000)

09:48:16 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf0, 0x13, r0, 0x10000000)

09:48:16 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x40, 0x0, 0xfffffffc, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r2, 0x10000000)

09:48:16 executing program 3:
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280), 0xffffffffffffffff)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
getuid()
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x400, 0x1}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000180))
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40080, 0x4)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000100)={0x0, 0x400})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0x1})

09:48:16 executing program 3:
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280), 0xffffffffffffffff)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
getuid()
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x400, 0x1}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000180))
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40080, 0x4)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000100)={0x0, 0x400})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0x1})
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
getuid() (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x400, 0x1}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000180)) (async)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40080, 0x4) (async)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x0) (async)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000100)={0x0, 0x400}) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4}) (async)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0x1}) (async)

09:48:16 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000180))

[ 2647.446620][T23167] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2647.454438][T23167]  </TASK>
09:48:17 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_complete(0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:17 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000180))
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000180)) (async)

09:48:17 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80000, 0x13, r0, 0x10000000)

[ 2647.489965][T23196] FAULT_INJECTION: forcing a failure.
[ 2647.489965][T23196] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2647.513942][T23196] CPU: 1 PID: 23196 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2647.524009][T23196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2647.533897][T23196] Call Trace:
[ 2647.537026][T23196]  <TASK>
09:48:17 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf00, 0x13, r0, 0x10000000)

09:48:17 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000180))

[ 2647.539808][T23196]  dump_stack_lvl+0x151/0x1b7
[ 2647.544313][T23196]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2647.549605][T23196]  ? _raw_spin_lock+0xa3/0x1b0
[ 2647.554210][T23196]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2647.559415][T23196]  ? pagerange_is_ram_callback+0xeb/0x140
[ 2647.564971][T23196]  dump_stack+0x15/0x17
[ 2647.568962][T23196]  should_fail+0x3c0/0x510
[ 2647.573214][T23196]  should_fail_alloc_page+0x58/0x70
[ 2647.578250][T23196]  __alloc_pages+0x1de/0x7c0
[ 2647.582676][T23196]  ? track_pfn_copy+0x280/0x280
[ 2647.587360][T23196]  ? __count_vm_events+0x30/0x30
[ 2647.592137][T23196]  ? __stack_depot_save+0x34/0x4b0
[ 2647.597087][T23196]  get_zeroed_page+0x19/0x40
[ 2647.601510][T23196]  __pud_alloc+0x8b/0x260
[ 2647.605675][T23196]  ? kernel_clone+0x22d/0x990
[ 2647.610187][T23196]  ? __x64_sys_clone+0x289/0x310
[ 2647.614960][T23196]  ? do_syscall_64+0x44/0xd0
[ 2647.619386][T23196]  ? do_handle_mm_fault+0x2370/0x2370
[ 2647.624596][T23196]  copy_page_range+0xd9e/0x1090
[ 2647.629293][T23196]  ? pfn_valid+0x1e0/0x1e0
[ 2647.633544][T23196]  dup_mmap+0x99f/0xea0
[ 2647.637528][T23196]  ? __delayed_free_task+0x20/0x20
[ 2647.642476][T23196]  ? mm_init+0x807/0x960
[ 2647.646562][T23196]  dup_mm+0x91/0x330
[ 2647.650286][T23196]  copy_mm+0x108/0x1b0
[ 2647.654198][T23196]  copy_process+0x1295/0x3250
[ 2647.658701][T23196]  ? proc_fail_nth_write+0x213/0x290
[ 2647.663822][T23196]  ? proc_fail_nth_read+0x220/0x220
[ 2647.668855][T23196]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2647.673804][T23196]  ? vfs_write+0x9af/0x1050
[ 2647.678147][T23196]  kernel_clone+0x22d/0x990
[ 2647.682481][T23196]  ? file_end_write+0x1b0/0x1b0
[ 2647.687167][T23196]  ? __kasan_check_write+0x14/0x20
[ 2647.692124][T23196]  ? create_io_thread+0x1e0/0x1e0
[ 2647.696975][T23196]  ? __mutex_lock_slowpath+0x10/0x10
[ 2647.702098][T23196]  __x64_sys_clone+0x289/0x310
[ 2647.706694][T23196]  ? __do_sys_vfork+0x130/0x130
[ 2647.711395][T23196]  ? debug_smp_processor_id+0x17/0x20
[ 2647.716594][T23196]  do_syscall_64+0x44/0xd0
[ 2647.720842][T23196]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2647.726613][T23196] RIP: 0033:0x7f5b7e88a639
[ 2647.730822][T23196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2647.750264][T23196] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2647.758510][T23196] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2647.766317][T23196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2647.774129][T23196] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2647.781941][T23196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2647.789754][T23196] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2647.797566][T23196]  </TASK>
[ 2647.803061][T23196] ------------[ cut here ]------------
[ 2647.808394][T23196] WARNING: CPU: 0 PID: 23196 at arch/x86/mm/pat/memtype.c:1099 untrack_pfn+0x1b0/0x450
[ 2647.817783][T23196] Modules linked in:
[ 2647.821769][T23196] CPU: 0 PID: 23196 Comm: syz-executor.2 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2647.832149][T23196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2647.842093][T23196] RIP: 0010:untrack_pfn+0x1b0/0x450
[ 2647.847097][T23196] Code: 8c 24 a0 00 00 00 4c 8d 84 24 80 00 00 00 e8 d7 cc 70 00 49 89 df 89 c3 31 ff 89 c6 e8 39 02 39 00 85 db 74 1d e8 c0 fd 38 00 <0f> 0b e9 e5 01 00 00 e8 b4 fd 38 00 49 be 00 00 00 00 00 fc ff df
[ 2647.866578][T23196] RSP: 0018:ffffc9000a16f680 EFLAGS: 00010287
[ 2647.872452][T23196] RAX: ffffffff813893d0 RBX: 00000000ffffffea RCX: 0000000000040000
[ 2647.880279][T23196] RDX: ffffc900029f8000 RSI: 000000000000f169 RDI: 000000000000f16a
[ 2647.888044][T23196] RBP: ffffc9000a16f790 R08: ffffffff813893c7 R09: ffffc9000a16f600
[ 2647.895879][T23196] R10: ffffed1021b65d1b R11: 1ffff11021b65d1a R12: 1ffff1102d042e94
[ 2647.903703][T23196] R13: 1ffff9200142ded8 R14: dffffc0000000000 R15: ffff8881682174a0
[ 2647.911535][T23196] FS:  00007f5b7d5fe700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 2647.920379][T23196] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2647.926780][T23196] CR2: 000000c00192b000 CR3: 0000000164b95000 CR4: 00000000003506b0
[ 2647.934701][T23196] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2647.942487][T23196] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2647.950301][T23196] Call Trace:
[ 2647.953320][T23196]  <TASK>
[ 2647.956098][T23196]  ? track_pfn_insert+0x3e0/0x3e0
[ 2647.961155][T23196]  ? uprobe_munmap+0x18c/0x450
[ 2647.965736][T23196]  unmap_vmas+0x3fe/0x590
[ 2647.970024][T23196]  ? unmap_page_range+0x950/0x950
[ 2647.974763][T23196]  ? tlb_gather_mmu_fullmm+0x160/0x210
[ 2647.980132][T23196]  exit_mmap+0x457/0x7a0
[ 2647.984193][T23196]  ? exit_aio+0x270/0x3b0
[ 2647.988397][T23196]  ? vm_brk+0x30/0x30
[ 2647.992121][T23196]  ? mutex_unlock+0xa2/0x110
[ 2647.996553][T23196]  ? uprobe_clear_state+0x2c2/0x320
[ 2648.001719][T23196]  __mmput+0x95/0x300
[ 2648.005499][T23196]  dup_mm+0x300/0x330
[ 2648.009427][T23196]  copy_mm+0x108/0x1b0
[ 2648.013225][T23196]  copy_process+0x1295/0x3250
[ 2648.017742][T23196]  ? proc_fail_nth_write+0x213/0x290
[ 2648.023028][T23196]  ? proc_fail_nth_read+0x220/0x220
[ 2648.028025][T23196]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2648.033081][T23196]  ? vfs_write+0x9af/0x1050
[ 2648.037310][T23196]  kernel_clone+0x22d/0x990
[ 2648.041758][T23196]  ? file_end_write+0x1b0/0x1b0
[ 2648.046345][T23196]  ? __kasan_check_write+0x14/0x20
[ 2648.051388][T23196]  ? create_io_thread+0x1e0/0x1e0
[ 2648.056161][T23196]  ? __mutex_lock_slowpath+0x10/0x10
[ 2648.061352][T23196]  __x64_sys_clone+0x289/0x310
[ 2648.065864][T23196]  ? __do_sys_vfork+0x130/0x130
[ 2648.070662][T23196]  ? debug_smp_processor_id+0x17/0x20
[ 2648.075758][T23196]  do_syscall_64+0x44/0xd0
[ 2648.080112][T23196]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2648.085739][T23196] RIP: 0033:0x7f5b7e88a639
[ 2648.090101][T23196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2648.109523][T23196] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2648.117682][T23196] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2648.125586][T23196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2648.133379][T23196] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:17 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)

09:48:17 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000, 0x13, r0, 0x10000000)

09:48:17 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000, 0x13, r0, 0x10000000)

09:48:17 executing program 3:
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
getuid() (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x400, 0x1}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000180)) (async)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40080, 0x4) (async)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000100)={0x0, 0x400})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0x1})

09:48:17 executing program 5:
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000100)={0x0, "beb3c4fcf9f04374790d2faa63cdf6f7"})
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, &(0x7f0000001580))
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000001100)={<r0=>0xffffffffffffffff, 0x200000000, 0x8, 0x6})
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000001140)={0xfffffffc, 0x100000})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, 0xffffffffffffffff, 0x10000000)
openat$vcs(0xffffffffffffff9c, &(0x7f0000001240), 0x2000, 0x0)
socket$inet(0x2, 0x800, 0xfffffffe)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001780)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001180), 0x101000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000011c0)={0x1fe, 0x3, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r3 = openat(0xffffffffffffff9c, &(0x7f0000001600)='./file0\x00', 0x4c1, 0x4c)
r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0x492022, 0x24)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r5, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB(r4, 0xc400941b, &(0x7f0000001b80)={r1, 0xffff, 0x8, 0x1})
ioctl$VHOST_SET_VRING_ENDIAN(r5, 0x4008af13, &(0x7f0000001740)={0x2, 0x10001})
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000001700)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000016c0)={&(0x7f0000000080)={0x70, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000041}, 0x1080)
io_uring_setup(0x4651, &(0x7f0000001640)={0x0, 0x85d3, 0x800, 0x1, 0x428, 0x0, r3})
openat$vcs(0xffffffffffffff9c, &(0x7f0000001200), 0x82, 0x0)

09:48:17 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_complete(0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:17 executing program 5:
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000100)={0x0, "beb3c4fcf9f04374790d2faa63cdf6f7"}) (async)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, &(0x7f0000001580))
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000001100)={<r0=>0xffffffffffffffff, 0x200000000, 0x8, 0x6})
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000001140)={0xfffffffc, 0x100000})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, 0xffffffffffffffff, 0x10000000) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000001240), 0x2000, 0x0) (async)
socket$inet(0x2, 0x800, 0xfffffffe) (async, rerun: 64)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001780)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) (async, rerun: 64)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001180), 0x101000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000011c0)={0x1fe, 0x3, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000001600)='./file0\x00', 0x4c1, 0x4c)
r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0x492022, 0x24)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r5, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
ioctl$BTRFS_IOC_SCRUB(r4, 0xc400941b, &(0x7f0000001b80)={r1, 0xffff, 0x8, 0x1}) (async)
ioctl$VHOST_SET_VRING_ENDIAN(r5, 0x4008af13, &(0x7f0000001740)={0x2, 0x10001})
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000001700)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000016c0)={&(0x7f0000000080)={0x70, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000041}, 0x1080) (async)
io_uring_setup(0x4651, &(0x7f0000001640)={0x0, 0x85d3, 0x800, 0x1, 0x428, 0x0, r3}) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000001200), 0x82, 0x0)

09:48:17 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000, 0x13, r0, 0x10000000)

09:48:17 executing program 1:
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)={0x7, 0x0, [{0x8, 0x2, 0x0, 0x0, @irqchip={0x6}}, {0x0, 0x1, 0x0, 0x0, @msi={0x7, 0x7ff, 0x9, 0x7fffffff}}, {0x4, 0x2, 0x0, 0x0, @sint={0x88d1, 0x8}}, {0xac87, 0x3, 0x0, 0x0, @adapter={0x2, 0x1, 0x9ae0, 0x3}}, {0xa4, 0x2, 0x0, 0x0, @msi={0x6, 0x0, 0x6, 0xfffffff9}}, {0x7f, 0x4, 0x0, 0x0, @irqchip={0x7f, 0xfffffe1d}}, {0x6, 0x4, 0x0, 0x0, @sint={0x101, 0x12f}}]})
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xcc, 0x0, 0x1})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

[ 2648.141179][T23196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2648.148990][T23196] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2648.156742][T23196]  </TASK>
[ 2648.159688][T23196] ---[ end trace 2fcc6d65e78750f6 ]---
09:48:17 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x6000, 0x13, r0, 0x10000000)

09:48:17 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000, 0x13, r0, 0x10000000)

09:48:17 executing program 1:
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)={0x7, 0x0, [{0x8, 0x2, 0x0, 0x0, @irqchip={0x6}}, {0x0, 0x1, 0x0, 0x0, @msi={0x7, 0x7ff, 0x9, 0x7fffffff}}, {0x4, 0x2, 0x0, 0x0, @sint={0x88d1, 0x8}}, {0xac87, 0x3, 0x0, 0x0, @adapter={0x2, 0x1, 0x9ae0, 0x3}}, {0xa4, 0x2, 0x0, 0x0, @msi={0x6, 0x0, 0x6, 0xfffffff9}}, {0x7f, 0x4, 0x0, 0x0, @irqchip={0x7f, 0xfffffe1d}}, {0x6, 0x4, 0x0, 0x0, @sint={0x101, 0x12f}}]})
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xcc, 0x0, 0x1})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

[ 2648.210299][T23266] FAULT_INJECTION: forcing a failure.
[ 2648.210299][T23266] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2648.255670][T23266] CPU: 0 PID: 23266 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2648.267137][T23266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2648.277021][T23266] Call Trace:
[ 2648.280149][T23266]  <TASK>
[ 2648.282923][T23266]  dump_stack_lvl+0x151/0x1b7
[ 2648.287438][T23266]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2648.292729][T23266]  ? __kasan_check_write+0x14/0x20
[ 2648.297713][T23266]  ? __set_page_owner+0x2ee/0x310
[ 2648.302538][T23266]  dump_stack+0x15/0x17
[ 2648.306531][T23266]  should_fail+0x3c0/0x510
[ 2648.310783][T23266]  should_fail_alloc_page+0x58/0x70
[ 2648.315819][T23266]  __alloc_pages+0x1de/0x7c0
[ 2648.320243][T23266]  ? __count_vm_events+0x30/0x30
[ 2648.325016][T23266]  ? __count_vm_events+0x30/0x30
[ 2648.329797][T23266]  ? __kasan_check_write+0x14/0x20
[ 2648.334776][T23266]  ? _raw_spin_lock+0xa3/0x1b0
[ 2648.339336][T23266]  __pmd_alloc+0xb1/0x550
[ 2648.343506][T23266]  ? __pud_alloc+0x260/0x260
[ 2648.347933][T23266]  ? __pud_alloc+0x218/0x260
[ 2648.352366][T23266]  ? do_handle_mm_fault+0x2370/0x2370
[ 2648.357564][T23266]  copy_page_range+0xd04/0x1090
[ 2648.362253][T23266]  ? pfn_valid+0x1e0/0x1e0
[ 2648.366509][T23266]  dup_mmap+0x99f/0xea0
[ 2648.370498][T23266]  ? __delayed_free_task+0x20/0x20
[ 2648.375461][T23266]  ? mm_init+0x807/0x960
[ 2648.379527][T23266]  dup_mm+0x91/0x330
[ 2648.383251][T23266]  copy_mm+0x108/0x1b0
[ 2648.387158][T23266]  copy_process+0x1295/0x3250
[ 2648.391671][T23266]  ? proc_fail_nth_write+0x213/0x290
[ 2648.396795][T23266]  ? proc_fail_nth_read+0x220/0x220
[ 2648.401827][T23266]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2648.406772][T23266]  ? vfs_write+0x9af/0x1050
[ 2648.411115][T23266]  kernel_clone+0x22d/0x990
[ 2648.415451][T23266]  ? file_end_write+0x1b0/0x1b0
[ 2648.420139][T23266]  ? __kasan_check_write+0x14/0x20
[ 2648.425084][T23266]  ? create_io_thread+0x1e0/0x1e0
[ 2648.429945][T23266]  ? __mutex_lock_slowpath+0x10/0x10
[ 2648.435066][T23266]  __x64_sys_clone+0x289/0x310
[ 2648.439666][T23266]  ? __do_sys_vfork+0x130/0x130
[ 2648.444357][T23266]  ? debug_smp_processor_id+0x17/0x20
[ 2648.449563][T23266]  do_syscall_64+0x44/0xd0
[ 2648.453814][T23266]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2648.459542][T23266] RIP: 0033:0x7f5b7e88a639
[ 2648.463803][T23266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2648.483236][T23266] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2648.491479][T23266] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:18 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)

09:48:18 executing program 5:
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000100)={0x0, "beb3c4fcf9f04374790d2faa63cdf6f7"})
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, &(0x7f0000001580)) (async, rerun: 32)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000001100)={<r0=>0xffffffffffffffff, 0x200000000, 0x8, 0x6}) (rerun: 32)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000001140)={0xfffffffc, 0x100000}) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, 0xffffffffffffffff, 0x10000000) (async, rerun: 64)
openat$vcs(0xffffffffffffff9c, &(0x7f0000001240), 0x2000, 0x0) (rerun: 64)
socket$inet(0x2, 0x800, 0xfffffffe) (async, rerun: 32)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001780)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) (rerun: 32)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001180), 0x101000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000011c0)={0x1fe, 0x3, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r3 = openat(0xffffffffffffff9c, &(0x7f0000001600)='./file0\x00', 0x4c1, 0x4c)
r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0x492022, 0x24) (async)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r5, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB(r4, 0xc400941b, &(0x7f0000001b80)={r1, 0xffff, 0x8, 0x1})
ioctl$VHOST_SET_VRING_ENDIAN(r5, 0x4008af13, &(0x7f0000001740)={0x2, 0x10001})
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000001700)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000016c0)={&(0x7f0000000080)={0x70, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000041}, 0x1080)
io_uring_setup(0x4651, &(0x7f0000001640)={0x0, 0x85d3, 0x800, 0x1, 0x428, 0x0, r3}) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000001200), 0x82, 0x0)

09:48:18 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80000, 0x13, r0, 0x10000000)

09:48:18 executing program 1:
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)={0x7, 0x0, [{0x8, 0x2, 0x0, 0x0, @irqchip={0x6}}, {0x0, 0x1, 0x0, 0x0, @msi={0x7, 0x7ff, 0x9, 0x7fffffff}}, {0x4, 0x2, 0x0, 0x0, @sint={0x88d1, 0x8}}, {0xac87, 0x3, 0x0, 0x0, @adapter={0x2, 0x1, 0x9ae0, 0x3}}, {0xa4, 0x2, 0x0, 0x0, @msi={0x6, 0x0, 0x6, 0xfffffff9}}, {0x7f, 0x4, 0x0, 0x0, @irqchip={0x7f, 0xfffffe1d}}, {0x6, 0x4, 0x0, 0x0, @sint={0x101, 0x12f}}]})
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xcc, 0x0, 0x1}) (async, rerun: 32)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async, rerun: 32)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:18 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xfbc3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r0, 0x10, 0x70bd2b, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x20000040)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x7c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7ff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x51}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8000}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xcea6}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x840)

09:48:18 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x600000, 0x13, r0, 0x10000000)

09:48:18 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xfbc3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r0, 0x10, 0x70bd2b, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x20000040) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x7c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7ff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x51}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8000}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xcea6}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x840)

09:48:18 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0xb36, 0x8e0})

[ 2648.499293][T23266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2648.507160][T23266] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2648.514914][T23266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2648.522725][T23266] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2648.530540][T23266]  </TASK>
09:48:18 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000, 0x13, r0, 0x10000000)

09:48:18 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0xb36, 0x8e0})
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0xb36, 0x8e0}) (async)

09:48:18 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xfbc3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r0, 0x10, 0x70bd2b, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x20000040) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async, rerun: 64)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff) (rerun: 64)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x7c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7ff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x51}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8000}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xcea6}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x840)

09:48:18 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x800000, 0x13, r0, 0x10000000)

[ 2648.580419][T23314] FAULT_INJECTION: forcing a failure.
[ 2648.580419][T23314] name failslab, interval 1, probability 0, space 0, times 0
[ 2648.621196][T23314] CPU: 0 PID: 23314 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2648.632663][T23314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2648.642556][T23314] Call Trace:
[ 2648.645681][T23314]  <TASK>
[ 2648.648462][T23314]  dump_stack_lvl+0x151/0x1b7
[ 2648.652968][T23314]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2648.658260][T23314]  ? avc_has_perm_noaudit+0x358/0x450
[ 2648.663469][T23314]  dump_stack+0x15/0x17
[ 2648.667461][T23314]  should_fail+0x3c0/0x510
[ 2648.671720][T23314]  __should_failslab+0x9f/0xe0
[ 2648.676322][T23314]  should_failslab+0x9/0x20
[ 2648.680653][T23314]  kmem_cache_alloc+0x4f/0x2f0
[ 2648.685251][T23314]  ? dup_fd+0x71/0xa40
[ 2648.689176][T23314]  dup_fd+0x71/0xa40
[ 2648.692891][T23314]  ? avc_has_perm+0x16d/0x260
[ 2648.697404][T23314]  ? avc_has_perm_noaudit+0x450/0x450
[ 2648.702612][T23314]  copy_files+0xe6/0x200
[ 2648.706689][T23314]  ? perf_event_attrs+0x30/0x30
[ 2648.711385][T23314]  ? dup_task_struct+0xa60/0xa60
[ 2648.716150][T23314]  ? security_task_alloc+0x132/0x150
[ 2648.721271][T23314]  copy_process+0x11e9/0x3250
[ 2648.725785][T23314]  ? proc_fail_nth_write+0x213/0x290
[ 2648.730908][T23314]  ? proc_fail_nth_read+0x220/0x220
[ 2648.735951][T23314]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2648.740886][T23314]  ? vfs_write+0x9af/0x1050
[ 2648.745225][T23314]  kernel_clone+0x22d/0x990
[ 2648.749566][T23314]  ? file_end_write+0x1b0/0x1b0
[ 2648.754254][T23314]  ? __kasan_check_write+0x14/0x20
[ 2648.759200][T23314]  ? create_io_thread+0x1e0/0x1e0
[ 2648.764060][T23314]  ? __mutex_lock_slowpath+0x10/0x10
[ 2648.769188][T23314]  __x64_sys_clone+0x289/0x310
[ 2648.773779][T23314]  ? __do_sys_vfork+0x130/0x130
[ 2648.778468][T23314]  ? debug_smp_processor_id+0x17/0x20
[ 2648.783677][T23314]  do_syscall_64+0x44/0xd0
[ 2648.787933][T23314]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2648.793681][T23314] RIP: 0033:0x7f5b7e88a639
[ 2648.797912][T23314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
09:48:18 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)

09:48:18 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x7af8, &(0x7f00000001c0)={0x0, 0xaae9, 0x20, 0x3, 0x275}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:18 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000, 0x13, r0, 0x10000000)

09:48:18 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80ffff, 0x13, r0, 0x10000000)

09:48:18 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0xb36, 0x8e0})
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0xb36, 0x8e0}) (async)

[ 2648.817350][T23314] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2648.825594][T23314] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2648.833413][T23314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2648.841215][T23314] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2648.849027][T23314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2648.856839][T23314] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2648.864671][T23314]  </TASK>
09:48:18 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000180), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r0, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0xa0, r0, 0x10, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x877}, {0x6, 0x11, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xffffffc1}, {0x6, 0x11, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8000}, {0x6, 0x11, 0x8}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x14)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)

09:48:18 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x7af8, &(0x7f00000001c0)={0x0, 0xaae9, 0x20, 0x3, 0x275}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x7af8, &(0x7f00000001c0)={0x0, 0xaae9, 0x20, 0x3, 0x275}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:18 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000180), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r0, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014) (async)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0xa0, r0, 0x10, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x877}, {0x6, 0x11, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xffffffc1}, {0x6, 0x11, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8000}, {0x6, 0x11, 0x8}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x14) (async)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)

09:48:18 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc0ffff, 0x13, r0, 0x10000000)

09:48:18 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x600000, 0x13, r0, 0x10000000)

09:48:18 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000180), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f00000000c0)) (async)
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r0, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0xa0, r0, 0x10, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x877}, {0x6, 0x11, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xffffffc1}, {0x6, 0x11, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8000}, {0x6, 0x11, 0x8}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x14)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)

09:48:18 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
select(0x40, &(0x7f0000000100)={0x7, 0x1, 0x5, 0xffffffffffff682c, 0x7ff, 0x4, 0x1, 0x8}, &(0x7f0000000180)={0x2, 0x7e0c, 0x8, 0x4d, 0x0, 0xffffffff, 0x9, 0x8}, &(0x7f00000001c0)={0x7, 0x8000000000000001, 0x6e2, 0x5, 0xfff, 0x7, 0x64a}, &(0x7f0000000200))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

[ 2648.945913][T23360] FAULT_INJECTION: forcing a failure.
[ 2648.945913][T23360] name failslab, interval 1, probability 0, space 0, times 0
[ 2648.988470][T23360] CPU: 1 PID: 23360 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2648.999933][T23360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2649.009823][T23360] Call Trace:
[ 2649.012944][T23360]  <TASK>
[ 2649.015720][T23360]  dump_stack_lvl+0x151/0x1b7
[ 2649.020233][T23360]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2649.025533][T23360]  dump_stack+0x15/0x17
[ 2649.029521][T23360]  should_fail+0x3c0/0x510
[ 2649.033773][T23360]  __should_failslab+0x9f/0xe0
[ 2649.038374][T23360]  should_failslab+0x9/0x20
[ 2649.042712][T23360]  kmem_cache_alloc+0x4f/0x2f0
[ 2649.047316][T23360]  ? vm_area_dup+0x26/0x1d0
[ 2649.051652][T23360]  ? __kasan_check_read+0x11/0x20
[ 2649.056513][T23360]  vm_area_dup+0x26/0x1d0
[ 2649.060677][T23360]  dup_mmap+0x6b8/0xea0
[ 2649.064672][T23360]  ? __delayed_free_task+0x20/0x20
[ 2649.069617][T23360]  ? mm_init+0x807/0x960
[ 2649.073719][T23360]  dup_mm+0x91/0x330
[ 2649.077431][T23360]  copy_mm+0x108/0x1b0
[ 2649.081334][T23360]  copy_process+0x1295/0x3250
[ 2649.085848][T23360]  ? proc_fail_nth_write+0x213/0x290
[ 2649.090967][T23360]  ? proc_fail_nth_read+0x220/0x220
[ 2649.096016][T23360]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2649.100951][T23360]  ? vfs_write+0x9af/0x1050
[ 2649.105288][T23360]  kernel_clone+0x22d/0x990
[ 2649.109628][T23360]  ? file_end_write+0x1b0/0x1b0
[ 2649.114314][T23360]  ? __kasan_check_write+0x14/0x20
[ 2649.119260][T23360]  ? create_io_thread+0x1e0/0x1e0
[ 2649.124122][T23360]  ? __mutex_lock_slowpath+0x10/0x10
[ 2649.129253][T23360]  __x64_sys_clone+0x289/0x310
[ 2649.133843][T23360]  ? __do_sys_vfork+0x130/0x130
[ 2649.138534][T23360]  ? debug_smp_processor_id+0x17/0x20
[ 2649.143738][T23360]  do_syscall_64+0x44/0xd0
[ 2649.147990][T23360]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2649.153718][T23360] RIP: 0033:0x7f5b7e88a639
[ 2649.157971][T23360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2649.177411][T23360] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:18 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)

09:48:18 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x7af8, &(0x7f00000001c0)={0x0, 0xaae9, 0x20, 0x3, 0x275}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:18 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf0ff1f, 0x13, r0, 0x10000000)

09:48:18 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x800000, 0x13, r0, 0x10000000)

09:48:18 executing program 5:
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f00000002c0))
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x370}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x66a1, &(0x7f0000000100)={0x0, 0x9703, 0x800, 0x2, 0x1c2, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8, 0x5, 0x7, 0x1080, 0x1, 0xffffff80, '\x00', 0x0, r1, 0x2, 0x2, 0x5}, 0x48)

09:48:18 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
select(0x40, &(0x7f0000000100)={0x7, 0x1, 0x5, 0xffffffffffff682c, 0x7ff, 0x4, 0x1, 0x8}, &(0x7f0000000180)={0x2, 0x7e0c, 0x8, 0x4d, 0x0, 0xffffffff, 0x9, 0x8}, &(0x7f00000001c0)={0x7, 0x8000000000000001, 0x6e2, 0x5, 0xfff, 0x7, 0x64a}, &(0x7f0000000200))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

[ 2649.185668][T23360] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2649.193478][T23360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2649.201278][T23360] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2649.209092][T23360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2649.216900][T23360] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2649.224714][T23360]  </TASK>
09:48:18 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
select(0x40, &(0x7f0000000100)={0x7, 0x1, 0x5, 0xffffffffffff682c, 0x7ff, 0x4, 0x1, 0x8}, &(0x7f0000000180)={0x2, 0x7e0c, 0x8, 0x4d, 0x0, 0xffffffff, 0x9, 0x8}, &(0x7f00000001c0)={0x7, 0x8000000000000001, 0x6e2, 0x5, 0xfff, 0x7, 0x64a}, &(0x7f0000000200))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:18 executing program 5:
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f00000002c0)) (async, rerun: 32)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x370}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (rerun: 32)
syz_io_uring_setup(0x66a1, &(0x7f0000000100)={0x0, 0x9703, 0x800, 0x2, 0x1c2, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async, rerun: 32)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8, 0x5, 0x7, 0x1080, 0x1, 0xffffff80, '\x00', 0x0, r1, 0x2, 0x2, 0x5}, 0x48)

09:48:18 executing program 1:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={<r0=>0xffffffffffffffff, 0x8, 0xdc, 0x400000})
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000001680)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x34, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x100}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x20000010)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000016c0)={0x2, 0x6})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000001c0)={0x8, 0x6, {0x7, @struct={0x3, 0x1}, <r2=>0x0, 0x1, 0xaf9, 0x1000, 0x6, 0x1, 0x1, @struct={0xc00, 0xfffffff7}, 0x0, 0xd5a, [0x40, 0x1, 0x3, 0xf42, 0xc0d, 0x4]}, {0x40, @struct={0x8000, 0x6}, 0x0, 0x5, 0x6, 0x7f, 0x6, 0x200, 0x2, @usage=0x8, 0x95b, 0x8, [0x3a, 0x8, 0x4, 0x2, 0x7, 0x5]}, {0x81, @struct={0xfff, 0x8}, 0x0, 0x3, 0x8, 0x7, 0x6, 0x173c81ec, 0xb2, @usage=0x6, 0x1, 0x2, [0x9, 0xff, 0x1d72cad9, 0x9, 0x800, 0x4]}, {0x400, 0x8, 0x4}})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f00000005c0)={r2, "67eb6aa56245850477fa7f415463df5a"})
r3 = syz_io_uring_complete(0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae78, &(0x7f00000017c0))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000001700)=""/132)

09:48:18 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80ffff, 0x13, r0, 0x10000000)

[ 2649.245185][T23386] FAULT_INJECTION: forcing a failure.
[ 2649.245185][T23386] name failslab, interval 1, probability 0, space 0, times 0
[ 2649.266613][T23386] CPU: 1 PID: 23386 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2649.278065][T23386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2649.287966][T23386] Call Trace:
[ 2649.291084][T23386]  <TASK>
09:48:18 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x13, r0, 0x10000000)

09:48:18 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc0ffff, 0x13, r0, 0x10000000)

[ 2649.293864][T23386]  dump_stack_lvl+0x151/0x1b7
[ 2649.298395][T23386]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2649.303671][T23386]  dump_stack+0x15/0x17
[ 2649.307659][T23386]  should_fail+0x3c0/0x510
[ 2649.311922][T23386]  ? kvmalloc_node+0x82/0x130
[ 2649.316426][T23386]  __should_failslab+0x9f/0xe0
[ 2649.321026][T23386]  should_failslab+0x9/0x20
[ 2649.325364][T23386]  __kmalloc+0x6d/0x350
[ 2649.329361][T23386]  ? kvmalloc_node+0x82/0x130
[ 2649.333877][T23386]  kvmalloc_node+0x82/0x130
[ 2649.338213][T23386]  alloc_fdtable+0x173/0x2b0
[ 2649.342641][T23386]  dup_fd+0x781/0xa40
[ 2649.346455][T23386]  ? avc_has_perm+0x16d/0x260
[ 2649.350992][T23386]  copy_files+0xe6/0x200
[ 2649.355052][T23386]  ? perf_event_attrs+0x30/0x30
[ 2649.359737][T23386]  ? dup_task_struct+0xa60/0xa60
[ 2649.364509][T23386]  ? security_task_alloc+0x132/0x150
[ 2649.369630][T23386]  copy_process+0x11e9/0x3250
[ 2649.374146][T23386]  ? proc_fail_nth_write+0x213/0x290
[ 2649.379264][T23386]  ? proc_fail_nth_read+0x220/0x220
[ 2649.384295][T23386]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2649.389241][T23386]  ? vfs_write+0x9af/0x1050
[ 2649.393579][T23386]  kernel_clone+0x22d/0x990
[ 2649.397924][T23386]  ? file_end_write+0x1b0/0x1b0
[ 2649.402606][T23386]  ? __kasan_check_write+0x14/0x20
[ 2649.407569][T23386]  ? create_io_thread+0x1e0/0x1e0
[ 2649.412413][T23386]  ? __mutex_lock_slowpath+0x10/0x10
[ 2649.417555][T23386]  __x64_sys_clone+0x289/0x310
[ 2649.422134][T23386]  ? __do_sys_vfork+0x130/0x130
[ 2649.426820][T23386]  ? debug_smp_processor_id+0x17/0x20
[ 2649.432031][T23386]  do_syscall_64+0x44/0xd0
[ 2649.436283][T23386]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2649.442011][T23386] RIP: 0033:0x7f5b7e88a639
[ 2649.446270][T23386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2649.465702][T23386] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2649.473947][T23386] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2649.481760][T23386] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:19 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)

09:48:19 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000000, 0x13, r0, 0x10000000)

09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf0ff1f, 0x13, r0, 0x10000000)

09:48:19 executing program 5:
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f00000002c0))
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x370}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x66a1, &(0x7f0000000100)={0x0, 0x9703, 0x800, 0x2, 0x1c2, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8, 0x5, 0x7, 0x1080, 0x1, 0xffffff80, '\x00', 0x0, r1, 0x2, 0x2, 0x5}, 0x48)
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f00000002c0)) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x370}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_io_uring_setup(0x66a1, &(0x7f0000000100)={0x0, 0x9703, 0x800, 0x2, 0x1c2, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8, 0x5, 0x7, 0x1080, 0x1, 0xffffff80, '\x00', 0x0, r1, 0x2, 0x2, 0x5}, 0x48) (async)

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_io_uring_setup(0x2395, &(0x7f0000000180)={0x0, 0x448f, 0x400, 0x3, 0x1d2}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000000000/0x12000)=nil, &(0x7f0000000100), &(0x7f0000000200))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x1, &(0x7f0000000280)={0x0, 0xc5da, 0x200, 0x3, 0x384, 0x0, r0}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000008000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340))
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000240))

09:48:19 executing program 1:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={<r0=>0xffffffffffffffff, 0x8, 0xdc, 0x400000})
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000001680)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x34, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x100}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x20000010) (async)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000016c0)={0x2, 0x6}) (async)
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000001c0)={0x8, 0x6, {0x7, @struct={0x3, 0x1}, <r2=>0x0, 0x1, 0xaf9, 0x1000, 0x6, 0x1, 0x1, @struct={0xc00, 0xfffffff7}, 0x0, 0xd5a, [0x40, 0x1, 0x3, 0xf42, 0xc0d, 0x4]}, {0x40, @struct={0x8000, 0x6}, 0x0, 0x5, 0x6, 0x7f, 0x6, 0x200, 0x2, @usage=0x8, 0x95b, 0x8, [0x3a, 0x8, 0x4, 0x2, 0x7, 0x5]}, {0x81, @struct={0xfff, 0x8}, 0x0, 0x3, 0x8, 0x7, 0x6, 0x173c81ec, 0xb2, @usage=0x6, 0x1, 0x2, [0x9, 0xff, 0x1d72cad9, 0x9, 0x800, 0x4]}, {0x400, 0x8, 0x4}})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f00000005c0)={r2, "67eb6aa56245850477fa7f415463df5a"}) (async)
r3 = syz_io_uring_complete(0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae78, &(0x7f00000017c0)) (async, rerun: 64)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async, rerun: 64)
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000001700)=""/132)

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = syz_io_uring_setup(0x2395, &(0x7f0000000180)={0x0, 0x448f, 0x400, 0x3, 0x1d2}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000000000/0x12000)=nil, &(0x7f0000000100), &(0x7f0000000200))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x1, &(0x7f0000000280)={0x0, 0xc5da, 0x200, 0x3, 0x384, 0x0, r0}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000008000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340)) (async)
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000240))

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = syz_io_uring_setup(0x2395, &(0x7f0000000180)={0x0, 0x448f, 0x400, 0x3, 0x1d2}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000000000/0x12000)=nil, &(0x7f0000000100), &(0x7f0000000200))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_io_uring_setup(0x1, &(0x7f0000000280)={0x0, 0xc5da, 0x200, 0x3, 0x384, 0x0, r0}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000008000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340))
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000240))

[ 2649.489569][T23386] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2649.497385][T23386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2649.505191][T23386] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2649.513011][T23386]  </TASK>
09:48:19 executing program 5:
ioctl$USBDEVFS_FORBID_SUSPEND(0xffffffffffffffff, 0x5521)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
fstat(r1, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a5f, &(0x7f0000000000)={0x0, 0x9, 0x1, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f00000000c0)={0x4})

09:48:19 executing program 5:
ioctl$USBDEVFS_FORBID_SUSPEND(0xffffffffffffffff, 0x5521)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
fstat(r1, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
ioctl$USBDEVFS_FORBID_SUSPEND(0xffffffffffffffff, 0x5521) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
fstat(r1, &(0x7f0000000100)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:19 executing program 5:
ioctl$USBDEVFS_FORBID_SUSPEND(0xffffffffffffffff, 0x5521) (async)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
fstat(r1, &(0x7f0000000100)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2649.559143][T23447] FAULT_INJECTION: forcing a failure.
[ 2649.559143][T23447] name failslab, interval 1, probability 0, space 0, times 0
[ 2649.579773][T23447] CPU: 1 PID: 23447 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2649.591246][T23447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2649.601135][T23447] Call Trace:
[ 2649.604260][T23447]  <TASK>
[ 2649.607029][T23447]  dump_stack_lvl+0x151/0x1b7
[ 2649.611541][T23447]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2649.616836][T23447]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 2649.623084][T23447]  dump_stack+0x15/0x17
[ 2649.627086][T23447]  should_fail+0x3c0/0x510
[ 2649.631329][T23447]  __should_failslab+0x9f/0xe0
[ 2649.635936][T23447]  should_failslab+0x9/0x20
[ 2649.640276][T23447]  kmem_cache_alloc+0x4f/0x2f0
[ 2649.644875][T23447]  ? anon_vma_fork+0xf7/0x4f0
[ 2649.649392][T23447]  anon_vma_fork+0xf7/0x4f0
[ 2649.653732][T23447]  ? anon_vma_name+0x4c/0x70
[ 2649.658156][T23447]  dup_mmap+0x750/0xea0
[ 2649.662164][T23447]  ? __delayed_free_task+0x20/0x20
[ 2649.667096][T23447]  ? mm_init+0x807/0x960
[ 2649.671173][T23447]  dup_mm+0x91/0x330
[ 2649.674896][T23447]  copy_mm+0x108/0x1b0
[ 2649.678808][T23447]  copy_process+0x1295/0x3250
[ 2649.683324][T23447]  ? proc_fail_nth_write+0x213/0x290
[ 2649.688437][T23447]  ? proc_fail_nth_read+0x220/0x220
[ 2649.693473][T23447]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2649.698413][T23447]  ? vfs_write+0x9af/0x1050
[ 2649.702754][T23447]  kernel_clone+0x22d/0x990
[ 2649.707094][T23447]  ? file_end_write+0x1b0/0x1b0
[ 2649.711781][T23447]  ? __kasan_check_write+0x14/0x20
[ 2649.716740][T23447]  ? create_io_thread+0x1e0/0x1e0
[ 2649.721595][T23447]  ? __mutex_lock_slowpath+0x10/0x10
[ 2649.726713][T23447]  __x64_sys_clone+0x289/0x310
[ 2649.731315][T23447]  ? __do_sys_vfork+0x130/0x130
[ 2649.735998][T23447]  ? debug_smp_processor_id+0x17/0x20
[ 2649.741217][T23447]  do_syscall_64+0x44/0xd0
[ 2649.745456][T23447]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2649.751198][T23447] RIP: 0033:0x7f5b7e88a639
[ 2649.755436][T23447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2649.774877][T23447] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2649.783121][T23447] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2649.790948][T23447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2649.798743][T23447] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:19 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)

09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7}]}, 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fddbdf25010000000800030002000000080002000500000014000100fc000000000000000000000000000000080003000600000008000300ff000000080003000700000014000100000000000000000000000000000000000400040005000500020000002a77058aaac58d32e671d789ecf45a8cc90e32757a6b1554d66f6fd06abaaf9c279fb8308339124d2e40f51b371ef351cd9dc152d2653d8a6a84b486737ca59b2f387275ae0a27b838927c1e80015aa548c3efaa313ac9380f3406a0a7f7398de3249173963644ea5a507d16df8ec8667b7e2ed31e8fd1689f78307f018814ab1559cca0ca99127f57a6edcf3cb8f3ed9801da536e0751638a6b"], 0x70}, 0x1, 0x0, 0x0, 0x10881}, 0x2044011)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
getsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000140), &(0x7f0000000180)=0x10)

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a5f, &(0x7f0000000000)={0x0, 0x9, 0x1, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f00000000c0)={0x4})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a5f, &(0x7f0000000000)={0x0, 0x9, 0x1, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f00000000c0)={0x4}) (async)

09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x13, r0, 0x10000000)

09:48:19 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8000000, 0x13, r0, 0x10000000)

09:48:19 executing program 1:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={<r0=>0xffffffffffffffff, 0x8, 0xdc, 0x400000})
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000001680)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x34, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x100}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x20000010)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000016c0)={0x2, 0x6})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000001c0)={0x8, 0x6, {0x7, @struct={0x3, 0x1}, <r2=>0x0, 0x1, 0xaf9, 0x1000, 0x6, 0x1, 0x1, @struct={0xc00, 0xfffffff7}, 0x0, 0xd5a, [0x40, 0x1, 0x3, 0xf42, 0xc0d, 0x4]}, {0x40, @struct={0x8000, 0x6}, 0x0, 0x5, 0x6, 0x7f, 0x6, 0x200, 0x2, @usage=0x8, 0x95b, 0x8, [0x3a, 0x8, 0x4, 0x2, 0x7, 0x5]}, {0x81, @struct={0xfff, 0x8}, 0x0, 0x3, 0x8, 0x7, 0x6, 0x173c81ec, 0xb2, @usage=0x6, 0x1, 0x2, [0x9, 0xff, 0x1d72cad9, 0x9, 0x800, 0x4]}, {0x400, 0x8, 0x4}})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f00000005c0)={r2, "67eb6aa56245850477fa7f415463df5a"})
r3 = syz_io_uring_complete(0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae78, &(0x7f00000017c0))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000001700)=""/132)

09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7}]}, 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fddbdf25010000000800030002000000080002000500000014000100fc000000000000000000000000000000080003000600000008000300ff000000080003000700000014000100000000000000000000000000000000000400040005000500020000002a77058aaac58d32e671d789ecf45a8cc90e32757a6b1554d66f6fd06abaaf9c279fb8308339124d2e40f51b371ef351cd9dc152d2653d8a6a84b486737ca59b2f387275ae0a27b838927c1e80015aa548c3efaa313ac9380f3406a0a7f7398de3249173963644ea5a507d16df8ec8667b7e2ed31e8fd1689f78307f018814ab1559cca0ca99127f57a6edcf3cb8f3ed9801da536e0751638a6b"], 0x70}, 0x1, 0x0, 0x0, 0x10881}, 0x2044011)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
getsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000140), &(0x7f0000000180)=0x10)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7}]}, 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x0) (async)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fddbdf25010000000800030002000000080002000500000014000100fc000000000000000000000000000000080003000600000008000300ff000000080003000700000014000100000000000000000000000000000000000400040005000500020000002a77058aaac58d32e671d789ecf45a8cc90e32757a6b1554d66f6fd06abaaf9c279fb8308339124d2e40f51b371ef351cd9dc152d2653d8a6a84b486737ca59b2f387275ae0a27b838927c1e80015aa548c3efaa313ac9380f3406a0a7f7398de3249173963644ea5a507d16df8ec8667b7e2ed31e8fd1689f78307f018814ab1559cca0ca99127f57a6edcf3cb8f3ed9801da536e0751638a6b"], 0x70}, 0x1, 0x0, 0x0, 0x10881}, 0x2044011) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
getsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000140), &(0x7f0000000180)=0x10) (async)

[ 2649.806557][T23447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2649.814368][T23447] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2649.822179][T23447]  </TASK>
09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a5f, &(0x7f0000000000)={0x0, 0x9, 0x1, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f00000000c0)={0x4})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a5f, &(0x7f0000000000)={0x0, 0x9, 0x1, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f00000000c0)={0x4}) (async)

09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000000, 0x13, r0, 0x10000000)

09:48:19 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x6b66}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7}]}, 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x0) (async)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fddbdf25010000000800030002000000080002000500000014000100fc000000000000000000000000000000080003000600000008000300ff000000080003000700000014000100000000000000000000000000000000000400040005000500020000002a77058aaac58d32e671d789ecf45a8cc90e32757a6b1554d66f6fd06abaaf9c279fb8308339124d2e40f51b371ef351cd9dc152d2653d8a6a84b486737ca59b2f387275ae0a27b838927c1e80015aa548c3efaa313ac9380f3406a0a7f7398de3249173963644ea5a507d16df8ec8667b7e2ed31e8fd1689f78307f018814ab1559cca0ca99127f57a6edcf3cb8f3ed9801da536e0751638a6b"], 0x70}, 0x1, 0x0, 0x0, 0x10881}, 0x2044011)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
getsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000140), &(0x7f0000000180)=0x10)

[ 2649.860744][T23485] FAULT_INJECTION: forcing a failure.
[ 2649.860744][T23485] name failslab, interval 1, probability 0, space 0, times 0
[ 2649.896823][T23485] CPU: 1 PID: 23485 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
09:48:19 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf000000, 0x13, r0, 0x10000000)

[ 2649.908292][T23485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2649.918179][T23485] Call Trace:
[ 2649.921302][T23485]  <TASK>
[ 2649.924080][T23485]  dump_stack_lvl+0x151/0x1b7
[ 2649.928594][T23485]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2649.933888][T23485]  ? _raw_spin_lock+0xa3/0x1b0
[ 2649.938494][T23485]  ? dup_fd+0x51f/0xa40
[ 2649.942495][T23485]  dump_stack+0x15/0x17
[ 2649.946472][T23485]  should_fail+0x3c0/0x510
[ 2649.950726][T23485]  __should_failslab+0x9f/0xe0
[ 2649.955325][T23485]  should_failslab+0x9/0x20
[ 2649.959665][T23485]  kmem_cache_alloc+0x4f/0x2f0
[ 2649.964262][T23485]  ? copy_fs_struct+0x4e/0x230
[ 2649.968873][T23485]  copy_fs_struct+0x4e/0x230
[ 2649.973290][T23485]  copy_fs+0x72/0x140
[ 2649.977106][T23485]  copy_process+0x1214/0x3250
[ 2649.981629][T23485]  ? proc_fail_nth_write+0x213/0x290
[ 2649.986737][T23485]  ? proc_fail_nth_read+0x220/0x220
[ 2649.991771][T23485]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2649.996731][T23485]  ? vfs_write+0x9af/0x1050
[ 2650.001066][T23485]  kernel_clone+0x22d/0x990
[ 2650.005401][T23485]  ? file_end_write+0x1b0/0x1b0
[ 2650.010085][T23485]  ? __kasan_check_write+0x14/0x20
[ 2650.015033][T23485]  ? create_io_thread+0x1e0/0x1e0
[ 2650.019894][T23485]  ? __mutex_lock_slowpath+0x10/0x10
[ 2650.025014][T23485]  __x64_sys_clone+0x289/0x310
[ 2650.029613][T23485]  ? __do_sys_vfork+0x130/0x130
[ 2650.034300][T23485]  ? debug_smp_processor_id+0x17/0x20
[ 2650.039522][T23485]  do_syscall_64+0x44/0xd0
[ 2650.043773][T23485]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2650.049487][T23485] RIP: 0033:0x7f5b7e88a639
[ 2650.053745][T23485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2650.073184][T23485] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2650.081426][T23485] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2650.089238][T23485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2650.097056][T23485] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:19 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)

09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_clone3(&(0x7f0000000300)={0x220020000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=<r1=>0x0, {0x2f}, &(0x7f00000001c0)=""/14, 0xe, &(0x7f0000000200)=""/161, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0xa}, 0x58)
sched_rr_get_interval(r1, &(0x7f0000000380))

09:48:19 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1ffff000, 0x13, r0, 0x10000000)

09:48:19 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x6b66}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf000000, 0x13, r0, 0x10000000)

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'xfrm0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x20}, 0x800)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xc0, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xac, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xce}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x29c6186e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3c}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x201584bf}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x57}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x58f5f42a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4364ad77}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xad}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x485fbb83}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23c3f81d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x542d660f}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x691e0d9f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x463850de}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2952bc19}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1093c330}]}]}]}, 0xc0}}, 0x40c0)

09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
syz_clone3(&(0x7f0000000300)={0x220020000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=<r1=>0x0, {0x2f}, &(0x7f00000001c0)=""/14, 0xe, &(0x7f0000000200)=""/161, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0xa}, 0x58)
sched_rr_get_interval(r1, &(0x7f0000000380))

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'xfrm0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x20}, 0x800)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xc0, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xac, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xce}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x29c6186e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3c}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x201584bf}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x57}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x58f5f42a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4364ad77}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xad}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x485fbb83}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23c3f81d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x542d660f}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x691e0d9f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x463850de}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2952bc19}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1093c330}]}]}]}, 0xc0}}, 0x40c0)

[ 2650.104861][T23485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2650.112696][T23485] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2650.120487][T23485]  </TASK>
09:48:19 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x6b66}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x6b66}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

[ 2650.155173][T23538] FAULT_INJECTION: forcing a failure.
[ 2650.155173][T23538] name failslab, interval 1, probability 0, space 0, times 0
[ 2650.172107][T23538] CPU: 0 PID: 23538 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2650.183561][T23538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2650.193455][T23538] Call Trace:
[ 2650.196579][T23538]  <TASK>
[ 2650.199356][T23538]  dump_stack_lvl+0x151/0x1b7
09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_clone3(&(0x7f0000000300)={0x220020000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=<r1=>0x0, {0x2f}, &(0x7f00000001c0)=""/14, 0xe, &(0x7f0000000200)=""/161, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0xa}, 0x58)
sched_rr_get_interval(r1, &(0x7f0000000380))
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
syz_clone3(&(0x7f0000000300)={0x220020000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x2f}, &(0x7f00000001c0)=""/14, 0xe, &(0x7f0000000200)=""/161, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0xa}, 0x58) (async)
sched_rr_get_interval(r1, &(0x7f0000000380)) (async)

09:48:19 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x20000000, 0x13, r0, 0x10000000)

09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1ffff000, 0x13, r0, 0x10000000)

[ 2650.203873][T23538]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2650.209174][T23538]  dump_stack+0x15/0x17
[ 2650.213156][T23538]  should_fail+0x3c0/0x510
[ 2650.217411][T23538]  __should_failslab+0x9f/0xe0
[ 2650.222021][T23538]  should_failslab+0x9/0x20
[ 2650.226363][T23538]  kmem_cache_alloc+0x4f/0x2f0
[ 2650.230965][T23538]  ? copy_sighand+0x54/0x250
[ 2650.235374][T23538]  ? _raw_spin_unlock+0x4d/0x70
[ 2650.240318][T23538]  copy_sighand+0x54/0x250
[ 2650.244602][T23538]  copy_process+0x123f/0x3250
[ 2650.249086][T23538]  ? proc_fail_nth_write+0x213/0x290
[ 2650.254204][T23538]  ? proc_fail_nth_read+0x220/0x220
[ 2650.259272][T23538]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2650.264187][T23538]  ? vfs_write+0x9af/0x1050
[ 2650.268525][T23538]  kernel_clone+0x22d/0x990
[ 2650.272880][T23538]  ? file_end_write+0x1b0/0x1b0
[ 2650.277575][T23538]  ? __kasan_check_write+0x14/0x20
[ 2650.282499][T23538]  ? create_io_thread+0x1e0/0x1e0
[ 2650.287359][T23538]  ? __mutex_lock_slowpath+0x10/0x10
[ 2650.292480][T23538]  ? __fdget_pos+0x1b2/0x310
[ 2650.296905][T23538]  __x64_sys_clone+0x289/0x310
[ 2650.301505][T23538]  ? __do_sys_vfork+0x130/0x130
[ 2650.306192][T23538]  ? fpregs_restore_userregs+0x1f0/0x3a0
[ 2650.311661][T23538]  ? switch_fpu_return+0xe/0x10
[ 2650.316348][T23538]  do_syscall_64+0x44/0xd0
[ 2650.320600][T23538]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2650.326329][T23538] RIP: 0033:0x7f5b7e88a639
[ 2650.330584][T23538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
09:48:19 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)

09:48:19 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xffff8000, 0x13, r0, 0x10000000)

09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000140)=0x2)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x8010, r0, 0x10000000)

09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x20000000, 0x13, r0, 0x10000000)

09:48:19 executing program 1:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x0, 0x4001, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:19 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'xfrm0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x20}, 0x800) (async, rerun: 64)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r0) (async, rerun: 64)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xc0, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xac, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xce}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x29c6186e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3c}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x201584bf}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x57}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x58f5f42a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4364ad77}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xad}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x485fbb83}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23c3f81d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x542d660f}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x691e0d9f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x463850de}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2952bc19}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1093c330}]}]}]}, 0xc0}}, 0x40c0)

09:48:19 executing program 1:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x0, 0x4001, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x0, 0x4001, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:19 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000140)=0x2)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x8010, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0) (async)
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000140)=0x2) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x8010, r0, 0x10000000) (async)

[ 2650.350022][T23538] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2650.358268][T23538] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2650.366077][T23538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2650.373891][T23538] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2650.381700][T23538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2650.389509][T23538] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2650.397328][T23538]  </TASK>
09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xffff8000, 0x13, r0, 0x10000000)

09:48:19 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xffffc000, 0x13, r0, 0x10000000)

09:48:19 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xffffc000, 0x13, r0, 0x10000000)

[ 2650.436551][T23580] FAULT_INJECTION: forcing a failure.
[ 2650.436551][T23580] name failslab, interval 1, probability 0, space 0, times 0
09:48:20 executing program 1:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x0, 0x4001, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

[ 2650.499489][T23580] CPU: 0 PID: 23580 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2650.510956][T23580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2650.520852][T23580] Call Trace:
[ 2650.523975][T23580]  <TASK>
[ 2650.526762][T23580]  dump_stack_lvl+0x151/0x1b7
[ 2650.531270][T23580]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2650.531289][T23580]  dump_stack+0x15/0x17
[ 2650.531299][T23580]  should_fail+0x3c0/0x510
[ 2650.531310][T23580]  __should_failslab+0x9f/0xe0
[ 2650.531322][T23580]  should_failslab+0x9/0x20
[ 2650.531331][T23580]  kmem_cache_alloc+0x4f/0x2f0
[ 2650.531341][T23580]  ? dup_mm+0x29/0x330
[ 2650.531351][T23580]  dup_mm+0x29/0x330
[ 2650.531360][T23580]  copy_mm+0x108/0x1b0
[ 2650.531370][T23580]  copy_process+0x1295/0x3250
[ 2650.531380][T23580]  ? proc_fail_nth_write+0x213/0x290
[ 2650.531391][T23580]  ? proc_fail_nth_read+0x220/0x220
[ 2650.531401][T23580]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2650.531410][T23580]  ? vfs_write+0x9af/0x1050
[ 2650.531421][T23580]  kernel_clone+0x22d/0x990
[ 2650.531429][T23580]  ? file_end_write+0x1b0/0x1b0
[ 2650.531440][T23580]  ? __kasan_check_write+0x14/0x20
[ 2650.531449][T23580]  ? create_io_thread+0x1e0/0x1e0
[ 2650.531458][T23580]  ? __mutex_lock_slowpath+0x10/0x10
[ 2650.531469][T23580]  __x64_sys_clone+0x289/0x310
[ 2650.531484][T23580]  ? __do_sys_vfork+0x130/0x130
[ 2650.531502][T23580]  ? debug_smp_processor_id+0x17/0x20
[ 2650.531520][T23580]  do_syscall_64+0x44/0xd0
[ 2650.531537][T23580]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2650.642497][T23580] RIP: 0033:0x7f5b7e88a639
[ 2650.646752][T23580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2650.666190][T23580] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2650.674432][T23580] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2650.682243][T23580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2650.690054][T23580] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:20 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)

09:48:20 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x161b80fff, 0x13, r0, 0x10000000)

09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x4c59, &(0x7f0000000000)={0x0, 0x0, 0x80}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000090)

09:48:20 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f00000013c0))
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = pidfd_getfd(r0, r1, 0x0)
process_madvise(r2, &(0x7f0000001380)=[{&(0x7f0000000280)="f5ad3af5afe6da4b7660901f8b1a0b22224705720c17a3354831b16599eece9bd89b524d8ead25bc312a319c884effca83ea563a50648771625c4f3edfa1cd3b5fd7b843433ea39b77449d835ce1f42dfbf169cf72149e0e78397a3d202398ea9b2e", 0x62}, {&(0x7f0000000300)="d1bb97d74aff76e00a164dcca18373a0227756a3637348e44630b45c51df5b2ff145cdcb1191b959886e7ff82b5cdd6c9a47538362c9d4184a6a6470e4ee825409a9692d4e3ae2f328c5d5ecf8a33f30a9a1e70c29", 0x55}, {&(0x7f0000000380)="83aaa3987d232d0c4bc102543b865aecc6ef44449caeb6fc0bcab7ca3558b7511b12bd0774708f08d5b364fdc2715caecc9a17ad36b91a0cf8eb71edd7b25cc40b75a4d6c4dbe0e4f1b5ba776f6467df6bbaea960c09eba4e6666c6495c731f4c3a0a52eb6e0a2a9c6487626263d4e6fd776a9bf08e6d693180ec38e4e3bd05f0f5771f2a0312450bfefd17b2dd3d2a4fdb48b83e8c871d23f5881f6c41a3873c71c8c6f72973589eba073f76f23a58c710907a031d97e1379cf8c6deda7e9289b5bd23f61c9122aa3a70da58c90deb887adf251a807d2af31a68272d3727765f952df027427b01b694b8b1abcef32ec083c0b6d5656c74faecd66fcb70d8f0a95d555dad2a2128e3b04e47afc692c5ff8937827640680707eb3318318b075f86527fa0f274a3e5ee297f2784b6cfd17ce7ef43145a1f43d1e96c7a66dfe93cdb402521cd30fc56074ee6152b55154a255028e96da10042c1fed05bc69b027eac41f7ee84a95666b479ae31798f69b5de6bc96f55b1e556bd8f725edcb04a11d59008dee4490695e8d4efea2fa1a85be5cba36310a17f6557634b224f7440aa7385faa38bddd7758ac8bcee287e4a6537eea3ed375e4a34d2c20e9a4a9d4bc945a0ce1a2f27e672b383500b69e8930382766dfbd969b1976b2140a69f5cb708086c30dc909eb4b1053cd1ec60f57cf585a264ed16c439ac5b977c3c495f9105585f3d7391cadab980a46a5b1fc2dee9a20e3a1f75e4542340692a747ed454d738facf0ca07c03572b64c7e4315d109fe67e520256b05b6d8a5361a54412085488233efd81fc8f5fee688c316e14ff1bb9389ee4bbf13406f015bfb8bb87ba2d74df99b0bb9071d4fee21414143c49cedd908641a9600917135ff6518704f48b770a4c40a65eb262b1e3df4e85f28b36eb870aec4a75e9c6149ff3cd65457df91330090fb0cebfce80b30ac22885f23756123f5b741a9825ebf18ef64a9b8d86af42318f5b3178e6995a34710e2f743940b04ccea88c912803afcc44ef26fe93f8f99597feebaebd8668390373dc76f6d351146f5927bbe8a69d4c3e3e147ca9674e696c068a1cd85652d6e32e83b85815f8c9409129ac0246797b39358e5568af5f22202c07070e5dc143733d8ccfdd52182fd98d2da70671838be52b68c37035147e7944c1b201f243151d643730d8e858da0452fe717a3cc4d857a2371598790e864c1eed1a27c73e6d5f7f4e5db9a6bc520ff123a789c031fa45af1b9bc0215d3188c64d55f74082877b0856e67173564d50aab5a2944c1e5e461e6f2f567710b8d81d36dbf1050ab52f128a8f93593c2966b0b11171bd611ed15d3b04ae795df0b404ca815c9f9a230875a4416bf268a19731308826661bb91131484149d9598f2107af2279fce399ebf69782d45fac6ca6396e50f610c18a7877b476ea7cce04a04d30ad46a1538b64ac7889b4880b3ba0ba50ceffaa54fd21807a4cfe08e412e868879c6f95a684e511d881d7df0d5b0b89dd9e623fae67e2cfe494d84992e4b07841deac33537ffcda985e592299f1853d8e6e1da97e8f6e7cf54c992825dc7bdf3db8022e971ff81a8120b7a6a32e0c2073006a80e1b2ec33c42586b465b9028c048ac2fe88163ba2cfbb724e836f984911bae05ab237db9d00ab7ea4a253df5d2a1580fcd85fcc5b1d7ae88f15f574c9514ddc16c4b360a6dca80462e2ece50722961053c185231d9709e23f0faf9a141de1a4ac95ebba1d7a3fc8663eb957f5f3933a1a455a3f03bc7f2cd0e435c9a6f1754719f0a10f316480961468bc1d64e93ce1b92b93b30e69ebdd0cac2978cad55699383059c6003a0f28f6c98a96d233475849dec5fb40f4b39dae45a2bb7509afa01f61eb741c106c8ad1649549f7388b24ca68a1dbbf46eb68395df24de8342a85498f81ae015741c5a79c06081f5a56b4607061bde2355d5291e1666da58b300e7b99c055767fe9c016d8d34a0327716e2bd464f07903a1879ed44f4620330afc567a7d31a4663fe086bd0ca469fb13bd237fdf9c12ddd983c78ea6b6ddce944245d52001f360a5f3f715521451e379050a742432bef4865eb0c4f2ee08aeac56425e17244ea9673b4f708865e77a0532373410f410f3fba31eb39f541d9887ef58788b789e3312f63d89bc530082e28a51cf1fc389b0f7e9c23ddf6cde866aea42c80ce0ee0308653afd603e334c31f6236b48df7a41a5f1919860cbc76a69ad6402fff733824e8ce73d76ba5aa773ac83a95dd20b9ef4cc273e1adeb8582eabf654e11990362168363e0e4f7e857adbe8d4e43e168b0bd9c0d33cb068de5a01196d91e2283f235636a4d9def541fad5a5008ee22e0857c8cd61d45d27a189b10c93b734e50ddbeb1a8394b797fedf4e5fc67757d9f2bf628a88424a32d808cd2ba2de4c915f66f1b9940a85e485c0b2d965cd4a8314285c9715117287525df9f6cd5057f6d48b3ab479c78ee29361aaee6899b9e3fa1ba5beaf18d187925a6fe46f0fadf4bc7290456292fc7e231984c7b834e686191ba20c32fe75a44e5ef94f053fc69031c56accbf22d68f6496bebbc7fb1a87f7f54764da97844c24e0de9c1f255649aa1a0c304ae056bf6aa473f2ce31f3b3b2bf1f612cf72dbbdffe9dad34a88f369c250924e35b8fb7e539e7d78a17ef837c133e146fb6c924d52eb30c32aae47825b402935b6a0ef3a036a3dfef58e2e6dbdcd1abe9505ed8a4e20a3780749b028a93292d52bbcb85a2c65419ae7f767bc06605491cc18cebb28428cde16488bf1bc856fe808051a4999c793d8d60c071fea1f8e31001a00124844c5ca9bb43ba7ce44f356a6f249a08c089de5bbdc95ba86c1a1f03cff7b1fd9fc8255baa3e2023ea9262bb5372dc9b4f7ddfb40b127bde403a2efc1960cb12656f59e7ba38573c0d12c76e4740691d43697d7347eebb1680763fbf9d3b853bbad91cc2fc39c3ef2334c7fd407efe51572812ad03365a454d28cfcf9f0def4749fcfc7e36d026d6b8eca91d7ff7b0ae5a405cbcf832403e75f746f4402a0612df8cafe47b05f29be14e2b749dfa1556db422e451215361e17459b042731695d5daaa6cfe69c752558c41f2293baf64c5175b385528029f746ca6748316413b45ebca8fac80fbcad28ac43475c3002669e6cfda21f8b13caf5893a2b40f93ffe9aa5e6df7f890fa544d8adbcef06f1fbfa295cdb9be95c0235a1a109c786c623b9cd1d8580a2c73783869db3bb57e6913bef8e9cb37430ef86651aa505864ae5687b20be009c61e2dff9de29720de69bc54ed527224d5c8f88a437e8d0cea2b7174a26cdcb3ec3365144f0073e8fcef6d69941a68cd023df94d1e3e0cec81148c13b87124b07f2cce5929b52bc0d2108cc01a52164cce94278b52f979324460fa7a9558c738864059932b669dacf8e9cd18b54ab0ef2fde7e34628c2f8ea1f0635675143ab5bcf402a57908b5ae69c1dd14068d8c39a5f2444c9f106405f9af4d9feaa6c04992c5ef07badb2c7e9595dac3646b0ea5b8bcfdb4d1bfa10811531199aaf989697a0c7cd88e4a43a349966927a953fc25664ec86f0b20e1bb7abd40631b9c1669e63ef3b63046cd55d399c77c37b9d0bfc733d4cdc936f30a70a6ab9f9c0f315629ff94674f5ab06aa2fe75e95f8818e729b13ebc319efc983226ad821f8907aecba30cebe1e970d7ac76340e595e49726e72f507048bffee07d5ebefbf4ebd4ad040e72079d37539b6360c690ff8224c6d632f7048eb4b3872f967825f96f69cbf8f655401366e7fc418979151c9d7b3eaef47bd8f243a5600b4975fe4e40d4c2e2112cab436931f74b662e48045489f5a11c78ea272f894a2de60acdceafb8ea710810edd7610df10de53536aba29e44c79256477feddcce0c28ea5c1ab1b6dce76d0e06b1a9f435d7e07337efb1bddca5c81d689d0be5a381e711494a7bdc378bcda0961355c90203fd59b9b70c519085bab992ab35d0f911884920ce43acb8a99be99013ff9f430d98d7b7abe08e292d858270a036944698ba8d3575781a8e27dfec897008e6cb7f2c9434fd8479c6eeefe27fc7e61dd3ae81305e7b26976e6e7aa5fe23f407e571b93e4d98a860159c9a739cac92cdae70cbdbe74ef02e96b9b63cd52e00c2aa12e4e54d4d2bacb64b81aa8d28f4359ab358d3afe2e7dc3e74f0396bd020d36456e1e2b794db21089286f3009c122153300ca1b55a5f6c8cb286bf144ce33cba42e9f7bfff236ca22cf9bd30856a954400a58e8ac32f2b025a60d50cb14abd6b5aeda43ef719a4b4c4dab326c9ba94033c0d57d48b8b1d8d2cc02fadf3e7e271b153377a120e162b6bc08791ac53b553f6edebf415cba57def86265755632f2a56bdbe9fe1b8af287874e8f59a3470b4742733775042783ee0eb1e6724da6b3dad3b25127537ce8f6aaed0ae978bb0829f855e4e066422edb61a42e6dcad4357602644bbfb77230aabab47495d54ab12503ba30f30ae1af00ed31f6947b33ced85df61d478dd72b9aaa57956b4f783e504fb16ddedc80866f70a3fb924367f0cfdf44e69848a0eb36dc560822bdf1150c315edd79379883517148e8047efbd94b3f69da1478f2632bfb98b4dc8f06a5c40cb0fe12f58ef55988239d0a77d66d6dd79caab183e5dc9f6c639d75056bac8a4d0dbf28fcbdc96c5e186069ffba1df796a556c391580bea9a5ba46cd7d221067cc20f629daf887237cbe6f02ba54b3393c149796a4106d1045cd964532213b533109d941a8858695867b9aaf8e6a58a4e76f23391e1f2e070e53ab630a7dfd14ce747f9e416f4a4d1b44e404509dc48ff93f155a57f4a8987fbcfe2cad9654dfb94712ff982fcca6954b6b48fc97a8bb27e35eefced738858153bf9fdbf9d5a81314d74c835b9a99972ef95f9bb3031199200462578ee746d97a079f420a1d8e3e52c9901be86d2e03c3948623b48309f153768ff38f14cf8ab12b23059e2e508fedec916625dff8fc8ea94e8b9a7d4136185d1ccc1f2ae7330f52c4dd082a3fa119bd82e47cd2ca303219f823cb01aa878870dda0d47f1db8f21218c15ed1ec2b1fbfbb9592333558b9f72a0a3774fa5f7c1029867d1570e0bd43d997fe5568c7b6d7b6c1b66adde5427ee1029d8c18f76000e2f65d5a5158bd35454391a665fccbfabe46ab4bee26ac4793558c2f504c48967da46cdb1ad4bce147c9a494a26bed44d0ffc5e43eced702514bc7fd129e4938cb9ec0a8318f8ad59fc9a10bcfeeaf439167fdc823a3f8789a0b09a700dd358a0f0b12c6497a45b685102e52886fe726688535450199b056a4d2996a33d2ea4e30b3169418755d10e9213604cebd0094249af39de7dee3f8ee5ff3240db25456ca142fd075625343a0d270af685813f6151523063526fc339933ea062e7e1aae378197da983ab25de919748e17986f2bfa55d5eb939c4939f1c65602d889cc574ee1d851ecc09682f7845678300a409b7908ec1597aac164c1407edbcf3362df16149bbd3117cc92d59bcb425cf4f9efdccf8d233bd75f4d30e7130b00bb58f5003f0544e1986d79c4c565f3eb71426261662b9057d933bf9b9c8cddd0b6f383f8e16cd629fc651c3482771b2e2c779ad15125562ebd1a3a540a1245f32f11d851b08604c6775f5b8307f82e65854cd3db7e555fe18e5e5a1712d4ae4bc785317e6d3dddc4be87ecf44b3779138af5e9e6607fbd2953d0960d80d9e13cb20be0530bc3891f3b8e83d4d835ab47128990ea25aec977a46ba2e", 0x1000}], 0x3, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x4000050, r0, 0x10000000)
getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000200), &(0x7f0000000240)=0x10)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:20 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000140)=0x2) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x8010, r0, 0x10000000) (rerun: 64)

09:48:20 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x161b80fff, 0x13, r0, 0x10000000)

09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x4c59, &(0x7f0000000000)={0x0, 0x0, 0x80}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000090)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x4c59, &(0x7f0000000000)={0x0, 0x0, 0x80}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000090) (async)

09:48:20 executing program 5:
r0 = syz_io_uring_setup(0x6bb4, &(0x7f0000000000)={0x0, 0x1607, 0x0, 0x0, 0x65}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2650.697865][T23580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2650.705677][T23580] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2650.713493][T23580]  </TASK>
09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x4c59, &(0x7f0000000000)={0x0, 0x0, 0x80}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000090)

[ 2650.756172][T23627] FAULT_INJECTION: forcing a failure.
[ 2650.756172][T23627] name failslab, interval 1, probability 0, space 0, times 0
[ 2650.777906][T23627] CPU: 1 PID: 23627 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2650.789356][T23627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2650.799249][T23627] Call Trace:
[ 2650.802374][T23627]  <TASK>
09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x40001a62, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x97}, &(0x7f0000003000/0x1000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x40001a62, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x97}, &(0x7f0000003000/0x1000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:20 executing program 5:
r0 = syz_io_uring_setup(0x6bb4, &(0x7f0000000000)={0x0, 0x1607, 0x0, 0x0, 0x65}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2650.805153][T23627]  dump_stack_lvl+0x151/0x1b7
[ 2650.809666][T23627]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2650.814968][T23627]  dump_stack+0x15/0x17
[ 2650.818953][T23627]  should_fail+0x3c0/0x510
[ 2650.823204][T23627]  __should_failslab+0x9f/0xe0
[ 2650.827855][T23627]  should_failslab+0x9/0x20
[ 2650.832151][T23627]  kmem_cache_alloc+0x4f/0x2f0
[ 2650.836738][T23627]  ? dup_mm+0x29/0x330
[ 2650.840646][T23627]  dup_mm+0x29/0x330
[ 2650.844377][T23627]  copy_mm+0x108/0x1b0
[ 2650.848284][T23627]  copy_process+0x1295/0x3250
[ 2650.852795][T23627]  ? proc_fail_nth_write+0x213/0x290
[ 2650.857915][T23627]  ? proc_fail_nth_read+0x220/0x220
[ 2650.862952][T23627]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2650.867897][T23627]  ? vfs_write+0x9af/0x1050
[ 2650.872235][T23627]  kernel_clone+0x22d/0x990
[ 2650.876575][T23627]  ? file_end_write+0x1b0/0x1b0
[ 2650.881263][T23627]  ? __kasan_check_write+0x14/0x20
[ 2650.886209][T23627]  ? create_io_thread+0x1e0/0x1e0
[ 2650.891069][T23627]  ? __mutex_lock_slowpath+0x10/0x10
[ 2650.896190][T23627]  __x64_sys_clone+0x289/0x310
[ 2650.900793][T23627]  ? __do_sys_vfork+0x130/0x130
[ 2650.905490][T23627]  ? debug_smp_processor_id+0x17/0x20
[ 2650.910690][T23627]  do_syscall_64+0x44/0xd0
[ 2650.914948][T23627]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2650.920665][T23627] RIP: 0033:0x7f5b7e88a639
[ 2650.924924][T23627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2650.944362][T23627] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:20 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)

09:48:20 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10000000000, 0x13, r0, 0x10000000)

09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x40001a62, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x97}, &(0x7f0000003000/0x1000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:20 executing program 5:
r0 = syz_io_uring_setup(0x6bb4, &(0x7f0000000000)={0x0, 0x1607, 0x0, 0x0, 0x65}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:20 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10000000000, 0x13, r0, 0x10000000)

09:48:20 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f00000013c0))
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = pidfd_getfd(r0, r1, 0x0)
process_madvise(r2, &(0x7f0000001380)=[{&(0x7f0000000280)="f5ad3af5afe6da4b7660901f8b1a0b22224705720c17a3354831b16599eece9bd89b524d8ead25bc312a319c884effca83ea563a50648771625c4f3edfa1cd3b5fd7b843433ea39b77449d835ce1f42dfbf169cf72149e0e78397a3d202398ea9b2e", 0x62}, {&(0x7f0000000300)="d1bb97d74aff76e00a164dcca18373a0227756a3637348e44630b45c51df5b2ff145cdcb1191b959886e7ff82b5cdd6c9a47538362c9d4184a6a6470e4ee825409a9692d4e3ae2f328c5d5ecf8a33f30a9a1e70c29", 0x55}, {&(0x7f0000000380)="83aaa3987d232d0c4bc102543b865aecc6ef44449caeb6fc0bcab7ca3558b7511b12bd0774708f08d5b364fdc2715caecc9a17ad36b91a0cf8eb71edd7b25cc40b75a4d6c4dbe0e4f1b5ba776f6467df6bbaea960c09eba4e6666c6495c731f4c3a0a52eb6e0a2a9c6487626263d4e6fd776a9bf08e6d693180ec38e4e3bd05f0f5771f2a0312450bfefd17b2dd3d2a4fdb48b83e8c871d23f5881f6c41a3873c71c8c6f72973589eba073f76f23a58c710907a031d97e1379cf8c6deda7e9289b5bd23f61c9122aa3a70da58c90deb887adf251a807d2af31a68272d3727765f952df027427b01b694b8b1abcef32ec083c0b6d5656c74faecd66fcb70d8f0a95d555dad2a2128e3b04e47afc692c5ff8937827640680707eb3318318b075f86527fa0f274a3e5ee297f2784b6cfd17ce7ef43145a1f43d1e96c7a66dfe93cdb402521cd30fc56074ee6152b55154a255028e96da10042c1fed05bc69b027eac41f7ee84a95666b479ae31798f69b5de6bc96f55b1e556bd8f725edcb04a11d59008dee4490695e8d4efea2fa1a85be5cba36310a17f6557634b224f7440aa7385faa38bddd7758ac8bcee287e4a6537eea3ed375e4a34d2c20e9a4a9d4bc945a0ce1a2f27e672b383500b69e8930382766dfbd969b1976b2140a69f5cb708086c30dc909eb4b1053cd1ec60f57cf585a264ed16c439ac5b977c3c495f9105585f3d7391cadab980a46a5b1fc2dee9a20e3a1f75e4542340692a747ed454d738facf0ca07c03572b64c7e4315d109fe67e520256b05b6d8a5361a54412085488233efd81fc8f5fee688c316e14ff1bb9389ee4bbf13406f015bfb8bb87ba2d74df99b0bb9071d4fee21414143c49cedd908641a9600917135ff6518704f48b770a4c40a65eb262b1e3df4e85f28b36eb870aec4a75e9c6149ff3cd65457df91330090fb0cebfce80b30ac22885f23756123f5b741a9825ebf18ef64a9b8d86af42318f5b3178e6995a34710e2f743940b04ccea88c912803afcc44ef26fe93f8f99597feebaebd8668390373dc76f6d351146f5927bbe8a69d4c3e3e147ca9674e696c068a1cd85652d6e32e83b85815f8c9409129ac0246797b39358e5568af5f22202c07070e5dc143733d8ccfdd52182fd98d2da70671838be52b68c37035147e7944c1b201f243151d643730d8e858da0452fe717a3cc4d857a2371598790e864c1eed1a27c73e6d5f7f4e5db9a6bc520ff123a789c031fa45af1b9bc0215d3188c64d55f74082877b0856e67173564d50aab5a2944c1e5e461e6f2f567710b8d81d36dbf1050ab52f128a8f93593c2966b0b11171bd611ed15d3b04ae795df0b404ca815c9f9a230875a4416bf268a19731308826661bb91131484149d9598f2107af2279fce399ebf69782d45fac6ca6396e50f610c18a7877b476ea7cce04a04d30ad46a1538b64ac7889b4880b3ba0ba50ceffaa54fd21807a4cfe08e412e868879c6f95a684e511d881d7df0d5b0b89dd9e623fae67e2cfe494d84992e4b07841deac33537ffcda985e592299f1853d8e6e1da97e8f6e7cf54c992825dc7bdf3db8022e971ff81a8120b7a6a32e0c2073006a80e1b2ec33c42586b465b9028c048ac2fe88163ba2cfbb724e836f984911bae05ab237db9d00ab7ea4a253df5d2a1580fcd85fcc5b1d7ae88f15f574c9514ddc16c4b360a6dca80462e2ece50722961053c185231d9709e23f0faf9a141de1a4ac95ebba1d7a3fc8663eb957f5f3933a1a455a3f03bc7f2cd0e435c9a6f1754719f0a10f316480961468bc1d64e93ce1b92b93b30e69ebdd0cac2978cad55699383059c6003a0f28f6c98a96d233475849dec5fb40f4b39dae45a2bb7509afa01f61eb741c106c8ad1649549f7388b24ca68a1dbbf46eb68395df24de8342a85498f81ae015741c5a79c06081f5a56b4607061bde2355d5291e1666da58b300e7b99c055767fe9c016d8d34a0327716e2bd464f07903a1879ed44f4620330afc567a7d31a4663fe086bd0ca469fb13bd237fdf9c12ddd983c78ea6b6ddce944245d52001f360a5f3f715521451e379050a742432bef4865eb0c4f2ee08aeac56425e17244ea9673b4f708865e77a0532373410f410f3fba31eb39f541d9887ef58788b789e3312f63d89bc530082e28a51cf1fc389b0f7e9c23ddf6cde866aea42c80ce0ee0308653afd603e334c31f6236b48df7a41a5f1919860cbc76a69ad6402fff733824e8ce73d76ba5aa773ac83a95dd20b9ef4cc273e1adeb8582eabf654e11990362168363e0e4f7e857adbe8d4e43e168b0bd9c0d33cb068de5a01196d91e2283f235636a4d9def541fad5a5008ee22e0857c8cd61d45d27a189b10c93b734e50ddbeb1a8394b797fedf4e5fc67757d9f2bf628a88424a32d808cd2ba2de4c915f66f1b9940a85e485c0b2d965cd4a8314285c9715117287525df9f6cd5057f6d48b3ab479c78ee29361aaee6899b9e3fa1ba5beaf18d187925a6fe46f0fadf4bc7290456292fc7e231984c7b834e686191ba20c32fe75a44e5ef94f053fc69031c56accbf22d68f6496bebbc7fb1a87f7f54764da97844c24e0de9c1f255649aa1a0c304ae056bf6aa473f2ce31f3b3b2bf1f612cf72dbbdffe9dad34a88f369c250924e35b8fb7e539e7d78a17ef837c133e146fb6c924d52eb30c32aae47825b402935b6a0ef3a036a3dfef58e2e6dbdcd1abe9505ed8a4e20a3780749b028a93292d52bbcb85a2c65419ae7f767bc06605491cc18cebb28428cde16488bf1bc856fe808051a4999c793d8d60c071fea1f8e31001a00124844c5ca9bb43ba7ce44f356a6f249a08c089de5bbdc95ba86c1a1f03cff7b1fd9fc8255baa3e2023ea9262bb5372dc9b4f7ddfb40b127bde403a2efc1960cb12656f59e7ba38573c0d12c76e4740691d43697d7347eebb1680763fbf9d3b853bbad91cc2fc39c3ef2334c7fd407efe51572812ad03365a454d28cfcf9f0def4749fcfc7e36d026d6b8eca91d7ff7b0ae5a405cbcf832403e75f746f4402a0612df8cafe47b05f29be14e2b749dfa1556db422e451215361e17459b042731695d5daaa6cfe69c752558c41f2293baf64c5175b385528029f746ca6748316413b45ebca8fac80fbcad28ac43475c3002669e6cfda21f8b13caf5893a2b40f93ffe9aa5e6df7f890fa544d8adbcef06f1fbfa295cdb9be95c0235a1a109c786c623b9cd1d8580a2c73783869db3bb57e6913bef8e9cb37430ef86651aa505864ae5687b20be009c61e2dff9de29720de69bc54ed527224d5c8f88a437e8d0cea2b7174a26cdcb3ec3365144f0073e8fcef6d69941a68cd023df94d1e3e0cec81148c13b87124b07f2cce5929b52bc0d2108cc01a52164cce94278b52f979324460fa7a9558c738864059932b669dacf8e9cd18b54ab0ef2fde7e34628c2f8ea1f0635675143ab5bcf402a57908b5ae69c1dd14068d8c39a5f2444c9f106405f9af4d9feaa6c04992c5ef07badb2c7e9595dac3646b0ea5b8bcfdb4d1bfa10811531199aaf989697a0c7cd88e4a43a349966927a953fc25664ec86f0b20e1bb7abd40631b9c1669e63ef3b63046cd55d399c77c37b9d0bfc733d4cdc936f30a70a6ab9f9c0f315629ff94674f5ab06aa2fe75e95f8818e729b13ebc319efc983226ad821f8907aecba30cebe1e970d7ac76340e595e49726e72f507048bffee07d5ebefbf4ebd4ad040e72079d37539b6360c690ff8224c6d632f7048eb4b3872f967825f96f69cbf8f655401366e7fc418979151c9d7b3eaef47bd8f243a5600b4975fe4e40d4c2e2112cab436931f74b662e48045489f5a11c78ea272f894a2de60acdceafb8ea710810edd7610df10de53536aba29e44c79256477feddcce0c28ea5c1ab1b6dce76d0e06b1a9f435d7e07337efb1bddca5c81d689d0be5a381e711494a7bdc378bcda0961355c90203fd59b9b70c519085bab992ab35d0f911884920ce43acb8a99be99013ff9f430d98d7b7abe08e292d858270a036944698ba8d3575781a8e27dfec897008e6cb7f2c9434fd8479c6eeefe27fc7e61dd3ae81305e7b26976e6e7aa5fe23f407e571b93e4d98a860159c9a739cac92cdae70cbdbe74ef02e96b9b63cd52e00c2aa12e4e54d4d2bacb64b81aa8d28f4359ab358d3afe2e7dc3e74f0396bd020d36456e1e2b794db21089286f3009c122153300ca1b55a5f6c8cb286bf144ce33cba42e9f7bfff236ca22cf9bd30856a954400a58e8ac32f2b025a60d50cb14abd6b5aeda43ef719a4b4c4dab326c9ba94033c0d57d48b8b1d8d2cc02fadf3e7e271b153377a120e162b6bc08791ac53b553f6edebf415cba57def86265755632f2a56bdbe9fe1b8af287874e8f59a3470b4742733775042783ee0eb1e6724da6b3dad3b25127537ce8f6aaed0ae978bb0829f855e4e066422edb61a42e6dcad4357602644bbfb77230aabab47495d54ab12503ba30f30ae1af00ed31f6947b33ced85df61d478dd72b9aaa57956b4f783e504fb16ddedc80866f70a3fb924367f0cfdf44e69848a0eb36dc560822bdf1150c315edd79379883517148e8047efbd94b3f69da1478f2632bfb98b4dc8f06a5c40cb0fe12f58ef55988239d0a77d66d6dd79caab183e5dc9f6c639d75056bac8a4d0dbf28fcbdc96c5e186069ffba1df796a556c391580bea9a5ba46cd7d221067cc20f629daf887237cbe6f02ba54b3393c149796a4106d1045cd964532213b533109d941a8858695867b9aaf8e6a58a4e76f23391e1f2e070e53ab630a7dfd14ce747f9e416f4a4d1b44e404509dc48ff93f155a57f4a8987fbcfe2cad9654dfb94712ff982fcca6954b6b48fc97a8bb27e35eefced738858153bf9fdbf9d5a81314d74c835b9a99972ef95f9bb3031199200462578ee746d97a079f420a1d8e3e52c9901be86d2e03c3948623b48309f153768ff38f14cf8ab12b23059e2e508fedec916625dff8fc8ea94e8b9a7d4136185d1ccc1f2ae7330f52c4dd082a3fa119bd82e47cd2ca303219f823cb01aa878870dda0d47f1db8f21218c15ed1ec2b1fbfbb9592333558b9f72a0a3774fa5f7c1029867d1570e0bd43d997fe5568c7b6d7b6c1b66adde5427ee1029d8c18f76000e2f65d5a5158bd35454391a665fccbfabe46ab4bee26ac4793558c2f504c48967da46cdb1ad4bce147c9a494a26bed44d0ffc5e43eced702514bc7fd129e4938cb9ec0a8318f8ad59fc9a10bcfeeaf439167fdc823a3f8789a0b09a700dd358a0f0b12c6497a45b685102e52886fe726688535450199b056a4d2996a33d2ea4e30b3169418755d10e9213604cebd0094249af39de7dee3f8ee5ff3240db25456ca142fd075625343a0d270af685813f6151523063526fc339933ea062e7e1aae378197da983ab25de919748e17986f2bfa55d5eb939c4939f1c65602d889cc574ee1d851ecc09682f7845678300a409b7908ec1597aac164c1407edbcf3362df16149bbd3117cc92d59bcb425cf4f9efdccf8d233bd75f4d30e7130b00bb58f5003f0544e1986d79c4c565f3eb71426261662b9057d933bf9b9c8cddd0b6f383f8e16cd629fc651c3482771b2e2c779ad15125562ebd1a3a540a1245f32f11d851b08604c6775f5b8307f82e65854cd3db7e555fe18e5e5a1712d4ae4bc785317e6d3dddc4be87ecf44b3779138af5e9e6607fbd2953d0960d80d9e13cb20be0530bc3891f3b8e83d4d835ab47128990ea25aec977a46ba2e", 0x1000}], 0x3, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x4000050, r0, 0x10000000)
getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000200), &(0x7f0000000240)=0x10)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f00000013c0)) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
pidfd_getfd(r0, r1, 0x0) (async)
process_madvise(r2, &(0x7f0000001380)=[{&(0x7f0000000280)="f5ad3af5afe6da4b7660901f8b1a0b22224705720c17a3354831b16599eece9bd89b524d8ead25bc312a319c884effca83ea563a50648771625c4f3edfa1cd3b5fd7b843433ea39b77449d835ce1f42dfbf169cf72149e0e78397a3d202398ea9b2e", 0x62}, {&(0x7f0000000300)="d1bb97d74aff76e00a164dcca18373a0227756a3637348e44630b45c51df5b2ff145cdcb1191b959886e7ff82b5cdd6c9a47538362c9d4184a6a6470e4ee825409a9692d4e3ae2f328c5d5ecf8a33f30a9a1e70c29", 0x55}, {&(0x7f0000000380)="83aaa3987d232d0c4bc102543b865aecc6ef44449caeb6fc0bcab7ca3558b7511b12bd0774708f08d5b364fdc2715caecc9a17ad36b91a0cf8eb71edd7b25cc40b75a4d6c4dbe0e4f1b5ba776f6467df6bbaea960c09eba4e6666c6495c731f4c3a0a52eb6e0a2a9c6487626263d4e6fd776a9bf08e6d693180ec38e4e3bd05f0f5771f2a0312450bfefd17b2dd3d2a4fdb48b83e8c871d23f5881f6c41a3873c71c8c6f72973589eba073f76f23a58c710907a031d97e1379cf8c6deda7e9289b5bd23f61c9122aa3a70da58c90deb887adf251a807d2af31a68272d3727765f952df027427b01b694b8b1abcef32ec083c0b6d5656c74faecd66fcb70d8f0a95d555dad2a2128e3b04e47afc692c5ff8937827640680707eb3318318b075f86527fa0f274a3e5ee297f2784b6cfd17ce7ef43145a1f43d1e96c7a66dfe93cdb402521cd30fc56074ee6152b55154a255028e96da10042c1fed05bc69b027eac41f7ee84a95666b479ae31798f69b5de6bc96f55b1e556bd8f725edcb04a11d59008dee4490695e8d4efea2fa1a85be5cba36310a17f6557634b224f7440aa7385faa38bddd7758ac8bcee287e4a6537eea3ed375e4a34d2c20e9a4a9d4bc945a0ce1a2f27e672b383500b69e8930382766dfbd969b1976b2140a69f5cb708086c30dc909eb4b1053cd1ec60f57cf585a264ed16c439ac5b977c3c495f9105585f3d7391cadab980a46a5b1fc2dee9a20e3a1f75e4542340692a747ed454d738facf0ca07c03572b64c7e4315d109fe67e520256b05b6d8a5361a54412085488233efd81fc8f5fee688c316e14ff1bb9389ee4bbf13406f015bfb8bb87ba2d74df99b0bb9071d4fee21414143c49cedd908641a9600917135ff6518704f48b770a4c40a65eb262b1e3df4e85f28b36eb870aec4a75e9c6149ff3cd65457df91330090fb0cebfce80b30ac22885f23756123f5b741a9825ebf18ef64a9b8d86af42318f5b3178e6995a34710e2f743940b04ccea88c912803afcc44ef26fe93f8f99597feebaebd8668390373dc76f6d351146f5927bbe8a69d4c3e3e147ca9674e696c068a1cd85652d6e32e83b85815f8c9409129ac0246797b39358e5568af5f22202c07070e5dc143733d8ccfdd52182fd98d2da70671838be52b68c37035147e7944c1b201f243151d643730d8e858da0452fe717a3cc4d857a2371598790e864c1eed1a27c73e6d5f7f4e5db9a6bc520ff123a789c031fa45af1b9bc0215d3188c64d55f74082877b0856e67173564d50aab5a2944c1e5e461e6f2f567710b8d81d36dbf1050ab52f128a8f93593c2966b0b11171bd611ed15d3b04ae795df0b404ca815c9f9a230875a4416bf268a19731308826661bb91131484149d9598f2107af2279fce399ebf69782d45fac6ca6396e50f610c18a7877b476ea7cce04a04d30ad46a1538b64ac7889b4880b3ba0ba50ceffaa54fd21807a4cfe08e412e868879c6f95a684e511d881d7df0d5b0b89dd9e623fae67e2cfe494d84992e4b07841deac33537ffcda985e592299f1853d8e6e1da97e8f6e7cf54c992825dc7bdf3db8022e971ff81a8120b7a6a32e0c2073006a80e1b2ec33c42586b465b9028c048ac2fe88163ba2cfbb724e836f984911bae05ab237db9d00ab7ea4a253df5d2a1580fcd85fcc5b1d7ae88f15f574c9514ddc16c4b360a6dca80462e2ece50722961053c185231d9709e23f0faf9a141de1a4ac95ebba1d7a3fc8663eb957f5f3933a1a455a3f03bc7f2cd0e435c9a6f1754719f0a10f316480961468bc1d64e93ce1b92b93b30e69ebdd0cac2978cad55699383059c6003a0f28f6c98a96d233475849dec5fb40f4b39dae45a2bb7509afa01f61eb741c106c8ad1649549f7388b24ca68a1dbbf46eb68395df24de8342a85498f81ae015741c5a79c06081f5a56b4607061bde2355d5291e1666da58b300e7b99c055767fe9c016d8d34a0327716e2bd464f07903a1879ed44f4620330afc567a7d31a4663fe086bd0ca469fb13bd237fdf9c12ddd983c78ea6b6ddce944245d52001f360a5f3f715521451e379050a742432bef4865eb0c4f2ee08aeac56425e17244ea9673b4f708865e77a0532373410f410f3fba31eb39f541d9887ef58788b789e3312f63d89bc530082e28a51cf1fc389b0f7e9c23ddf6cde866aea42c80ce0ee0308653afd603e334c31f6236b48df7a41a5f1919860cbc76a69ad6402fff733824e8ce73d76ba5aa773ac83a95dd20b9ef4cc273e1adeb8582eabf654e11990362168363e0e4f7e857adbe8d4e43e168b0bd9c0d33cb068de5a01196d91e2283f235636a4d9def541fad5a5008ee22e0857c8cd61d45d27a189b10c93b734e50ddbeb1a8394b797fedf4e5fc67757d9f2bf628a88424a32d808cd2ba2de4c915f66f1b9940a85e485c0b2d965cd4a8314285c9715117287525df9f6cd5057f6d48b3ab479c78ee29361aaee6899b9e3fa1ba5beaf18d187925a6fe46f0fadf4bc7290456292fc7e231984c7b834e686191ba20c32fe75a44e5ef94f053fc69031c56accbf22d68f6496bebbc7fb1a87f7f54764da97844c24e0de9c1f255649aa1a0c304ae056bf6aa473f2ce31f3b3b2bf1f612cf72dbbdffe9dad34a88f369c250924e35b8fb7e539e7d78a17ef837c133e146fb6c924d52eb30c32aae47825b402935b6a0ef3a036a3dfef58e2e6dbdcd1abe9505ed8a4e20a3780749b028a93292d52bbcb85a2c65419ae7f767bc06605491cc18cebb28428cde16488bf1bc856fe808051a4999c793d8d60c071fea1f8e31001a00124844c5ca9bb43ba7ce44f356a6f249a08c089de5bbdc95ba86c1a1f03cff7b1fd9fc8255baa3e2023ea9262bb5372dc9b4f7ddfb40b127bde403a2efc1960cb12656f59e7ba38573c0d12c76e4740691d43697d7347eebb1680763fbf9d3b853bbad91cc2fc39c3ef2334c7fd407efe51572812ad03365a454d28cfcf9f0def4749fcfc7e36d026d6b8eca91d7ff7b0ae5a405cbcf832403e75f746f4402a0612df8cafe47b05f29be14e2b749dfa1556db422e451215361e17459b042731695d5daaa6cfe69c752558c41f2293baf64c5175b385528029f746ca6748316413b45ebca8fac80fbcad28ac43475c3002669e6cfda21f8b13caf5893a2b40f93ffe9aa5e6df7f890fa544d8adbcef06f1fbfa295cdb9be95c0235a1a109c786c623b9cd1d8580a2c73783869db3bb57e6913bef8e9cb37430ef86651aa505864ae5687b20be009c61e2dff9de29720de69bc54ed527224d5c8f88a437e8d0cea2b7174a26cdcb3ec3365144f0073e8fcef6d69941a68cd023df94d1e3e0cec81148c13b87124b07f2cce5929b52bc0d2108cc01a52164cce94278b52f979324460fa7a9558c738864059932b669dacf8e9cd18b54ab0ef2fde7e34628c2f8ea1f0635675143ab5bcf402a57908b5ae69c1dd14068d8c39a5f2444c9f106405f9af4d9feaa6c04992c5ef07badb2c7e9595dac3646b0ea5b8bcfdb4d1bfa10811531199aaf989697a0c7cd88e4a43a349966927a953fc25664ec86f0b20e1bb7abd40631b9c1669e63ef3b63046cd55d399c77c37b9d0bfc733d4cdc936f30a70a6ab9f9c0f315629ff94674f5ab06aa2fe75e95f8818e729b13ebc319efc983226ad821f8907aecba30cebe1e970d7ac76340e595e49726e72f507048bffee07d5ebefbf4ebd4ad040e72079d37539b6360c690ff8224c6d632f7048eb4b3872f967825f96f69cbf8f655401366e7fc418979151c9d7b3eaef47bd8f243a5600b4975fe4e40d4c2e2112cab436931f74b662e48045489f5a11c78ea272f894a2de60acdceafb8ea710810edd7610df10de53536aba29e44c79256477feddcce0c28ea5c1ab1b6dce76d0e06b1a9f435d7e07337efb1bddca5c81d689d0be5a381e711494a7bdc378bcda0961355c90203fd59b9b70c519085bab992ab35d0f911884920ce43acb8a99be99013ff9f430d98d7b7abe08e292d858270a036944698ba8d3575781a8e27dfec897008e6cb7f2c9434fd8479c6eeefe27fc7e61dd3ae81305e7b26976e6e7aa5fe23f407e571b93e4d98a860159c9a739cac92cdae70cbdbe74ef02e96b9b63cd52e00c2aa12e4e54d4d2bacb64b81aa8d28f4359ab358d3afe2e7dc3e74f0396bd020d36456e1e2b794db21089286f3009c122153300ca1b55a5f6c8cb286bf144ce33cba42e9f7bfff236ca22cf9bd30856a954400a58e8ac32f2b025a60d50cb14abd6b5aeda43ef719a4b4c4dab326c9ba94033c0d57d48b8b1d8d2cc02fadf3e7e271b153377a120e162b6bc08791ac53b553f6edebf415cba57def86265755632f2a56bdbe9fe1b8af287874e8f59a3470b4742733775042783ee0eb1e6724da6b3dad3b25127537ce8f6aaed0ae978bb0829f855e4e066422edb61a42e6dcad4357602644bbfb77230aabab47495d54ab12503ba30f30ae1af00ed31f6947b33ced85df61d478dd72b9aaa57956b4f783e504fb16ddedc80866f70a3fb924367f0cfdf44e69848a0eb36dc560822bdf1150c315edd79379883517148e8047efbd94b3f69da1478f2632bfb98b4dc8f06a5c40cb0fe12f58ef55988239d0a77d66d6dd79caab183e5dc9f6c639d75056bac8a4d0dbf28fcbdc96c5e186069ffba1df796a556c391580bea9a5ba46cd7d221067cc20f629daf887237cbe6f02ba54b3393c149796a4106d1045cd964532213b533109d941a8858695867b9aaf8e6a58a4e76f23391e1f2e070e53ab630a7dfd14ce747f9e416f4a4d1b44e404509dc48ff93f155a57f4a8987fbcfe2cad9654dfb94712ff982fcca6954b6b48fc97a8bb27e35eefced738858153bf9fdbf9d5a81314d74c835b9a99972ef95f9bb3031199200462578ee746d97a079f420a1d8e3e52c9901be86d2e03c3948623b48309f153768ff38f14cf8ab12b23059e2e508fedec916625dff8fc8ea94e8b9a7d4136185d1ccc1f2ae7330f52c4dd082a3fa119bd82e47cd2ca303219f823cb01aa878870dda0d47f1db8f21218c15ed1ec2b1fbfbb9592333558b9f72a0a3774fa5f7c1029867d1570e0bd43d997fe5568c7b6d7b6c1b66adde5427ee1029d8c18f76000e2f65d5a5158bd35454391a665fccbfabe46ab4bee26ac4793558c2f504c48967da46cdb1ad4bce147c9a494a26bed44d0ffc5e43eced702514bc7fd129e4938cb9ec0a8318f8ad59fc9a10bcfeeaf439167fdc823a3f8789a0b09a700dd358a0f0b12c6497a45b685102e52886fe726688535450199b056a4d2996a33d2ea4e30b3169418755d10e9213604cebd0094249af39de7dee3f8ee5ff3240db25456ca142fd075625343a0d270af685813f6151523063526fc339933ea062e7e1aae378197da983ab25de919748e17986f2bfa55d5eb939c4939f1c65602d889cc574ee1d851ecc09682f7845678300a409b7908ec1597aac164c1407edbcf3362df16149bbd3117cc92d59bcb425cf4f9efdccf8d233bd75f4d30e7130b00bb58f5003f0544e1986d79c4c565f3eb71426261662b9057d933bf9b9c8cddd0b6f383f8e16cd629fc651c3482771b2e2c779ad15125562ebd1a3a540a1245f32f11d851b08604c6775f5b8307f82e65854cd3db7e555fe18e5e5a1712d4ae4bc785317e6d3dddc4be87ecf44b3779138af5e9e6607fbd2953d0960d80d9e13cb20be0530bc3891f3b8e83d4d835ab47128990ea25aec977a46ba2e", 0x1000}], 0x3, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x4000050, r0, 0x10000000) (async)
getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000200), &(0x7f0000000240)=0x10) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, &(0x7f0000000100)=0x1)

09:48:20 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x80010, r0, 0x10000000)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x4200, 0x0)

09:48:20 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000000000, 0x13, r0, 0x10000000)

[ 2650.952605][T23627] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2650.960416][T23627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2650.968231][T23627] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2650.976037][T23627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2650.983848][T23627] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2650.991664][T23627]  </TASK>
09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, &(0x7f0000000100)=0x1)

09:48:20 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f00000013c0))
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = pidfd_getfd(r0, r1, 0x0)
process_madvise(r2, &(0x7f0000001380)=[{&(0x7f0000000280)="f5ad3af5afe6da4b7660901f8b1a0b22224705720c17a3354831b16599eece9bd89b524d8ead25bc312a319c884effca83ea563a50648771625c4f3edfa1cd3b5fd7b843433ea39b77449d835ce1f42dfbf169cf72149e0e78397a3d202398ea9b2e", 0x62}, {&(0x7f0000000300)="d1bb97d74aff76e00a164dcca18373a0227756a3637348e44630b45c51df5b2ff145cdcb1191b959886e7ff82b5cdd6c9a47538362c9d4184a6a6470e4ee825409a9692d4e3ae2f328c5d5ecf8a33f30a9a1e70c29", 0x55}, {&(0x7f0000000380)="83aaa3987d232d0c4bc102543b865aecc6ef44449caeb6fc0bcab7ca3558b7511b12bd0774708f08d5b364fdc2715caecc9a17ad36b91a0cf8eb71edd7b25cc40b75a4d6c4dbe0e4f1b5ba776f6467df6bbaea960c09eba4e6666c6495c731f4c3a0a52eb6e0a2a9c6487626263d4e6fd776a9bf08e6d693180ec38e4e3bd05f0f5771f2a0312450bfefd17b2dd3d2a4fdb48b83e8c871d23f5881f6c41a3873c71c8c6f72973589eba073f76f23a58c710907a031d97e1379cf8c6deda7e9289b5bd23f61c9122aa3a70da58c90deb887adf251a807d2af31a68272d3727765f952df027427b01b694b8b1abcef32ec083c0b6d5656c74faecd66fcb70d8f0a95d555dad2a2128e3b04e47afc692c5ff8937827640680707eb3318318b075f86527fa0f274a3e5ee297f2784b6cfd17ce7ef43145a1f43d1e96c7a66dfe93cdb402521cd30fc56074ee6152b55154a255028e96da10042c1fed05bc69b027eac41f7ee84a95666b479ae31798f69b5de6bc96f55b1e556bd8f725edcb04a11d59008dee4490695e8d4efea2fa1a85be5cba36310a17f6557634b224f7440aa7385faa38bddd7758ac8bcee287e4a6537eea3ed375e4a34d2c20e9a4a9d4bc945a0ce1a2f27e672b383500b69e8930382766dfbd969b1976b2140a69f5cb708086c30dc909eb4b1053cd1ec60f57cf585a264ed16c439ac5b977c3c495f9105585f3d7391cadab980a46a5b1fc2dee9a20e3a1f75e4542340692a747ed454d738facf0ca07c03572b64c7e4315d109fe67e520256b05b6d8a5361a54412085488233efd81fc8f5fee688c316e14ff1bb9389ee4bbf13406f015bfb8bb87ba2d74df99b0bb9071d4fee21414143c49cedd908641a9600917135ff6518704f48b770a4c40a65eb262b1e3df4e85f28b36eb870aec4a75e9c6149ff3cd65457df91330090fb0cebfce80b30ac22885f23756123f5b741a9825ebf18ef64a9b8d86af42318f5b3178e6995a34710e2f743940b04ccea88c912803afcc44ef26fe93f8f99597feebaebd8668390373dc76f6d351146f5927bbe8a69d4c3e3e147ca9674e696c068a1cd85652d6e32e83b85815f8c9409129ac0246797b39358e5568af5f22202c07070e5dc143733d8ccfdd52182fd98d2da70671838be52b68c37035147e7944c1b201f243151d643730d8e858da0452fe717a3cc4d857a2371598790e864c1eed1a27c73e6d5f7f4e5db9a6bc520ff123a789c031fa45af1b9bc0215d3188c64d55f74082877b0856e67173564d50aab5a2944c1e5e461e6f2f567710b8d81d36dbf1050ab52f128a8f93593c2966b0b11171bd611ed15d3b04ae795df0b404ca815c9f9a230875a4416bf268a19731308826661bb91131484149d9598f2107af2279fce399ebf69782d45fac6ca6396e50f610c18a7877b476ea7cce04a04d30ad46a1538b64ac7889b4880b3ba0ba50ceffaa54fd21807a4cfe08e412e868879c6f95a684e511d881d7df0d5b0b89dd9e623fae67e2cfe494d84992e4b07841deac33537ffcda985e592299f1853d8e6e1da97e8f6e7cf54c992825dc7bdf3db8022e971ff81a8120b7a6a32e0c2073006a80e1b2ec33c42586b465b9028c048ac2fe88163ba2cfbb724e836f984911bae05ab237db9d00ab7ea4a253df5d2a1580fcd85fcc5b1d7ae88f15f574c9514ddc16c4b360a6dca80462e2ece50722961053c185231d9709e23f0faf9a141de1a4ac95ebba1d7a3fc8663eb957f5f3933a1a455a3f03bc7f2cd0e435c9a6f1754719f0a10f316480961468bc1d64e93ce1b92b93b30e69ebdd0cac2978cad55699383059c6003a0f28f6c98a96d233475849dec5fb40f4b39dae45a2bb7509afa01f61eb741c106c8ad1649549f7388b24ca68a1dbbf46eb68395df24de8342a85498f81ae015741c5a79c06081f5a56b4607061bde2355d5291e1666da58b300e7b99c055767fe9c016d8d34a0327716e2bd464f07903a1879ed44f4620330afc567a7d31a4663fe086bd0ca469fb13bd237fdf9c12ddd983c78ea6b6ddce944245d52001f360a5f3f715521451e379050a742432bef4865eb0c4f2ee08aeac56425e17244ea9673b4f708865e77a0532373410f410f3fba31eb39f541d9887ef58788b789e3312f63d89bc530082e28a51cf1fc389b0f7e9c23ddf6cde866aea42c80ce0ee0308653afd603e334c31f6236b48df7a41a5f1919860cbc76a69ad6402fff733824e8ce73d76ba5aa773ac83a95dd20b9ef4cc273e1adeb8582eabf654e11990362168363e0e4f7e857adbe8d4e43e168b0bd9c0d33cb068de5a01196d91e2283f235636a4d9def541fad5a5008ee22e0857c8cd61d45d27a189b10c93b734e50ddbeb1a8394b797fedf4e5fc67757d9f2bf628a88424a32d808cd2ba2de4c915f66f1b9940a85e485c0b2d965cd4a8314285c9715117287525df9f6cd5057f6d48b3ab479c78ee29361aaee6899b9e3fa1ba5beaf18d187925a6fe46f0fadf4bc7290456292fc7e231984c7b834e686191ba20c32fe75a44e5ef94f053fc69031c56accbf22d68f6496bebbc7fb1a87f7f54764da97844c24e0de9c1f255649aa1a0c304ae056bf6aa473f2ce31f3b3b2bf1f612cf72dbbdffe9dad34a88f369c250924e35b8fb7e539e7d78a17ef837c133e146fb6c924d52eb30c32aae47825b402935b6a0ef3a036a3dfef58e2e6dbdcd1abe9505ed8a4e20a3780749b028a93292d52bbcb85a2c65419ae7f767bc06605491cc18cebb28428cde16488bf1bc856fe808051a4999c793d8d60c071fea1f8e31001a00124844c5ca9bb43ba7ce44f356a6f249a08c089de5bbdc95ba86c1a1f03cff7b1fd9fc8255baa3e2023ea9262bb5372dc9b4f7ddfb40b127bde403a2efc1960cb12656f59e7ba38573c0d12c76e4740691d43697d7347eebb1680763fbf9d3b853bbad91cc2fc39c3ef2334c7fd407efe51572812ad03365a454d28cfcf9f0def4749fcfc7e36d026d6b8eca91d7ff7b0ae5a405cbcf832403e75f746f4402a0612df8cafe47b05f29be14e2b749dfa1556db422e451215361e17459b042731695d5daaa6cfe69c752558c41f2293baf64c5175b385528029f746ca6748316413b45ebca8fac80fbcad28ac43475c3002669e6cfda21f8b13caf5893a2b40f93ffe9aa5e6df7f890fa544d8adbcef06f1fbfa295cdb9be95c0235a1a109c786c623b9cd1d8580a2c73783869db3bb57e6913bef8e9cb37430ef86651aa505864ae5687b20be009c61e2dff9de29720de69bc54ed527224d5c8f88a437e8d0cea2b7174a26cdcb3ec3365144f0073e8fcef6d69941a68cd023df94d1e3e0cec81148c13b87124b07f2cce5929b52bc0d2108cc01a52164cce94278b52f979324460fa7a9558c738864059932b669dacf8e9cd18b54ab0ef2fde7e34628c2f8ea1f0635675143ab5bcf402a57908b5ae69c1dd14068d8c39a5f2444c9f106405f9af4d9feaa6c04992c5ef07badb2c7e9595dac3646b0ea5b8bcfdb4d1bfa10811531199aaf989697a0c7cd88e4a43a349966927a953fc25664ec86f0b20e1bb7abd40631b9c1669e63ef3b63046cd55d399c77c37b9d0bfc733d4cdc936f30a70a6ab9f9c0f315629ff94674f5ab06aa2fe75e95f8818e729b13ebc319efc983226ad821f8907aecba30cebe1e970d7ac76340e595e49726e72f507048bffee07d5ebefbf4ebd4ad040e72079d37539b6360c690ff8224c6d632f7048eb4b3872f967825f96f69cbf8f655401366e7fc418979151c9d7b3eaef47bd8f243a5600b4975fe4e40d4c2e2112cab436931f74b662e48045489f5a11c78ea272f894a2de60acdceafb8ea710810edd7610df10de53536aba29e44c79256477feddcce0c28ea5c1ab1b6dce76d0e06b1a9f435d7e07337efb1bddca5c81d689d0be5a381e711494a7bdc378bcda0961355c90203fd59b9b70c519085bab992ab35d0f911884920ce43acb8a99be99013ff9f430d98d7b7abe08e292d858270a036944698ba8d3575781a8e27dfec897008e6cb7f2c9434fd8479c6eeefe27fc7e61dd3ae81305e7b26976e6e7aa5fe23f407e571b93e4d98a860159c9a739cac92cdae70cbdbe74ef02e96b9b63cd52e00c2aa12e4e54d4d2bacb64b81aa8d28f4359ab358d3afe2e7dc3e74f0396bd020d36456e1e2b794db21089286f3009c122153300ca1b55a5f6c8cb286bf144ce33cba42e9f7bfff236ca22cf9bd30856a954400a58e8ac32f2b025a60d50cb14abd6b5aeda43ef719a4b4c4dab326c9ba94033c0d57d48b8b1d8d2cc02fadf3e7e271b153377a120e162b6bc08791ac53b553f6edebf415cba57def86265755632f2a56bdbe9fe1b8af287874e8f59a3470b4742733775042783ee0eb1e6724da6b3dad3b25127537ce8f6aaed0ae978bb0829f855e4e066422edb61a42e6dcad4357602644bbfb77230aabab47495d54ab12503ba30f30ae1af00ed31f6947b33ced85df61d478dd72b9aaa57956b4f783e504fb16ddedc80866f70a3fb924367f0cfdf44e69848a0eb36dc560822bdf1150c315edd79379883517148e8047efbd94b3f69da1478f2632bfb98b4dc8f06a5c40cb0fe12f58ef55988239d0a77d66d6dd79caab183e5dc9f6c639d75056bac8a4d0dbf28fcbdc96c5e186069ffba1df796a556c391580bea9a5ba46cd7d221067cc20f629daf887237cbe6f02ba54b3393c149796a4106d1045cd964532213b533109d941a8858695867b9aaf8e6a58a4e76f23391e1f2e070e53ab630a7dfd14ce747f9e416f4a4d1b44e404509dc48ff93f155a57f4a8987fbcfe2cad9654dfb94712ff982fcca6954b6b48fc97a8bb27e35eefced738858153bf9fdbf9d5a81314d74c835b9a99972ef95f9bb3031199200462578ee746d97a079f420a1d8e3e52c9901be86d2e03c3948623b48309f153768ff38f14cf8ab12b23059e2e508fedec916625dff8fc8ea94e8b9a7d4136185d1ccc1f2ae7330f52c4dd082a3fa119bd82e47cd2ca303219f823cb01aa878870dda0d47f1db8f21218c15ed1ec2b1fbfbb9592333558b9f72a0a3774fa5f7c1029867d1570e0bd43d997fe5568c7b6d7b6c1b66adde5427ee1029d8c18f76000e2f65d5a5158bd35454391a665fccbfabe46ab4bee26ac4793558c2f504c48967da46cdb1ad4bce147c9a494a26bed44d0ffc5e43eced702514bc7fd129e4938cb9ec0a8318f8ad59fc9a10bcfeeaf439167fdc823a3f8789a0b09a700dd358a0f0b12c6497a45b685102e52886fe726688535450199b056a4d2996a33d2ea4e30b3169418755d10e9213604cebd0094249af39de7dee3f8ee5ff3240db25456ca142fd075625343a0d270af685813f6151523063526fc339933ea062e7e1aae378197da983ab25de919748e17986f2bfa55d5eb939c4939f1c65602d889cc574ee1d851ecc09682f7845678300a409b7908ec1597aac164c1407edbcf3362df16149bbd3117cc92d59bcb425cf4f9efdccf8d233bd75f4d30e7130b00bb58f5003f0544e1986d79c4c565f3eb71426261662b9057d933bf9b9c8cddd0b6f383f8e16cd629fc651c3482771b2e2c779ad15125562ebd1a3a540a1245f32f11d851b08604c6775f5b8307f82e65854cd3db7e555fe18e5e5a1712d4ae4bc785317e6d3dddc4be87ecf44b3779138af5e9e6607fbd2953d0960d80d9e13cb20be0530bc3891f3b8e83d4d835ab47128990ea25aec977a46ba2e", 0x1000}], 0x3, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x4000050, r0, 0x10000000)
getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000200), &(0x7f0000000240)=0x10)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f00000013c0)) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
pidfd_getfd(r0, r1, 0x0) (async)
process_madvise(r2, &(0x7f0000001380)=[{&(0x7f0000000280)="f5ad3af5afe6da4b7660901f8b1a0b22224705720c17a3354831b16599eece9bd89b524d8ead25bc312a319c884effca83ea563a50648771625c4f3edfa1cd3b5fd7b843433ea39b77449d835ce1f42dfbf169cf72149e0e78397a3d202398ea9b2e", 0x62}, {&(0x7f0000000300)="d1bb97d74aff76e00a164dcca18373a0227756a3637348e44630b45c51df5b2ff145cdcb1191b959886e7ff82b5cdd6c9a47538362c9d4184a6a6470e4ee825409a9692d4e3ae2f328c5d5ecf8a33f30a9a1e70c29", 0x55}, {&(0x7f0000000380)="83aaa3987d232d0c4bc102543b865aecc6ef44449caeb6fc0bcab7ca3558b7511b12bd0774708f08d5b364fdc2715caecc9a17ad36b91a0cf8eb71edd7b25cc40b75a4d6c4dbe0e4f1b5ba776f6467df6bbaea960c09eba4e6666c6495c731f4c3a0a52eb6e0a2a9c6487626263d4e6fd776a9bf08e6d693180ec38e4e3bd05f0f5771f2a0312450bfefd17b2dd3d2a4fdb48b83e8c871d23f5881f6c41a3873c71c8c6f72973589eba073f76f23a58c710907a031d97e1379cf8c6deda7e9289b5bd23f61c9122aa3a70da58c90deb887adf251a807d2af31a68272d3727765f952df027427b01b694b8b1abcef32ec083c0b6d5656c74faecd66fcb70d8f0a95d555dad2a2128e3b04e47afc692c5ff8937827640680707eb3318318b075f86527fa0f274a3e5ee297f2784b6cfd17ce7ef43145a1f43d1e96c7a66dfe93cdb402521cd30fc56074ee6152b55154a255028e96da10042c1fed05bc69b027eac41f7ee84a95666b479ae31798f69b5de6bc96f55b1e556bd8f725edcb04a11d59008dee4490695e8d4efea2fa1a85be5cba36310a17f6557634b224f7440aa7385faa38bddd7758ac8bcee287e4a6537eea3ed375e4a34d2c20e9a4a9d4bc945a0ce1a2f27e672b383500b69e8930382766dfbd969b1976b2140a69f5cb708086c30dc909eb4b1053cd1ec60f57cf585a264ed16c439ac5b977c3c495f9105585f3d7391cadab980a46a5b1fc2dee9a20e3a1f75e4542340692a747ed454d738facf0ca07c03572b64c7e4315d109fe67e520256b05b6d8a5361a54412085488233efd81fc8f5fee688c316e14ff1bb9389ee4bbf13406f015bfb8bb87ba2d74df99b0bb9071d4fee21414143c49cedd908641a9600917135ff6518704f48b770a4c40a65eb262b1e3df4e85f28b36eb870aec4a75e9c6149ff3cd65457df91330090fb0cebfce80b30ac22885f23756123f5b741a9825ebf18ef64a9b8d86af42318f5b3178e6995a34710e2f743940b04ccea88c912803afcc44ef26fe93f8f99597feebaebd8668390373dc76f6d351146f5927bbe8a69d4c3e3e147ca9674e696c068a1cd85652d6e32e83b85815f8c9409129ac0246797b39358e5568af5f22202c07070e5dc143733d8ccfdd52182fd98d2da70671838be52b68c37035147e7944c1b201f243151d643730d8e858da0452fe717a3cc4d857a2371598790e864c1eed1a27c73e6d5f7f4e5db9a6bc520ff123a789c031fa45af1b9bc0215d3188c64d55f74082877b0856e67173564d50aab5a2944c1e5e461e6f2f567710b8d81d36dbf1050ab52f128a8f93593c2966b0b11171bd611ed15d3b04ae795df0b404ca815c9f9a230875a4416bf268a19731308826661bb91131484149d9598f2107af2279fce399ebf69782d45fac6ca6396e50f610c18a7877b476ea7cce04a04d30ad46a1538b64ac7889b4880b3ba0ba50ceffaa54fd21807a4cfe08e412e868879c6f95a684e511d881d7df0d5b0b89dd9e623fae67e2cfe494d84992e4b07841deac33537ffcda985e592299f1853d8e6e1da97e8f6e7cf54c992825dc7bdf3db8022e971ff81a8120b7a6a32e0c2073006a80e1b2ec33c42586b465b9028c048ac2fe88163ba2cfbb724e836f984911bae05ab237db9d00ab7ea4a253df5d2a1580fcd85fcc5b1d7ae88f15f574c9514ddc16c4b360a6dca80462e2ece50722961053c185231d9709e23f0faf9a141de1a4ac95ebba1d7a3fc8663eb957f5f3933a1a455a3f03bc7f2cd0e435c9a6f1754719f0a10f316480961468bc1d64e93ce1b92b93b30e69ebdd0cac2978cad55699383059c6003a0f28f6c98a96d233475849dec5fb40f4b39dae45a2bb7509afa01f61eb741c106c8ad1649549f7388b24ca68a1dbbf46eb68395df24de8342a85498f81ae015741c5a79c06081f5a56b4607061bde2355d5291e1666da58b300e7b99c055767fe9c016d8d34a0327716e2bd464f07903a1879ed44f4620330afc567a7d31a4663fe086bd0ca469fb13bd237fdf9c12ddd983c78ea6b6ddce944245d52001f360a5f3f715521451e379050a742432bef4865eb0c4f2ee08aeac56425e17244ea9673b4f708865e77a0532373410f410f3fba31eb39f541d9887ef58788b789e3312f63d89bc530082e28a51cf1fc389b0f7e9c23ddf6cde866aea42c80ce0ee0308653afd603e334c31f6236b48df7a41a5f1919860cbc76a69ad6402fff733824e8ce73d76ba5aa773ac83a95dd20b9ef4cc273e1adeb8582eabf654e11990362168363e0e4f7e857adbe8d4e43e168b0bd9c0d33cb068de5a01196d91e2283f235636a4d9def541fad5a5008ee22e0857c8cd61d45d27a189b10c93b734e50ddbeb1a8394b797fedf4e5fc67757d9f2bf628a88424a32d808cd2ba2de4c915f66f1b9940a85e485c0b2d965cd4a8314285c9715117287525df9f6cd5057f6d48b3ab479c78ee29361aaee6899b9e3fa1ba5beaf18d187925a6fe46f0fadf4bc7290456292fc7e231984c7b834e686191ba20c32fe75a44e5ef94f053fc69031c56accbf22d68f6496bebbc7fb1a87f7f54764da97844c24e0de9c1f255649aa1a0c304ae056bf6aa473f2ce31f3b3b2bf1f612cf72dbbdffe9dad34a88f369c250924e35b8fb7e539e7d78a17ef837c133e146fb6c924d52eb30c32aae47825b402935b6a0ef3a036a3dfef58e2e6dbdcd1abe9505ed8a4e20a3780749b028a93292d52bbcb85a2c65419ae7f767bc06605491cc18cebb28428cde16488bf1bc856fe808051a4999c793d8d60c071fea1f8e31001a00124844c5ca9bb43ba7ce44f356a6f249a08c089de5bbdc95ba86c1a1f03cff7b1fd9fc8255baa3e2023ea9262bb5372dc9b4f7ddfb40b127bde403a2efc1960cb12656f59e7ba38573c0d12c76e4740691d43697d7347eebb1680763fbf9d3b853bbad91cc2fc39c3ef2334c7fd407efe51572812ad03365a454d28cfcf9f0def4749fcfc7e36d026d6b8eca91d7ff7b0ae5a405cbcf832403e75f746f4402a0612df8cafe47b05f29be14e2b749dfa1556db422e451215361e17459b042731695d5daaa6cfe69c752558c41f2293baf64c5175b385528029f746ca6748316413b45ebca8fac80fbcad28ac43475c3002669e6cfda21f8b13caf5893a2b40f93ffe9aa5e6df7f890fa544d8adbcef06f1fbfa295cdb9be95c0235a1a109c786c623b9cd1d8580a2c73783869db3bb57e6913bef8e9cb37430ef86651aa505864ae5687b20be009c61e2dff9de29720de69bc54ed527224d5c8f88a437e8d0cea2b7174a26cdcb3ec3365144f0073e8fcef6d69941a68cd023df94d1e3e0cec81148c13b87124b07f2cce5929b52bc0d2108cc01a52164cce94278b52f979324460fa7a9558c738864059932b669dacf8e9cd18b54ab0ef2fde7e34628c2f8ea1f0635675143ab5bcf402a57908b5ae69c1dd14068d8c39a5f2444c9f106405f9af4d9feaa6c04992c5ef07badb2c7e9595dac3646b0ea5b8bcfdb4d1bfa10811531199aaf989697a0c7cd88e4a43a349966927a953fc25664ec86f0b20e1bb7abd40631b9c1669e63ef3b63046cd55d399c77c37b9d0bfc733d4cdc936f30a70a6ab9f9c0f315629ff94674f5ab06aa2fe75e95f8818e729b13ebc319efc983226ad821f8907aecba30cebe1e970d7ac76340e595e49726e72f507048bffee07d5ebefbf4ebd4ad040e72079d37539b6360c690ff8224c6d632f7048eb4b3872f967825f96f69cbf8f655401366e7fc418979151c9d7b3eaef47bd8f243a5600b4975fe4e40d4c2e2112cab436931f74b662e48045489f5a11c78ea272f894a2de60acdceafb8ea710810edd7610df10de53536aba29e44c79256477feddcce0c28ea5c1ab1b6dce76d0e06b1a9f435d7e07337efb1bddca5c81d689d0be5a381e711494a7bdc378bcda0961355c90203fd59b9b70c519085bab992ab35d0f911884920ce43acb8a99be99013ff9f430d98d7b7abe08e292d858270a036944698ba8d3575781a8e27dfec897008e6cb7f2c9434fd8479c6eeefe27fc7e61dd3ae81305e7b26976e6e7aa5fe23f407e571b93e4d98a860159c9a739cac92cdae70cbdbe74ef02e96b9b63cd52e00c2aa12e4e54d4d2bacb64b81aa8d28f4359ab358d3afe2e7dc3e74f0396bd020d36456e1e2b794db21089286f3009c122153300ca1b55a5f6c8cb286bf144ce33cba42e9f7bfff236ca22cf9bd30856a954400a58e8ac32f2b025a60d50cb14abd6b5aeda43ef719a4b4c4dab326c9ba94033c0d57d48b8b1d8d2cc02fadf3e7e271b153377a120e162b6bc08791ac53b553f6edebf415cba57def86265755632f2a56bdbe9fe1b8af287874e8f59a3470b4742733775042783ee0eb1e6724da6b3dad3b25127537ce8f6aaed0ae978bb0829f855e4e066422edb61a42e6dcad4357602644bbfb77230aabab47495d54ab12503ba30f30ae1af00ed31f6947b33ced85df61d478dd72b9aaa57956b4f783e504fb16ddedc80866f70a3fb924367f0cfdf44e69848a0eb36dc560822bdf1150c315edd79379883517148e8047efbd94b3f69da1478f2632bfb98b4dc8f06a5c40cb0fe12f58ef55988239d0a77d66d6dd79caab183e5dc9f6c639d75056bac8a4d0dbf28fcbdc96c5e186069ffba1df796a556c391580bea9a5ba46cd7d221067cc20f629daf887237cbe6f02ba54b3393c149796a4106d1045cd964532213b533109d941a8858695867b9aaf8e6a58a4e76f23391e1f2e070e53ab630a7dfd14ce747f9e416f4a4d1b44e404509dc48ff93f155a57f4a8987fbcfe2cad9654dfb94712ff982fcca6954b6b48fc97a8bb27e35eefced738858153bf9fdbf9d5a81314d74c835b9a99972ef95f9bb3031199200462578ee746d97a079f420a1d8e3e52c9901be86d2e03c3948623b48309f153768ff38f14cf8ab12b23059e2e508fedec916625dff8fc8ea94e8b9a7d4136185d1ccc1f2ae7330f52c4dd082a3fa119bd82e47cd2ca303219f823cb01aa878870dda0d47f1db8f21218c15ed1ec2b1fbfbb9592333558b9f72a0a3774fa5f7c1029867d1570e0bd43d997fe5568c7b6d7b6c1b66adde5427ee1029d8c18f76000e2f65d5a5158bd35454391a665fccbfabe46ab4bee26ac4793558c2f504c48967da46cdb1ad4bce147c9a494a26bed44d0ffc5e43eced702514bc7fd129e4938cb9ec0a8318f8ad59fc9a10bcfeeaf439167fdc823a3f8789a0b09a700dd358a0f0b12c6497a45b685102e52886fe726688535450199b056a4d2996a33d2ea4e30b3169418755d10e9213604cebd0094249af39de7dee3f8ee5ff3240db25456ca142fd075625343a0d270af685813f6151523063526fc339933ea062e7e1aae378197da983ab25de919748e17986f2bfa55d5eb939c4939f1c65602d889cc574ee1d851ecc09682f7845678300a409b7908ec1597aac164c1407edbcf3362df16149bbd3117cc92d59bcb425cf4f9efdccf8d233bd75f4d30e7130b00bb58f5003f0544e1986d79c4c565f3eb71426261662b9057d933bf9b9c8cddd0b6f383f8e16cd629fc651c3482771b2e2c779ad15125562ebd1a3a540a1245f32f11d851b08604c6775f5b8307f82e65854cd3db7e555fe18e5e5a1712d4ae4bc785317e6d3dddc4be87ecf44b3779138af5e9e6607fbd2953d0960d80d9e13cb20be0530bc3891f3b8e83d4d835ab47128990ea25aec977a46ba2e", 0x1000}], 0x3, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x4000050, r0, 0x10000000) (async)
getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000200), &(0x7f0000000240)=0x10) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:20 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000000000, 0x13, r0, 0x10000000)

[ 2651.043135][T23673] FAULT_INJECTION: forcing a failure.
[ 2651.043135][T23673] name failslab, interval 1, probability 0, space 0, times 0
[ 2651.071891][T23673] CPU: 1 PID: 23673 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2651.083355][T23673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2651.093243][T23673] Call Trace:
[ 2651.096368][T23673]  <TASK>
[ 2651.099146][T23673]  dump_stack_lvl+0x151/0x1b7
[ 2651.103657][T23673]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2651.108953][T23673]  dump_stack+0x15/0x17
[ 2651.112944][T23673]  should_fail+0x3c0/0x510
[ 2651.117197][T23673]  __should_failslab+0x9f/0xe0
[ 2651.121797][T23673]  should_failslab+0x9/0x20
[ 2651.126140][T23673]  kmem_cache_alloc+0x4f/0x2f0
[ 2651.130738][T23673]  ? vm_area_dup+0x26/0x1d0
[ 2651.135076][T23673]  ? __kasan_check_read+0x11/0x20
[ 2651.139937][T23673]  vm_area_dup+0x26/0x1d0
[ 2651.144110][T23673]  dup_mmap+0x6b8/0xea0
[ 2651.148096][T23673]  ? __delayed_free_task+0x20/0x20
[ 2651.153041][T23673]  ? mm_init+0x807/0x960
[ 2651.157120][T23673]  dup_mm+0x91/0x330
[ 2651.160852][T23673]  copy_mm+0x108/0x1b0
[ 2651.164759][T23673]  copy_process+0x1295/0x3250
[ 2651.169279][T23673]  ? proc_fail_nth_write+0x213/0x290
[ 2651.174394][T23673]  ? proc_fail_nth_read+0x220/0x220
[ 2651.179427][T23673]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2651.184376][T23673]  ? vfs_write+0x9af/0x1050
[ 2651.188717][T23673]  kernel_clone+0x22d/0x990
[ 2651.193052][T23673]  ? file_end_write+0x1b0/0x1b0
[ 2651.197739][T23673]  ? __kasan_check_write+0x14/0x20
[ 2651.202686][T23673]  ? create_io_thread+0x1e0/0x1e0
[ 2651.207547][T23673]  ? __mutex_lock_slowpath+0x10/0x10
[ 2651.212676][T23673]  __x64_sys_clone+0x289/0x310
[ 2651.217268][T23673]  ? __do_sys_vfork+0x130/0x130
[ 2651.221960][T23673]  ? debug_smp_processor_id+0x17/0x20
[ 2651.227162][T23673]  do_syscall_64+0x44/0xd0
[ 2651.231415][T23673]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2651.237143][T23673] RIP: 0033:0x7f5b7e88a639
[ 2651.241395][T23673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2651.260836][T23673] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2651.269089][T23673] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2651.276890][T23673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2651.284705][T23673] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:20 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)

09:48:20 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x80010, r0, 0x10000000) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x4200, 0x0)

09:48:20 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8000000000000, 0x13, r0, 0x10000000)

09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, &(0x7f0000000100)=0x1)

09:48:20 executing program 1:
socket$packet(0x11, 0x2, 0x300)
syz_io_uring_setup(0x1a63, &(0x7f00000001c0), &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r0=>0x0, &(0x7f0000001440))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x3d65, &(0x7f0000000000)={0x0, 0xe30, 0x8, 0x3, 0x185, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000240))
syz_io_uring_complete(r0)
syz_io_uring_complete(r0)
syz_io_uring_setup(0x61a1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x40000}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:20 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8000000000000, 0x13, r0, 0x10000000)

09:48:20 executing program 1:
socket$packet(0x11, 0x2, 0x300)
syz_io_uring_setup(0x1a63, &(0x7f00000001c0), &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r0=>0x0, &(0x7f0000001440))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x3d65, &(0x7f0000000000)={0x0, 0xe30, 0x8, 0x3, 0x185, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000240)) (async)
syz_io_uring_complete(r0) (async)
syz_io_uring_complete(r0)
syz_io_uring_setup(0x61a1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x40000}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

[ 2651.292516][T23673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2651.300334][T23673] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2651.308145][T23673]  </TASK>
09:48:20 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x80010, r0, 0x10000000)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x4200, 0x0)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x80010, r0, 0x10000000) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x4200, 0x0) (async)

09:48:20 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0x4, 0x0, 0x5, 0x102})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:20 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10000000000000, 0x13, r0, 0x10000000)

09:48:20 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x60000000000000, 0x13, r0, 0x10000000)

[ 2651.340823][T23710] FAULT_INJECTION: forcing a failure.
[ 2651.340823][T23710] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2651.360334][T23710] CPU: 0 PID: 23710 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2651.371803][T23710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2651.381699][T23710] Call Trace:
[ 2651.384835][T23710]  <TASK>
09:48:20 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80000000000000, 0x13, r0, 0x10000000)

[ 2651.387593][T23710]  dump_stack_lvl+0x151/0x1b7
[ 2651.392108][T23710]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2651.397402][T23710]  ? pcpu_block_update_hint_alloc+0x972/0xd00
[ 2651.403302][T23710]  dump_stack+0x15/0x17
[ 2651.407303][T23710]  should_fail+0x3c0/0x510
[ 2651.411561][T23710]  should_fail_alloc_page+0x58/0x70
[ 2651.416580][T23710]  __alloc_pages+0x1de/0x7c0
[ 2651.421008][T23710]  ? __count_vm_events+0x30/0x30
[ 2651.425780][T23710]  __get_free_pages+0xe/0x30
[ 2651.430205][T23710]  pgd_alloc+0x22/0x2c0
[ 2651.434196][T23710]  mm_init+0x5bf/0x960
[ 2651.438100][T23710]  dup_mm+0x7d/0x330
[ 2651.441834][T23710]  copy_mm+0x108/0x1b0
[ 2651.445776][T23710]  copy_process+0x1295/0x3250
[ 2651.450251][T23710]  ? proc_fail_nth_write+0x213/0x290
[ 2651.455372][T23710]  ? proc_fail_nth_read+0x220/0x220
[ 2651.460408][T23710]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2651.465351][T23710]  ? vfs_write+0x9af/0x1050
[ 2651.469696][T23710]  kernel_clone+0x22d/0x990
[ 2651.474031][T23710]  ? file_end_write+0x1b0/0x1b0
[ 2651.478718][T23710]  ? __kasan_check_write+0x14/0x20
[ 2651.483666][T23710]  ? create_io_thread+0x1e0/0x1e0
[ 2651.488528][T23710]  ? __mutex_lock_slowpath+0x10/0x10
[ 2651.493654][T23710]  __x64_sys_clone+0x289/0x310
[ 2651.498249][T23710]  ? __do_sys_vfork+0x130/0x130
[ 2651.502946][T23710]  ? debug_smp_processor_id+0x17/0x20
[ 2651.508141][T23710]  do_syscall_64+0x44/0xd0
[ 2651.512502][T23710]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2651.518236][T23710] RIP: 0033:0x7f5b7e88a639
[ 2651.522484][T23710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2651.541927][T23710] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2651.550170][T23710] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2651.557985][T23710] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2651.565798][T23710] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2651.573606][T23710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2651.581417][T23710] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2651.589226][T23710]  </TASK>
09:48:21 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)

09:48:21 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80ffff00000000, 0x13, r0, 0x10000000)

09:48:21 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10000000000000, 0x13, r0, 0x10000000)

09:48:21 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0x4, 0x0, 0x5, 0x102})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4}) (async)
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0x4, 0x0, 0x5, 0x102}) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:21 executing program 1:
socket$packet(0x11, 0x2, 0x300)
syz_io_uring_setup(0x1a63, &(0x7f00000001c0), &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r0=>0x0, &(0x7f0000001440)) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_io_uring_setup(0x3d65, &(0x7f0000000000)={0x0, 0xe30, 0x8, 0x3, 0x185, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000240))
syz_io_uring_complete(r0) (async)
syz_io_uring_complete(r0)
syz_io_uring_setup(0x61a1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x40000}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:21 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xfffffffd, 0x80, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
syz_io_uring_setup(0x7d90, &(0x7f0000000140)={0x0, 0xabed, 0x400, 0x0, 0xa2, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:21 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x60000000000000, 0x13, r0, 0x10000000)

09:48:21 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xfffffffd, 0x80, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
syz_io_uring_setup(0x7d90, &(0x7f0000000140)={0x0, 0xabed, 0x400, 0x0, 0xa2, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xfffffffd, 0x80, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) (async)
syz_io_uring_setup(0x7d90, &(0x7f0000000140)={0x0, 0xabed, 0x400, 0x0, 0xa2, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:21 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc0ffff00000000, 0x13, r0, 0x10000000)

09:48:21 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0x4, 0x0, 0x5, 0x102})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4}) (async)
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0x4, 0x0, 0x5, 0x102}) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:21 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xda}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
geteuid()
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000001c0)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @struct}})

[ 2651.621776][T23773] FAULT_INJECTION: forcing a failure.
[ 2651.621776][T23773] name failslab, interval 1, probability 0, space 0, times 0
09:48:21 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x0, 0x0)
accept4$bt_l2cap(r1, &(0x7f00000001c0)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x101000)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000000c0))

[ 2651.661648][T23773] CPU: 1 PID: 23773 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2651.673111][T23773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2651.683004][T23773] Call Trace:
[ 2651.686131][T23773]  <TASK>
[ 2651.688909][T23773]  dump_stack_lvl+0x151/0x1b7
[ 2651.693417][T23773]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2651.698720][T23773]  dump_stack+0x15/0x17
[ 2651.702703][T23773]  should_fail+0x3c0/0x510
[ 2651.706960][T23773]  __should_failslab+0x9f/0xe0
[ 2651.711556][T23773]  should_failslab+0x9/0x20
[ 2651.715895][T23773]  kmem_cache_alloc+0x4f/0x2f0
[ 2651.720494][T23773]  ? vm_area_dup+0x26/0x1d0
[ 2651.724836][T23773]  vm_area_dup+0x26/0x1d0
[ 2651.729000][T23773]  dup_mmap+0x6b8/0xea0
[ 2651.733000][T23773]  ? __delayed_free_task+0x20/0x20
[ 2651.737940][T23773]  ? mm_init+0x807/0x960
[ 2651.742019][T23773]  dup_mm+0x91/0x330
[ 2651.745755][T23773]  copy_mm+0x108/0x1b0
[ 2651.749657][T23773]  copy_process+0x1295/0x3250
[ 2651.754173][T23773]  ? proc_fail_nth_write+0x213/0x290
[ 2651.759290][T23773]  ? proc_fail_nth_read+0x220/0x220
[ 2651.764327][T23773]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2651.769270][T23773]  ? vfs_write+0x9af/0x1050
[ 2651.773613][T23773]  kernel_clone+0x22d/0x990
[ 2651.777949][T23773]  ? file_end_write+0x1b0/0x1b0
[ 2651.782645][T23773]  ? __kasan_check_write+0x14/0x20
[ 2651.787586][T23773]  ? create_io_thread+0x1e0/0x1e0
[ 2651.792447][T23773]  ? __mutex_lock_slowpath+0x10/0x10
[ 2651.797580][T23773]  __x64_sys_clone+0x289/0x310
[ 2651.802172][T23773]  ? __do_sys_vfork+0x130/0x130
[ 2651.806854][T23773]  ? debug_smp_processor_id+0x17/0x20
[ 2651.812067][T23773]  do_syscall_64+0x44/0xd0
[ 2651.816313][T23773]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2651.822043][T23773] RIP: 0033:0x7f5b7e88a639
[ 2651.826294][T23773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2651.845736][T23773] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2651.853978][T23773] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2651.861790][T23773] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:21 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)

09:48:21 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xfffffffd, 0x80, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
syz_io_uring_setup(0x7d90, &(0x7f0000000140)={0x0, 0xabed, 0x400, 0x0, 0xa2, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:21 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xda}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
geteuid() (async)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000001c0)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @struct}})

09:48:21 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x0, 0x0)
accept4$bt_l2cap(r1, &(0x7f00000001c0)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x101000)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000000c0))

09:48:21 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80000000000000, 0x13, r0, 0x10000000)

09:48:21 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf0ff1f00000000, 0x13, r0, 0x10000000)

09:48:21 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x0, 0x0)
accept4$bt_l2cap(r1, &(0x7f00000001c0)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x101000)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000000c0))

09:48:21 executing program 5:
r0 = syz_io_uring_setup(0x1ade, &(0x7f0000000000)={0x0, 0x8, 0x10, 0x3}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x3481, &(0x7f0000000140)={0x0, 0x705b, 0x0, 0x0, 0xe3, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x4, 0x2, 0x100000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

09:48:21 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xda}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
geteuid()
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000001c0)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @struct}})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xda}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
geteuid() (async)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000001c0)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @struct}}) (async)

[ 2651.869604][T23773] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2651.877412][T23773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2651.885223][T23773] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2651.893124][T23773]  </TASK>
09:48:21 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r0=>0x0, &(0x7f00000000c0))
syz_io_uring_complete(r0)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}]}, 0x58}, 0x1, 0x0, 0x0, 0x804}, 0x400c014)

09:48:21 executing program 5:
r0 = syz_io_uring_setup(0x1ade, &(0x7f0000000000)={0x0, 0x8, 0x10, 0x3}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_io_uring_setup(0x3481, &(0x7f0000000140)={0x0, 0x705b, 0x0, 0x0, 0xe3, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x4, 0x2, 0x100000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

09:48:21 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80ffff00000000, 0x13, r0, 0x10000000)

[ 2651.933541][T23819] FAULT_INJECTION: forcing a failure.
[ 2651.933541][T23819] name failslab, interval 1, probability 0, space 0, times 0
[ 2651.966459][T23819] CPU: 0 PID: 23819 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2651.977937][T23819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2651.987846][T23819] Call Trace:
[ 2651.990950][T23819]  <TASK>
[ 2651.993725][T23819]  dump_stack_lvl+0x151/0x1b7
[ 2651.998241][T23819]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2652.003537][T23819]  dump_stack+0x15/0x17
[ 2652.007523][T23819]  should_fail+0x3c0/0x510
[ 2652.011774][T23819]  __should_failslab+0x9f/0xe0
[ 2652.016374][T23819]  should_failslab+0x9/0x20
[ 2652.020714][T23819]  kmem_cache_alloc+0x4f/0x2f0
[ 2652.025316][T23819]  ? vm_area_dup+0x26/0x1d0
[ 2652.029656][T23819]  vm_area_dup+0x26/0x1d0
[ 2652.033819][T23819]  dup_mmap+0x6b8/0xea0
[ 2652.037814][T23819]  ? __delayed_free_task+0x20/0x20
[ 2652.042759][T23819]  ? mm_init+0x807/0x960
[ 2652.046845][T23819]  dup_mm+0x91/0x330
[ 2652.050574][T23819]  copy_mm+0x108/0x1b0
[ 2652.054500][T23819]  copy_process+0x1295/0x3250
[ 2652.058990][T23819]  ? proc_fail_nth_write+0x213/0x290
[ 2652.064111][T23819]  ? proc_fail_nth_read+0x220/0x220
[ 2652.069144][T23819]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2652.074114][T23819]  ? vfs_write+0x9af/0x1050
[ 2652.078439][T23819]  kernel_clone+0x22d/0x990
[ 2652.082773][T23819]  ? file_end_write+0x1b0/0x1b0
[ 2652.087460][T23819]  ? __kasan_check_write+0x14/0x20
[ 2652.092405][T23819]  ? create_io_thread+0x1e0/0x1e0
[ 2652.097266][T23819]  ? __mutex_lock_slowpath+0x10/0x10
[ 2652.102402][T23819]  __x64_sys_clone+0x289/0x310
[ 2652.106987][T23819]  ? __do_sys_vfork+0x130/0x130
[ 2652.111673][T23819]  ? debug_smp_processor_id+0x17/0x20
[ 2652.116883][T23819]  do_syscall_64+0x44/0xd0
[ 2652.121132][T23819]  ? irqentry_exit+0x12/0x40
[ 2652.125561][T23819]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2652.131293][T23819] RIP: 0033:0x7f5b7e88a639
[ 2652.135540][T23819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2652.154981][T23819] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2652.163224][T23819] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2652.171037][T23819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:21 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)

09:48:21 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc0ffff00000000, 0x13, r0, 0x10000000)

09:48:21 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r0=>0x0, &(0x7f00000000c0))
syz_io_uring_complete(r0)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}]}, 0x58}, 0x1, 0x0, 0x0, 0x804}, 0x400c014)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_io_uring_complete(r0) (async)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}]}, 0x58}, 0x1, 0x0, 0x0, 0x804}, 0x400c014) (async)

09:48:21 executing program 5:
r0 = syz_io_uring_setup(0x1ade, &(0x7f0000000000)={0x0, 0x8, 0x10, 0x3}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x3481, &(0x7f0000000140)={0x0, 0x705b, 0x0, 0x0, 0xe3, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) (async)
ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x4, 0x2, 0x100000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

09:48:21 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000000000000, 0x13, r0, 0x10000000)

09:48:21 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf250f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000004000006001100060000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0001800000060011004c0400000e0001006e65746465767369690000000f0002006e657464650b00ff7f0000060011001f000000080001007063690011000200303030303a30303a31302e300000000008000b00ff0f00000600110000000000080001007063690011000200303030303a30303a31302e300000000008000b000200000006001100540c00000e0001006e657464657673696d0000000f0002006e65746465768bfa570873696d30000008000b0005000000060011001b0a00000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000001000006001100090000004ece5c3d12dd67eef0cdcba89bf22503a0fbdc9ed3246ed5690f066a8769e97d28578e62661b9809678d7a29b0a53ee551129277d8828aad55988b0fd56400a8b90c589b489f7e79bccf21f5c57007a5c88e119503218bdde4744517a14e9b55fe7bb4d6f8dba5ee4348824afd66c3c46aacc45423265fe8151a5344eeb6c0ce0a8a60748606ac7d4a048cbf91cffb7867ae614e7a42000000000000000000"], 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x804)
sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x0, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000005)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:21 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8100)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r2, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, r2, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x81}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7fffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x61}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x42}}]}, 0x160}, 0x1, 0x0, 0x0, 0x80}, 0x94)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2652.178846][T23819] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2652.186659][T23819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2652.194474][T23819] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2652.202283][T23819]  </TASK>
09:48:21 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf0ff1f00000000, 0x13, r0, 0x10000000)

09:48:21 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf250f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000004000006001100060000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0001800000060011004c0400000e0001006e65746465767369690000000f0002006e657464650b00ff7f0000060011001f000000080001007063690011000200303030303a30303a31302e300000000008000b00ff0f00000600110000000000080001007063690011000200303030303a30303a31302e300000000008000b000200000006001100540c00000e0001006e657464657673696d0000000f0002006e65746465768bfa570873696d30000008000b0005000000060011001b0a00000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000001000006001100090000004ece5c3d12dd67eef0cdcba89bf22503a0fbdc9ed3246ed5690f066a8769e97d28578e62661b9809678d7a29b0a53ee551129277d8828aad55988b0fd56400a8b90c589b489f7e79bccf21f5c57007a5c88e119503218bdde4744517a14e9b55fe7bb4d6f8dba5ee4348824afd66c3c46aacc45423265fe8151a5344eeb6c0ce0a8a60748606ac7d4a048cbf91cffb7867ae614e7a42000000000000000000"], 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x804)
sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x0, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000005)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf250f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000004000006001100060000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0001800000060011004c0400000e0001006e65746465767369690000000f0002006e657464650b00ff7f0000060011001f000000080001007063690011000200303030303a30303a31302e300000000008000b00ff0f00000600110000000000080001007063690011000200303030303a30303a31302e300000000008000b000200000006001100540c00000e0001006e657464657673696d0000000f0002006e65746465768bfa570873696d30000008000b0005000000060011001b0a00000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000001000006001100090000004ece5c3d12dd67eef0cdcba89bf22503a0fbdc9ed3246ed5690f066a8769e97d28578e62661b9809678d7a29b0a53ee551129277d8828aad55988b0fd56400a8b90c589b489f7e79bccf21f5c57007a5c88e119503218bdde4744517a14e9b55fe7bb4d6f8dba5ee4348824afd66c3c46aacc45423265fe8151a5344eeb6c0ce0a8a60748606ac7d4a048cbf91cffb7867ae614e7a42000000000000000000"], 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x804) (async)
sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x0, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000005) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:21 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000000000000, 0x13, r0, 0x10000000)

[ 2652.246638][T23867] FAULT_INJECTION: forcing a failure.
[ 2652.246638][T23867] name failslab, interval 1, probability 0, space 0, times 0
[ 2652.268283][T23867] CPU: 1 PID: 23867 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2652.279739][T23867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2652.289637][T23867] Call Trace:
[ 2652.292760][T23867]  <TASK>
09:48:21 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000000000000, 0x13, r0, 0x10000000)

09:48:21 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x800000000000000, 0x13, r0, 0x10000000)

[ 2652.295538][T23867]  dump_stack_lvl+0x151/0x1b7
[ 2652.300049][T23867]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2652.305346][T23867]  dump_stack+0x15/0x17
[ 2652.309335][T23867]  should_fail+0x3c0/0x510
[ 2652.313590][T23867]  __should_failslab+0x9f/0xe0
[ 2652.318189][T23867]  should_failslab+0x9/0x20
[ 2652.322530][T23867]  kmem_cache_alloc+0x4f/0x2f0
[ 2652.327151][T23867]  ? anon_vma_fork+0x1b9/0x4f0
[ 2652.331729][T23867]  anon_vma_fork+0x1b9/0x4f0
[ 2652.336155][T23867]  dup_mmap+0x750/0xea0
[ 2652.340145][T23867]  ? __delayed_free_task+0x20/0x20
[ 2652.345089][T23867]  ? mm_init+0x807/0x960
[ 2652.349169][T23867]  dup_mm+0x91/0x330
[ 2652.352908][T23867]  copy_mm+0x108/0x1b0
[ 2652.356830][T23867]  copy_process+0x1295/0x3250
[ 2652.361320][T23867]  ? proc_fail_nth_write+0x213/0x290
[ 2652.366440][T23867]  ? proc_fail_nth_read+0x220/0x220
[ 2652.371473][T23867]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2652.376420][T23867]  ? vfs_write+0x9af/0x1050
[ 2652.380877][T23867]  kernel_clone+0x22d/0x990
[ 2652.385209][T23867]  ? file_end_write+0x1b0/0x1b0
[ 2652.389897][T23867]  ? __kasan_check_write+0x14/0x20
[ 2652.394847][T23867]  ? create_io_thread+0x1e0/0x1e0
[ 2652.399704][T23867]  ? __mutex_lock_slowpath+0x10/0x10
[ 2652.404841][T23867]  __x64_sys_clone+0x289/0x310
[ 2652.409426][T23867]  ? __do_sys_vfork+0x130/0x130
[ 2652.414112][T23867]  ? debug_smp_processor_id+0x17/0x20
[ 2652.419330][T23867]  do_syscall_64+0x44/0xd0
[ 2652.423590][T23867]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2652.429299][T23867] RIP: 0033:0x7f5b7e88a639
[ 2652.433561][T23867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2652.453009][T23867] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2652.461248][T23867] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2652.469053][T23867] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2652.476865][T23867] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2652.484674][T23867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:22 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)

09:48:22 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x400000000000000, 0x13, r0, 0x10000000)

09:48:22 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf00000000000000, 0x13, r0, 0x10000000)

09:48:22 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf250f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000004000006001100060000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0001800000060011004c0400000e0001006e65746465767369690000000f0002006e657464650b00ff7f0000060011001f000000080001007063690011000200303030303a30303a31302e300000000008000b00ff0f00000600110000000000080001007063690011000200303030303a30303a31302e300000000008000b000200000006001100540c00000e0001006e657464657673696d0000000f0002006e65746465768bfa570873696d30000008000b0005000000060011001b0a00000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000001000006001100090000004ece5c3d12dd67eef0cdcba89bf22503a0fbdc9ed3246ed5690f066a8769e97d28578e62661b9809678d7a29b0a53ee551129277d8828aad55988b0fd56400a8b90c589b489f7e79bccf21f5c57007a5c88e119503218bdde4744517a14e9b55fe7bb4d6f8dba5ee4348824afd66c3c46aacc45423265fe8151a5344eeb6c0ce0a8a60748606ac7d4a048cbf91cffb7867ae614e7a42000000000000000000"], 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x804)
sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x0, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000005)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf250f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000004000006001100060000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0001800000060011004c0400000e0001006e65746465767369690000000f0002006e657464650b00ff7f0000060011001f000000080001007063690011000200303030303a30303a31302e300000000008000b00ff0f00000600110000000000080001007063690011000200303030303a30303a31302e300000000008000b000200000006001100540c00000e0001006e657464657673696d0000000f0002006e65746465768bfa570873696d30000008000b0005000000060011001b0a00000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000001000006001100090000004ece5c3d12dd67eef0cdcba89bf22503a0fbdc9ed3246ed5690f066a8769e97d28578e62661b9809678d7a29b0a53ee551129277d8828aad55988b0fd56400a8b90c589b489f7e79bccf21f5c57007a5c88e119503218bdde4744517a14e9b55fe7bb4d6f8dba5ee4348824afd66c3c46aacc45423265fe8151a5344eeb6c0ce0a8a60748606ac7d4a048cbf91cffb7867ae614e7a42000000000000000000"], 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x804) (async)
sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x0, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000005) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r0=>0x0, &(0x7f00000000c0))
syz_io_uring_complete(r0)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}]}, 0x58}, 0x1, 0x0, 0x0, 0x804}, 0x400c014)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_io_uring_complete(r0) (async)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x10}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}]}, 0x58}, 0x1, 0x0, 0x0, 0x804}, 0x400c014) (async)

09:48:22 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8100) (async)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r2, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, r2, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x81}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7fffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x61}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x42}}]}, 0x160}, 0x1, 0x0, 0x0, 0x80}, 0x94)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x7fa8, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))

[ 2652.492486][T23867] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2652.500296][T23867]  </TASK>
[ 2652.526492][T23909] FAULT_INJECTION: forcing a failure.
[ 2652.526492][T23909] name fail_page_alloc, interval 1, probability 0, space 0, times 0
09:48:22 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8100)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r2, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, r2, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x81}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7fffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x61}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x42}}]}, 0x160}, 0x1, 0x0, 0x0, 0x80}, 0x94)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8100) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r2, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8004) (async)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x160, r2, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x81}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7fffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x61}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x42}}]}, 0x160}, 0x1, 0x0, 0x0, 0x80}, 0x94) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:22 executing program 5:
r0 = syz_io_uring_setup(0x1a62, &(0x7f0000000000)={0x0, 0x1, 0x800, 0x1, 0x2ad}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
fstat(r1, &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10010, 0xffffffffffffffff, 0x10000000)
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/189, 0xbd)

09:48:22 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000000000000, 0x13, r0, 0x10000000)

09:48:22 executing program 5:
r0 = syz_io_uring_setup(0x1a62, &(0x7f0000000000)={0x0, 0x1, 0x800, 0x1, 0x2ad}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
fstat(r1, &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10010, 0xffffffffffffffff, 0x10000000)
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/189, 0xbd)

[ 2652.539627][T23909] CPU: 1 PID: 23909 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2652.551075][T23909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2652.560970][T23909] Call Trace:
[ 2652.564094][T23909]  <TASK>
[ 2652.566873][T23909]  dump_stack_lvl+0x151/0x1b7
[ 2652.571384][T23909]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2652.576678][T23909]  ? __kasan_check_write+0x14/0x20
[ 2652.581627][T23909]  ? __set_page_owner+0x2ee/0x310
[ 2652.586490][T23909]  dump_stack+0x15/0x17
[ 2652.590477][T23909]  should_fail+0x3c0/0x510
09:48:22 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf000000000000000, 0x13, r0, 0x10000000)

[ 2652.594733][T23909]  should_fail_alloc_page+0x58/0x70
[ 2652.599773][T23909]  __alloc_pages+0x1de/0x7c0
[ 2652.604193][T23909]  ? __count_vm_events+0x30/0x30
[ 2652.608967][T23909]  ? __count_vm_events+0x30/0x30
[ 2652.613748][T23909]  ? __kasan_check_write+0x14/0x20
[ 2652.618687][T23909]  ? _raw_spin_lock+0xa3/0x1b0
[ 2652.623286][T23909]  __pmd_alloc+0xb1/0x550
[ 2652.627452][T23909]  ? __pud_alloc+0x260/0x260
[ 2652.631878][T23909]  ? __pud_alloc+0x218/0x260
[ 2652.636319][T23909]  ? do_handle_mm_fault+0x2370/0x2370
[ 2652.641508][T23909]  copy_page_range+0xd04/0x1090
[ 2652.646197][T23909]  ? pfn_valid+0x1e0/0x1e0
[ 2652.650446][T23909]  dup_mmap+0x99f/0xea0
[ 2652.654441][T23909]  ? __delayed_free_task+0x20/0x20
[ 2652.659387][T23909]  ? mm_init+0x807/0x960
[ 2652.663467][T23909]  dup_mm+0x91/0x330
[ 2652.667216][T23909]  copy_mm+0x108/0x1b0
[ 2652.671103][T23909]  copy_process+0x1295/0x3250
[ 2652.675618][T23909]  ? proc_fail_nth_write+0x213/0x290
[ 2652.680760][T23909]  ? proc_fail_nth_read+0x220/0x220
[ 2652.685771][T23909]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2652.690724][T23909]  ? vfs_write+0x9af/0x1050
[ 2652.695056][T23909]  kernel_clone+0x22d/0x990
[ 2652.699397][T23909]  ? file_end_write+0x1b0/0x1b0
[ 2652.704086][T23909]  ? __kasan_check_write+0x14/0x20
[ 2652.709033][T23909]  ? create_io_thread+0x1e0/0x1e0
[ 2652.713896][T23909]  ? __mutex_lock_slowpath+0x10/0x10
[ 2652.719021][T23909]  __x64_sys_clone+0x289/0x310
[ 2652.723621][T23909]  ? __do_sys_vfork+0x130/0x130
[ 2652.728299][T23909]  ? debug_smp_processor_id+0x17/0x20
[ 2652.733505][T23909]  do_syscall_64+0x44/0xd0
[ 2652.737758][T23909]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2652.743486][T23909] RIP: 0033:0x7f5b7e88a639
[ 2652.747746][T23909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2652.767182][T23909] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2652.775429][T23909] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2652.783237][T23909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2652.791072][T23909] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:22 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)

09:48:22 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf00000000000000, 0x13, r0, 0x10000000)

09:48:22 executing program 5:
r0 = syz_io_uring_setup(0x1a62, &(0x7f0000000000)={0x0, 0x1, 0x800, 0x1, 0x2ad}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
fstat(r1, &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10010, 0xffffffffffffffff, 0x10000000)
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/189, 0xbd)

09:48:22 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xff0fb86101000000, 0x13, r0, 0x10000000)

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x7fa8, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))

09:48:22 executing program 1:
ioctl$KVM_GET_CLOCK(0xffffffffffffffff, 0x8030ae7c, &(0x7f0000000080))
syz_io_uring_setup(0x1a65, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:22 executing program 5:
openat$vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2002, 0x0)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
sendmsg$nl_route(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00002b840a3dfa26d30010e39bad94431b5cf01a80ab420677c8032dbd7000ff32a5ec65dbdf25020010dbfd02ffab"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000804)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000880)={<r3=>0xffffffffffffffff, 0x3b, 0x23, 0x1000})
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x20004001)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000ac0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="200026bd70a410dbdf2501000000040004000500050005000000050006b33f25c9de200e6e005800000004000400"], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x20000804)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x2c, r4, 0xc20, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xffffff4c}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x101}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x60010)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
open_tree(r1, &(0x7f00000003c0)='./file0\x00', 0x800)
process_madvise(r1, &(0x7f0000000380)=[{&(0x7f0000000100)="115575103b54", 0x6}, {&(0x7f0000000140)="d94f8a126a6cddf9782d92f29d7b8a5a1a2bb72c64734d4e634b6946a673bc1623143b88991b7c98da7b2408ed5512b44482f9388cf3e01d170322c864f23ae327519c2689b788969350b86e366be3d6a69431aa2ad518010f6a5decf20c543854903d6ac6371d136c8af4ce1b8186482e5f5c5d1e63c4ee6c3c41b2d9f89ee252f60ba2c82a9eb39e01405bc401669eb78b30e55a4d64b1626196a610bef22db663ba6849d82bd2040be77a41eb8e2e3691653fa41d749098b1fd28c227b33b75b354c51670f50acde49d723c2a9b6710", 0xd1}, {&(0x7f0000000240)="90812a45d24c113c39a7c41a204dd1225fb7dbfc06f73df5a0f195b905c9145f71c9a7f14bf28bc9035dd9578e188197149d934ae8ba896fb02ad262373bdacd54520a6c4df718714ec096d2542541ccdd04843d2e1062965b20ef1952", 0x5d}, {&(0x7f00000002c0)="3209c1d4e8c9d6e6c09322dbababad9daa6febdc1404ba0fe221094b2382d8ae7ff6a252195069fb3ef927e84cd0b7ccf9bcbe0e9df3e4116f6ee629bf9d3aea6e664ba50fab87843c678570a7de3f8a239170b23492d4b430fc5fc4e35d187a1c56d2b15cc8e1254b86841a3f9dc945db5151eeca26d88c256a647be5dbac8a059f7e1e67aa2a", 0x87}], 0x4, 0x15, 0x0)

[ 2652.798857][T23909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2652.806668][T23909] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2652.814491][T23909]  </TASK>
09:48:22 executing program 1:
ioctl$KVM_GET_CLOCK(0xffffffffffffffff, 0x8030ae7c, &(0x7f0000000080)) (async)
syz_io_uring_setup(0x1a65, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:22 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000000000000, 0x13, r0, 0x10000000)

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x7fa8, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x11a64, &(0x7f0000000180), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0x58, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x3b}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xe}}]}, 0x58}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x68, r1, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'tunl0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x21, 0x7, 'system_u:object_r:fonts_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x33}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x68}, 0x1, 0x0, 0x0, 0x24004811}, 0x48040)
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f)

09:48:22 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x8000000)

[ 2652.848367][T23960] FAULT_INJECTION: forcing a failure.
[ 2652.848367][T23960] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2652.888743][T23960] CPU: 0 PID: 23960 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2652.900203][T23960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2652.910100][T23960] Call Trace:
[ 2652.913224][T23960]  <TASK>
[ 2652.915995][T23960]  dump_stack_lvl+0x151/0x1b7
[ 2652.920508][T23960]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2652.925801][T23960]  ? __kasan_check_write+0x14/0x20
[ 2652.930751][T23960]  ? __set_page_owner+0x2ee/0x310
[ 2652.935609][T23960]  dump_stack+0x15/0x17
[ 2652.939600][T23960]  should_fail+0x3c0/0x510
[ 2652.943857][T23960]  should_fail_alloc_page+0x58/0x70
[ 2652.948888][T23960]  __alloc_pages+0x1de/0x7c0
[ 2652.953316][T23960]  ? __count_vm_events+0x30/0x30
[ 2652.958094][T23960]  ? __count_vm_events+0x30/0x30
[ 2652.962874][T23960]  ? __kasan_check_write+0x14/0x20
[ 2652.967816][T23960]  ? _raw_spin_lock+0xa3/0x1b0
[ 2652.972411][T23960]  __pmd_alloc+0xb1/0x550
[ 2652.976582][T23960]  ? kmem_cache_alloc+0x189/0x2f0
[ 2652.981435][T23960]  ? anon_vma_fork+0x1b9/0x4f0
[ 2652.986037][T23960]  ? __pud_alloc+0x260/0x260
[ 2652.990463][T23960]  ? __pud_alloc+0x218/0x260
[ 2652.994887][T23960]  ? do_handle_mm_fault+0x2370/0x2370
[ 2653.000102][T23960]  copy_page_range+0xd04/0x1090
[ 2653.004786][T23960]  ? pfn_valid+0x1e0/0x1e0
[ 2653.009039][T23960]  dup_mmap+0x99f/0xea0
[ 2653.013028][T23960]  ? __delayed_free_task+0x20/0x20
[ 2653.017976][T23960]  ? mm_init+0x807/0x960
[ 2653.022053][T23960]  dup_mm+0x91/0x330
[ 2653.025785][T23960]  copy_mm+0x108/0x1b0
[ 2653.029695][T23960]  copy_process+0x1295/0x3250
[ 2653.034206][T23960]  ? proc_fail_nth_write+0x213/0x290
[ 2653.039324][T23960]  ? proc_fail_nth_read+0x220/0x220
[ 2653.044362][T23960]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2653.049308][T23960]  ? vfs_write+0x9af/0x1050
[ 2653.053648][T23960]  kernel_clone+0x22d/0x990
[ 2653.057983][T23960]  ? file_end_write+0x1b0/0x1b0
[ 2653.062674][T23960]  ? __kasan_check_write+0x14/0x20
[ 2653.067629][T23960]  ? create_io_thread+0x1e0/0x1e0
[ 2653.072481][T23960]  ? __mutex_lock_slowpath+0x10/0x10
[ 2653.077598][T23960]  __x64_sys_clone+0x289/0x310
[ 2653.082201][T23960]  ? __do_sys_vfork+0x130/0x130
[ 2653.086886][T23960]  ? debug_smp_processor_id+0x17/0x20
[ 2653.092094][T23960]  do_syscall_64+0x44/0xd0
[ 2653.096360][T23960]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2653.102072][T23960] RIP: 0033:0x7f5b7e88a639
[ 2653.106326][T23960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2653.125766][T23960] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:22 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)

09:48:22 executing program 5:
openat$vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2002, 0x0) (async)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
sendmsg$nl_route(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00002b840a3dfa26d30010e39bad94431b5cf01a80ab420677c8032dbd7000ff32a5ec65dbdf25020010dbfd02ffab"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000804)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000880)={<r3=>0xffffffffffffffff, 0x3b, 0x23, 0x1000})
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x20004001) (async)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000ac0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="200026bd70a410dbdf2501000000040004000500050005000000050006b33f25c9de200e6e005800000004000400"], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x20000804) (async)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x2c, r4, 0xc20, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xffffff4c}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x101}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x60010) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
open_tree(r1, &(0x7f00000003c0)='./file0\x00', 0x800)
process_madvise(r1, &(0x7f0000000380)=[{&(0x7f0000000100)="115575103b54", 0x6}, {&(0x7f0000000140)="d94f8a126a6cddf9782d92f29d7b8a5a1a2bb72c64734d4e634b6946a673bc1623143b88991b7c98da7b2408ed5512b44482f9388cf3e01d170322c864f23ae327519c2689b788969350b86e366be3d6a69431aa2ad518010f6a5decf20c543854903d6ac6371d136c8af4ce1b8186482e5f5c5d1e63c4ee6c3c41b2d9f89ee252f60ba2c82a9eb39e01405bc401669eb78b30e55a4d64b1626196a610bef22db663ba6849d82bd2040be77a41eb8e2e3691653fa41d749098b1fd28c227b33b75b354c51670f50acde49d723c2a9b6710", 0xd1}, {&(0x7f0000000240)="90812a45d24c113c39a7c41a204dd1225fb7dbfc06f73df5a0f195b905c9145f71c9a7f14bf28bc9035dd9578e188197149d934ae8ba896fb02ad262373bdacd54520a6c4df718714ec096d2542541ccdd04843d2e1062965b20ef1952", 0x5d}, {&(0x7f00000002c0)="3209c1d4e8c9d6e6c09322dbababad9daa6febdc1404ba0fe221094b2382d8ae7ff6a252195069fb3ef927e84cd0b7ccf9bcbe0e9df3e4116f6ee629bf9d3aea6e664ba50fab87843c678570a7de3f8a239170b23492d4b430fc5fc4e35d187a1c56d2b15cc8e1254b86841a3f9dc945db5151eeca26d88c256a647be5dbac8a059f7e1e67aa2a", 0x87}], 0x4, 0x15, 0x0)

09:48:22 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xf000000000000000, 0x13, r0, 0x10000000)

09:48:22 executing program 1:
ioctl$KVM_GET_CLOCK(0xffffffffffffffff, 0x8030ae7c, &(0x7f0000000080)) (async)
syz_io_uring_setup(0x1a65, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:22 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000004)

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x11a64, &(0x7f0000000180), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0x58, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x3b}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xe}}]}, 0x58}, 0x1, 0x0, 0x0, 0x880}, 0x0) (async)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x68, r1, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'tunl0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x21, 0x7, 'system_u:object_r:fonts_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x33}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x68}, 0x1, 0x0, 0x0, 0x24004811}, 0x48040) (async)
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f)

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x11a64, &(0x7f0000000180), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0x58, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x3b}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xe}}]}, 0x58}, 0x1, 0x0, 0x0, 0x880}, 0x0) (async)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x68, r1, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'tunl0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x21, 0x7, 'system_u:object_r:fonts_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x33}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x68}, 0x1, 0x0, 0x0, 0x24004811}, 0x48040)
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f)

09:48:22 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4480, &(0x7f00000000c0)={0x0, 0x7563, 0x2}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000004000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180))
getegid()

[ 2653.134010][T23960] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2653.141821][T23960] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2653.149642][T23960] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2653.157450][T23960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2653.165257][T23960] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2653.173071][T23960]  </TASK>
09:48:22 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4480, &(0x7f00000000c0)={0x0, 0x7563, 0x2}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000004000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180))
getegid()
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4480, &(0x7f00000000c0)={0x0, 0x7563, 0x2}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000004000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
getegid() (async)

09:48:22 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9901)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4001010}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250700000014000300fe8000000000000000000000000000bb0500010000006f626a6563745f723a7375646f5f657865635f743a7330000000000500010001000000000000000000f0f7070a632b41e5f5be855e0000000000000000005ad9662ca1f988cea913da72931884ed2974645bde3a56c79a3d196d60776b06d857894da745731ed4fe937ed6a80fc2743c7c403966aa4f1467af8159869a9324b0999e53efc48b74e73350baa0b086b797622997d50702df682e8da9a9191a5d28c30b78dd417e2db4e9858059f52e4ef764aaa6985a3d7e45f2df7f36d2984daade2742b7adfdf0c291def0811e88cb91ebf07062d9c68ac8dcb546b1e32b4217754401c1be2e4d7674fe"], 0x60}}, 0x808c5)
r3 = syz_io_uring_setup(0x81a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1a2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), r3)

09:48:22 executing program 5:
openat$vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2002, 0x0)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
sendmsg$nl_route(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00002b840a3dfa26d30010e39bad94431b5cf01a80ab420677c8032dbd7000ff32a5ec65dbdf25020010dbfd02ffab"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000804)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000880)={<r3=>0xffffffffffffffff, 0x3b, 0x23, 0x1000})
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x20004001)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000ac0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="200026bd70a410dbdf2501000000040004000500050005000000050006b33f25c9de200e6e005800000004000400"], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x20000804)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x2c, r4, 0xc20, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xffffff4c}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x101}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x60010)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
open_tree(r1, &(0x7f00000003c0)='./file0\x00', 0x800)
process_madvise(r1, &(0x7f0000000380)=[{&(0x7f0000000100)="115575103b54", 0x6}, {&(0x7f0000000140)="d94f8a126a6cddf9782d92f29d7b8a5a1a2bb72c64734d4e634b6946a673bc1623143b88991b7c98da7b2408ed5512b44482f9388cf3e01d170322c864f23ae327519c2689b788969350b86e366be3d6a69431aa2ad518010f6a5decf20c543854903d6ac6371d136c8af4ce1b8186482e5f5c5d1e63c4ee6c3c41b2d9f89ee252f60ba2c82a9eb39e01405bc401669eb78b30e55a4d64b1626196a610bef22db663ba6849d82bd2040be77a41eb8e2e3691653fa41d749098b1fd28c227b33b75b354c51670f50acde49d723c2a9b6710", 0xd1}, {&(0x7f0000000240)="90812a45d24c113c39a7c41a204dd1225fb7dbfc06f73df5a0f195b905c9145f71c9a7f14bf28bc9035dd9578e188197149d934ae8ba896fb02ad262373bdacd54520a6c4df718714ec096d2542541ccdd04843d2e1062965b20ef1952", 0x5d}, {&(0x7f00000002c0)="3209c1d4e8c9d6e6c09322dbababad9daa6febdc1404ba0fe221094b2382d8ae7ff6a252195069fb3ef927e84cd0b7ccf9bcbe0e9df3e4116f6ee629bf9d3aea6e664ba50fab87843c678570a7de3f8a239170b23492d4b430fc5fc4e35d187a1c56d2b15cc8e1254b86841a3f9dc945db5151eeca26d88c256a647be5dbac8a059f7e1e67aa2a", 0x87}], 0x4, 0x15, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2002, 0x0) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
sendmsg$nl_route(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00002b840a3dfa26d30010e39bad94431b5cf01a80ab420677c8032dbd7000ff32a5ec65dbdf25020010dbfd02ffab"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000804) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000880)={0xffffffffffffffff, 0x3b, 0x23, 0x1000}) (async)
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x20004001) (async)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000ac0), 0xffffffffffffffff) (async)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="200026bd70a410dbdf2501000000040004000500050005000000050006b33f25c9de200e6e005800000004000400"], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x20000804) (async)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x2c, r4, 0xc20, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xffffff4c}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x101}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x60010) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
open_tree(r1, &(0x7f00000003c0)='./file0\x00', 0x800) (async)
process_madvise(r1, &(0x7f0000000380)=[{&(0x7f0000000100)="115575103b54", 0x6}, {&(0x7f0000000140)="d94f8a126a6cddf9782d92f29d7b8a5a1a2bb72c64734d4e634b6946a673bc1623143b88991b7c98da7b2408ed5512b44482f9388cf3e01d170322c864f23ae327519c2689b788969350b86e366be3d6a69431aa2ad518010f6a5decf20c543854903d6ac6371d136c8af4ce1b8186482e5f5c5d1e63c4ee6c3c41b2d9f89ee252f60ba2c82a9eb39e01405bc401669eb78b30e55a4d64b1626196a610bef22db663ba6849d82bd2040be77a41eb8e2e3691653fa41d749098b1fd28c227b33b75b354c51670f50acde49d723c2a9b6710", 0xd1}, {&(0x7f0000000240)="90812a45d24c113c39a7c41a204dd1225fb7dbfc06f73df5a0f195b905c9145f71c9a7f14bf28bc9035dd9578e188197149d934ae8ba896fb02ad262373bdacd54520a6c4df718714ec096d2542541ccdd04843d2e1062965b20ef1952", 0x5d}, {&(0x7f00000002c0)="3209c1d4e8c9d6e6c09322dbababad9daa6febdc1404ba0fe221094b2382d8ae7ff6a252195069fb3ef927e84cd0b7ccf9bcbe0e9df3e4116f6ee629bf9d3aea6e664ba50fab87843c678570a7de3f8a239170b23492d4b430fc5fc4e35d187a1c56d2b15cc8e1254b86841a3f9dc945db5151eeca26d88c256a647be5dbac8a059f7e1e67aa2a", 0x87}], 0x4, 0x15, 0x0) (async)

09:48:22 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xff0fb86101000000, 0x13, r0, 0x10000000)

[ 2653.204187][T24003] FAULT_INJECTION: forcing a failure.
[ 2653.204187][T24003] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2653.226461][T24003] CPU: 0 PID: 24003 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2653.237911][T24003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2653.247806][T24003] Call Trace:
[ 2653.250932][T24003]  <TASK>
[ 2653.253707][T24003]  dump_stack_lvl+0x151/0x1b7
[ 2653.258221][T24003]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2653.263526][T24003]  dump_stack+0x15/0x17
[ 2653.267512][T24003]  should_fail+0x3c0/0x510
[ 2653.271807][T24003]  should_fail_alloc_page+0x58/0x70
[ 2653.276797][T24003]  __alloc_pages+0x1de/0x7c0
[ 2653.281229][T24003]  ? __count_vm_events+0x30/0x30
[ 2653.285997][T24003]  ? dup_mm+0x91/0x330
[ 2653.289906][T24003]  ? copy_mm+0x108/0x1b0
[ 2653.293976][T24003]  ? copy_process+0x1295/0x3250
[ 2653.298661][T24003]  ? kernel_clone+0x22d/0x990
[ 2653.303173][T24003]  ? __x64_sys_clone+0x289/0x310
[ 2653.307949][T24003]  pte_alloc_one+0x73/0x1b0
[ 2653.312311][T24003]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2653.317321][T24003]  ? __kasan_check_write+0x14/0x20
[ 2653.322267][T24003]  ? __set_page_owner+0x2ee/0x310
[ 2653.327140][T24003]  __pte_alloc+0x86/0x350
[ 2653.331303][T24003]  ? post_alloc_hook+0x1ab/0x1b0
[ 2653.336090][T24003]  ? free_pgtables+0x210/0x210
[ 2653.340667][T24003]  ? get_page_from_freelist+0x38b/0x400
[ 2653.346051][T24003]  copy_pte_range+0x1b1f/0x20b0
[ 2653.350737][T24003]  ? __kunmap_atomic+0x80/0x80
[ 2653.355338][T24003]  ? __pud_alloc+0x260/0x260
[ 2653.359782][T24003]  ? __pud_alloc+0x218/0x260
[ 2653.364190][T24003]  ? do_handle_mm_fault+0x2370/0x2370
[ 2653.369396][T24003]  copy_page_range+0xc1e/0x1090
[ 2653.374113][T24003]  ? pfn_valid+0x1e0/0x1e0
[ 2653.378344][T24003]  dup_mmap+0x99f/0xea0
[ 2653.382333][T24003]  ? __delayed_free_task+0x20/0x20
[ 2653.387276][T24003]  ? mm_init+0x807/0x960
[ 2653.391355][T24003]  dup_mm+0x91/0x330
[ 2653.395084][T24003]  copy_mm+0x108/0x1b0
[ 2653.398991][T24003]  copy_process+0x1295/0x3250
[ 2653.403517][T24003]  ? proc_fail_nth_write+0x213/0x290
[ 2653.408639][T24003]  ? proc_fail_nth_read+0x220/0x220
[ 2653.413661][T24003]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2653.418606][T24003]  ? vfs_write+0x9af/0x1050
[ 2653.422945][T24003]  kernel_clone+0x22d/0x990
[ 2653.427286][T24003]  ? file_end_write+0x1b0/0x1b0
[ 2653.431970][T24003]  ? __kasan_check_write+0x14/0x20
[ 2653.436923][T24003]  ? create_io_thread+0x1e0/0x1e0
[ 2653.441780][T24003]  ? __mutex_lock_slowpath+0x10/0x10
[ 2653.446900][T24003]  __x64_sys_clone+0x289/0x310
[ 2653.451502][T24003]  ? __do_sys_vfork+0x130/0x130
[ 2653.456218][T24003]  ? debug_smp_processor_id+0x17/0x20
[ 2653.461400][T24003]  do_syscall_64+0x44/0xd0
[ 2653.465655][T24003]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2653.471376][T24003] RIP: 0033:0x7f5b7e88a639
[ 2653.475629][T24003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2653.495069][T24003] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:23 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)

09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9901)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4001010}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250700000014000300fe8000000000000000000000000000bb0500010000006f626a6563745f723a7375646f5f657865635f743a7330000000000500010001000000000000000000f0f7070a632b41e5f5be855e0000000000000000005ad9662ca1f988cea913da72931884ed2974645bde3a56c79a3d196d60776b06d857894da745731ed4fe937ed6a80fc2743c7c403966aa4f1467af8159869a9324b0999e53efc48b74e73350baa0b086b797622997d50702df682e8da9a9191a5d28c30b78dd417e2db4e9858059f52e4ef764aaa6985a3d7e45f2df7f36d2984daade2742b7adfdf0c291def0811e88cb91ebf07062d9c68ac8dcb546b1e32b4217754401c1be2e4d7674fe"], 0x60}}, 0x808c5)
r3 = syz_io_uring_setup(0x81a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1a2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), r3)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9901) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4001010}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250700000014000300fe8000000000000000000000000000bb0500010000006f626a6563745f723a7375646f5f657865635f743a7330000000000500010001000000000000000000f0f7070a632b41e5f5be855e0000000000000000005ad9662ca1f988cea913da72931884ed2974645bde3a56c79a3d196d60776b06d857894da745731ed4fe937ed6a80fc2743c7c403966aa4f1467af8159869a9324b0999e53efc48b74e73350baa0b086b797622997d50702df682e8da9a9191a5d28c30b78dd417e2db4e9858059f52e4ef764aaa6985a3d7e45f2df7f36d2984daade2742b7adfdf0c291def0811e88cb91ebf07062d9c68ac8dcb546b1e32b4217754401c1be2e4d7674fe"], 0x60}}, 0x808c5) (async)
syz_io_uring_setup(0x81a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1a2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), r3) (async)

09:48:23 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000008)

09:48:23 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001ae7acf454e33f1222f75e5d9894e5194cba70251badef9cd4081fdf85b0e8c83425550e67c5517ab7646a85c8609adc3906c39126d23f070b5c447f48baf7c0474a7b9805777577f3bb39a5efe32bc84ae955ab87be8d3bbec6d97dd3d203e27b86581a7981ba6b7a083cc799c44b2c98a8e871aaf66e6f3a58684e83abd06387ef0bbf68dfa16b", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000"], 0x14}}, 0x0)
pidfd_getfd(0xffffffffffffffff, r1, 0x0)

09:48:23 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x8000000)

09:48:23 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4480, &(0x7f00000000c0)={0x0, 0x7563, 0x2}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000004000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async, rerun: 64)
getegid() (rerun: 64)

09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9901)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4001010}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250700000014000300fe8000000000000000000000000000bb0500010000006f626a6563745f723a7375646f5f657865635f743a7330000000000500010001000000000000000000f0f7070a632b41e5f5be855e0000000000000000005ad9662ca1f988cea913da72931884ed2974645bde3a56c79a3d196d60776b06d857894da745731ed4fe937ed6a80fc2743c7c403966aa4f1467af8159869a9324b0999e53efc48b74e73350baa0b086b797622997d50702df682e8da9a9191a5d28c30b78dd417e2db4e9858059f52e4ef764aaa6985a3d7e45f2df7f36d2984daade2742b7adfdf0c291def0811e88cb91ebf07062d9c68ac8dcb546b1e32b4217754401c1be2e4d7674fe"], 0x60}}, 0x808c5)
r3 = syz_io_uring_setup(0x81a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1a2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), r3)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9901) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4001010}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020028bd7000fbdbdf250700000014000300fe8000000000000000000000000000bb0500010000006f626a6563745f723a7375646f5f657865635f743a7330000000000500010001000000000000000000f0f7070a632b41e5f5be855e0000000000000000005ad9662ca1f988cea913da72931884ed2974645bde3a56c79a3d196d60776b06d857894da745731ed4fe937ed6a80fc2743c7c403966aa4f1467af8159869a9324b0999e53efc48b74e73350baa0b086b797622997d50702df682e8da9a9191a5d28c30b78dd417e2db4e9858059f52e4ef764aaa6985a3d7e45f2df7f36d2984daade2742b7adfdf0c291def0811e88cb91ebf07062d9c68ac8dcb546b1e32b4217754401c1be2e4d7674fe"], 0x60}}, 0x808c5) (async)
syz_io_uring_setup(0x81a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1a2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), r3) (async)

09:48:23 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001ae7acf454e33f1222f75e5d9894e5194cba70251badef9cd4081fdf85b0e8c83425550e67c5517ab7646a85c8609adc3906c39126d23f070b5c447f48baf7c0474a7b9805777577f3bb39a5efe32bc84ae955ab87be8d3bbec6d97dd3d203e27b86581a7981ba6b7a083cc799c44b2c98a8e871aaf66e6f3a58684e83abd06387ef0bbf68dfa16b", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000"], 0x14}}, 0x0)
pidfd_getfd(0xffffffffffffffff, r1, 0x0)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001ae7acf454e33f1222f75e5d9894e5194cba70251badef9cd4081fdf85b0e8c83425550e67c5517ab7646a85c8609adc3906c39126d23f070b5c447f48baf7c0474a7b9805777577f3bb39a5efe32bc84ae955ab87be8d3bbec6d97dd3d203e27b86581a7981ba6b7a083cc799c44b2c98a8e871aaf66e6f3a58684e83abd06387ef0bbf68dfa16b", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000"], 0x14}}, 0x0) (async)
pidfd_getfd(0xffffffffffffffff, r1, 0x0) (async)

[ 2653.503316][T24003] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2653.511124][T24003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2653.518937][T24003] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2653.526746][T24003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2653.534557][T24003] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2653.542370][T24003]  </TASK>
09:48:23 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x1000000f)

09:48:23 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000004)

[ 2653.586382][T24067] FAULT_INJECTION: forcing a failure.
[ 2653.586382][T24067] name failslab, interval 1, probability 0, space 0, times 0
[ 2653.614564][T24067] CPU: 1 PID: 24067 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2653.626038][T24067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2653.635941][T24067] Call Trace:
[ 2653.639052][T24067]  <TASK>
[ 2653.641831][T24067]  dump_stack_lvl+0x151/0x1b7
[ 2653.646342][T24067]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2653.651638][T24067]  ? do_syscall_64+0x44/0xd0
[ 2653.656067][T24067]  dump_stack+0x15/0x17
[ 2653.660054][T24067]  should_fail+0x3c0/0x510
[ 2653.664323][T24067]  __should_failslab+0x9f/0xe0
[ 2653.668910][T24067]  should_failslab+0x9/0x20
[ 2653.673252][T24067]  kmem_cache_alloc+0x4f/0x2f0
[ 2653.677845][T24067]  ? anon_vma_clone+0xa1/0x4f0
[ 2653.682444][T24067]  anon_vma_clone+0xa1/0x4f0
[ 2653.686874][T24067]  anon_vma_fork+0x91/0x4f0
[ 2653.691210][T24067]  ? anon_vma_name+0x4c/0x70
[ 2653.695639][T24067]  dup_mmap+0x750/0xea0
[ 2653.699632][T24067]  ? __delayed_free_task+0x20/0x20
[ 2653.704578][T24067]  ? mm_init+0x807/0x960
[ 2653.708655][T24067]  dup_mm+0x91/0x330
[ 2653.712389][T24067]  copy_mm+0x108/0x1b0
[ 2653.716297][T24067]  copy_process+0x1295/0x3250
[ 2653.720817][T24067]  ? proc_fail_nth_write+0x213/0x290
[ 2653.725947][T24067]  ? proc_fail_nth_read+0x220/0x220
[ 2653.730970][T24067]  ? pidfd_show_fdinfo+0x2b0/0x2b0
09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000003fe83775e750a6a1b50e31f7dd5ff7a4cf9458957da432890288bee2d59738e0be1791545d94ee7d07d07178e6a568ae6c03000000000000dbdeb5e3da3ad04a00"/83, @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250500000014000200200100000000000000000000000000021400030000000000000000000000ffffffffffff"], 0x3c}}, 0x4000010)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sched_rr_get_interval(0x0, &(0x7f00000004c0))
syz_io_uring_setup(0xaca, &(0x7f0000000400)={0x0, 0x80000001, 0x40, 0x0, 0x231, 0x0, r1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000280), &(0x7f0000000480))
syz_io_uring_setup(0x37e0, &(0x7f0000000180)={0x0, 0x93d0, 0x40, 0x0, 0x2e2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000001000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000200))

09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000003fe83775e750a6a1b50e31f7dd5ff7a4cf9458957da432890288bee2d59738e0be1791545d94ee7d07d07178e6a568ae6c03000000000000dbdeb5e3da3ad04a00"/83, @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250500000014000200200100000000000000000000000000021400030000000000000000000000ffffffffffff"], 0x3c}}, 0x4000010) (async)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
sched_rr_get_interval(0x0, &(0x7f00000004c0))
syz_io_uring_setup(0xaca, &(0x7f0000000400)={0x0, 0x80000001, 0x40, 0x0, 0x231, 0x0, r1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000280), &(0x7f0000000480))
syz_io_uring_setup(0x37e0, &(0x7f0000000180)={0x0, 0x93d0, 0x40, 0x0, 0x2e2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000001000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000200))

[ 2653.735906][T24067]  ? vfs_write+0x9af/0x1050
[ 2653.740248][T24067]  kernel_clone+0x22d/0x990
[ 2653.744586][T24067]  ? file_end_write+0x1b0/0x1b0
[ 2653.749272][T24067]  ? __kasan_check_write+0x14/0x20
[ 2653.754227][T24067]  ? create_io_thread+0x1e0/0x1e0
[ 2653.759080][T24067]  ? __mutex_lock_slowpath+0x10/0x10
[ 2653.764202][T24067]  __x64_sys_clone+0x289/0x310
[ 2653.768803][T24067]  ? __do_sys_vfork+0x130/0x130
[ 2653.773490][T24067]  ? debug_smp_processor_id+0x17/0x20
[ 2653.778698][T24067]  do_syscall_64+0x44/0xd0
[ 2653.782952][T24067]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2653.788676][T24067] RIP: 0033:0x7f5b7e88a639
[ 2653.792929][T24067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2653.812371][T24067] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2653.820610][T24067] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2653.828422][T24067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:23 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)

09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000003fe83775e750a6a1b50e31f7dd5ff7a4cf9458957da432890288bee2d59738e0be1791545d94ee7d07d07178e6a568ae6c03000000000000dbdeb5e3da3ad04a00"/83, @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250500000014000200200100000000000000000000000000021400030000000000000000000000ffffffffffff"], 0x3c}}, 0x4000010) (async)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sched_rr_get_interval(0x0, &(0x7f00000004c0)) (async)
syz_io_uring_setup(0xaca, &(0x7f0000000400)={0x0, 0x80000001, 0x40, 0x0, 0x231, 0x0, r1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000280), &(0x7f0000000480)) (async)
syz_io_uring_setup(0x37e0, &(0x7f0000000180)={0x0, 0x93d0, 0x40, 0x0, 0x2e2, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000001000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000200))

09:48:23 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000008)

09:48:23 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x6c3a, &(0x7f00000001c0)={0x0, 0x1660, 0x8, 0x1, 0xd4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000006000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240))

09:48:23 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001ae7acf454e33f1222f75e5d9894e5194cba70251badef9cd4081fdf85b0e8c83425550e67c5517ab7646a85c8609adc3906c39126d23f070b5c447f48baf7c0474a7b9805777577f3bb39a5efe32bc84ae955ab87be8d3bbec6d97dd3d203e27b86581a7981ba6b7a083cc799c44b2c98a8e871aaf66e6f3a58684e83abd06387ef0bbf68dfa16b", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000"], 0x14}}, 0x0) (async)
pidfd_getfd(0xffffffffffffffff, r1, 0x0)

09:48:23 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000010)

[ 2653.836231][T24067] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2653.844043][T24067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2653.851884][T24067] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2653.859667][T24067]  </TASK>
09:48:23 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x1000000f)

09:48:23 executing program 5:
r0 = syz_io_uring_setup(0x417, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
fstat(r0, &(0x7f0000000100))

09:48:23 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x6c3a, &(0x7f00000001c0)={0x0, 0x1660, 0x8, 0x1, 0xd4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000006000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
syz_io_uring_setup(0x6c3a, &(0x7f00000001c0)={0x0, 0x1660, 0x8, 0x1, 0xd4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000006000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240)) (async)

09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), 0xffffffffffffffff)
syz_open_dev$usbfs(&(0x7f0000000100), 0x5, 0x551000)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x90214800}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c4}, 0x24048000)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000)
syz_io_uring_setup(0x3972, &(0x7f0000000000)={0x0, 0x0, 0x23, 0x0, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:23 executing program 5:
r0 = syz_io_uring_setup(0x417, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
fstat(r0, &(0x7f0000000100))

09:48:23 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000010)

[ 2653.935105][T24204] FAULT_INJECTION: forcing a failure.
[ 2653.935105][T24204] name failslab, interval 1, probability 0, space 0, times 0
[ 2653.953663][T24204] CPU: 0 PID: 24204 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2653.965227][T24204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2653.975219][T24204] Call Trace:
[ 2653.978344][T24204]  <TASK>
[ 2653.981120][T24204]  dump_stack_lvl+0x151/0x1b7
[ 2653.985633][T24204]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2653.990927][T24204]  dump_stack+0x15/0x17
[ 2653.994918][T24204]  should_fail+0x3c0/0x510
[ 2653.999171][T24204]  __should_failslab+0x9f/0xe0
[ 2654.003772][T24204]  should_failslab+0x9/0x20
[ 2654.008111][T24204]  kmem_cache_alloc+0x4f/0x2f0
[ 2654.012710][T24204]  ? vm_area_dup+0x26/0x1d0
[ 2654.017050][T24204]  ? __kasan_check_read+0x11/0x20
[ 2654.021913][T24204]  vm_area_dup+0x26/0x1d0
[ 2654.026077][T24204]  dup_mmap+0x6b8/0xea0
[ 2654.030071][T24204]  ? __delayed_free_task+0x20/0x20
[ 2654.035015][T24204]  ? mm_init+0x807/0x960
[ 2654.039095][T24204]  dup_mm+0x91/0x330
[ 2654.042826][T24204]  copy_mm+0x108/0x1b0
[ 2654.046733][T24204]  copy_process+0x1295/0x3250
[ 2654.051255][T24204]  ? proc_fail_nth_write+0x213/0x290
[ 2654.056371][T24204]  ? proc_fail_nth_read+0x220/0x220
[ 2654.061402][T24204]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2654.066347][T24204]  ? vfs_write+0x9af/0x1050
[ 2654.070686][T24204]  kernel_clone+0x22d/0x990
[ 2654.075029][T24204]  ? file_end_write+0x1b0/0x1b0
[ 2654.079713][T24204]  ? __kasan_check_write+0x14/0x20
[ 2654.084676][T24204]  ? create_io_thread+0x1e0/0x1e0
[ 2654.089522][T24204]  ? __mutex_lock_slowpath+0x10/0x10
[ 2654.094646][T24204]  __x64_sys_clone+0x289/0x310
[ 2654.099245][T24204]  ? __do_sys_vfork+0x130/0x130
[ 2654.103929][T24204]  ? debug_smp_processor_id+0x17/0x20
[ 2654.109137][T24204]  do_syscall_64+0x44/0xd0
[ 2654.113390][T24204]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2654.119117][T24204] RIP: 0033:0x7f5b7e88a639
[ 2654.123368][T24204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2654.142811][T24204] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2654.151056][T24204] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2654.158868][T24204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2654.166692][T24204] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2654.174489][T24204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:23 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)

09:48:23 executing program 5:
r0 = syz_io_uring_setup(0x417, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
fstat(r0, &(0x7f0000000100))
syz_io_uring_setup(0x417, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
fstat(r0, &(0x7f0000000100)) (async)

09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), 0xffffffffffffffff)
syz_open_dev$usbfs(&(0x7f0000000100), 0x5, 0x551000)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x90214800}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c4}, 0x24048000)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000)
syz_io_uring_setup(0x3972, &(0x7f0000000000)={0x0, 0x0, 0x23, 0x0, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), 0xffffffffffffffff) (async)
syz_open_dev$usbfs(&(0x7f0000000100), 0x5, 0x551000) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x90214800}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c4}, 0x24048000) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) (async)
syz_io_uring_setup(0x3972, &(0x7f0000000000)={0x0, 0x0, 0x23, 0x0, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:23 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000060)

09:48:23 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x6c3a, &(0x7f00000001c0)={0x0, 0x1660, 0x8, 0x1, 0xd4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000006000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000240))

09:48:23 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000060)

09:48:23 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000f00)

09:48:23 executing program 5:
r0 = io_uring_setup(0x7dbc, &(0x7f0000000340)={0x0, 0x5de2, 0x0, 0x3, 0x352})
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x10004, 0x2, 0xd000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r3 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x10400, 0x140)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x7)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r3, 0x4008af7c, &(0x7f00000002c0)={0x1, 0x8000})
fsetxattr$security_selinux(r5, &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:getty_log_t:s0\x00', 0x21, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r3, 0x4068aea3, &(0x7f0000000180)={0xbc, 0x0, 0x6})

[ 2654.182306][T24204] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2654.190113][T24204]  </TASK>
09:48:23 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), 0xffffffffffffffff)
syz_open_dev$usbfs(&(0x7f0000000100), 0x5, 0x551000)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x90214800}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c4}, 0x24048000)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000)
syz_io_uring_setup(0x3972, &(0x7f0000000000)={0x0, 0x0, 0x23, 0x0, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), 0xffffffffffffffff) (async)
syz_open_dev$usbfs(&(0x7f0000000100), 0x5, 0x551000) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x90214800}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c4}, 0x24048000) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) (async)
syz_io_uring_setup(0x3972, &(0x7f0000000000)={0x0, 0x0, 0x23, 0x0, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:23 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10002000)

09:48:23 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10006000)

09:48:23 executing program 5:
r0 = io_uring_setup(0x7dbc, &(0x7f0000000340)={0x0, 0x5de2, 0x0, 0x3, 0x352})
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000) (async)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x10004, 0x2, 0xd000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async, rerun: 32)
r3 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x10400, 0x140) (async, rerun: 32)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x7) (async)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r3, 0x4008af7c, &(0x7f00000002c0)={0x1, 0x8000}) (async, rerun: 32)
fsetxattr$security_selinux(r5, &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:getty_log_t:s0\x00', 0x21, 0x0) (async, rerun: 32)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r3, 0x4068aea3, &(0x7f0000000180)={0xbc, 0x0, 0x6})

[ 2654.245968][   T30] audit: type=1400 audit(1668851303.740:502): avc:  denied  { relabelto } for  pid=24239 comm="syz-executor.5" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:getty_log_t:s0"
[ 2654.275188][T24244] FAULT_INJECTION: forcing a failure.
[ 2654.275188][T24244] name failslab, interval 1, probability 0, space 0, times 0
[ 2654.304561][   T30] audit: type=1400 audit(1668851303.740:503): avc:  denied  { associate } for  pid=24239 comm="syz-executor.5" name="fuse" dev="devtmpfs" ino=90 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 srawcon="system_u:object_r:getty_log_t:s0"
[ 2654.311104][T24244] CPU: 0 PID: 24244 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2654.335055][   T30] audit: type=1400 audit(1668851303.790:504): avc:  denied  { read write } for  pid=24253 comm="syz-executor.5" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:getty_log_t:s0"
[ 2654.343442][T24244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2654.343455][T24244] Call Trace:
[ 2654.343461][T24244]  <TASK>
[ 2654.343468][T24244]  dump_stack_lvl+0x151/0x1b7
[ 2654.343493][T24244]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2654.370853][   T30] audit: type=1400 audit(1668851303.790:505): avc:  denied  { open } for  pid=24253 comm="syz-executor.5" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:getty_log_t:s0"
[ 2654.380323][T24244]  ? do_syscall_64+0x44/0xd0
[ 2654.380349][T24244]  dump_stack+0x15/0x17
[ 2654.431358][T24244]  should_fail+0x3c0/0x510
[ 2654.435613][T24244]  __should_failslab+0x9f/0xe0
[ 2654.440307][T24244]  should_failslab+0x9/0x20
[ 2654.444642][T24244]  kmem_cache_alloc+0x4f/0x2f0
[ 2654.449243][T24244]  ? anon_vma_clone+0xa1/0x4f0
[ 2654.453841][T24244]  anon_vma_clone+0xa1/0x4f0
[ 2654.458270][T24244]  anon_vma_fork+0x91/0x4f0
[ 2654.462608][T24244]  ? anon_vma_name+0x4c/0x70
[ 2654.467034][T24244]  dup_mmap+0x750/0xea0
[ 2654.471060][T24244]  ? __delayed_free_task+0x20/0x20
[ 2654.475975][T24244]  ? mm_init+0x807/0x960
[ 2654.480072][T24244]  dup_mm+0x91/0x330
[ 2654.483785][T24244]  copy_mm+0x108/0x1b0
[ 2654.487694][T24244]  copy_process+0x1295/0x3250
[ 2654.492205][T24244]  ? proc_fail_nth_write+0x213/0x290
[ 2654.497326][T24244]  ? proc_fail_nth_read+0x220/0x220
[ 2654.502359][T24244]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2654.507305][T24244]  ? vfs_write+0x9af/0x1050
[ 2654.511647][T24244]  kernel_clone+0x22d/0x990
[ 2654.515986][T24244]  ? file_end_write+0x1b0/0x1b0
[ 2654.520684][T24244]  ? __kasan_check_write+0x14/0x20
[ 2654.525630][T24244]  ? create_io_thread+0x1e0/0x1e0
[ 2654.530478][T24244]  ? __mutex_lock_slowpath+0x10/0x10
[ 2654.535600][T24244]  __x64_sys_clone+0x289/0x310
[ 2654.540200][T24244]  ? __do_sys_vfork+0x130/0x130
[ 2654.544887][T24244]  ? debug_smp_processor_id+0x17/0x20
[ 2654.550095][T24244]  do_syscall_64+0x44/0xd0
[ 2654.554346][T24244]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2654.560074][T24244] RIP: 0033:0x7f5b7e88a639
[ 2654.564327][T24244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2654.583767][T24244] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2654.592014][T24244] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:24 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)

09:48:24 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0xe1800000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000540)={0x158, 0x0, 0x210, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5}, {0x5, 0x3, 0x6}, {0x5}, {0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x94, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x81b0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4e15238c}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x13b1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xce6c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xff5f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7e594bbf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9f60}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4cf}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71ff99de}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5d59a9a2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5116}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x33cf}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf3e0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa14c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6c8cbec3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x514cc047}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x64, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4304}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6492}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5e75b404}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x19e9394b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe1a1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5645a2e8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x85f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2c06e4a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5c99f536}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1309}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7319f1d9}]}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x80001}, &(0x7f0000006000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x5158, &(0x7f00000001c0)={0x0, 0x51bc, 0x1, 0x1, 0x217, 0x0, r1}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000002000/0x4000)=nil, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000240))
r3 = syz_io_uring_complete(r2)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), r3)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x58, r5, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x200}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x23}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000050}, 0x8084)

09:48:24 executing program 5:
r0 = io_uring_setup(0x7dbc, &(0x7f0000000340)={0x0, 0x5de2, 0x0, 0x3, 0x352})
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000) (async)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x10004, 0x2, 0xd000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r3 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x10400, 0x140) (async)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x7) (async)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r3, 0x4008af7c, &(0x7f00000002c0)={0x1, 0x8000}) (async)
fsetxattr$security_selinux(r5, &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:getty_log_t:s0\x00', 0x21, 0x0) (async)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r3, 0x4068aea3, &(0x7f0000000180)={0xbc, 0x0, 0x6})

09:48:24 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000f00)

09:48:24 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000180)={0x0, 0xfe7f, 0x0, 0x0, 0x3, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
socket$pptp(0x18, 0x1, 0x2)

09:48:24 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000180)={0x0, 0xfe7f, 0x0, 0x0, 0x3, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
socket$pptp(0x18, 0x1, 0x2)

09:48:24 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0xe1800000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000540)={0x158, 0x0, 0x210, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5}, {0x5, 0x3, 0x6}, {0x5}, {0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x94, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x81b0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4e15238c}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x13b1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xce6c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xff5f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7e594bbf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9f60}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4cf}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71ff99de}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5d59a9a2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5116}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x33cf}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf3e0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa14c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6c8cbec3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x514cc047}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x64, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4304}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6492}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5e75b404}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x19e9394b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe1a1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5645a2e8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x85f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2c06e4a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5c99f536}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1309}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7319f1d9}]}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) (async)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x80001}, &(0x7f0000006000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x5158, &(0x7f00000001c0)={0x0, 0x51bc, 0x1, 0x1, 0x217, 0x0, r1}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000002000/0x4000)=nil, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000240))
r3 = syz_io_uring_complete(r2) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), r3)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x58, r5, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x200}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x23}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000050}, 0x8084)

09:48:24 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x7014, &(0x7f0000000100)={0x0, 0x29f, 0x8, 0x0, 0x334, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2654.599823][T24244] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2654.607634][T24244] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2654.615468][T24244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2654.623258][T24244] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2654.631070][T24244]  </TASK>
09:48:24 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0xe1800000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000540)={0x158, 0x0, 0x210, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5}, {0x5, 0x3, 0x6}, {0x5}, {0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x94, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x81b0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4e15238c}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x13b1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xce6c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xff5f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7e594bbf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9f60}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4cf}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71ff99de}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5d59a9a2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5116}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x33cf}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf3e0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa14c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6c8cbec3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x514cc047}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x64, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4304}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6492}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5e75b404}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x19e9394b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe1a1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5645a2e8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x85f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2c06e4a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5c99f536}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1309}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7319f1d9}]}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) (async)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x80001}, &(0x7f0000006000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x5158, &(0x7f00000001c0)={0x0, 0x51bc, 0x1, 0x1, 0x217, 0x0, r1}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000002000/0x4000)=nil, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000240))
r3 = syz_io_uring_complete(r2) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), r3)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x58, r5, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x200}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x23}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000050}, 0x8084)

09:48:24 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000180)={0x0, 0xfe7f, 0x0, 0x0, 0x3, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
socket$pptp(0x18, 0x1, 0x2)

09:48:24 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f0000001300))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_clone3(&(0x7f0000001280)={0x220000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x36}, &(0x7f00000001c0)=""/67, 0x43, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=[0xffffffffffffffff, r1, r2], 0x3}, 0x58)

09:48:24 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10002000)

[ 2654.699384][T24305] FAULT_INJECTION: forcing a failure.
[ 2654.699384][T24305] name failslab, interval 1, probability 0, space 0, times 0
[ 2654.715542][T24305] CPU: 1 PID: 24305 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2654.726999][T24305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2654.736897][T24305] Call Trace:
[ 2654.740026][T24305]  <TASK>
[ 2654.742792][T24305]  dump_stack_lvl+0x151/0x1b7
[ 2654.747311][T24305]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2654.752599][T24305]  dump_stack+0x15/0x17
[ 2654.756597][T24305]  should_fail+0x3c0/0x510
[ 2654.760842][T24305]  __should_failslab+0x9f/0xe0
[ 2654.765445][T24305]  should_failslab+0x9/0x20
[ 2654.769781][T24305]  kmem_cache_alloc+0x4f/0x2f0
[ 2654.774384][T24305]  ? vm_area_dup+0x26/0x1d0
[ 2654.778721][T24305]  vm_area_dup+0x26/0x1d0
[ 2654.782886][T24305]  dup_mmap+0x6b8/0xea0
[ 2654.786881][T24305]  ? __delayed_free_task+0x20/0x20
[ 2654.791834][T24305]  ? mm_init+0x807/0x960
[ 2654.795913][T24305]  dup_mm+0x91/0x330
[ 2654.799640][T24305]  copy_mm+0x108/0x1b0
[ 2654.803549][T24305]  copy_process+0x1295/0x3250
[ 2654.808059][T24305]  ? proc_fail_nth_write+0x213/0x290
[ 2654.813278][T24305]  ? proc_fail_nth_read+0x220/0x220
[ 2654.818322][T24305]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2654.823262][T24305]  ? vfs_write+0x9af/0x1050
[ 2654.827602][T24305]  kernel_clone+0x22d/0x990
[ 2654.831973][T24305]  ? file_end_write+0x1b0/0x1b0
[ 2654.836625][T24305]  ? __kasan_check_write+0x14/0x20
[ 2654.841574][T24305]  ? create_io_thread+0x1e0/0x1e0
[ 2654.846437][T24305]  ? __mutex_lock_slowpath+0x10/0x10
[ 2654.851556][T24305]  __x64_sys_clone+0x289/0x310
[ 2654.856156][T24305]  ? __do_sys_vfork+0x130/0x130
[ 2654.860844][T24305]  ? debug_smp_processor_id+0x17/0x20
[ 2654.866049][T24305]  do_syscall_64+0x44/0xd0
[ 2654.870301][T24305]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2654.876028][T24305] RIP: 0033:0x7f5b7e88a639
[ 2654.880332][T24305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
09:48:24 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)

09:48:24 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x7014, &(0x7f0000000100)={0x0, 0x29f, 0x8, 0x0, 0x334, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_io_uring_setup(0x7014, &(0x7f0000000100)={0x0, 0x29f, 0x8, 0x0, 0x334, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

[ 2654.899725][T24305] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2654.907967][T24305] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2654.915785][T24305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2654.923590][T24305] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2654.931406][T24305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2654.939237][T24305] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2654.947028][T24305]  </TASK>
09:48:24 executing program 3:
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000100)={0x3, 0x0, 0x9, 0x300})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000001000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:24 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10006000)

09:48:24 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f0000001300))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_clone3(&(0x7f0000001280)={0x220000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x36}, &(0x7f00000001c0)=""/67, 0x43, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=[0xffffffffffffffff, r1, r2], 0x3}, 0x58)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(r2, &(0x7f0000001300)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
syz_clone3(&(0x7f0000001280)={0x220000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x36}, &(0x7f00000001c0)=""/67, 0x43, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=[0xffffffffffffffff, r1, r2], 0x3}, 0x58) (async)

09:48:24 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x7014, &(0x7f0000000100)={0x0, 0x29f, 0x8, 0x0, 0x334, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:24 executing program 3:
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000100)={0x3, 0x0, 0x9, 0x300}) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000001000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:24 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000"], 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r0)
sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x100, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x40000c1)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x4c, 0x0, 0x806, 0x94d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010100}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40040}, 0x4000)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0x29, 0x80800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x8)

09:48:24 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000240), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_complete(r1)
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@getaddr={0x14, 0x16, 0x1, 0x70bd2a, 0x25dfdc01, {}, ["", "", "", "", ""]}, 0xfffffffffffffe3d}, 0x1, 0x0, 0x0, 0xa76834ada2ac78f8}, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2655.007131][T24324] FAULT_INJECTION: forcing a failure.
[ 2655.007131][T24324] name failslab, interval 1, probability 0, space 0, times 0
[ 2655.030538][T24324] CPU: 0 PID: 24324 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2655.041992][T24324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2655.051887][T24324] Call Trace:
09:48:24 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000240), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_complete(r1) (async)
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@getaddr={0x14, 0x16, 0x1, 0x70bd2a, 0x25dfdc01, {}, ["", "", "", "", ""]}, 0xfffffffffffffe3d}, 0x1, 0x0, 0x0, 0xa76834ada2ac78f8}, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:24 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000"], 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r0)
sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x100, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x40000c1) (async, rerun: 32)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async, rerun: 32)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 32)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x4c, 0x0, 0x806, 0x94d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010100}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40040}, 0x4000) (async, rerun: 32)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0x29, 0x80800) (async, rerun: 64)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (rerun: 64)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4}) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x8)

09:48:24 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xfffffffc}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000"], 0x14}}, 0x0) (async)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r0)
sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x100, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x40000c1)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x4c, 0x0, 0x806, 0x94d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010100}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40040}, 0x4000)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0x29, 0x80800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x8)

[ 2655.055019][T24324]  <TASK>
[ 2655.057790][T24324]  dump_stack_lvl+0x151/0x1b7
[ 2655.062304][T24324]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2655.067599][T24324]  dump_stack+0x15/0x17
[ 2655.071596][T24324]  should_fail+0x3c0/0x510
[ 2655.075843][T24324]  __should_failslab+0x9f/0xe0
[ 2655.080450][T24324]  should_failslab+0x9/0x20
[ 2655.084782][T24324]  kmem_cache_alloc+0x4f/0x2f0
[ 2655.089381][T24324]  ? vm_area_dup+0x26/0x1d0
[ 2655.093719][T24324]  ? __kasan_check_read+0x11/0x20
[ 2655.098583][T24324]  vm_area_dup+0x26/0x1d0
[ 2655.102747][T24324]  dup_mmap+0x6b8/0xea0
[ 2655.106741][T24324]  ? __delayed_free_task+0x20/0x20
[ 2655.111682][T24324]  ? mm_init+0x807/0x960
[ 2655.115760][T24324]  dup_mm+0x91/0x330
[ 2655.119494][T24324]  copy_mm+0x108/0x1b0
[ 2655.123415][T24324]  copy_process+0x1295/0x3250
[ 2655.127912][T24324]  ? proc_fail_nth_write+0x213/0x290
[ 2655.133034][T24324]  ? proc_fail_nth_read+0x220/0x220
[ 2655.138066][T24324]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2655.143013][T24324]  ? vfs_write+0x9af/0x1050
[ 2655.147352][T24324]  kernel_clone+0x22d/0x990
[ 2655.151692][T24324]  ? file_end_write+0x1b0/0x1b0
[ 2655.156379][T24324]  ? __kasan_check_write+0x14/0x20
[ 2655.161333][T24324]  ? create_io_thread+0x1e0/0x1e0
[ 2655.166187][T24324]  ? __mutex_lock_slowpath+0x10/0x10
[ 2655.171309][T24324]  __x64_sys_clone+0x289/0x310
[ 2655.175938][T24324]  ? __do_sys_vfork+0x130/0x130
[ 2655.180595][T24324]  ? debug_smp_processor_id+0x17/0x20
[ 2655.185804][T24324]  do_syscall_64+0x44/0xd0
[ 2655.190053][T24324]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2655.195782][T24324] RIP: 0033:0x7f5b7e88a639
[ 2655.200052][T24324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2655.219477][T24324] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2655.227721][T24324] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2655.235540][T24324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2655.243342][T24324] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:24 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)

09:48:24 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000240), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_complete(r1) (async, rerun: 64)
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@getaddr={0x14, 0x16, 0x1, 0x70bd2a, 0x25dfdc01, {}, ["", "", "", "", ""]}, 0xfffffffffffffe3d}, 0x1, 0x0, 0x0, 0xa76834ada2ac78f8}, 0x1) (rerun: 64)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:24 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x252080, 0x0)
dup2(r2, r0)

09:48:24 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(r2, &(0x7f0000001300))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_clone3(&(0x7f0000001280)={0x220000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x36}, &(0x7f00000001c0)=""/67, 0x43, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=[0xffffffffffffffff, r1, r2], 0x3}, 0x58)

09:48:24 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$igmp6(0xa, 0x3, 0x2)
dup2(r0, r1)

09:48:24 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
dup2(r0, r1)

09:48:24 executing program 3:
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000100)={0x3, 0x0, 0x9, 0x300})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000001000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000100)={0x3, 0x0, 0x9, 0x300}) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000001000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:24 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b8000000", @ANYRES16=0x0, @ANYBLOB="00032dbd7000fbdbdf250500000014000300fe80000000000000000000000000001c08000500ac1414bb14000200fe88000000000000000000000000000114000600626f6e645f736c6176650400000000001400060076657468315f746f5f626174616476001400030020010000000000000000000000000900080004007f00000114000300fe8000000000000000000000000000aa0500010001000000140003002001000000000000000000000000000141eb66c0f1d79551175279ef832045fed800a05f926dcb25"], 0xb8}, 0x1, 0x0, 0x0, 0x20000004}, 0x8040)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

[ 2655.251161][T24324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2655.258966][T24324] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2655.266779][T24324]  </TASK>
09:48:24 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x252080, 0x0)
dup2(r2, r0)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x252080, 0x0) (async)
dup2(r2, r0) (async)

09:48:24 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x252080, 0x0)
dup2(r2, r0)

09:48:24 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$igmp6(0xa, 0x3, 0x2)
dup2(r0, r1)

09:48:24 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b8000000", @ANYRES16=0x0, @ANYBLOB="00032dbd7000fbdbdf250500000014000300fe80000000000000000000000000001c08000500ac1414bb14000200fe88000000000000000000000000000114000600626f6e645f736c6176650400000000001400060076657468315f746f5f626174616476001400030020010000000000000000000000000900080004007f00000114000300fe8000000000000000000000000000aa0500010001000000140003002001000000000000000000000000000141eb66c0f1d79551175279ef832045fed800a05f926dcb25"], 0xb8}, 0x1, 0x0, 0x0, 0x20000004}, 0x8040) (async, rerun: 64)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (rerun: 64)

[ 2655.315221][T24400] FAULT_INJECTION: forcing a failure.
[ 2655.315221][T24400] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2655.329067][T24400] CPU: 0 PID: 24400 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2655.340510][T24400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2655.350407][T24400] Call Trace:
[ 2655.353530][T24400]  <TASK>
[ 2655.356305][T24400]  dump_stack_lvl+0x151/0x1b7
[ 2655.360818][T24400]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2655.366113][T24400]  ? stack_trace_save+0x1f0/0x1f0
[ 2655.370973][T24400]  ? __kernel_text_address+0x9a/0x110
[ 2655.376191][T24400]  dump_stack+0x15/0x17
[ 2655.380177][T24400]  should_fail+0x3c0/0x510
[ 2655.384432][T24400]  should_fail_alloc_page+0x58/0x70
[ 2655.389478][T24400]  __alloc_pages+0x1de/0x7c0
[ 2655.393892][T24400]  ? stack_trace_save+0x12d/0x1f0
[ 2655.398753][T24400]  ? stack_trace_snprint+0x100/0x100
[ 2655.403866][T24400]  ? __count_vm_events+0x30/0x30
[ 2655.408650][T24400]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2655.413499][T24400]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2655.418354][T24400]  ? kmem_cache_alloc+0x189/0x2f0
[ 2655.423219][T24400]  ? anon_vma_fork+0x1b9/0x4f0
[ 2655.427818][T24400]  get_zeroed_page+0x19/0x40
[ 2655.432244][T24400]  __pud_alloc+0x8b/0x260
[ 2655.436410][T24400]  ? do_handle_mm_fault+0x2370/0x2370
[ 2655.441616][T24400]  copy_page_range+0xd9e/0x1090
[ 2655.446306][T24400]  ? pfn_valid+0x1e0/0x1e0
[ 2655.450558][T24400]  dup_mmap+0x99f/0xea0
[ 2655.454549][T24400]  ? __delayed_free_task+0x20/0x20
[ 2655.459525][T24400]  ? mm_init+0x807/0x960
[ 2655.463573][T24400]  dup_mm+0x91/0x330
[ 2655.467307][T24400]  copy_mm+0x108/0x1b0
[ 2655.471216][T24400]  copy_process+0x1295/0x3250
[ 2655.475727][T24400]  ? proc_fail_nth_write+0x213/0x290
[ 2655.480846][T24400]  ? proc_fail_nth_read+0x220/0x220
[ 2655.485885][T24400]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2655.490835][T24400]  ? vfs_write+0x9af/0x1050
[ 2655.495170][T24400]  kernel_clone+0x22d/0x990
[ 2655.499505][T24400]  ? file_end_write+0x1b0/0x1b0
[ 2655.504193][T24400]  ? __kasan_check_write+0x14/0x20
[ 2655.509169][T24400]  ? create_io_thread+0x1e0/0x1e0
[ 2655.514008][T24400]  ? __mutex_lock_slowpath+0x10/0x10
[ 2655.519121][T24400]  __x64_sys_clone+0x289/0x310
[ 2655.523719][T24400]  ? __do_sys_vfork+0x130/0x130
[ 2655.528426][T24400]  ? debug_smp_processor_id+0x17/0x20
[ 2655.533619][T24400]  do_syscall_64+0x44/0xd0
[ 2655.537876][T24400]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2655.543596][T24400] RIP: 0033:0x7f5b7e88a639
[ 2655.547850][T24400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2655.567376][T24400] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2655.575620][T24400] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2655.583433][T24400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2655.591243][T24400] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2655.599054][T24400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2655.606896][T24400] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
09:48:25 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)

09:48:25 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000001c0)={0xa, 0x6, {0x5, @struct={0x42fa, 0xac}, 0x0, 0x100000000, 0x8, 0x3, 0x80000000, 0xffffffffffffffff, 0x90, @usage=0x4, 0x8, 0x6, [0x73660fe8, 0x0, 0x6, 0x3ff, 0x7, 0x5]}, {0x7, @usage=0x6, 0x0, 0x5, 0x4, 0x40, 0x8000, 0x8b, 0x41, @usage=0x6, 0x9, 0x2, [0x6a, 0x6, 0xffffffffffffffff, 0x1ff, 0x400, 0x6]}, {0x9135000000000, @usage=0x3, <r3=>0x0, 0x640c5f33, 0x1, 0x1ff, 0x3, 0xec, 0x1, @struct={0xffff, 0x357}, 0x3, 0x4, [0x1f, 0x1, 0x1, 0x7, 0x5, 0x3]}, {0x9, 0x4, 0xb3ce}})
setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000140), 0x4)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000700)={<r4=>r3, 0x8, 0x9b7f, 0x1})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000b00)={r4, 0x7fffffff, 0xb6f2, 0x1})
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3a9, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000080))
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r5, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f00000005c0)={{{@in, @in6}}, {{@in=@empty}, 0x0, @in=@local}}, &(0x7f00000006c0)=0xe8)

09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, 0x0, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x54}}, 0x20000010)

09:48:25 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b8000000", @ANYRES16=0x0, @ANYBLOB="00032dbd7000fbdbdf250500000014000300fe80000000000000000000000000001c08000500ac1414bb14000200fe88000000000000000000000000000114000600626f6e645f736c6176650400000000001400060076657468315f746f5f626174616476001400030020010000000000000000000000000900080004007f00000114000300fe8000000000000000000000000000aa0500010001000000140003002001000000000000000000000000000141eb66c0f1d79551175279ef832045fed800a05f926dcb25"], 0xb8}, 0x1, 0x0, 0x0, 0x20000004}, 0x8040)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b8000000", @ANYRES16=0x0, @ANYBLOB="00032dbd7000fbdbdf250500000014000300fe80000000000000000000000000001c08000500ac1414bb14000200fe88000000000000000000000000000114000600626f6e645f736c6176650400000000001400060076657468315f746f5f626174616476001400030020010000000000000000000000000900080004007f00000114000300fe8000000000000000000000000000aa0500010001000000140003002001000000000000000000000000000141eb66c0f1d79551175279ef832045fed800a05f926dcb25"], 0xb8}, 0x1, 0x0, 0x0, 0x20000004}, 0x8040) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:25 executing program 4:
r0 = syz_io_uring_setup(0x1a63, &(0x7f0000000000)={0x0, 0xfffffffc}, &(0x7f0000fed000/0x11000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = pidfd_getfd(r1, r2, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@empty, @in=@remote}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:25 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001200)={'vxcan0\x00'})
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000001180)={0x0, 0x2d, 0x1, @thr={&(0x7f0000000140)="4988ca2aa656af6ca115480a2dbad39575801e92a9ce60cacda31e82f57ad042ee7c1703d58999699ac5d252cdde727ef36e94b10f1031471e0c56c1ad8964d808d0c7d10d151401534b09dd55a36b3ff40cd7071ce1fe9260e45f1e811cf0221526f80b2a38630929a9e8b6b19a08b873c09d1033e2272a9762cca1f5e370e345ed6c561617dd709a2d095f0a4c5a807192b1e91ffc2540fd6a46f1e5452983700e377c73524021fa62258e27aba4cc45bb4804563cec59a96a3fabab946a0e0d90d386b77e7cf48281423eb8ad076ddc7570accde77c1790cfeb916c2de9482433f5137620de1aefb3612a674847a3ab885fde921c4ca3ddc900ab4ed13c39e62f213886c164c88150de15997479f663fa67a3181aabcb49f5dec8aadf05dd94632a85954ab4462347eaf47b4077d93d407576495619261f851238e079b6dd613170e5a03fe7d9dca76c8d21107622a1e1c7c9fbd17d76d7497af476b50d0b2983e63bdcfa58e949670350c280d299b1c0f1194764a148808953da09d9e39809b968114c00f4d74ec6618f7d4d34244afc0c782f553921cf304072924d93968d1c420bcac02762cb75043c193e6e02026c70875c87623364f436c708b057bee384e4addeba90683fcab82b73e9d3ada9700b699a81fa316aaca580131f586d61eb3fb282a7f1bdf01027154db87038a8f6720fd5511e5f6cc76103b3bc5c781e4dca9a331f88ad86e0eb7958dd720d3e6ebe8045f2cf1fec9591adff59703c63c008e583d91d8dba71e5ca37bc74991815f0d15994ed98ba60b428057ec593cbf44598fed8c0146b821bbb727c55441e5365a441895ba42505f03d6ae020bfaa6c0c6d1faa3d1f8c2054a8af4a4b828c471690093cc5268c68eaf9cb92c2c015c8c4c7a2e1cd3c0d52dc20b97b58d7069e6a77217e4812e4a5870f19e2263cf411ce198e44578c6cd80d9616fd8c88a264245eecc85387462a9486580a608429fa789bbfc0918cdd4caae7611069cb7e8095189006e528ca0b6cae0ee3cc199a15c7228078f2945f740cafcc6d9fca0013d45faea7e7ee2836020d5b763be146df73e562167318c1915589af5888a134675221d720783117c58c970ec2eb7f9d11f576ffc2e752a02ed44a5a07c74cb1d36dd5cd00f1ad5da60251f8210598cc0e2967f237afdc4b1b8b1b704d21711b2bd3d8b54b7c9ede6c2d698cafb63b743f8bec65a551ddf5041b89b2e3d784ba110f2488ca7687146ae9fe87b428dfe6b6ccacdabd83e86d775c6639426b00018b3f0d1dbb08ecc21f8abc996f59b90877830bb6095824b95032a8208f04c71ebbdac9ea0cba2ed5e6cd844c2308b60b899f005945b19cef497b56062aa312441a14bfff610811153026b3c144a87284e692e11984de33ee2c9be9fb43071616a68df678b999c1c5a0e69efc60042ce7421e9e1fd509b3642d731b4bca783e4db766cf6dc449d70cf8585d3906166c26191530db6789b7fbd0f0ff80e27094f0a97a8ff8f9f452fe46afe769b2742838f086f07cbebee1be84bb4f096859ad8e3f1dffb810961ba3ad1f3ed7cdc540bee6c607f73df9027fc9e68547febdf4aa32c0d1df34c43e7387b11be3221f3a44c2f793fea55831f8f93520bbfc4e40f5d6872541c7563e49229f62e4fed536f546233ee6ded0746fdedafd39efb3770c6e1bc49412ae7d2aaa8e9c89404fae342b29fa74282b474f2a8f7ccf97a695fd2119a93d1e6b3e04d94246e8c9ebb9da08e1b7a1cd9e1563f150e02f191baf10ef5eb4606197c2d8753bb4cb2180fb28e4c01c3acf45069ad336fc9c89e8a7910ca10b67735d4fddf8b3cb26ac4ea139c552258ffe512724b7dfb96da2d195ecbb31a636c19053c3687effe24cfb0baab8ccfa08ea8e53c70af57c55097d743b0c4f359764ade618c09116c645499f8d02257f152c2858acf836ce97606efaa810079d28706e10c80b61f448337e5a059fa8bf93c687656c47d20c22ab6fd10eb298c494ef53b5d7fa4a2d41c0941b4f1f3e795df0a3a159d43d10af0670f161c91fd889627daee09c4867acf02a27b7985a8169e5f0a4824534408061c509c04350b2c5eaaf40b238281731f7768c4bcacdf467c107d9b6613f7c8853c9ed441a15ff73a9ba6035eeaeea4f88d3242793fa15bdb88551120b1e5c43d0e99fb703adab29f5fe1bed67588220a53ff430310dfa5019104d99594eb9f6cabe92bc4d855286980f66574b6ba1fe1615567c7f9d4b2a14f57e805e527942ea6311b238ae44b4a1ab53f3ada9f2dc593564b65aab6f0ba11711138bdcdce03f849657f3d192445f043550045570d5aecc9513bd41e304b1286ae1b90be1d6b9c86f04802fa0b9881985ac1c2f3bbf97d3a7c294a2158352d11139924a54959b6e235a6c1ff78af40c474f791315dd75472ed827d116158364fc78c7228f6669e4d55a776939b62e23632b34611763a09c09cbb7d74f571d1ba739e758e4137f386c63d3f00ebbbdff51fb55c4247b5e8abf346858fcdd431d293f10ebe8d90300e09242578e286c36affba1a7a89c927e1dcae1fd21d4543c4d457ce32719c63a3d164adb4a19bc581526dc9f3782e284999a9e04261f24ae7358a82b9abb19c62545da33fdadc2d7cdf4bb131e9bc2e58cf57354e913faa746272aaa457cc500c770586513e369f1f50ac75602882ee1bd5caa196191958628ec30bec312a743b950456378a49505ebd25fb8ee2ed2c47227d07b378a47dbe090a29884453c0b0fb412ca3a793139e9d1caa9119ade3bfb2580ec3523b24cb83f8548aa754c6fef3fdfc4f98684942d08d9bb6ac3e5c4ea750237fd003d9490aafd4084c2d271aabb637c6b3faad2f3a284159aa4a79b878ca14d4dff5f5f59253965732aeb50ec895341e15e5af2fec5877797d8042bb778ecc4c1741810b8f52fe12809619c3f611b93c20c8395ee856e93141e90528507e33f420c21950e776658288b4ccfc8b3b09d77d0d985e36207937a238e3dedb93ff0f1b63313ead9121756ee85619d8fa31e7dde111694ad7faccaeabcb931f87d52b52cf3b68a4e58804dcd47c19e0ae2fda0faa1fcde7357d1bcda28fdbf38ed908e8d9913854924d9fbd892e477aad6152fd9369bcf8e3a9474de7ba0c2696081d5db91424d75ada78a501e7592eff712309427e79dbd95f61d5842e182ad80c2c9abaeee75e613bb92248b54c86aa4a2f0851ac340acda39001b967a343f5e7800be10bb0b86edd9aa3513caf6f4ab98d7410ba6afd2394e43e8721a28135a695765c3566ac5e717de00bdd9852fe2267af0987b3bec574744c8a66b67f7396bebdf282bced6de52a69457fdb558f7f2fa000b7391643b8ad386150c03310bac7abbed02c4f44df06d7e236ed03011cd185dece30f8b81bbb4e96da32c7f8dc4f2d21b5f5b1191a6c69024facf7cd3c86c728409dd66ee90022f51e05c3c0f091cc5a81455879ef18dd6a14e439a6ceb3e51646708415c4374bebd1ed9eaffbf282a817cc2f93880113adf42111acf73653fcc864c14cbb030b932dcd23c0859a4c61b4fd3cd7c5909c49cfb31c811f9675fb09ac0d49e01ea65e8fd7c99e5dc2d3761fb54e3455e7e3c27a62f460a98f231f8fa8cd62ffe7389700ef076e0e0bb898ec4e6351be3c48f58615907d854f0dbf9f05f448152dac3c5a74e8766e027b8842826392ddc0a173a5027cb74a4aa95b21bcd53eb78f74e2fde8956a645f25a606599cacaaeb5bed702955673ed0bd5adecc84c6be5c871a9dbe7bcf4d241306da5d93f6ca9c51685ac04481250d176670ae4caa4a6c557e2aa01b3bb16d48e07928044bf161b4ffe1a930dda87d9f64a8c765d1b19141b148e07828a5da271644e401a58b331fa1f5bae7c087c9e3a40162a41a6036acef4103a8e6d849f58f557d5a595187d777ad0e6b439a85345c2fac32a9f383431c25b341f589f86017236e4e5ad9ada7c495fa852ae15b664d231898e78ba3dfadde9108fc7df738374466f3a7dba4f92ff03fde7891175e3712b827c2b383c0670db0edacaa2009fc96ed673ff137765178e12f32a5666417bc5d501722df7a1926e9085437463bb51bda1ba2c96ad0a1925d235ef7d87fd010f38d2190d9727d8ff15f0c0ca52ce2c18b1b0634ae6854b2f0acae36fc3d9aca9923086b1716b81eda33eb3fe30f9a136e1c21d4a3a1c549803f9a6b616e00299f6bccf939d315b024c9eba5443c7f90f80c44d8897388ae4bf1850a2bb8e5473d9c1d50d9d9e9d4cda3c41fb4fba999c27bbe86d938fc8c38c0e57daf72362d3bec3369848cf57d70df6be566dfc5a1881611c2c0fd57f05f6a00b97f1ea697a7741282258989b2249a712d73f37e1942ac20e89f41c3cef03df022d1e400ac15b3beaad73826ed23f06402dd7903345f8fed534fdd902a2a320d33101b1398a427574ea785f639427f8d0588ec73ccfa81a5ff16a1e47c1b49a1d36a65cb5de94d1b9a0201e19099bb315ab0615c2e74453b6dd9cef893207ee45b1a64bbe8b5c32033d0dab2d9ab671aa0a274702d3e2bf0c91c9acbca9b818e25d94e2156f89cc3a149869fbdeefa93f981076459b63c06a84517434f158bf8bc52af1b3c25ceca915fa411371a1b3eb92d328342db2466b9a23234ba294ed8c1271b7c47e66cb62aec5763aca7748242c69ffb6e3177eda52e746eaeae4e77e974db888d1759c7a31482363868880fead085539aa95d0f55a1c78f34a9f5224b112804e0bd6d1c57957e82c777e7164a2861498e066f0546825ee52558779ae94729a8af66f98370965bf3437c1fcbf5a3374e71e70ef0f4e66c1bf0ce6d60d86bc60f9c65e20d49ceb470858517c7a91b91aa22519118b09331f2117f024c48b8e784044636f8bf2e40ccb970cd19145506fb995fe5c467aa324393f8ee1c8104ca30dd8d455ed04335b1b4c2ffc8c4618e5a0b62ab663e81eb18fce13de26c69611867d6d7cce02ab2a744ae11989de9356096472bf368f9b45701e3c8423ae6c80d2c65e39f8dd06a511efe047ebbc0c12eda54083169ccb190e3dc31dfe3a0c6b98ad9fe6117884424836899e3cc15e47c80895c2241269d207229fd822b93c5cc9136c6bde92f8b9c4ce86e14e736bac1c75c7bf3f590920acb985d54b5bc6e8e857a49c889c377cc55f4c45d01c90ccb20c578cc446dee4c52bd8cd93b1449cef5f5f991168e602e409b3f9ae4dbe9df523886daac9b928360c3754a999d2c4dcfd6003bfff8ba1f1611d31529c1cc1bd394338a389cbe7af6eb8e00393f68afafb0b7346beda07b861375e3956d88973b6f3344757237b1dcfe74c3233a2cec43488e356830638bb2a8228892ddc58f9cad1235a6af2345d7b3826ca2f2952e1669675fd433bc8e02790e68f4bf66e53b4856bcbc189c24fc907c3a57f9e218177727b98af06c7f7fee702b60eb15206fb6d096b63ecb834a1f5156466b3110924f53ed81f537d44a9d68b6bf6e2708a7c5ad70601b6435b59bb12f4bf2b302a8341296d04cf43ea2301a901b45a7ccb00d57eef6fe32167aa46cbdc1ed4189d28a9d2bd0d69416b4dabd67a9b067e46852f54f32ee0da4c845cd7abc1cd0ca8ccf54de702b1e59fb47d9bf62fae6ba442edb56be4edddf778dbcbc6c436a6b82dd27a420948001e716a783a3607dea86aeb1bc2ad8099139f3845e4f5b7d14fd1d6c7d1339f2cd36f4c62deec4e44f4dd4513ec89a2274fac4f46b417a51d9d5c3a5c163e77bdcc694c", &(0x7f0000001140)="9fe2e8e0c3dcefa06874086e0858f7dbee0447280a726ffe1da4"}}, &(0x7f00000011c0))
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
sched_rr_get_interval(r2, &(0x7f0000000100))

[ 2655.614678][T24400]  </TASK>
09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, 0x0, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x54}}, 0x20000010)

09:48:25 executing program 3:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:25 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001200)={'vxcan0\x00'})
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000001180)={0x0, 0x2d, 0x1, @thr={&(0x7f0000000140)="4988ca2aa656af6ca115480a2dbad39575801e92a9ce60cacda31e82f57ad042ee7c1703d58999699ac5d252cdde727ef36e94b10f1031471e0c56c1ad8964d808d0c7d10d151401534b09dd55a36b3ff40cd7071ce1fe9260e45f1e811cf0221526f80b2a38630929a9e8b6b19a08b873c09d1033e2272a9762cca1f5e370e345ed6c561617dd709a2d095f0a4c5a807192b1e91ffc2540fd6a46f1e5452983700e377c73524021fa62258e27aba4cc45bb4804563cec59a96a3fabab946a0e0d90d386b77e7cf48281423eb8ad076ddc7570accde77c1790cfeb916c2de9482433f5137620de1aefb3612a674847a3ab885fde921c4ca3ddc900ab4ed13c39e62f213886c164c88150de15997479f663fa67a3181aabcb49f5dec8aadf05dd94632a85954ab4462347eaf47b4077d93d407576495619261f851238e079b6dd613170e5a03fe7d9dca76c8d21107622a1e1c7c9fbd17d76d7497af476b50d0b2983e63bdcfa58e949670350c280d299b1c0f1194764a148808953da09d9e39809b968114c00f4d74ec6618f7d4d34244afc0c782f553921cf304072924d93968d1c420bcac02762cb75043c193e6e02026c70875c87623364f436c708b057bee384e4addeba90683fcab82b73e9d3ada9700b699a81fa316aaca580131f586d61eb3fb282a7f1bdf01027154db87038a8f6720fd5511e5f6cc76103b3bc5c781e4dca9a331f88ad86e0eb7958dd720d3e6ebe8045f2cf1fec9591adff59703c63c008e583d91d8dba71e5ca37bc74991815f0d15994ed98ba60b428057ec593cbf44598fed8c0146b821bbb727c55441e5365a441895ba42505f03d6ae020bfaa6c0c6d1faa3d1f8c2054a8af4a4b828c471690093cc5268c68eaf9cb92c2c015c8c4c7a2e1cd3c0d52dc20b97b58d7069e6a77217e4812e4a5870f19e2263cf411ce198e44578c6cd80d9616fd8c88a264245eecc85387462a9486580a608429fa789bbfc0918cdd4caae7611069cb7e8095189006e528ca0b6cae0ee3cc199a15c7228078f2945f740cafcc6d9fca0013d45faea7e7ee2836020d5b763be146df73e562167318c1915589af5888a134675221d720783117c58c970ec2eb7f9d11f576ffc2e752a02ed44a5a07c74cb1d36dd5cd00f1ad5da60251f8210598cc0e2967f237afdc4b1b8b1b704d21711b2bd3d8b54b7c9ede6c2d698cafb63b743f8bec65a551ddf5041b89b2e3d784ba110f2488ca7687146ae9fe87b428dfe6b6ccacdabd83e86d775c6639426b00018b3f0d1dbb08ecc21f8abc996f59b90877830bb6095824b95032a8208f04c71ebbdac9ea0cba2ed5e6cd844c2308b60b899f005945b19cef497b56062aa312441a14bfff610811153026b3c144a87284e692e11984de33ee2c9be9fb43071616a68df678b999c1c5a0e69efc60042ce7421e9e1fd509b3642d731b4bca783e4db766cf6dc449d70cf8585d3906166c26191530db6789b7fbd0f0ff80e27094f0a97a8ff8f9f452fe46afe769b2742838f086f07cbebee1be84bb4f096859ad8e3f1dffb810961ba3ad1f3ed7cdc540bee6c607f73df9027fc9e68547febdf4aa32c0d1df34c43e7387b11be3221f3a44c2f793fea55831f8f93520bbfc4e40f5d6872541c7563e49229f62e4fed536f546233ee6ded0746fdedafd39efb3770c6e1bc49412ae7d2aaa8e9c89404fae342b29fa74282b474f2a8f7ccf97a695fd2119a93d1e6b3e04d94246e8c9ebb9da08e1b7a1cd9e1563f150e02f191baf10ef5eb4606197c2d8753bb4cb2180fb28e4c01c3acf45069ad336fc9c89e8a7910ca10b67735d4fddf8b3cb26ac4ea139c552258ffe512724b7dfb96da2d195ecbb31a636c19053c3687effe24cfb0baab8ccfa08ea8e53c70af57c55097d743b0c4f359764ade618c09116c645499f8d02257f152c2858acf836ce97606efaa810079d28706e10c80b61f448337e5a059fa8bf93c687656c47d20c22ab6fd10eb298c494ef53b5d7fa4a2d41c0941b4f1f3e795df0a3a159d43d10af0670f161c91fd889627daee09c4867acf02a27b7985a8169e5f0a4824534408061c509c04350b2c5eaaf40b238281731f7768c4bcacdf467c107d9b6613f7c8853c9ed441a15ff73a9ba6035eeaeea4f88d3242793fa15bdb88551120b1e5c43d0e99fb703adab29f5fe1bed67588220a53ff430310dfa5019104d99594eb9f6cabe92bc4d855286980f66574b6ba1fe1615567c7f9d4b2a14f57e805e527942ea6311b238ae44b4a1ab53f3ada9f2dc593564b65aab6f0ba11711138bdcdce03f849657f3d192445f043550045570d5aecc9513bd41e304b1286ae1b90be1d6b9c86f04802fa0b9881985ac1c2f3bbf97d3a7c294a2158352d11139924a54959b6e235a6c1ff78af40c474f791315dd75472ed827d116158364fc78c7228f6669e4d55a776939b62e23632b34611763a09c09cbb7d74f571d1ba739e758e4137f386c63d3f00ebbbdff51fb55c4247b5e8abf346858fcdd431d293f10ebe8d90300e09242578e286c36affba1a7a89c927e1dcae1fd21d4543c4d457ce32719c63a3d164adb4a19bc581526dc9f3782e284999a9e04261f24ae7358a82b9abb19c62545da33fdadc2d7cdf4bb131e9bc2e58cf57354e913faa746272aaa457cc500c770586513e369f1f50ac75602882ee1bd5caa196191958628ec30bec312a743b950456378a49505ebd25fb8ee2ed2c47227d07b378a47dbe090a29884453c0b0fb412ca3a793139e9d1caa9119ade3bfb2580ec3523b24cb83f8548aa754c6fef3fdfc4f98684942d08d9bb6ac3e5c4ea750237fd003d9490aafd4084c2d271aabb637c6b3faad2f3a284159aa4a79b878ca14d4dff5f5f59253965732aeb50ec895341e15e5af2fec5877797d8042bb778ecc4c1741810b8f52fe12809619c3f611b93c20c8395ee856e93141e90528507e33f420c21950e776658288b4ccfc8b3b09d77d0d985e36207937a238e3dedb93ff0f1b63313ead9121756ee85619d8fa31e7dde111694ad7faccaeabcb931f87d52b52cf3b68a4e58804dcd47c19e0ae2fda0faa1fcde7357d1bcda28fdbf38ed908e8d9913854924d9fbd892e477aad6152fd9369bcf8e3a9474de7ba0c2696081d5db91424d75ada78a501e7592eff712309427e79dbd95f61d5842e182ad80c2c9abaeee75e613bb92248b54c86aa4a2f0851ac340acda39001b967a343f5e7800be10bb0b86edd9aa3513caf6f4ab98d7410ba6afd2394e43e8721a28135a695765c3566ac5e717de00bdd9852fe2267af0987b3bec574744c8a66b67f7396bebdf282bced6de52a69457fdb558f7f2fa000b7391643b8ad386150c03310bac7abbed02c4f44df06d7e236ed03011cd185dece30f8b81bbb4e96da32c7f8dc4f2d21b5f5b1191a6c69024facf7cd3c86c728409dd66ee90022f51e05c3c0f091cc5a81455879ef18dd6a14e439a6ceb3e51646708415c4374bebd1ed9eaffbf282a817cc2f93880113adf42111acf73653fcc864c14cbb030b932dcd23c0859a4c61b4fd3cd7c5909c49cfb31c811f9675fb09ac0d49e01ea65e8fd7c99e5dc2d3761fb54e3455e7e3c27a62f460a98f231f8fa8cd62ffe7389700ef076e0e0bb898ec4e6351be3c48f58615907d854f0dbf9f05f448152dac3c5a74e8766e027b8842826392ddc0a173a5027cb74a4aa95b21bcd53eb78f74e2fde8956a645f25a606599cacaaeb5bed702955673ed0bd5adecc84c6be5c871a9dbe7bcf4d241306da5d93f6ca9c51685ac04481250d176670ae4caa4a6c557e2aa01b3bb16d48e07928044bf161b4ffe1a930dda87d9f64a8c765d1b19141b148e07828a5da271644e401a58b331fa1f5bae7c087c9e3a40162a41a6036acef4103a8e6d849f58f557d5a595187d777ad0e6b439a85345c2fac32a9f383431c25b341f589f86017236e4e5ad9ada7c495fa852ae15b664d231898e78ba3dfadde9108fc7df738374466f3a7dba4f92ff03fde7891175e3712b827c2b383c0670db0edacaa2009fc96ed673ff137765178e12f32a5666417bc5d501722df7a1926e9085437463bb51bda1ba2c96ad0a1925d235ef7d87fd010f38d2190d9727d8ff15f0c0ca52ce2c18b1b0634ae6854b2f0acae36fc3d9aca9923086b1716b81eda33eb3fe30f9a136e1c21d4a3a1c549803f9a6b616e00299f6bccf939d315b024c9eba5443c7f90f80c44d8897388ae4bf1850a2bb8e5473d9c1d50d9d9e9d4cda3c41fb4fba999c27bbe86d938fc8c38c0e57daf72362d3bec3369848cf57d70df6be566dfc5a1881611c2c0fd57f05f6a00b97f1ea697a7741282258989b2249a712d73f37e1942ac20e89f41c3cef03df022d1e400ac15b3beaad73826ed23f06402dd7903345f8fed534fdd902a2a320d33101b1398a427574ea785f639427f8d0588ec73ccfa81a5ff16a1e47c1b49a1d36a65cb5de94d1b9a0201e19099bb315ab0615c2e74453b6dd9cef893207ee45b1a64bbe8b5c32033d0dab2d9ab671aa0a274702d3e2bf0c91c9acbca9b818e25d94e2156f89cc3a149869fbdeefa93f981076459b63c06a84517434f158bf8bc52af1b3c25ceca915fa411371a1b3eb92d328342db2466b9a23234ba294ed8c1271b7c47e66cb62aec5763aca7748242c69ffb6e3177eda52e746eaeae4e77e974db888d1759c7a31482363868880fead085539aa95d0f55a1c78f34a9f5224b112804e0bd6d1c57957e82c777e7164a2861498e066f0546825ee52558779ae94729a8af66f98370965bf3437c1fcbf5a3374e71e70ef0f4e66c1bf0ce6d60d86bc60f9c65e20d49ceb470858517c7a91b91aa22519118b09331f2117f024c48b8e784044636f8bf2e40ccb970cd19145506fb995fe5c467aa324393f8ee1c8104ca30dd8d455ed04335b1b4c2ffc8c4618e5a0b62ab663e81eb18fce13de26c69611867d6d7cce02ab2a744ae11989de9356096472bf368f9b45701e3c8423ae6c80d2c65e39f8dd06a511efe047ebbc0c12eda54083169ccb190e3dc31dfe3a0c6b98ad9fe6117884424836899e3cc15e47c80895c2241269d207229fd822b93c5cc9136c6bde92f8b9c4ce86e14e736bac1c75c7bf3f590920acb985d54b5bc6e8e857a49c889c377cc55f4c45d01c90ccb20c578cc446dee4c52bd8cd93b1449cef5f5f991168e602e409b3f9ae4dbe9df523886daac9b928360c3754a999d2c4dcfd6003bfff8ba1f1611d31529c1cc1bd394338a389cbe7af6eb8e00393f68afafb0b7346beda07b861375e3956d88973b6f3344757237b1dcfe74c3233a2cec43488e356830638bb2a8228892ddc58f9cad1235a6af2345d7b3826ca2f2952e1669675fd433bc8e02790e68f4bf66e53b4856bcbc189c24fc907c3a57f9e218177727b98af06c7f7fee702b60eb15206fb6d096b63ecb834a1f5156466b3110924f53ed81f537d44a9d68b6bf6e2708a7c5ad70601b6435b59bb12f4bf2b302a8341296d04cf43ea2301a901b45a7ccb00d57eef6fe32167aa46cbdc1ed4189d28a9d2bd0d69416b4dabd67a9b067e46852f54f32ee0da4c845cd7abc1cd0ca8ccf54de702b1e59fb47d9bf62fae6ba442edb56be4edddf778dbcbc6c436a6b82dd27a420948001e716a783a3607dea86aeb1bc2ad8099139f3845e4f5b7d14fd1d6c7d1339f2cd36f4c62deec4e44f4dd4513ec89a2274fac4f46b417a51d9d5c3a5c163e77bdcc694c", &(0x7f0000001140)="9fe2e8e0c3dcefa06874086e0858f7dbee0447280a726ffe1da4"}}, &(0x7f00000011c0))
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
sched_rr_get_interval(r2, &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001200)={'vxcan0\x00'}) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
timer_create(0x0, &(0x7f0000001180)={0x0, 0x2d, 0x1, @thr={&(0x7f0000000140)="4988ca2aa656af6ca115480a2dbad39575801e92a9ce60cacda31e82f57ad042ee7c1703d58999699ac5d252cdde727ef36e94b10f1031471e0c56c1ad8964d808d0c7d10d151401534b09dd55a36b3ff40cd7071ce1fe9260e45f1e811cf0221526f80b2a38630929a9e8b6b19a08b873c09d1033e2272a9762cca1f5e370e345ed6c561617dd709a2d095f0a4c5a807192b1e91ffc2540fd6a46f1e5452983700e377c73524021fa62258e27aba4cc45bb4804563cec59a96a3fabab946a0e0d90d386b77e7cf48281423eb8ad076ddc7570accde77c1790cfeb916c2de9482433f5137620de1aefb3612a674847a3ab885fde921c4ca3ddc900ab4ed13c39e62f213886c164c88150de15997479f663fa67a3181aabcb49f5dec8aadf05dd94632a85954ab4462347eaf47b4077d93d407576495619261f851238e079b6dd613170e5a03fe7d9dca76c8d21107622a1e1c7c9fbd17d76d7497af476b50d0b2983e63bdcfa58e949670350c280d299b1c0f1194764a148808953da09d9e39809b968114c00f4d74ec6618f7d4d34244afc0c782f553921cf304072924d93968d1c420bcac02762cb75043c193e6e02026c70875c87623364f436c708b057bee384e4addeba90683fcab82b73e9d3ada9700b699a81fa316aaca580131f586d61eb3fb282a7f1bdf01027154db87038a8f6720fd5511e5f6cc76103b3bc5c781e4dca9a331f88ad86e0eb7958dd720d3e6ebe8045f2cf1fec9591adff59703c63c008e583d91d8dba71e5ca37bc74991815f0d15994ed98ba60b428057ec593cbf44598fed8c0146b821bbb727c55441e5365a441895ba42505f03d6ae020bfaa6c0c6d1faa3d1f8c2054a8af4a4b828c471690093cc5268c68eaf9cb92c2c015c8c4c7a2e1cd3c0d52dc20b97b58d7069e6a77217e4812e4a5870f19e2263cf411ce198e44578c6cd80d9616fd8c88a264245eecc85387462a9486580a608429fa789bbfc0918cdd4caae7611069cb7e8095189006e528ca0b6cae0ee3cc199a15c7228078f2945f740cafcc6d9fca0013d45faea7e7ee2836020d5b763be146df73e562167318c1915589af5888a134675221d720783117c58c970ec2eb7f9d11f576ffc2e752a02ed44a5a07c74cb1d36dd5cd00f1ad5da60251f8210598cc0e2967f237afdc4b1b8b1b704d21711b2bd3d8b54b7c9ede6c2d698cafb63b743f8bec65a551ddf5041b89b2e3d784ba110f2488ca7687146ae9fe87b428dfe6b6ccacdabd83e86d775c6639426b00018b3f0d1dbb08ecc21f8abc996f59b90877830bb6095824b95032a8208f04c71ebbdac9ea0cba2ed5e6cd844c2308b60b899f005945b19cef497b56062aa312441a14bfff610811153026b3c144a87284e692e11984de33ee2c9be9fb43071616a68df678b999c1c5a0e69efc60042ce7421e9e1fd509b3642d731b4bca783e4db766cf6dc449d70cf8585d3906166c26191530db6789b7fbd0f0ff80e27094f0a97a8ff8f9f452fe46afe769b2742838f086f07cbebee1be84bb4f096859ad8e3f1dffb810961ba3ad1f3ed7cdc540bee6c607f73df9027fc9e68547febdf4aa32c0d1df34c43e7387b11be3221f3a44c2f793fea55831f8f93520bbfc4e40f5d6872541c7563e49229f62e4fed536f546233ee6ded0746fdedafd39efb3770c6e1bc49412ae7d2aaa8e9c89404fae342b29fa74282b474f2a8f7ccf97a695fd2119a93d1e6b3e04d94246e8c9ebb9da08e1b7a1cd9e1563f150e02f191baf10ef5eb4606197c2d8753bb4cb2180fb28e4c01c3acf45069ad336fc9c89e8a7910ca10b67735d4fddf8b3cb26ac4ea139c552258ffe512724b7dfb96da2d195ecbb31a636c19053c3687effe24cfb0baab8ccfa08ea8e53c70af57c55097d743b0c4f359764ade618c09116c645499f8d02257f152c2858acf836ce97606efaa810079d28706e10c80b61f448337e5a059fa8bf93c687656c47d20c22ab6fd10eb298c494ef53b5d7fa4a2d41c0941b4f1f3e795df0a3a159d43d10af0670f161c91fd889627daee09c4867acf02a27b7985a8169e5f0a4824534408061c509c04350b2c5eaaf40b238281731f7768c4bcacdf467c107d9b6613f7c8853c9ed441a15ff73a9ba6035eeaeea4f88d3242793fa15bdb88551120b1e5c43d0e99fb703adab29f5fe1bed67588220a53ff430310dfa5019104d99594eb9f6cabe92bc4d855286980f66574b6ba1fe1615567c7f9d4b2a14f57e805e527942ea6311b238ae44b4a1ab53f3ada9f2dc593564b65aab6f0ba11711138bdcdce03f849657f3d192445f043550045570d5aecc9513bd41e304b1286ae1b90be1d6b9c86f04802fa0b9881985ac1c2f3bbf97d3a7c294a2158352d11139924a54959b6e235a6c1ff78af40c474f791315dd75472ed827d116158364fc78c7228f6669e4d55a776939b62e23632b34611763a09c09cbb7d74f571d1ba739e758e4137f386c63d3f00ebbbdff51fb55c4247b5e8abf346858fcdd431d293f10ebe8d90300e09242578e286c36affba1a7a89c927e1dcae1fd21d4543c4d457ce32719c63a3d164adb4a19bc581526dc9f3782e284999a9e04261f24ae7358a82b9abb19c62545da33fdadc2d7cdf4bb131e9bc2e58cf57354e913faa746272aaa457cc500c770586513e369f1f50ac75602882ee1bd5caa196191958628ec30bec312a743b950456378a49505ebd25fb8ee2ed2c47227d07b378a47dbe090a29884453c0b0fb412ca3a793139e9d1caa9119ade3bfb2580ec3523b24cb83f8548aa754c6fef3fdfc4f98684942d08d9bb6ac3e5c4ea750237fd003d9490aafd4084c2d271aabb637c6b3faad2f3a284159aa4a79b878ca14d4dff5f5f59253965732aeb50ec895341e15e5af2fec5877797d8042bb778ecc4c1741810b8f52fe12809619c3f611b93c20c8395ee856e93141e90528507e33f420c21950e776658288b4ccfc8b3b09d77d0d985e36207937a238e3dedb93ff0f1b63313ead9121756ee85619d8fa31e7dde111694ad7faccaeabcb931f87d52b52cf3b68a4e58804dcd47c19e0ae2fda0faa1fcde7357d1bcda28fdbf38ed908e8d9913854924d9fbd892e477aad6152fd9369bcf8e3a9474de7ba0c2696081d5db91424d75ada78a501e7592eff712309427e79dbd95f61d5842e182ad80c2c9abaeee75e613bb92248b54c86aa4a2f0851ac340acda39001b967a343f5e7800be10bb0b86edd9aa3513caf6f4ab98d7410ba6afd2394e43e8721a28135a695765c3566ac5e717de00bdd9852fe2267af0987b3bec574744c8a66b67f7396bebdf282bced6de52a69457fdb558f7f2fa000b7391643b8ad386150c03310bac7abbed02c4f44df06d7e236ed03011cd185dece30f8b81bbb4e96da32c7f8dc4f2d21b5f5b1191a6c69024facf7cd3c86c728409dd66ee90022f51e05c3c0f091cc5a81455879ef18dd6a14e439a6ceb3e51646708415c4374bebd1ed9eaffbf282a817cc2f93880113adf42111acf73653fcc864c14cbb030b932dcd23c0859a4c61b4fd3cd7c5909c49cfb31c811f9675fb09ac0d49e01ea65e8fd7c99e5dc2d3761fb54e3455e7e3c27a62f460a98f231f8fa8cd62ffe7389700ef076e0e0bb898ec4e6351be3c48f58615907d854f0dbf9f05f448152dac3c5a74e8766e027b8842826392ddc0a173a5027cb74a4aa95b21bcd53eb78f74e2fde8956a645f25a606599cacaaeb5bed702955673ed0bd5adecc84c6be5c871a9dbe7bcf4d241306da5d93f6ca9c51685ac04481250d176670ae4caa4a6c557e2aa01b3bb16d48e07928044bf161b4ffe1a930dda87d9f64a8c765d1b19141b148e07828a5da271644e401a58b331fa1f5bae7c087c9e3a40162a41a6036acef4103a8e6d849f58f557d5a595187d777ad0e6b439a85345c2fac32a9f383431c25b341f589f86017236e4e5ad9ada7c495fa852ae15b664d231898e78ba3dfadde9108fc7df738374466f3a7dba4f92ff03fde7891175e3712b827c2b383c0670db0edacaa2009fc96ed673ff137765178e12f32a5666417bc5d501722df7a1926e9085437463bb51bda1ba2c96ad0a1925d235ef7d87fd010f38d2190d9727d8ff15f0c0ca52ce2c18b1b0634ae6854b2f0acae36fc3d9aca9923086b1716b81eda33eb3fe30f9a136e1c21d4a3a1c549803f9a6b616e00299f6bccf939d315b024c9eba5443c7f90f80c44d8897388ae4bf1850a2bb8e5473d9c1d50d9d9e9d4cda3c41fb4fba999c27bbe86d938fc8c38c0e57daf72362d3bec3369848cf57d70df6be566dfc5a1881611c2c0fd57f05f6a00b97f1ea697a7741282258989b2249a712d73f37e1942ac20e89f41c3cef03df022d1e400ac15b3beaad73826ed23f06402dd7903345f8fed534fdd902a2a320d33101b1398a427574ea785f639427f8d0588ec73ccfa81a5ff16a1e47c1b49a1d36a65cb5de94d1b9a0201e19099bb315ab0615c2e74453b6dd9cef893207ee45b1a64bbe8b5c32033d0dab2d9ab671aa0a274702d3e2bf0c91c9acbca9b818e25d94e2156f89cc3a149869fbdeefa93f981076459b63c06a84517434f158bf8bc52af1b3c25ceca915fa411371a1b3eb92d328342db2466b9a23234ba294ed8c1271b7c47e66cb62aec5763aca7748242c69ffb6e3177eda52e746eaeae4e77e974db888d1759c7a31482363868880fead085539aa95d0f55a1c78f34a9f5224b112804e0bd6d1c57957e82c777e7164a2861498e066f0546825ee52558779ae94729a8af66f98370965bf3437c1fcbf5a3374e71e70ef0f4e66c1bf0ce6d60d86bc60f9c65e20d49ceb470858517c7a91b91aa22519118b09331f2117f024c48b8e784044636f8bf2e40ccb970cd19145506fb995fe5c467aa324393f8ee1c8104ca30dd8d455ed04335b1b4c2ffc8c4618e5a0b62ab663e81eb18fce13de26c69611867d6d7cce02ab2a744ae11989de9356096472bf368f9b45701e3c8423ae6c80d2c65e39f8dd06a511efe047ebbc0c12eda54083169ccb190e3dc31dfe3a0c6b98ad9fe6117884424836899e3cc15e47c80895c2241269d207229fd822b93c5cc9136c6bde92f8b9c4ce86e14e736bac1c75c7bf3f590920acb985d54b5bc6e8e857a49c889c377cc55f4c45d01c90ccb20c578cc446dee4c52bd8cd93b1449cef5f5f991168e602e409b3f9ae4dbe9df523886daac9b928360c3754a999d2c4dcfd6003bfff8ba1f1611d31529c1cc1bd394338a389cbe7af6eb8e00393f68afafb0b7346beda07b861375e3956d88973b6f3344757237b1dcfe74c3233a2cec43488e356830638bb2a8228892ddc58f9cad1235a6af2345d7b3826ca2f2952e1669675fd433bc8e02790e68f4bf66e53b4856bcbc189c24fc907c3a57f9e218177727b98af06c7f7fee702b60eb15206fb6d096b63ecb834a1f5156466b3110924f53ed81f537d44a9d68b6bf6e2708a7c5ad70601b6435b59bb12f4bf2b302a8341296d04cf43ea2301a901b45a7ccb00d57eef6fe32167aa46cbdc1ed4189d28a9d2bd0d69416b4dabd67a9b067e46852f54f32ee0da4c845cd7abc1cd0ca8ccf54de702b1e59fb47d9bf62fae6ba442edb56be4edddf778dbcbc6c436a6b82dd27a420948001e716a783a3607dea86aeb1bc2ad8099139f3845e4f5b7d14fd1d6c7d1339f2cd36f4c62deec4e44f4dd4513ec89a2274fac4f46b417a51d9d5c3a5c163e77bdcc694c", &(0x7f0000001140)="9fe2e8e0c3dcefa06874086e0858f7dbee0447280a726ffe1da4"}}, &(0x7f00000011c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000) (async)
sched_rr_get_interval(r2, &(0x7f0000000100)) (async)

09:48:25 executing program 4:
r0 = syz_io_uring_setup(0x1a63, &(0x7f0000000000)={0x0, 0xfffffffc}, &(0x7f0000fed000/0x11000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = pidfd_getfd(r1, r2, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@empty, @in=@remote}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a63, &(0x7f0000000000)={0x0, 0xfffffffc}, &(0x7f0000fed000/0x11000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
pidfd_getfd(r1, r2, 0x0) (async)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@empty, @in=@remote}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, 0x0, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x54}}, 0x20000010)

09:48:25 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000001c0)={0xa, 0x6, {0x5, @struct={0x42fa, 0xac}, 0x0, 0x100000000, 0x8, 0x3, 0x80000000, 0xffffffffffffffff, 0x90, @usage=0x4, 0x8, 0x6, [0x73660fe8, 0x0, 0x6, 0x3ff, 0x7, 0x5]}, {0x7, @usage=0x6, 0x0, 0x5, 0x4, 0x40, 0x8000, 0x8b, 0x41, @usage=0x6, 0x9, 0x2, [0x6a, 0x6, 0xffffffffffffffff, 0x1ff, 0x400, 0x6]}, {0x9135000000000, @usage=0x3, <r3=>0x0, 0x640c5f33, 0x1, 0x1ff, 0x3, 0xec, 0x1, @struct={0xffff, 0x357}, 0x3, 0x4, [0x1f, 0x1, 0x1, 0x7, 0x5, 0x3]}, {0x9, 0x4, 0xb3ce}})
setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000140), 0x4)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000700)={<r4=>r3, 0x8, 0x9b7f, 0x1})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000b00)={r4, 0x7fffffff, 0xb6f2, 0x1}) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3a9, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000080)) (async, rerun: 32)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (rerun: 32)
accept4$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async, rerun: 64)
fsetxattr$security_selinux(r5, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f00000005c0)={{{@in, @in6}}, {{@in=@empty}, 0x0, @in=@local}}, &(0x7f00000006c0)=0xe8)

[ 2655.687753][T24455] FAULT_INJECTION: forcing a failure.
[ 2655.687753][T24455] name failslab, interval 1, probability 0, space 0, times 0
[ 2655.703125][T24455] CPU: 1 PID: 24455 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2655.714584][T24455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2655.724481][T24455] Call Trace:
[ 2655.727595][T24455]  <TASK>
[ 2655.730374][T24455]  dump_stack_lvl+0x151/0x1b7
[ 2655.734886][T24455]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2655.740188][T24455]  ? do_syscall_64+0x44/0xd0
[ 2655.744607][T24455]  dump_stack+0x15/0x17
[ 2655.748601][T24455]  should_fail+0x3c0/0x510
[ 2655.752859][T24455]  __should_failslab+0x9f/0xe0
[ 2655.757459][T24455]  should_failslab+0x9/0x20
[ 2655.761792][T24455]  kmem_cache_alloc+0x4f/0x2f0
[ 2655.766405][T24455]  ? anon_vma_clone+0xa1/0x4f0
[ 2655.770992][T24455]  anon_vma_clone+0xa1/0x4f0
[ 2655.775419][T24455]  anon_vma_fork+0x91/0x4f0
[ 2655.779755][T24455]  ? anon_vma_name+0x4c/0x70
[ 2655.784180][T24455]  dup_mmap+0x750/0xea0
[ 2655.788174][T24455]  ? __delayed_free_task+0x20/0x20
[ 2655.793118][T24455]  ? mm_init+0x807/0x960
[ 2655.797219][T24455]  dup_mm+0x91/0x330
[ 2655.800931][T24455]  copy_mm+0x108/0x1b0
[ 2655.804842][T24455]  copy_process+0x1295/0x3250
[ 2655.809366][T24455]  ? proc_fail_nth_write+0x213/0x290
[ 2655.814473][T24455]  ? proc_fail_nth_read+0x220/0x220
[ 2655.819504][T24455]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2655.824450][T24455]  ? vfs_write+0x9af/0x1050
[ 2655.828790][T24455]  kernel_clone+0x22d/0x990
[ 2655.833133][T24455]  ? file_end_write+0x1b0/0x1b0
[ 2655.837817][T24455]  ? __kasan_check_write+0x14/0x20
[ 2655.842763][T24455]  ? create_io_thread+0x1e0/0x1e0
[ 2655.847628][T24455]  ? __mutex_lock_slowpath+0x10/0x10
[ 2655.852748][T24455]  __x64_sys_clone+0x289/0x310
[ 2655.857348][T24455]  ? __do_sys_vfork+0x130/0x130
[ 2655.862031][T24455]  ? debug_smp_processor_id+0x17/0x20
[ 2655.867242][T24455]  do_syscall_64+0x44/0xd0
[ 2655.871496][T24455]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2655.877218][T24455] RIP: 0033:0x7f5b7e88a639
[ 2655.881471][T24455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2655.900912][T24455] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2655.909156][T24455] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2655.916969][T24455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2655.924786][T24455] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:25 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

09:48:25 executing program 3:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_setup(0x3540, &(0x7f0000000100)={0x0, 0xd2ea, 0x10, 0x1, 0x152})
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xc6)

09:48:25 executing program 4:
r0 = syz_io_uring_setup(0x1a63, &(0x7f0000000000)={0x0, 0xfffffffc}, &(0x7f0000fed000/0x11000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = pidfd_getfd(r1, r2, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@empty, @in=@remote}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:25 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000001c0)={0xa, 0x6, {0x5, @struct={0x42fa, 0xac}, 0x0, 0x100000000, 0x8, 0x3, 0x80000000, 0xffffffffffffffff, 0x90, @usage=0x4, 0x8, 0x6, [0x73660fe8, 0x0, 0x6, 0x3ff, 0x7, 0x5]}, {0x7, @usage=0x6, 0x0, 0x5, 0x4, 0x40, 0x8000, 0x8b, 0x41, @usage=0x6, 0x9, 0x2, [0x6a, 0x6, 0xffffffffffffffff, 0x1ff, 0x400, 0x6]}, {0x9135000000000, @usage=0x3, <r3=>0x0, 0x640c5f33, 0x1, 0x1ff, 0x3, 0xec, 0x1, @struct={0xffff, 0x357}, 0x3, 0x4, [0x1f, 0x1, 0x1, 0x7, 0x5, 0x3]}, {0x9, 0x4, 0xb3ce}})
setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000140), 0x4)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000700)={<r4=>r3, 0x8, 0x9b7f, 0x1})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000b00)={r4, 0x7fffffff, 0xb6f2, 0x1})
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3a9, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000080))
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r5, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f00000005c0)={{{@in, @in6}}, {{@in=@empty}, 0x0, @in=@local}}, &(0x7f00000006c0)=0xe8)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000001c0)={0xa, 0x6, {0x5, @struct={0x42fa, 0xac}, 0x0, 0x100000000, 0x8, 0x3, 0x80000000, 0xffffffffffffffff, 0x90, @usage=0x4, 0x8, 0x6, [0x73660fe8, 0x0, 0x6, 0x3ff, 0x7, 0x5]}, {0x7, @usage=0x6, 0x0, 0x5, 0x4, 0x40, 0x8000, 0x8b, 0x41, @usage=0x6, 0x9, 0x2, [0x6a, 0x6, 0xffffffffffffffff, 0x1ff, 0x400, 0x6]}, {0x9135000000000, @usage=0x3, 0x0, 0x640c5f33, 0x1, 0x1ff, 0x3, 0xec, 0x1, @struct={0xffff, 0x357}, 0x3, 0x4, [0x1f, 0x1, 0x1, 0x7, 0x5, 0x3]}, {0x9, 0x4, 0xb3ce}}) (async)
setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000140), 0x4) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000700)={r3, 0x8, 0x9b7f, 0x1}) (async)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000b00)={r4, 0x7fffffff, 0xb6f2, 0x1}) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3a9, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000080)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r5, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f00000005c0)={{{@in, @in6}}, {{@in=@empty}, 0x0, @in=@local}}, &(0x7f00000006c0)=0xe8) (async)

09:48:25 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001200)={'vxcan0\x00'}) (async, rerun: 32)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
timer_create(0x0, &(0x7f0000001180)={0x0, 0x2d, 0x1, @thr={&(0x7f0000000140)="4988ca2aa656af6ca115480a2dbad39575801e92a9ce60cacda31e82f57ad042ee7c1703d58999699ac5d252cdde727ef36e94b10f1031471e0c56c1ad8964d808d0c7d10d151401534b09dd55a36b3ff40cd7071ce1fe9260e45f1e811cf0221526f80b2a38630929a9e8b6b19a08b873c09d1033e2272a9762cca1f5e370e345ed6c561617dd709a2d095f0a4c5a807192b1e91ffc2540fd6a46f1e5452983700e377c73524021fa62258e27aba4cc45bb4804563cec59a96a3fabab946a0e0d90d386b77e7cf48281423eb8ad076ddc7570accde77c1790cfeb916c2de9482433f5137620de1aefb3612a674847a3ab885fde921c4ca3ddc900ab4ed13c39e62f213886c164c88150de15997479f663fa67a3181aabcb49f5dec8aadf05dd94632a85954ab4462347eaf47b4077d93d407576495619261f851238e079b6dd613170e5a03fe7d9dca76c8d21107622a1e1c7c9fbd17d76d7497af476b50d0b2983e63bdcfa58e949670350c280d299b1c0f1194764a148808953da09d9e39809b968114c00f4d74ec6618f7d4d34244afc0c782f553921cf304072924d93968d1c420bcac02762cb75043c193e6e02026c70875c87623364f436c708b057bee384e4addeba90683fcab82b73e9d3ada9700b699a81fa316aaca580131f586d61eb3fb282a7f1bdf01027154db87038a8f6720fd5511e5f6cc76103b3bc5c781e4dca9a331f88ad86e0eb7958dd720d3e6ebe8045f2cf1fec9591adff59703c63c008e583d91d8dba71e5ca37bc74991815f0d15994ed98ba60b428057ec593cbf44598fed8c0146b821bbb727c55441e5365a441895ba42505f03d6ae020bfaa6c0c6d1faa3d1f8c2054a8af4a4b828c471690093cc5268c68eaf9cb92c2c015c8c4c7a2e1cd3c0d52dc20b97b58d7069e6a77217e4812e4a5870f19e2263cf411ce198e44578c6cd80d9616fd8c88a264245eecc85387462a9486580a608429fa789bbfc0918cdd4caae7611069cb7e8095189006e528ca0b6cae0ee3cc199a15c7228078f2945f740cafcc6d9fca0013d45faea7e7ee2836020d5b763be146df73e562167318c1915589af5888a134675221d720783117c58c970ec2eb7f9d11f576ffc2e752a02ed44a5a07c74cb1d36dd5cd00f1ad5da60251f8210598cc0e2967f237afdc4b1b8b1b704d21711b2bd3d8b54b7c9ede6c2d698cafb63b743f8bec65a551ddf5041b89b2e3d784ba110f2488ca7687146ae9fe87b428dfe6b6ccacdabd83e86d775c6639426b00018b3f0d1dbb08ecc21f8abc996f59b90877830bb6095824b95032a8208f04c71ebbdac9ea0cba2ed5e6cd844c2308b60b899f005945b19cef497b56062aa312441a14bfff610811153026b3c144a87284e692e11984de33ee2c9be9fb43071616a68df678b999c1c5a0e69efc60042ce7421e9e1fd509b3642d731b4bca783e4db766cf6dc449d70cf8585d3906166c26191530db6789b7fbd0f0ff80e27094f0a97a8ff8f9f452fe46afe769b2742838f086f07cbebee1be84bb4f096859ad8e3f1dffb810961ba3ad1f3ed7cdc540bee6c607f73df9027fc9e68547febdf4aa32c0d1df34c43e7387b11be3221f3a44c2f793fea55831f8f93520bbfc4e40f5d6872541c7563e49229f62e4fed536f546233ee6ded0746fdedafd39efb3770c6e1bc49412ae7d2aaa8e9c89404fae342b29fa74282b474f2a8f7ccf97a695fd2119a93d1e6b3e04d94246e8c9ebb9da08e1b7a1cd9e1563f150e02f191baf10ef5eb4606197c2d8753bb4cb2180fb28e4c01c3acf45069ad336fc9c89e8a7910ca10b67735d4fddf8b3cb26ac4ea139c552258ffe512724b7dfb96da2d195ecbb31a636c19053c3687effe24cfb0baab8ccfa08ea8e53c70af57c55097d743b0c4f359764ade618c09116c645499f8d02257f152c2858acf836ce97606efaa810079d28706e10c80b61f448337e5a059fa8bf93c687656c47d20c22ab6fd10eb298c494ef53b5d7fa4a2d41c0941b4f1f3e795df0a3a159d43d10af0670f161c91fd889627daee09c4867acf02a27b7985a8169e5f0a4824534408061c509c04350b2c5eaaf40b238281731f7768c4bcacdf467c107d9b6613f7c8853c9ed441a15ff73a9ba6035eeaeea4f88d3242793fa15bdb88551120b1e5c43d0e99fb703adab29f5fe1bed67588220a53ff430310dfa5019104d99594eb9f6cabe92bc4d855286980f66574b6ba1fe1615567c7f9d4b2a14f57e805e527942ea6311b238ae44b4a1ab53f3ada9f2dc593564b65aab6f0ba11711138bdcdce03f849657f3d192445f043550045570d5aecc9513bd41e304b1286ae1b90be1d6b9c86f04802fa0b9881985ac1c2f3bbf97d3a7c294a2158352d11139924a54959b6e235a6c1ff78af40c474f791315dd75472ed827d116158364fc78c7228f6669e4d55a776939b62e23632b34611763a09c09cbb7d74f571d1ba739e758e4137f386c63d3f00ebbbdff51fb55c4247b5e8abf346858fcdd431d293f10ebe8d90300e09242578e286c36affba1a7a89c927e1dcae1fd21d4543c4d457ce32719c63a3d164adb4a19bc581526dc9f3782e284999a9e04261f24ae7358a82b9abb19c62545da33fdadc2d7cdf4bb131e9bc2e58cf57354e913faa746272aaa457cc500c770586513e369f1f50ac75602882ee1bd5caa196191958628ec30bec312a743b950456378a49505ebd25fb8ee2ed2c47227d07b378a47dbe090a29884453c0b0fb412ca3a793139e9d1caa9119ade3bfb2580ec3523b24cb83f8548aa754c6fef3fdfc4f98684942d08d9bb6ac3e5c4ea750237fd003d9490aafd4084c2d271aabb637c6b3faad2f3a284159aa4a79b878ca14d4dff5f5f59253965732aeb50ec895341e15e5af2fec5877797d8042bb778ecc4c1741810b8f52fe12809619c3f611b93c20c8395ee856e93141e90528507e33f420c21950e776658288b4ccfc8b3b09d77d0d985e36207937a238e3dedb93ff0f1b63313ead9121756ee85619d8fa31e7dde111694ad7faccaeabcb931f87d52b52cf3b68a4e58804dcd47c19e0ae2fda0faa1fcde7357d1bcda28fdbf38ed908e8d9913854924d9fbd892e477aad6152fd9369bcf8e3a9474de7ba0c2696081d5db91424d75ada78a501e7592eff712309427e79dbd95f61d5842e182ad80c2c9abaeee75e613bb92248b54c86aa4a2f0851ac340acda39001b967a343f5e7800be10bb0b86edd9aa3513caf6f4ab98d7410ba6afd2394e43e8721a28135a695765c3566ac5e717de00bdd9852fe2267af0987b3bec574744c8a66b67f7396bebdf282bced6de52a69457fdb558f7f2fa000b7391643b8ad386150c03310bac7abbed02c4f44df06d7e236ed03011cd185dece30f8b81bbb4e96da32c7f8dc4f2d21b5f5b1191a6c69024facf7cd3c86c728409dd66ee90022f51e05c3c0f091cc5a81455879ef18dd6a14e439a6ceb3e51646708415c4374bebd1ed9eaffbf282a817cc2f93880113adf42111acf73653fcc864c14cbb030b932dcd23c0859a4c61b4fd3cd7c5909c49cfb31c811f9675fb09ac0d49e01ea65e8fd7c99e5dc2d3761fb54e3455e7e3c27a62f460a98f231f8fa8cd62ffe7389700ef076e0e0bb898ec4e6351be3c48f58615907d854f0dbf9f05f448152dac3c5a74e8766e027b8842826392ddc0a173a5027cb74a4aa95b21bcd53eb78f74e2fde8956a645f25a606599cacaaeb5bed702955673ed0bd5adecc84c6be5c871a9dbe7bcf4d241306da5d93f6ca9c51685ac04481250d176670ae4caa4a6c557e2aa01b3bb16d48e07928044bf161b4ffe1a930dda87d9f64a8c765d1b19141b148e07828a5da271644e401a58b331fa1f5bae7c087c9e3a40162a41a6036acef4103a8e6d849f58f557d5a595187d777ad0e6b439a85345c2fac32a9f383431c25b341f589f86017236e4e5ad9ada7c495fa852ae15b664d231898e78ba3dfadde9108fc7df738374466f3a7dba4f92ff03fde7891175e3712b827c2b383c0670db0edacaa2009fc96ed673ff137765178e12f32a5666417bc5d501722df7a1926e9085437463bb51bda1ba2c96ad0a1925d235ef7d87fd010f38d2190d9727d8ff15f0c0ca52ce2c18b1b0634ae6854b2f0acae36fc3d9aca9923086b1716b81eda33eb3fe30f9a136e1c21d4a3a1c549803f9a6b616e00299f6bccf939d315b024c9eba5443c7f90f80c44d8897388ae4bf1850a2bb8e5473d9c1d50d9d9e9d4cda3c41fb4fba999c27bbe86d938fc8c38c0e57daf72362d3bec3369848cf57d70df6be566dfc5a1881611c2c0fd57f05f6a00b97f1ea697a7741282258989b2249a712d73f37e1942ac20e89f41c3cef03df022d1e400ac15b3beaad73826ed23f06402dd7903345f8fed534fdd902a2a320d33101b1398a427574ea785f639427f8d0588ec73ccfa81a5ff16a1e47c1b49a1d36a65cb5de94d1b9a0201e19099bb315ab0615c2e74453b6dd9cef893207ee45b1a64bbe8b5c32033d0dab2d9ab671aa0a274702d3e2bf0c91c9acbca9b818e25d94e2156f89cc3a149869fbdeefa93f981076459b63c06a84517434f158bf8bc52af1b3c25ceca915fa411371a1b3eb92d328342db2466b9a23234ba294ed8c1271b7c47e66cb62aec5763aca7748242c69ffb6e3177eda52e746eaeae4e77e974db888d1759c7a31482363868880fead085539aa95d0f55a1c78f34a9f5224b112804e0bd6d1c57957e82c777e7164a2861498e066f0546825ee52558779ae94729a8af66f98370965bf3437c1fcbf5a3374e71e70ef0f4e66c1bf0ce6d60d86bc60f9c65e20d49ceb470858517c7a91b91aa22519118b09331f2117f024c48b8e784044636f8bf2e40ccb970cd19145506fb995fe5c467aa324393f8ee1c8104ca30dd8d455ed04335b1b4c2ffc8c4618e5a0b62ab663e81eb18fce13de26c69611867d6d7cce02ab2a744ae11989de9356096472bf368f9b45701e3c8423ae6c80d2c65e39f8dd06a511efe047ebbc0c12eda54083169ccb190e3dc31dfe3a0c6b98ad9fe6117884424836899e3cc15e47c80895c2241269d207229fd822b93c5cc9136c6bde92f8b9c4ce86e14e736bac1c75c7bf3f590920acb985d54b5bc6e8e857a49c889c377cc55f4c45d01c90ccb20c578cc446dee4c52bd8cd93b1449cef5f5f991168e602e409b3f9ae4dbe9df523886daac9b928360c3754a999d2c4dcfd6003bfff8ba1f1611d31529c1cc1bd394338a389cbe7af6eb8e00393f68afafb0b7346beda07b861375e3956d88973b6f3344757237b1dcfe74c3233a2cec43488e356830638bb2a8228892ddc58f9cad1235a6af2345d7b3826ca2f2952e1669675fd433bc8e02790e68f4bf66e53b4856bcbc189c24fc907c3a57f9e218177727b98af06c7f7fee702b60eb15206fb6d096b63ecb834a1f5156466b3110924f53ed81f537d44a9d68b6bf6e2708a7c5ad70601b6435b59bb12f4bf2b302a8341296d04cf43ea2301a901b45a7ccb00d57eef6fe32167aa46cbdc1ed4189d28a9d2bd0d69416b4dabd67a9b067e46852f54f32ee0da4c845cd7abc1cd0ca8ccf54de702b1e59fb47d9bf62fae6ba442edb56be4edddf778dbcbc6c436a6b82dd27a420948001e716a783a3607dea86aeb1bc2ad8099139f3845e4f5b7d14fd1d6c7d1339f2cd36f4c62deec4e44f4dd4513ec89a2274fac4f46b417a51d9d5c3a5c163e77bdcc694c", &(0x7f0000001140)="9fe2e8e0c3dcefa06874086e0858f7dbee0447280a726ffe1da4"}}, &(0x7f00000011c0)) (async, rerun: 32)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000) (async)
sched_rr_get_interval(r2, &(0x7f0000000100))

09:48:25 executing program 3:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

[ 2655.932590][T24455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2655.940403][T24455] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2655.948216][T24455]  </TASK>
09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_setup(0x3540, &(0x7f0000000100)={0x0, 0xd2ea, 0x10, 0x1, 0x152}) (async)
socket$packet(0x11, 0x2, 0x300) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async, rerun: 64)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (rerun: 64)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xc6)

09:48:25 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0xfef, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x2765, &(0x7f0000000240)={0x0, 0x99ef, 0x80, 0x1, 0x21c, 0x0, r1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000002c0))
r2 = io_uring_setup(0x80075bc, &(0x7f00000001c0)={0x0, 0xf555, 0x1, 0x3, 0x34f})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000004, 0x12, r2, 0x10000000)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000300)={0x0, "028061626cb5d19ba5e5ec6c215ad147"})
r3 = open_tree(r1, &(0x7f0000001300)='./file0/file0\x00', 0x1000)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f00000014c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001480)={&(0x7f0000001380)={0xc4, 0x0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3b2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xedc}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffff8}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8001}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6ba}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x34}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb1}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)

09:48:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r2=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r2)
syz_io_uring_complete(r2)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_rr_get_interval(r3, &(0x7f0000002180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)

09:48:25 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_complete(0x0)

09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_setup(0x3540, &(0x7f0000000100)={0x0, 0xd2ea, 0x10, 0x1, 0x152})
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xc6)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
io_uring_setup(0x3540, &(0x7f0000000100)={0x0, 0xd2ea, 0x10, 0x1, 0x152}) (async)
socket$packet(0x11, 0x2, 0x300) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xc6) (async)

[ 2656.020397][T24542] FAULT_INJECTION: forcing a failure.
[ 2656.020397][T24542] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2656.061518][T24542] CPU: 0 PID: 24542 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2656.072987][T24542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2656.082882][T24542] Call Trace:
[ 2656.086014][T24542]  <TASK>
[ 2656.088782][T24542]  dump_stack_lvl+0x151/0x1b7
[ 2656.093297][T24542]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2656.098591][T24542]  dump_stack+0x15/0x17
[ 2656.102590][T24542]  should_fail+0x3c0/0x510
[ 2656.106836][T24542]  should_fail_alloc_page+0x58/0x70
[ 2656.111868][T24542]  __alloc_pages+0x1de/0x7c0
[ 2656.116292][T24542]  ? __count_vm_events+0x30/0x30
[ 2656.121063][T24542]  ? dup_mm+0x91/0x330
[ 2656.124968][T24542]  ? copy_mm+0x108/0x1b0
[ 2656.129048][T24542]  ? copy_process+0x1295/0x3250
[ 2656.133755][T24542]  ? kernel_clone+0x22d/0x990
[ 2656.138251][T24542]  ? __x64_sys_clone+0x289/0x310
[ 2656.143022][T24542]  pte_alloc_one+0x73/0x1b0
[ 2656.147369][T24542]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2656.152394][T24542]  ? __kasan_check_write+0x14/0x20
[ 2656.157347][T24542]  ? __set_page_owner+0x2ee/0x310
[ 2656.162207][T24542]  __pte_alloc+0x86/0x350
[ 2656.166373][T24542]  ? post_alloc_hook+0x1ab/0x1b0
[ 2656.171146][T24542]  ? free_pgtables+0x210/0x210
[ 2656.175745][T24542]  ? get_page_from_freelist+0x38b/0x400
[ 2656.181137][T24542]  copy_pte_range+0x1b1f/0x20b0
[ 2656.185812][T24542]  ? __kunmap_atomic+0x80/0x80
[ 2656.190410][T24542]  ? __pud_alloc+0x260/0x260
[ 2656.194838][T24542]  ? __pud_alloc+0x218/0x260
[ 2656.199263][T24542]  ? do_handle_mm_fault+0x2370/0x2370
[ 2656.204469][T24542]  copy_page_range+0xc1e/0x1090
[ 2656.209161][T24542]  ? pfn_valid+0x1e0/0x1e0
[ 2656.213410][T24542]  dup_mmap+0x99f/0xea0
[ 2656.217412][T24542]  ? __delayed_free_task+0x20/0x20
[ 2656.222351][T24542]  ? mm_init+0x807/0x960
[ 2656.226428][T24542]  dup_mm+0x91/0x330
[ 2656.230163][T24542]  copy_mm+0x108/0x1b0
[ 2656.234067][T24542]  copy_process+0x1295/0x3250
[ 2656.238590][T24542]  ? proc_fail_nth_write+0x213/0x290
[ 2656.243699][T24542]  ? proc_fail_nth_read+0x220/0x220
[ 2656.248737][T24542]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2656.253680][T24542]  ? vfs_write+0x9af/0x1050
[ 2656.258020][T24542]  kernel_clone+0x22d/0x990
[ 2656.262359][T24542]  ? file_end_write+0x1b0/0x1b0
[ 2656.267046][T24542]  ? __kasan_check_write+0x14/0x20
[ 2656.271993][T24542]  ? create_io_thread+0x1e0/0x1e0
[ 2656.276855][T24542]  ? __mutex_lock_slowpath+0x10/0x10
[ 2656.281976][T24542]  __x64_sys_clone+0x289/0x310
[ 2656.286575][T24542]  ? __do_sys_vfork+0x130/0x130
[ 2656.291260][T24542]  ? debug_smp_processor_id+0x17/0x20
[ 2656.296471][T24542]  do_syscall_64+0x44/0xd0
[ 2656.300720][T24542]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2656.306449][T24542] RIP: 0033:0x7f5b7e88a639
[ 2656.310703][T24542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2656.330147][T24542] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2656.338391][T24542] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2656.346200][T24542] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2656.354011][T24542] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:25 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

09:48:25 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0xfef, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x2765, &(0x7f0000000240)={0x0, 0x99ef, 0x80, 0x1, 0x21c, 0x0, r1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000002c0))
r2 = io_uring_setup(0x80075bc, &(0x7f00000001c0)={0x0, 0xf555, 0x1, 0x3, 0x34f})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000004, 0x12, r2, 0x10000000)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000300)={0x0, "028061626cb5d19ba5e5ec6c215ad147"})
r3 = open_tree(r1, &(0x7f0000001300)='./file0/file0\x00', 0x1000)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f00000014c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001480)={&(0x7f0000001380)={0xc4, 0x0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3b2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xedc}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffff8}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8001}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6ba}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x34}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb1}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0xfef, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_io_uring_setup(0x2765, &(0x7f0000000240)={0x0, 0x99ef, 0x80, 0x1, 0x21c, 0x0, r1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000002c0)) (async)
io_uring_setup(0x80075bc, &(0x7f00000001c0)={0x0, 0xf555, 0x1, 0x3, 0x34f}) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000004, 0x12, r2, 0x10000000) (async)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000300)={0x0, "028061626cb5d19ba5e5ec6c215ad147"}) (async)
open_tree(r1, &(0x7f0000001300)='./file0/file0\x00', 0x1000) (async)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f00000014c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001480)={&(0x7f0000001380)={0xc4, 0x0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3b2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xedc}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffff8}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8001}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6ba}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x34}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb1}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) (async)

09:48:25 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_complete(0x0)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_complete(0x0) (async)

09:48:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r2=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r2) (async)
syz_io_uring_complete(r2) (async)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_rr_get_interval(r3, &(0x7f0000002180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)

09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x468a, &(0x7f0000000000)={0x0, 0xe105, 0x200, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2656.361821][T24542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2656.369631][T24542] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2656.377447][T24542]  </TASK>
[ 2656.422949][T24619] FAULT_INJECTION: forcing a failure.
[ 2656.422949][T24619] name failslab, interval 1, probability 0, space 0, times 0
[ 2656.437057][T24619] CPU: 0 PID: 24619 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2656.448520][T24619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2656.458404][T24619] Call Trace:
[ 2656.461537][T24619]  <TASK>
[ 2656.464305][T24619]  dump_stack_lvl+0x151/0x1b7
09:48:25 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
keyctl$update(0x2, 0x0, &(0x7f00000006c0)="6771523fdffaf6cc89a7586a5b2a4dc0a8e9c216c281c92669a2b285059fb16ac068fe86d4558d4eb3107d8cf201f24704910db93888f653711d61c04644142a6efdf1591602925e47c971957d93918a6a372d14f462bb759822adfdaa7a5b6a0fb3385087af5dc9f7682bc6fb40db41f9dfed2a7da437fa059f8e7fac0dee9a65215acc1b82b8e0ce281bdc6b95", 0x8e)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="2c69c5f67000fbdbdf25080000001400020000000000000000000000010114000200ff0100000000000000000000000000010568e24b9efde0e165d966116858f2abb936c560ae2a6c109ab14fc56ca6f6a0fd00000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x8080)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xbb83, 0x100, 0x0, 0xb2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
syz_clone3(&(0x7f0000000500)={0x44101000, &(0x7f0000000200), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280), {0x35}, &(0x7f00000002c0)=""/191, 0xbf, &(0x7f0000000380)=""/182, &(0x7f0000000440)=[r2, r2], 0x2}, 0x58)
syz_open_procfs$namespace(r3, &(0x7f0000000480)='ns/pid\x00')

09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x468a, &(0x7f0000000000)={0x0, 0xe105, 0x200, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:25 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_complete(0x0)

09:48:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r2=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r2)
syz_io_uring_complete(r2)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_rr_get_interval(r3, &(0x7f0000002180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440)) (async)
syz_io_uring_complete(r2) (async)
syz_io_uring_complete(r2) (async)
read$FUSE(r0, &(0x7f0000000140)={0x2020}, 0x2020) (async)
sched_rr_get_interval(r3, &(0x7f0000002180)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000) (async)

09:48:25 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async, rerun: 64)
syz_io_uring_setup(0xfef, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async, rerun: 64)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 64)
syz_io_uring_setup(0x2765, &(0x7f0000000240)={0x0, 0x99ef, 0x80, 0x1, 0x21c, 0x0, r1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000002c0)) (async)
r2 = io_uring_setup(0x80075bc, &(0x7f00000001c0)={0x0, 0xf555, 0x1, 0x3, 0x34f})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000004, 0x12, r2, 0x10000000)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000300)={0x0, "028061626cb5d19ba5e5ec6c215ad147"}) (async)
r3 = open_tree(r1, &(0x7f0000001300)='./file0/file0\x00', 0x1000)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f00000014c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001480)={&(0x7f0000001380)={0xc4, 0x0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3b2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xedc}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffff8}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8001}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6ba}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x34}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb1}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)

09:48:25 executing program 5:
r0 = syz_io_uring_setup(0x468a, &(0x7f0000000000)={0x0, 0xe105, 0x200, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x468a, &(0x7f0000000000)={0x0, 0xe105, 0x200, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:25 executing program 5:
io_uring_setup(0x154a, &(0x7f0000000100)={0x0, 0x4579, 0x4, 0x2, 0x2fd})
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2656.468821][T24619]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2656.474124][T24619]  dump_stack+0x15/0x17
[ 2656.478105][T24619]  should_fail+0x3c0/0x510
[ 2656.482358][T24619]  __should_failslab+0x9f/0xe0
[ 2656.486956][T24619]  should_failslab+0x9/0x20
[ 2656.491298][T24619]  kmem_cache_alloc+0x4f/0x2f0
[ 2656.495897][T24619]  ? vm_area_dup+0x26/0x1d0
[ 2656.500236][T24619]  vm_area_dup+0x26/0x1d0
[ 2656.504404][T24619]  dup_mmap+0x6b8/0xea0
[ 2656.508397][T24619]  ? __delayed_free_task+0x20/0x20
[ 2656.513351][T24619]  ? mm_init+0x807/0x960
[ 2656.517420][T24619]  dup_mm+0x91/0x330
[ 2656.521153][T24619]  copy_mm+0x108/0x1b0
[ 2656.525059][T24619]  copy_process+0x1295/0x3250
[ 2656.529572][T24619]  ? proc_fail_nth_write+0x213/0x290
[ 2656.534688][T24619]  ? proc_fail_nth_read+0x220/0x220
[ 2656.539723][T24619]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2656.544668][T24619]  ? vfs_write+0x9af/0x1050
[ 2656.549010][T24619]  kernel_clone+0x22d/0x990
[ 2656.553347][T24619]  ? file_end_write+0x1b0/0x1b0
[ 2656.558038][T24619]  ? __kasan_check_write+0x14/0x20
[ 2656.562981][T24619]  ? create_io_thread+0x1e0/0x1e0
[ 2656.567841][T24619]  ? __mutex_lock_slowpath+0x10/0x10
[ 2656.572964][T24619]  __x64_sys_clone+0x289/0x310
[ 2656.577564][T24619]  ? __do_sys_vfork+0x130/0x130
[ 2656.582250][T24619]  ? debug_smp_processor_id+0x17/0x20
[ 2656.587458][T24619]  do_syscall_64+0x44/0xd0
[ 2656.591711][T24619]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2656.597438][T24619] RIP: 0033:0x7f5b7e88a639
[ 2656.601691][T24619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
09:48:26 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

09:48:26 executing program 5:
io_uring_setup(0x154a, &(0x7f0000000100)={0x0, 0x4579, 0x4, 0x2, 0x2fd})
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
io_uring_setup(0x154a, &(0x7f0000000100)={0x0, 0x4579, 0x4, 0x2, 0x2fd}) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:26 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
keyctl$update(0x2, 0x0, &(0x7f00000006c0)="6771523fdffaf6cc89a7586a5b2a4dc0a8e9c216c281c92669a2b285059fb16ac068fe86d4558d4eb3107d8cf201f24704910db93888f653711d61c04644142a6efdf1591602925e47c971957d93918a6a372d14f462bb759822adfdaa7a5b6a0fb3385087af5dc9f7682bc6fb40db41f9dfed2a7da437fa059f8e7fac0dee9a65215acc1b82b8e0ce281bdc6b95", 0x8e)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="2c69c5f67000fbdbdf25080000001400020000000000000000000000010114000200ff0100000000000000000000000000010568e24b9efde0e165d966116858f2abb936c560ae2a6c109ab14fc56ca6f6a0fd00000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x8080)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xbb83, 0x100, 0x0, 0xb2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
syz_clone3(&(0x7f0000000500)={0x44101000, &(0x7f0000000200), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280), {0x35}, &(0x7f00000002c0)=""/191, 0xbf, &(0x7f0000000380)=""/182, &(0x7f0000000440)=[r2, r2], 0x2}, 0x58)
syz_open_procfs$namespace(r3, &(0x7f0000000480)='ns/pid\x00')
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
keyctl$update(0x2, 0x0, &(0x7f00000006c0)="6771523fdffaf6cc89a7586a5b2a4dc0a8e9c216c281c92669a2b285059fb16ac068fe86d4558d4eb3107d8cf201f24704910db93888f653711d61c04644142a6efdf1591602925e47c971957d93918a6a372d14f462bb759822adfdaa7a5b6a0fb3385087af5dc9f7682bc6fb40db41f9dfed2a7da437fa059f8e7fac0dee9a65215acc1b82b8e0ce281bdc6b95", 0x8e) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="2c69c5f67000fbdbdf25080000001400020000000000000000000000010114000200ff0100000000000000000000000000010568e24b9efde0e165d966116858f2abb936c560ae2a6c109ab14fc56ca6f6a0fd00000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x8080) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xbb83, 0x100, 0x0, 0xb2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000) (async)
syz_clone3(&(0x7f0000000500)={0x44101000, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280), {0x35}, &(0x7f00000002c0)=""/191, 0xbf, &(0x7f0000000380)=""/182, &(0x7f0000000440)=[r2, r2], 0x2}, 0x58) (async)
syz_open_procfs$namespace(r3, &(0x7f0000000480)='ns/pid\x00') (async)

09:48:26 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_open(r1, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180), 0x8)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x57}]}, &(0x7f0000000080)='syzkaller\x00', 0x6, 0x94, &(0x7f00000000c0)=""/148, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000140)=0x14)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2656.621132][T24619] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2656.629379][T24619] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2656.637186][T24619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2656.645113][T24619] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2656.652917][T24619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2656.660727][T24619] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2656.668555][T24619]  </TASK>
09:48:26 executing program 5:
io_uring_setup(0x154a, &(0x7f0000000100)={0x0, 0x4579, 0x4, 0x2, 0x2fd})
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
io_uring_setup(0x154a, &(0x7f0000000100)={0x0, 0x4579, 0x4, 0x2, 0x2fd}) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:26 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x1000, &(0x7f0000000080), 0x8, 0xffffffffffffffff, 0x1})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000200)={<r1=>r0, 0x9, 0x4, 0xc92})
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000240))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, 0xffffffff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:26 executing program 5:
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd29, 0x1, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x80}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008850)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000140))
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000100)={0x3, 0x8})
r1 = syz_io_uring_setup(0x4541, &(0x7f0000000000)={0x0, 0x2000000, 0x0, 0x0, 0x8000}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)

[ 2656.729342][T24667] FAULT_INJECTION: forcing a failure.
[ 2656.729342][T24667] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2656.745832][T24667] CPU: 1 PID: 24667 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2656.757284][T24667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2656.767177][T24667] Call Trace:
[ 2656.770300][T24667]  <TASK>
[ 2656.773094][T24667]  dump_stack_lvl+0x151/0x1b7
09:48:26 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x1000, &(0x7f0000000080), 0x8, 0xffffffffffffffff, 0x1})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000200)={<r1=>r0, 0x9, 0x4, 0xc92})
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000240)) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, 0xffffffff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

[ 2656.777596][T24667]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2656.782986][T24667]  dump_stack+0x15/0x17
[ 2656.786976][T24667]  should_fail+0x3c0/0x510
[ 2656.791229][T24667]  should_fail_alloc_page+0x58/0x70
[ 2656.796262][T24667]  __alloc_pages+0x1de/0x7c0
[ 2656.800691][T24667]  ? __count_vm_events+0x30/0x30
[ 2656.805463][T24667]  ? __this_cpu_preempt_check+0x13/0x20
[ 2656.810845][T24667]  ? __mod_node_page_state+0xac/0xf0
[ 2656.815971][T24667]  pte_alloc_one+0x73/0x1b0
[ 2656.820313][T24667]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2656.825339][T24667]  __pte_alloc+0x86/0x350
09:48:26 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_open(r1, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180), 0x8)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x57}]}, &(0x7f0000000080)='syzkaller\x00', 0x6, 0x94, &(0x7f00000000c0)=""/148, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000140)=0x14)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
pidfd_open(r1, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180), 0x8) (async)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x57}]}, &(0x7f0000000080)='syzkaller\x00', 0x6, 0x94, &(0x7f00000000c0)=""/148, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000140)=0x14) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:26 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x1000, &(0x7f0000000080), 0x8, 0xffffffffffffffff, 0x1}) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000200)={<r1=>r0, 0x9, 0x4, 0xc92})
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000240)) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, 0xffffffff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:26 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
keyctl$update(0x2, 0x0, &(0x7f00000006c0)="6771523fdffaf6cc89a7586a5b2a4dc0a8e9c216c281c92669a2b285059fb16ac068fe86d4558d4eb3107d8cf201f24704910db93888f653711d61c04644142a6efdf1591602925e47c971957d93918a6a372d14f462bb759822adfdaa7a5b6a0fb3385087af5dc9f7682bc6fb40db41f9dfed2a7da437fa059f8e7fac0dee9a65215acc1b82b8e0ce281bdc6b95", 0x8e) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="2c69c5f67000fbdbdf25080000001400020000000000000000000000010114000200ff0100000000000000000000000000010568e24b9efde0e165d966116858f2abb936c560ae2a6c109ab14fc56ca6f6a0fd00000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x8080)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xbb83, 0x100, 0x0, 0xb2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
syz_clone3(&(0x7f0000000500)={0x44101000, &(0x7f0000000200), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280), {0x35}, &(0x7f00000002c0)=""/191, 0xbf, &(0x7f0000000380)=""/182, &(0x7f0000000440)=[r2, r2], 0x2}, 0x58)
syz_open_procfs$namespace(r3, &(0x7f0000000480)='ns/pid\x00')

[ 2656.829522][T24667]  ? free_pgtables+0x210/0x210
[ 2656.834113][T24667]  ? _raw_spin_lock+0xa3/0x1b0
[ 2656.838703][T24667]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2656.843910][T24667]  ? __kernel_text_address+0x9a/0x110
[ 2656.849121][T24667]  copy_pte_range+0x1b1f/0x20b0
[ 2656.853810][T24667]  ? __kunmap_atomic+0x80/0x80
[ 2656.858407][T24667]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2656.863350][T24667]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2656.868210][T24667]  ? kmem_cache_alloc+0x189/0x2f0
[ 2656.873072][T24667]  ? vm_area_dup+0x26/0x1d0
09:48:26 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r0, 0x100, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="2815c800c4213598bdd9e38042cbb127f0995d1be113368abde5e52af33ddc2042c748fe3960526e34b8f2d54de787ee946bb4dee82c561373c1998ae9d7f800cce44930e926883e6bd3af32cf7ebe13a33bc6ad70e3c66e1daf1b50f755b7b59eff345364fd4deccd6b5a98b37c307b09495afc148866369c03fa6a54a4d6", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25040000001400060064766d72703100"/34], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4, 0x70bd27}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'dvmrp1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)={0xc8, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7fffffffffffffff}, {0xc, 0x90, 0x844}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x17}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x81}, {0xc, 0x90, 0x200}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4044040}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c044}, 0x11)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

[ 2656.877410][T24667]  ? dup_mmap+0x6b8/0xea0
[ 2656.881584][T24667]  ? dup_mm+0x91/0x330
[ 2656.885482][T24667]  ? copy_mm+0x108/0x1b0
[ 2656.889562][T24667]  ? copy_process+0x1295/0x3250
[ 2656.894249][T24667]  ? kernel_clone+0x22d/0x990
[ 2656.898784][T24667]  ? __x64_sys_clone+0x289/0x310
[ 2656.903551][T24667]  ? do_syscall_64+0x44/0xd0
[ 2656.907966][T24667]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2656.913874][T24667]  copy_page_range+0xc1e/0x1090
[ 2656.918553][T24667]  ? pfn_valid+0x1e0/0x1e0
[ 2656.922806][T24667]  dup_mmap+0x99f/0xea0
[ 2656.926815][T24667]  ? __delayed_free_task+0x20/0x20
[ 2656.931743][T24667]  ? mm_init+0x807/0x960
[ 2656.935822][T24667]  dup_mm+0x91/0x330
[ 2656.939554][T24667]  copy_mm+0x108/0x1b0
[ 2656.943460][T24667]  copy_process+0x1295/0x3250
[ 2656.947975][T24667]  ? proc_fail_nth_write+0x213/0x290
[ 2656.953091][T24667]  ? proc_fail_nth_read+0x220/0x220
[ 2656.958123][T24667]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2656.963077][T24667]  ? vfs_write+0x9af/0x1050
[ 2656.967409][T24667]  kernel_clone+0x22d/0x990
[ 2656.971750][T24667]  ? file_end_write+0x1b0/0x1b0
[ 2656.976435][T24667]  ? __kasan_check_write+0x14/0x20
[ 2656.981382][T24667]  ? create_io_thread+0x1e0/0x1e0
[ 2656.986243][T24667]  ? __mutex_lock_slowpath+0x10/0x10
[ 2656.991363][T24667]  __x64_sys_clone+0x289/0x310
[ 2656.995965][T24667]  ? __do_sys_vfork+0x130/0x130
[ 2657.000651][T24667]  ? debug_smp_processor_id+0x17/0x20
[ 2657.005858][T24667]  do_syscall_64+0x44/0xd0
[ 2657.010111][T24667]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2657.015839][T24667] RIP: 0033:0x7f5b7e88a639
[ 2657.020091][T24667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2657.039534][T24667] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2657.047776][T24667] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2657.055588][T24667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2657.063398][T24667] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2657.071220][T24667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:26 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44)

09:48:26 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000005, 0x30, r1, 0x10000000)

09:48:26 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r0, 0x100, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="2815c800c4213598bdd9e38042cbb127f0995d1be113368abde5e52af33ddc2042c748fe3960526e34b8f2d54de787ee946bb4dee82c561373c1998ae9d7f800cce44930e926883e6bd3af32cf7ebe13a33bc6ad70e3c66e1daf1b50f755b7b59eff345364fd4deccd6b5a98b37c307b09495afc148866369c03fa6a54a4d6", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25040000001400060064766d72703100"/34], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4, 0x70bd27}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'dvmrp1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)={0xc8, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7fffffffffffffff}, {0xc, 0x90, 0x844}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x17}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x81}, {0xc, 0x90, 0x200}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4044040}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c044}, 0x11)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r0, 0x100, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="2815c800c4213598bdd9e38042cbb127f0995d1be113368abde5e52af33ddc2042c748fe3960526e34b8f2d54de787ee946bb4dee82c561373c1998ae9d7f800cce44930e926883e6bd3af32cf7ebe13a33bc6ad70e3c66e1daf1b50f755b7b59eff345364fd4deccd6b5a98b37c307b09495afc148866369c03fa6a54a4d6", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25040000001400060064766d72703100"/34], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4, 0x70bd27}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'dvmrp1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) (async)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)={0xc8, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7fffffffffffffff}, {0xc, 0x90, 0x844}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x17}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x81}, {0xc, 0x90, 0x200}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4044040}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c044}, 0x11) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:26 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
pidfd_open(r1, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180), 0x8)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x2, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x57}]}, &(0x7f0000000080)='syzkaller\x00', 0x6, 0x94, &(0x7f00000000c0)=""/148, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000140)=0x14) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:26 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x4946, &(0x7f00000001c0)={0x0, 0xd1bb, 0x800, 0x3, 0x4a, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000240))

09:48:26 executing program 5:
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd29, 0x1, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x80}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008850) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 32)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000140)) (async, rerun: 32)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000100)={0x3, 0x8}) (async)
r1 = syz_io_uring_setup(0x4541, &(0x7f0000000000)={0x0, 0x2000000, 0x0, 0x0, 0x8000}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)

09:48:26 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000005, 0x30, r1, 0x10000000)

09:48:26 executing program 5:
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd29, 0x1, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x80}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008850)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000140))
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000100)={0x3, 0x8})
r1 = syz_io_uring_setup(0x4541, &(0x7f0000000000)={0x0, 0x2000000, 0x0, 0x0, 0x8000}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x100, 0x70bd29, 0x1, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x80}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008850) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000140)) (async)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000100)={0x3, 0x8}) (async)
syz_io_uring_setup(0x4541, &(0x7f0000000000)={0x0, 0x2000000, 0x0, 0x0, 0x8000}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000) (async)

[ 2657.079024][T24667] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2657.086840][T24667]  </TASK>
09:48:26 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x4946, &(0x7f00000001c0)={0x0, 0xd1bb, 0x800, 0x3, 0x4a, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000240))

09:48:26 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r0, 0x100, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="2815c800c4213598bdd9e38042cbb127f0995d1be113368abde5e52af33ddc2042c748fe3960526e34b8f2d54de787ee946bb4dee82c561373c1998ae9d7f800cce44930e926883e6bd3af32cf7ebe13a33bc6ad70e3c66e1daf1b50f755b7b59eff345364fd4deccd6b5a98b37c307b09495afc148866369c03fa6a54a4d6", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25040000001400060064766d72703100"/34], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4, 0x70bd27}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'dvmrp1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)={0xc8, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7fffffffffffffff}, {0xc, 0x90, 0x844}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x17}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x81}, {0xc, 0x90, 0x200}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4044040}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c044}, 0x11)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r0, 0x100, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="2815c800c4213598bdd9e38042cbb127f0995d1be113368abde5e52af33ddc2042c748fe3960526e34b8f2d54de787ee946bb4dee82c561373c1998ae9d7f800cce44930e926883e6bd3af32cf7ebe13a33bc6ad70e3c66e1daf1b50f755b7b59eff345364fd4deccd6b5a98b37c307b09495afc148866369c03fa6a54a4d6", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25040000001400060064766d72703100"/34], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4, 0x70bd27}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'dvmrp1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) (async)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)={0xc8, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7fffffffffffffff}, {0xc, 0x90, 0x844}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x17}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x81}, {0xc, 0x90, 0x200}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4044040}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c044}, 0x11) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)

09:48:26 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x4200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:26 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xb53c, 0x80, 0x3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2657.131426][T24752] FAULT_INJECTION: forcing a failure.
[ 2657.131426][T24752] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2657.156921][T24752] CPU: 1 PID: 24752 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2657.168392][T24752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2657.178286][T24752] Call Trace:
[ 2657.181409][T24752]  <TASK>
[ 2657.184199][T24752]  dump_stack_lvl+0x151/0x1b7
[ 2657.188696][T24752]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2657.193995][T24752]  ? stack_trace_save+0x1f0/0x1f0
[ 2657.198849][T24752]  ? __kernel_text_address+0x9a/0x110
[ 2657.204068][T24752]  dump_stack+0x15/0x17
[ 2657.208066][T24752]  should_fail+0x3c0/0x510
[ 2657.212303][T24752]  should_fail_alloc_page+0x58/0x70
[ 2657.217340][T24752]  __alloc_pages+0x1de/0x7c0
[ 2657.221763][T24752]  ? stack_trace_save+0x12d/0x1f0
[ 2657.226622][T24752]  ? stack_trace_snprint+0x100/0x100
[ 2657.231744][T24752]  ? __count_vm_events+0x30/0x30
[ 2657.236527][T24752]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2657.241376][T24752]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2657.246237][T24752]  ? kmem_cache_alloc+0x189/0x2f0
[ 2657.251103][T24752]  ? anon_vma_fork+0x1b9/0x4f0
[ 2657.255701][T24752]  get_zeroed_page+0x19/0x40
[ 2657.260124][T24752]  __pud_alloc+0x8b/0x260
[ 2657.264296][T24752]  ? do_handle_mm_fault+0x2370/0x2370
[ 2657.269501][T24752]  copy_page_range+0xd9e/0x1090
[ 2657.274193][T24752]  ? pfn_valid+0x1e0/0x1e0
[ 2657.278446][T24752]  dup_mmap+0x99f/0xea0
[ 2657.282434][T24752]  ? __delayed_free_task+0x20/0x20
[ 2657.287375][T24752]  ? mm_init+0x807/0x960
[ 2657.291456][T24752]  dup_mm+0x91/0x330
[ 2657.295190][T24752]  copy_mm+0x108/0x1b0
[ 2657.299093][T24752]  copy_process+0x1295/0x3250
[ 2657.303628][T24752]  ? proc_fail_nth_write+0x213/0x290
[ 2657.308728][T24752]  ? proc_fail_nth_read+0x220/0x220
[ 2657.313761][T24752]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2657.318714][T24752]  ? vfs_write+0x9af/0x1050
[ 2657.323052][T24752]  kernel_clone+0x22d/0x990
[ 2657.327388][T24752]  ? file_end_write+0x1b0/0x1b0
[ 2657.332073][T24752]  ? __kasan_check_write+0x14/0x20
[ 2657.337020][T24752]  ? create_io_thread+0x1e0/0x1e0
[ 2657.341880][T24752]  ? __mutex_lock_slowpath+0x10/0x10
[ 2657.347012][T24752]  __x64_sys_clone+0x289/0x310
[ 2657.351601][T24752]  ? __do_sys_vfork+0x130/0x130
[ 2657.356290][T24752]  ? debug_smp_processor_id+0x17/0x20
[ 2657.361496][T24752]  do_syscall_64+0x44/0xd0
[ 2657.365748][T24752]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2657.371480][T24752] RIP: 0033:0x7f5b7e88a639
[ 2657.375735][T24752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2657.395171][T24752] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2657.403414][T24752] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2657.411229][T24752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2657.419067][T24752] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:26 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45)

09:48:26 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x4946, &(0x7f00000001c0)={0x0, 0xd1bb, 0x800, 0x3, 0x4a, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000240))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
syz_io_uring_setup(0x4946, &(0x7f00000001c0)={0x0, 0xd1bb, 0x800, 0x3, 0x4a, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000240)) (async)

09:48:26 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xb53c, 0x80, 0x3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:26 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r0 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r0, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x8000)

09:48:26 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x4200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x4200, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:26 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 32)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (rerun: 32)
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000005, 0x30, r1, 0x10000000)

09:48:26 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xb53c, 0x80, 0x3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0xb53c, 0x80, 0x3}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:26 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
pidfd_send_signal(0xffffffffffffffff, 0x15, &(0x7f00000001c0)={0x3e, 0x0, 0xfffffffe}, 0x0)

09:48:26 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x20082000, 0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
syz_open_procfs$namespace(r1, &(0x7f0000002280)='ns/cgroup\x00')
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000100)={0x1f, <r2=>0x0}, 0x8)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000200)={0x40}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=r2, 0x4)
syz_clone(0x9222800, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x200000, &(0x7f00000022c0)="42c4527254255c6eb5d0ab4071510e8133ca8a49c0429832d655115322ff0cc7fa3da09fc44d8c1fb8e7a2bf1ba6e993e4f23c9e3ef31774ddad39af7c09eae4d6a72c1c1c2c858dc6df94ef1d4e68dbe50d67598e31735329ee585f8b003d6584bf4989230f3b7ee0b4a485a382c1c3ab9bc511ac9942954328d1e05b565b40cc03fd5d0ce7fb6e557ba120df60a70bb739efee610a47728be8a54a289056bf24f41d6a54f8eb604aa7044868bebe74aad6326b905aae96ec8a87f5aeb455", 0xbf, &(0x7f0000002380), &(0x7f00000023c0), &(0x7f0000002400)="dee8860075584d63e26deb829fe61f278de4d718032dc8945b95d4a3d2aec5271eaa9f0c566da309e7ffec075ea9eace6b")
r3 = io_uring_setup(0xe13, &(0x7f0000000180)={0x0, 0x8f9a, 0x2, 0x0, 0x332, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000b, 0x2010, r3, 0x10000000)

[ 2657.426847][T24752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2657.434659][T24752] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2657.442472][T24752]  </TASK>
[ 2657.467697][T24813] FAULT_INJECTION: forcing a failure.
[ 2657.467697][T24813] name fail_page_alloc, interval 1, probability 0, space 0, times 0
09:48:26 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r0 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r0, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x8000)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r0, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x8000) (async)

09:48:27 executing program 5:
io_uring_setup(0x1702, &(0x7f0000000100)={0x0, 0xc616, 0x800, 0x1, 0xc8})
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x0, 0x356}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2657.487720][T24813] CPU: 1 PID: 24813 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2657.499172][T24813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2657.509064][T24813] Call Trace:
[ 2657.512190][T24813]  <TASK>
[ 2657.514967][T24813]  dump_stack_lvl+0x151/0x1b7
[ 2657.519479][T24813]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2657.524772][T24813]  ? stack_trace_save+0x1f0/0x1f0
[ 2657.529631][T24813]  ? __kernel_text_address+0x9a/0x110
09:48:27 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
r0 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r0, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x8000)

[ 2657.534841][T24813]  dump_stack+0x15/0x17
[ 2657.538832][T24813]  should_fail+0x3c0/0x510
[ 2657.543087][T24813]  should_fail_alloc_page+0x58/0x70
[ 2657.548119][T24813]  __alloc_pages+0x1de/0x7c0
[ 2657.552545][T24813]  ? stack_trace_save+0x12d/0x1f0
[ 2657.557405][T24813]  ? stack_trace_snprint+0x100/0x100
[ 2657.562525][T24813]  ? __count_vm_events+0x30/0x30
[ 2657.567300][T24813]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2657.572158][T24813]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2657.577020][T24813]  ? kmem_cache_alloc+0x189/0x2f0
[ 2657.581886][T24813]  ? anon_vma_fork+0x1b9/0x4f0
[ 2657.586480][T24813]  get_zeroed_page+0x19/0x40
[ 2657.590906][T24813]  __pud_alloc+0x8b/0x260
[ 2657.595073][T24813]  ? do_handle_mm_fault+0x2370/0x2370
[ 2657.600281][T24813]  copy_page_range+0xd9e/0x1090
[ 2657.604974][T24813]  ? pfn_valid+0x1e0/0x1e0
[ 2657.609222][T24813]  dup_mmap+0x99f/0xea0
[ 2657.613220][T24813]  ? __delayed_free_task+0x20/0x20
[ 2657.618158][T24813]  ? mm_init+0x807/0x960
[ 2657.622241][T24813]  dup_mm+0x91/0x330
[ 2657.625969][T24813]  copy_mm+0x108/0x1b0
[ 2657.629881][T24813]  copy_process+0x1295/0x3250
[ 2657.634388][T24813]  ? proc_fail_nth_write+0x213/0x290
[ 2657.639508][T24813]  ? proc_fail_nth_read+0x220/0x220
[ 2657.644544][T24813]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2657.649490][T24813]  ? vfs_write+0x9af/0x1050
[ 2657.653831][T24813]  kernel_clone+0x22d/0x990
[ 2657.658169][T24813]  ? file_end_write+0x1b0/0x1b0
[ 2657.662856][T24813]  ? __kasan_check_write+0x14/0x20
[ 2657.667804][T24813]  ? create_io_thread+0x1e0/0x1e0
[ 2657.672663][T24813]  ? __mutex_lock_slowpath+0x10/0x10
[ 2657.677792][T24813]  __x64_sys_clone+0x289/0x310
[ 2657.682387][T24813]  ? __do_sys_vfork+0x130/0x130
[ 2657.687075][T24813]  ? debug_smp_processor_id+0x17/0x20
[ 2657.692277][T24813]  do_syscall_64+0x44/0xd0
[ 2657.696530][T24813]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2657.702258][T24813] RIP: 0033:0x7f5b7e88a639
[ 2657.706511][T24813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2657.725953][T24813] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:27 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46)

09:48:27 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
pidfd_send_signal(0xffffffffffffffff, 0x15, &(0x7f00000001c0)={0x3e, 0x0, 0xfffffffe}, 0x0)

09:48:27 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f00000000c0))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x600002, 0x104)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0x2000, &(0x7f0000000180), 0x8})
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000200)={0x0, 0x3})
syz_io_uring_complete(r0)

09:48:27 executing program 5:
io_uring_setup(0x1702, &(0x7f0000000100)={0x0, 0xc616, 0x800, 0x1, 0xc8})
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x0, 0x356}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
io_uring_setup(0x1702, &(0x7f0000000100)={0x0, 0xc616, 0x800, 0x1, 0xc8}) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x0, 0x356}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:27 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x4200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x4200, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:27 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x20082000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
syz_open_procfs$namespace(r1, &(0x7f0000002280)='ns/cgroup\x00') (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000100)={0x1f, <r2=>0x0}, 0x8)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000200)={0x40}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=r2, 0x4)
syz_clone(0x9222800, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x200000, &(0x7f00000022c0)="42c4527254255c6eb5d0ab4071510e8133ca8a49c0429832d655115322ff0cc7fa3da09fc44d8c1fb8e7a2bf1ba6e993e4f23c9e3ef31774ddad39af7c09eae4d6a72c1c1c2c858dc6df94ef1d4e68dbe50d67598e31735329ee585f8b003d6584bf4989230f3b7ee0b4a485a382c1c3ab9bc511ac9942954328d1e05b565b40cc03fd5d0ce7fb6e557ba120df60a70bb739efee610a47728be8a54a289056bf24f41d6a54f8eb604aa7044868bebe74aad6326b905aae96ec8a87f5aeb455", 0xbf, &(0x7f0000002380), &(0x7f00000023c0), &(0x7f0000002400)="dee8860075584d63e26deb829fe61f278de4d718032dc8945b95d4a3d2aec5271eaa9f0c566da309e7ffec075ea9eace6b")
r3 = io_uring_setup(0xe13, &(0x7f0000000180)={0x0, 0x8f9a, 0x2, 0x0, 0x332, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000b, 0x2010, r3, 0x10000000)

09:48:27 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
pidfd_send_signal(0xffffffffffffffff, 0x15, &(0x7f00000001c0)={0x3e, 0x0, 0xfffffffe}, 0x0)

09:48:27 executing program 5:
io_uring_setup(0x1702, &(0x7f0000000100)={0x0, 0xc616, 0x800, 0x1, 0xc8}) (async)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x0, 0x356}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2657.734206][T24813] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2657.742009][T24813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2657.749819][T24813] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2657.757632][T24813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2657.765442][T24813] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2657.773257][T24813]  </TASK>
09:48:27 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async, rerun: 32)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f00000000c0)) (rerun: 32)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x600002, 0x104)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0x2000, &(0x7f0000000180), 0x8})
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000200)={0x0, 0x3}) (async)
syz_io_uring_complete(r0)

09:48:27 executing program 5:
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/162, 0xa2)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:27 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x16}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@rand_addr=0x64010100}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x2000)

[ 2657.825701][T24864] FAULT_INJECTION: forcing a failure.
[ 2657.825701][T24864] name failslab, interval 1, probability 0, space 0, times 0
[ 2657.858588][T24864] CPU: 1 PID: 24864 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
09:48:27 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f00000000c0))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x600002, 0x104)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0x2000, &(0x7f0000000180), 0x8})
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000200)={0x0, 0x3})
syz_io_uring_complete(r0)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x600002, 0x104) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0x2000, &(0x7f0000000180), 0x8}) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000200)={0x0, 0x3}) (async)
syz_io_uring_complete(r0) (async)

[ 2657.870048][T24864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2657.879970][T24864] Call Trace:
[ 2657.883066][T24864]  <TASK>
[ 2657.885856][T24864]  dump_stack_lvl+0x151/0x1b7
[ 2657.890355][T24864]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2657.895651][T24864]  dump_stack+0x15/0x17
[ 2657.899642][T24864]  should_fail+0x3c0/0x510
[ 2657.903903][T24864]  __should_failslab+0x9f/0xe0
[ 2657.908504][T24864]  should_failslab+0x9/0x20
[ 2657.912848][T24864]  kmem_cache_alloc+0x4f/0x2f0
[ 2657.917434][T24864]  ? vm_area_dup+0x26/0x1d0
[ 2657.921786][T24864]  vm_area_dup+0x26/0x1d0
[ 2657.925942][T24864]  dup_mmap+0x6b8/0xea0
[ 2657.929936][T24864]  ? __delayed_free_task+0x20/0x20
[ 2657.934917][T24864]  ? mm_init+0x807/0x960
[ 2657.938961][T24864]  dup_mm+0x91/0x330
[ 2657.942690][T24864]  copy_mm+0x108/0x1b0
[ 2657.946598][T24864]  copy_process+0x1295/0x3250
[ 2657.951111][T24864]  ? proc_fail_nth_write+0x213/0x290
[ 2657.956238][T24864]  ? proc_fail_nth_read+0x220/0x220
[ 2657.961267][T24864]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2657.966215][T24864]  ? vfs_write+0x9af/0x1050
[ 2657.970553][T24864]  kernel_clone+0x22d/0x990
[ 2657.974890][T24864]  ? file_end_write+0x1b0/0x1b0
[ 2657.979581][T24864]  ? __kasan_check_write+0x14/0x20
[ 2657.984524][T24864]  ? create_io_thread+0x1e0/0x1e0
[ 2657.989383][T24864]  ? __mutex_lock_slowpath+0x10/0x10
[ 2657.994506][T24864]  __x64_sys_clone+0x289/0x310
[ 2657.999106][T24864]  ? __do_sys_vfork+0x130/0x130
[ 2658.003791][T24864]  ? debug_smp_processor_id+0x17/0x20
[ 2658.009000][T24864]  do_syscall_64+0x44/0xd0
[ 2658.013253][T24864]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2658.018979][T24864] RIP: 0033:0x7f5b7e88a639
[ 2658.023233][T24864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2658.042671][T24864] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2658.050922][T24864] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2658.058729][T24864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2658.066542][T24864] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:27 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47)

09:48:27 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0xb7f, 0x0, 0x3, 0x200})

09:48:27 executing program 5:
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/162, 0xa2)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/162, 0xa2) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:27 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x16}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@rand_addr=0x64010100}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x2000)

[ 2658.074353][T24864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2658.082164][T24864] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2658.089979][T24864]  </TASK>
[ 2658.186800][T24915] FAULT_INJECTION: forcing a failure.
[ 2658.186800][T24915] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2658.209723][T24915] CPU: 1 PID: 24915 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2658.221177][T24915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2658.231071][T24915] Call Trace:
[ 2658.234194][T24915]  <TASK>
[ 2658.236973][T24915]  dump_stack_lvl+0x151/0x1b7
[ 2658.241484][T24915]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2658.246779][T24915]  dump_stack+0x15/0x17
[ 2658.250770][T24915]  should_fail+0x3c0/0x510
[ 2658.255027][T24915]  should_fail_alloc_page+0x58/0x70
[ 2658.260057][T24915]  __alloc_pages+0x1de/0x7c0
[ 2658.264484][T24915]  ? __count_vm_events+0x30/0x30
[ 2658.269259][T24915]  ? __this_cpu_preempt_check+0x13/0x20
[ 2658.274638][T24915]  ? __mod_node_page_state+0xac/0xf0
[ 2658.279759][T24915]  pte_alloc_one+0x73/0x1b0
[ 2658.284100][T24915]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2658.289131][T24915]  __pte_alloc+0x86/0x350
[ 2658.293296][T24915]  ? free_pgtables+0x210/0x210
[ 2658.297898][T24915]  ? _raw_spin_lock+0xa3/0x1b0
[ 2658.302494][T24915]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2658.307703][T24915]  ? __kernel_text_address+0x9a/0x110
[ 2658.312910][T24915]  copy_pte_range+0x1b1f/0x20b0
[ 2658.317598][T24915]  ? __kunmap_atomic+0x80/0x80
[ 2658.322197][T24915]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2658.327055][T24915]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2658.331919][T24915]  ? kmem_cache_alloc+0x189/0x2f0
[ 2658.336777][T24915]  ? vm_area_dup+0x26/0x1d0
[ 2658.341116][T24915]  ? dup_mmap+0x6b8/0xea0
[ 2658.345284][T24915]  ? dup_mm+0x91/0x330
[ 2658.349187][T24915]  ? copy_mm+0x108/0x1b0
[ 2658.353267][T24915]  ? copy_process+0x1295/0x3250
[ 2658.357953][T24915]  ? kernel_clone+0x22d/0x990
[ 2658.362468][T24915]  ? __x64_sys_clone+0x289/0x310
[ 2658.367240][T24915]  ? do_syscall_64+0x44/0xd0
[ 2658.371667][T24915]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2658.377593][T24915]  copy_page_range+0xc1e/0x1090
[ 2658.382271][T24915]  ? pfn_valid+0x1e0/0x1e0
[ 2658.386511][T24915]  dup_mmap+0x99f/0xea0
[ 2658.390502][T24915]  ? __delayed_free_task+0x20/0x20
[ 2658.395451][T24915]  ? mm_init+0x807/0x960
[ 2658.399528][T24915]  dup_mm+0x91/0x330
[ 2658.403260][T24915]  copy_mm+0x108/0x1b0
[ 2658.407166][T24915]  copy_process+0x1295/0x3250
[ 2658.411678][T24915]  ? proc_fail_nth_write+0x213/0x290
[ 2658.416810][T24915]  ? proc_fail_nth_read+0x220/0x220
[ 2658.421835][T24915]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2658.426779][T24915]  ? vfs_write+0x9af/0x1050
[ 2658.431130][T24915]  kernel_clone+0x22d/0x990
[ 2658.435458][T24915]  ? file_end_write+0x1b0/0x1b0
[ 2658.440146][T24915]  ? __kasan_check_write+0x14/0x20
[ 2658.445093][T24915]  ? create_io_thread+0x1e0/0x1e0
[ 2658.449952][T24915]  ? __mutex_lock_slowpath+0x10/0x10
[ 2658.455073][T24915]  __x64_sys_clone+0x289/0x310
[ 2658.459674][T24915]  ? __do_sys_vfork+0x130/0x130
[ 2658.464361][T24915]  ? debug_smp_processor_id+0x17/0x20
[ 2658.469568][T24915]  do_syscall_64+0x44/0xd0
[ 2658.473820][T24915]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2658.479550][T24915] RIP: 0033:0x7f5b7e88a639
[ 2658.483802][T24915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2658.503240][T24915] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2658.511486][T24915] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2658.519297][T24915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2658.527112][T24915] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:28 executing program 4:
r0 = syz_io_uring_setup(0x1a6c, &(0x7f0000000000), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:28 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0xb7f, 0x0, 0x3, 0x200})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4}) (async)
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0xb7f, 0x0, 0x3, 0x200}) (async)

09:48:28 executing program 5:
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/162, 0xa2)
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/162, 0xa2) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:28 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x2}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x20082000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
syz_open_procfs$namespace(r1, &(0x7f0000002280)='ns/cgroup\x00')
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000100)={0x1f, <r2=>0x0}, 0x8)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000200)={0x40}, 0x8) (async, rerun: 64)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=r2, 0x4) (rerun: 64)
syz_clone(0x9222800, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x200000, &(0x7f00000022c0)="42c4527254255c6eb5d0ab4071510e8133ca8a49c0429832d655115322ff0cc7fa3da09fc44d8c1fb8e7a2bf1ba6e993e4f23c9e3ef31774ddad39af7c09eae4d6a72c1c1c2c858dc6df94ef1d4e68dbe50d67598e31735329ee585f8b003d6584bf4989230f3b7ee0b4a485a382c1c3ab9bc511ac9942954328d1e05b565b40cc03fd5d0ce7fb6e557ba120df60a70bb739efee610a47728be8a54a289056bf24f41d6a54f8eb604aa7044868bebe74aad6326b905aae96ec8a87f5aeb455", 0xbf, &(0x7f0000002380), &(0x7f00000023c0), &(0x7f0000002400)="dee8860075584d63e26deb829fe61f278de4d718032dc8945b95d4a3d2aec5271eaa9f0c566da309e7ffec075ea9eace6b") (async)
r3 = io_uring_setup(0xe13, &(0x7f0000000180)={0x0, 0x8f9a, 0x2, 0x0, 0x332, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000b, 0x2010, r3, 0x10000000)

09:48:28 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x16}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@rand_addr=0x64010100}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x2000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x16}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@rand_addr=0x64010100}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x2000) (async)

09:48:28 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48)

09:48:28 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000080))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:28 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async, rerun: 32)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (rerun: 32)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000100)={0xb7f, 0x0, 0x3, 0x200})

[ 2658.534920][T24915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2658.542731][T24915] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2658.550544][T24915]  </TASK>
09:48:28 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG(r0, 0x4008af74, &(0x7f00000001c0)={0x0, 0xd7, "620b3f5f2e82d703d8b421cd72e294c7115668c1e007f3214a1dc2f9e8c20ed9258a2ee8237407816c82a72e6eb803568c79109790badab54eb90f96b25566f02820d5a73ca53822a44f63ebd47d18bb3b89589b1741ac2d4534afe8b3f70220913fcbfa99dea916635d9b2ba20cb7e85c5665c9e28f39d3f9845d2127585347398dcbb65bc1e90c0dd06c88542d4ad253565f7afc74d1525de5f22de3460cafbd5b2ad932b024733eea2f7c2360df269747332f7cb9f09ef9c9aa2d189cfb1428c502e125237824c82060e09eba94d1a6aa3d4e0526ba"})

09:48:28 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_open(r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:28 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000080))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000080)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:28 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
ioctl$VHOST_VDPA_SET_CONFIG(r0, 0x4008af74, &(0x7f00000001c0)={0x0, 0xd7, "620b3f5f2e82d703d8b421cd72e294c7115668c1e007f3214a1dc2f9e8c20ed9258a2ee8237407816c82a72e6eb803568c79109790badab54eb90f96b25566f02820d5a73ca53822a44f63ebd47d18bb3b89589b1741ac2d4534afe8b3f70220913fcbfa99dea916635d9b2ba20cb7e85c5665c9e28f39d3f9845d2127585347398dcbb65bc1e90c0dd06c88542d4ad253565f7afc74d1525de5f22de3460cafbd5b2ad932b024733eea2f7c2360df269747332f7cb9f09ef9c9aa2d189cfb1428c502e125237824c82060e09eba94d1a6aa3d4e0526ba"}) (rerun: 64)

09:48:28 executing program 4:
r0 = syz_io_uring_setup(0x1a6c, &(0x7f0000000000), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a6c, &(0x7f0000000000), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:28 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r0=>0x0, &(0x7f00000000c0))
r1 = syz_io_uring_complete(r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r2, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000200)={0x2b0, r3, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x70, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x345e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3862}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2885e728}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x42f97c7f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc5df}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x51c86b15}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x269d8389}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x138ab519}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x272839d1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6d1485f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71d0c4fd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x64, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1c5e1a5}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xec}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x56a63071}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x340eef25}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x22}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3d94dac2}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23337a1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3b}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x74, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x23bda9fd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7280d454}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4967}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4ab8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4220}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x91a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdea4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x68d8}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9578}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3ec30b1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x643a3415}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1a5781da}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2ae7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbb64}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf1b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd33a}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8795}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x34a77eb8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe0de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x75ab}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xee316c7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd9b3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfbd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0xc4, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5802b1f1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2db4b00c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7e790451}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66f86af6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe6}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2ea436fe}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5ea53e67}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xba}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x61}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7fff}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xee}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e6cd3bd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1be1236a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x69}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc0}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xac}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x13246807}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x20, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6b59}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x268e4074}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15fd945a}]}]}]}, 0x2b0}, 0x1, 0x0, 0x0, 0x24044014}, 0x880)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000100)={0x1, 0x5})

[ 2658.624108][T24951] FAULT_INJECTION: forcing a failure.
[ 2658.624108][T24951] name failslab, interval 1, probability 0, space 0, times 0
09:48:28 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r0=>0x0, &(0x7f00000000c0))
r1 = syz_io_uring_complete(r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r2, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000200)={0x2b0, r3, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x70, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x345e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3862}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2885e728}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x42f97c7f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc5df}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x51c86b15}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x269d8389}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x138ab519}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x272839d1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6d1485f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71d0c4fd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x64, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1c5e1a5}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xec}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x56a63071}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x340eef25}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x22}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3d94dac2}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23337a1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3b}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x74, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x23bda9fd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7280d454}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4967}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4ab8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4220}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x91a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdea4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x68d8}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9578}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3ec30b1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x643a3415}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1a5781da}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2ae7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbb64}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf1b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd33a}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8795}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x34a77eb8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe0de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x75ab}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xee316c7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd9b3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfbd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0xc4, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5802b1f1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2db4b00c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7e790451}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66f86af6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe6}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2ea436fe}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5ea53e67}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xba}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x61}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7fff}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xee}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e6cd3bd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1be1236a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x69}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc0}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xac}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x13246807}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x20, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6b59}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x268e4074}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15fd945a}]}]}]}, 0x2b0}, 0x1, 0x0, 0x0, 0x24044014}, 0x880)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000100)={0x1, 0x5})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_io_uring_complete(r0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff) (async)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r2, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000200)={0x2b0, r3, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x70, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x345e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3862}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2885e728}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x42f97c7f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc5df}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x51c86b15}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x269d8389}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x138ab519}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x272839d1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6d1485f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71d0c4fd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x64, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1c5e1a5}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xec}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x56a63071}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x340eef25}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x22}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3d94dac2}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23337a1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3b}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x74, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x23bda9fd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7280d454}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4967}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4ab8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4220}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x91a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdea4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x68d8}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9578}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3ec30b1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x643a3415}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1a5781da}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2ae7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbb64}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf1b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd33a}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8795}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x34a77eb8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe0de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x75ab}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xee316c7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd9b3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfbd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0xc4, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5802b1f1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2db4b00c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7e790451}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66f86af6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe6}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2ea436fe}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5ea53e67}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xba}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x61}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7fff}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xee}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e6cd3bd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1be1236a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x69}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc0}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xac}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x13246807}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x20, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6b59}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x268e4074}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15fd945a}]}]}]}, 0x2b0}, 0x1, 0x0, 0x0, 0x24044014}, 0x880) (async)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000100)={0x1, 0x5}) (async)

[ 2658.664071][T24951] CPU: 1 PID: 24951 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2658.675546][T24951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2658.685431][T24951] Call Trace:
[ 2658.688552][T24951]  <TASK>
[ 2658.691330][T24951]  dump_stack_lvl+0x151/0x1b7
[ 2658.695844][T24951]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2658.701140][T24951]  dump_stack+0x15/0x17
[ 2658.705129][T24951]  should_fail+0x3c0/0x510
[ 2658.709390][T24951]  __should_failslab+0x9f/0xe0
[ 2658.713985][T24951]  should_failslab+0x9/0x20
[ 2658.718328][T24951]  kmem_cache_alloc+0x4f/0x2f0
09:48:28 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r0=>0x0, &(0x7f00000000c0))
r1 = syz_io_uring_complete(r0) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r2, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000200)={0x2b0, r3, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x70, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x345e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3862}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2885e728}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x42f97c7f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc5df}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x51c86b15}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x269d8389}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x138ab519}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x272839d1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6d1485f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71d0c4fd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x64, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1c5e1a5}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xec}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x56a63071}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x340eef25}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x22}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3d94dac2}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23337a1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3b}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x74, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x23bda9fd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7280d454}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4967}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4ab8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4220}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x91a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdea4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x68d8}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9578}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3ec30b1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x643a3415}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1a5781da}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2ae7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbb64}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf1b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd33a}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8795}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x34a77eb8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe0de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x75ab}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xee316c7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd9b3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfbd}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0xc4, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5802b1f1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2db4b00c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7e790451}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66f86af6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe6}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2ea436fe}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5ea53e67}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xba}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x61}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7fff}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xee}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e6cd3bd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1be1236a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x69}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc0}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xac}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x13246807}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x20, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6b59}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x268e4074}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15fd945a}]}]}]}, 0x2b0}, 0x1, 0x0, 0x0, 0x24044014}, 0x880) (async)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000100)={0x1, 0x5})

09:48:28 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_open(r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
pidfd_open(r1, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

[ 2658.722947][T24951]  ? vm_area_dup+0x26/0x1d0
[ 2658.727263][T24951]  vm_area_dup+0x26/0x1d0
[ 2658.731436][T24951]  dup_mmap+0x6b8/0xea0
[ 2658.735429][T24951]  ? __delayed_free_task+0x20/0x20
[ 2658.740367][T24951]  ? mm_init+0x807/0x960
[ 2658.744454][T24951]  dup_mm+0x91/0x330
[ 2658.748178][T24951]  copy_mm+0x108/0x1b0
[ 2658.752086][T24951]  copy_process+0x1295/0x3250
[ 2658.756599][T24951]  ? proc_fail_nth_write+0x213/0x290
[ 2658.761718][T24951]  ? proc_fail_nth_read+0x220/0x220
[ 2658.766754][T24951]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2658.771700][T24951]  ? vfs_write+0x9af/0x1050
[ 2658.776042][T24951]  kernel_clone+0x22d/0x990
[ 2658.780378][T24951]  ? file_end_write+0x1b0/0x1b0
[ 2658.785065][T24951]  ? __kasan_check_write+0x14/0x20
[ 2658.790012][T24951]  ? create_io_thread+0x1e0/0x1e0
[ 2658.794871][T24951]  ? __mutex_lock_slowpath+0x10/0x10
[ 2658.799992][T24951]  __x64_sys_clone+0x289/0x310
[ 2658.804592][T24951]  ? __do_sys_vfork+0x130/0x130
[ 2658.809279][T24951]  ? debug_smp_processor_id+0x17/0x20
[ 2658.814486][T24951]  do_syscall_64+0x44/0xd0
[ 2658.818746][T24951]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2658.824473][T24951] RIP: 0033:0x7f5b7e88a639
[ 2658.828720][T24951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2658.848163][T24951] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2658.856412][T24951] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2658.864216][T24951] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:28 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49)

09:48:28 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x0, 0x2, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="d0000000", @ANYRES16=0x0, @ANYBLOB="000227bd7000ffdbdf250600000014000300fc00000000000000000000000000000014000600767863616e31000000000000000000002a00070073797374656d5f753a6f626a6563745f723a6992f97472635f7661725f72756e5f743a73300000002700070073797374656d5f753a6f626a6563745f723a6175646973705f657865635f743a733000002900070073797374656d5f753a6f626a6563745f723a73656e646d61696c5f657865635f743a733000000000140001f4fe8000000000000000000000000000bb"], 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000)
r2 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04000000000000000000080000004e1b0cd5f35ce4ed3447a3f59412ad9ab8e4868d4558fd96cd25383ecd020a438b5ad0b86115a1ca4205e2b8533194faf24b6b1ab14b7717729e158b57540871c9b278ec8be262915e7ffa9a287ab1f0cb941c5223879041d5bd2ee860afe1384874"], 0x14}}, 0x0)
sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, r0, 0x100, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r2)
keyctl$describe(0x6, r2, &(0x7f00000006c0)=""/187, 0xbb)
socketpair(0x9, 0x800, 0x5, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$MRT6_DEL_MFC(r4, 0x29, 0xcd, &(0x7f0000000340)={{0xa, 0x4e23, 0x9, @empty, 0x3}, {0xa, 0x4e20, 0x5, @private0, 0xec2b}, 0x0, {[0x200, 0x3ff, 0x5, 0x80, 0xfffffff9, 0x50, 0xc, 0xc86]}}, 0x5c)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000008c0), r1)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000009c0)={&(0x7f0000000900)={0x88, r5, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_virt_wifi\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x37}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}]}, 0x88}, 0x1, 0x0, 0x0, 0x40400c0}, 0x4000)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r6, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0x44, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}]}, 0x44}}, 0x20000085)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:28 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
pidfd_open(r1, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:28 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG(r0, 0x4008af74, &(0x7f00000001c0)={0x0, 0xd7, "620b3f5f2e82d703d8b421cd72e294c7115668c1e007f3214a1dc2f9e8c20ed9258a2ee8237407816c82a72e6eb803568c79109790badab54eb90f96b25566f02820d5a73ca53822a44f63ebd47d18bb3b89589b1741ac2d4534afe8b3f70220913fcbfa99dea916635d9b2ba20cb7e85c5665c9e28f39d3f9845d2127585347398dcbb65bc1e90c0dd06c88542d4ad253565f7afc74d1525de5f22de3460cafbd5b2ad932b024733eea2f7c2360df269747332f7cb9f09ef9c9aa2d189cfb1428c502e125237824c82060e09eba94d1a6aa3d4e0526ba"})
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$VHOST_VDPA_SET_CONFIG(r0, 0x4008af74, &(0x7f00000001c0)={0x0, 0xd7, "620b3f5f2e82d703d8b421cd72e294c7115668c1e007f3214a1dc2f9e8c20ed9258a2ee8237407816c82a72e6eb803568c79109790badab54eb90f96b25566f02820d5a73ca53822a44f63ebd47d18bb3b89589b1741ac2d4534afe8b3f70220913fcbfa99dea916635d9b2ba20cb7e85c5665c9e28f39d3f9845d2127585347398dcbb65bc1e90c0dd06c88542d4ad253565f7afc74d1525de5f22de3460cafbd5b2ad932b024733eea2f7c2360df269747332f7cb9f09ef9c9aa2d189cfb1428c502e125237824c82060e09eba94d1a6aa3d4e0526ba"}) (async)

09:48:28 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000080))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:28 executing program 4:
r0 = syz_io_uring_setup(0x1a6c, &(0x7f0000000000), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a6c, &(0x7f0000000000), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

[ 2658.872026][T24951] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2658.879847][T24951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2658.887659][T24951] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2658.895466][T24951]  </TASK>
09:48:28 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x0, 0x2, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) (async)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="d0000000", @ANYRES16=0x0, @ANYBLOB="000227bd7000ffdbdf250600000014000300fc00000000000000000000000000000014000600767863616e31000000000000000000002a00070073797374656d5f753a6f626a6563745f723a6992f97472635f7661725f72756e5f743a73300000002700070073797374656d5f753a6f626a6563745f723a6175646973705f657865635f743a733000002900070073797374656d5f753a6f626a6563745f723a73656e646d61696c5f657865635f743a733000000000140001f4fe8000000000000000000000000000bb"], 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) (async)
r2 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04000000000000000000080000004e1b0cd5f35ce4ed3447a3f59412ad9ab8e4868d4558fd96cd25383ecd020a438b5ad0b86115a1ca4205e2b8533194faf24b6b1ab14b7717729e158b57540871c9b278ec8be262915e7ffa9a287ab1f0cb941c5223879041d5bd2ee860afe1384874"], 0x14}}, 0x0)
sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, r0, 0x100, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r2) (async)
keyctl$describe(0x6, r2, &(0x7f00000006c0)=""/187, 0xbb) (async)
socketpair(0x9, 0x800, 0x5, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$MRT6_DEL_MFC(r4, 0x29, 0xcd, &(0x7f0000000340)={{0xa, 0x4e23, 0x9, @empty, 0x3}, {0xa, 0x4e20, 0x5, @private0, 0xec2b}, 0x0, {[0x200, 0x3ff, 0x5, 0x80, 0xfffffff9, 0x50, 0xc, 0xc86]}}, 0x5c) (async)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000008c0), r1)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000009c0)={&(0x7f0000000900)={0x88, r5, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_virt_wifi\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x37}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}]}, 0x88}, 0x1, 0x0, 0x0, 0x40400c0}, 0x4000)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r6, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0x44, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}]}, 0x44}}, 0x20000085) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:28 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000000180)={0x3dc98616, 0x401f})
ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f0000000100)={0x2, 0x2, 0x1, 0x2, 0x2})
r3 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r3, 0x10000000)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x3c, 0x14, 0x20, 0x70bd25, 0x25dfdbfc, {0xa, 0x4e067b1a3b7830fa, 0x0, 0xfd, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004}, 0x4000881)

09:48:28 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x78, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffc}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x30}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x8}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x18}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x8881)
syz_io_uring_setup(0x7425, &(0x7f0000000080)={0x0, 0x4c25, 0x1, 0x2, 0xb}, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000000))

[ 2658.932363][T25008] FAULT_INJECTION: forcing a failure.
[ 2658.932363][T25008] name failslab, interval 1, probability 0, space 0, times 0
[ 2658.978171][T25008] CPU: 1 PID: 25008 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2658.989639][T25008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2658.999528][T25008] Call Trace:
[ 2659.002652][T25008]  <TASK>
[ 2659.005432][T25008]  dump_stack_lvl+0x151/0x1b7
[ 2659.009945][T25008]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2659.015242][T25008]  dump_stack+0x15/0x17
[ 2659.019241][T25008]  should_fail+0x3c0/0x510
[ 2659.023485][T25008]  __should_failslab+0x9f/0xe0
[ 2659.028083][T25008]  should_failslab+0x9/0x20
[ 2659.032422][T25008]  kmem_cache_alloc+0x4f/0x2f0
[ 2659.037029][T25008]  ? vm_area_dup+0x26/0x1d0
[ 2659.041360][T25008]  ? __kasan_check_read+0x11/0x20
[ 2659.046223][T25008]  vm_area_dup+0x26/0x1d0
[ 2659.050389][T25008]  dup_mmap+0x6b8/0xea0
[ 2659.054384][T25008]  ? __delayed_free_task+0x20/0x20
[ 2659.059327][T25008]  ? mm_init+0x807/0x960
[ 2659.063413][T25008]  dup_mm+0x91/0x330
[ 2659.067144][T25008]  copy_mm+0x108/0x1b0
[ 2659.071057][T25008]  copy_process+0x1295/0x3250
[ 2659.075557][T25008]  ? proc_fail_nth_write+0x213/0x290
[ 2659.080680][T25008]  ? proc_fail_nth_read+0x220/0x220
[ 2659.085713][T25008]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2659.090666][T25008]  ? vfs_write+0x9af/0x1050
[ 2659.095000][T25008]  kernel_clone+0x22d/0x990
[ 2659.099342][T25008]  ? file_end_write+0x1b0/0x1b0
[ 2659.104024][T25008]  ? __kasan_check_write+0x14/0x20
[ 2659.108973][T25008]  ? create_io_thread+0x1e0/0x1e0
[ 2659.113837][T25008]  ? __mutex_lock_slowpath+0x10/0x10
[ 2659.118950][T25008]  __x64_sys_clone+0x289/0x310
[ 2659.123554][T25008]  ? __do_sys_vfork+0x130/0x130
[ 2659.128242][T25008]  ? debug_smp_processor_id+0x17/0x20
[ 2659.133447][T25008]  do_syscall_64+0x44/0xd0
[ 2659.137700][T25008]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2659.143429][T25008] RIP: 0033:0x7f5b7e88a639
[ 2659.147717][T25008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2659.167123][T25008] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:28 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x0, 0x2, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) (async)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="d0000000", @ANYRES16=0x0, @ANYBLOB="000227bd7000ffdbdf250600000014000300fc00000000000000000000000000000014000600767863616e31000000000000000000002a00070073797374656d5f753a6f626a6563745f723a6992f97472635f7661725f72756e5f743a73300000002700070073797374656d5f753a6f626a6563745f723a6175646973705f657865635f743a733000002900070073797374656d5f753a6f626a6563745f723a73656e646d61696c5f657865635f743a733000000000140001f4fe8000000000000000000000000000bb"], 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) (async)
r2 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04000000000000000000080000004e1b0cd5f35ce4ed3447a3f59412ad9ab8e4868d4558fd96cd25383ecd020a438b5ad0b86115a1ca4205e2b8533194faf24b6b1ab14b7717729e158b57540871c9b278ec8be262915e7ffa9a287ab1f0cb941c5223879041d5bd2ee860afe1384874"], 0x14}}, 0x0)
sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, r0, 0x100, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r2) (async)
keyctl$describe(0x6, r2, &(0x7f00000006c0)=""/187, 0xbb) (async)
socketpair(0x9, 0x800, 0x5, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$MRT6_DEL_MFC(r4, 0x29, 0xcd, &(0x7f0000000340)={{0xa, 0x4e23, 0x9, @empty, 0x3}, {0xa, 0x4e20, 0x5, @private0, 0xec2b}, 0x0, {[0x200, 0x3ff, 0x5, 0x80, 0xfffffff9, 0x50, 0xc, 0xc86]}}, 0x5c) (async)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000008c0), r1)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000009c0)={&(0x7f0000000900)={0x88, r5, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_virt_wifi\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x37}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}]}, 0x88}, 0x1, 0x0, 0x0, 0x40400c0}, 0x4000)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r6, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0x44, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}]}, 0x44}}, 0x20000085) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:28 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000000180)={0x3dc98616, 0x401f})
ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f0000000100)={0x2, 0x2, 0x1, 0x2, 0x2})
r3 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r3, 0x10000000) (async)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x3c, 0x14, 0x20, 0x70bd25, 0x25dfdbfc, {0xa, 0x4e067b1a3b7830fa, 0x0, 0xfd, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004}, 0x4000881)

[ 2659.175365][T25008] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2659.183178][T25008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2659.190992][T25008] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2659.198822][T25008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2659.206610][T25008] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2659.214437][T25008]  </TASK>
09:48:28 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x78, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffc}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x30}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x8}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x18}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x8881)
syz_io_uring_setup(0x7425, &(0x7f0000000080)={0x0, 0x4c25, 0x1, 0x2, 0xb}, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000000))

09:48:28 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50)

09:48:28 executing program 4:
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x84, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6gre0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_team\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x20}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000000}, 0x28048800)
r0 = syz_io_uring_complete(0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000000, 0x108013, r0, 0x10000000)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="02070905120000002cbd7000fcdbdf2502000a0000040000e3f58d180000000002000b0080b30000050000000000000002000100000004d501012e020000000002000100080004d43f04b204010000000800120002000100b26b3f00ffff000006003300044000000100000000000000fc020000000000000000000000000000fe8000000000000000000000000000aa"], 0x90}}, 0x20044844)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x5c67)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)

[ 2659.341715][T25079] FAULT_INJECTION: forcing a failure.
[ 2659.341715][T25079] name failslab, interval 1, probability 0, space 0, times 0
[ 2659.375243][T25079] CPU: 1 PID: 25079 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2659.386699][T25079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2659.396596][T25079] Call Trace:
[ 2659.399719][T25079]  <TASK>
[ 2659.402504][T25079]  dump_stack_lvl+0x151/0x1b7
[ 2659.407012][T25079]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2659.412303][T25079]  ? do_syscall_64+0x44/0xd0
[ 2659.416732][T25079]  dump_stack+0x15/0x17
[ 2659.420724][T25079]  should_fail+0x3c0/0x510
[ 2659.424975][T25079]  __should_failslab+0x9f/0xe0
[ 2659.429583][T25079]  should_failslab+0x9/0x20
[ 2659.433913][T25079]  kmem_cache_alloc+0x4f/0x2f0
[ 2659.438516][T25079]  ? anon_vma_clone+0xa1/0x4f0
[ 2659.443115][T25079]  anon_vma_clone+0xa1/0x4f0
[ 2659.447560][T25079]  anon_vma_fork+0x91/0x4f0
[ 2659.451883][T25079]  ? anon_vma_name+0x4c/0x70
[ 2659.456308][T25079]  dup_mmap+0x750/0xea0
[ 2659.460300][T25079]  ? __delayed_free_task+0x20/0x20
[ 2659.465246][T25079]  ? mm_init+0x807/0x960
[ 2659.469326][T25079]  dup_mm+0x91/0x330
[ 2659.473060][T25079]  copy_mm+0x108/0x1b0
[ 2659.476963][T25079]  copy_process+0x1295/0x3250
[ 2659.481477][T25079]  ? proc_fail_nth_write+0x213/0x290
[ 2659.486597][T25079]  ? proc_fail_nth_read+0x220/0x220
[ 2659.491632][T25079]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2659.496576][T25079]  ? vfs_write+0x9af/0x1050
[ 2659.500918][T25079]  kernel_clone+0x22d/0x990
[ 2659.505265][T25079]  ? file_end_write+0x1b0/0x1b0
[ 2659.510040][T25079]  ? __kasan_check_write+0x14/0x20
[ 2659.514980][T25079]  ? create_io_thread+0x1e0/0x1e0
[ 2659.519840][T25079]  ? __mutex_lock_slowpath+0x10/0x10
[ 2659.524961][T25079]  __x64_sys_clone+0x289/0x310
[ 2659.529561][T25079]  ? __do_sys_vfork+0x130/0x130
[ 2659.534245][T25079]  ? debug_smp_processor_id+0x17/0x20
[ 2659.539454][T25079]  do_syscall_64+0x44/0xd0
[ 2659.543705][T25079]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2659.549431][T25079] RIP: 0033:0x7f5b7e88a639
[ 2659.553687][T25079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2659.573125][T25079] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2659.581372][T25079] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:29 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x78, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffc}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x30}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x8}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x18}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x8881) (async)
syz_io_uring_setup(0x7425, &(0x7f0000000080)={0x0, 0x4c25, 0x1, 0x2, 0xb}, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000000))

09:48:29 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000000180)={0x3dc98616, 0x401f}) (async)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f0000000100)={0x2, 0x2, 0x1, 0x2, 0x2}) (async)
r3 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r3, 0x10000000)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv6_newaddr={0x3c, 0x14, 0x20, 0x70bd25, 0x25dfdbfc, {0xa, 0x4e067b1a3b7830fa, 0x0, 0xfd, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004}, 0x4000881)

09:48:29 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x6, &(0x7f0000000200)={0x0, 0x5, 0x4, @thr={&(0x7f0000000140)="07512bfe5245261cae8573be07dc8a9b85688433936fefcdbb459affddc9d146acf7d46d30fb0899148fd942017f2eba3535679543e4f1ca909e2efb0148be4d570bd549ebe81171f8313f55890b94b90cc0bb18647413", &(0x7f00000001c0)="0df44ab7808fb5"}}, &(0x7f0000000240))
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)={0x15c, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x4}, 0x40080)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:29 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000300), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xf0, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:apt_lock_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:dpkg_var_lib_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:console_device_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:zero_device_t:s0\x00'}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40002}, 0x8000)

09:48:29 executing program 4:
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x84, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6gre0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_team\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x20}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000000}, 0x28048800)
r0 = syz_io_uring_complete(0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000000, 0x108013, r0, 0x10000000)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="02070905120000002cbd7000fcdbdf2502000a0000040000e3f58d180000000002000b0080b30000050000000000000002000100000004d501012e020000000002000100080004d43f04b204010000000800120002000100b26b3f00ffff000006003300044000000100000000000000fc020000000000000000000000000000fe8000000000000000000000000000aa"], 0x90}}, 0x20044844)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x5c67)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x84, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6gre0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_team\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x20}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000000}, 0x28048800) (async)
syz_io_uring_complete(0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000000, 0x108013, r0, 0x10000000) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
pidfd_getfd(0xffffffffffffffff, r1, 0x0) (async)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="02070905120000002cbd7000fcdbdf2502000a0000040000e3f58d180000000002000b0080b30000050000000000000002000100000004d501012e020000000002000100080004d43f04b204010000000800120002000100b26b3f00ffff000006003300044000000100000000000000fc020000000000000000000000000000fe8000000000000000000000000000aa"], 0x90}}, 0x20044844) (async)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x5c67) (async)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000003c0)=0xffffffffffffffff, 0x4) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000) (async)

09:48:29 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4200400c}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x6c, r1, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vlan0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_hsr\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syzkaller0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010100}]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x1)

09:48:29 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000300), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xf0, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:apt_lock_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:dpkg_var_lib_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:console_device_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:zero_device_t:s0\x00'}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40002}, 0x8000)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000300), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xf0, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:apt_lock_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:dpkg_var_lib_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:console_device_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:zero_device_t:s0\x00'}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40002}, 0x8000) (async)

09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
io_uring_setup(0x66aa, &(0x7f0000000200)={0x0, 0xb159, 0x800, 0x1, 0x308, 0x0, r1})
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x80}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7f}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000050}, 0x4000)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

[ 2659.589196][T25079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2659.596998][T25079] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2659.604812][T25079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2659.612616][T25079] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2659.620430][T25079]  </TASK>
09:48:29 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51)

09:48:29 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4200400c}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x6c, r1, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vlan0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_hsr\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syzkaller0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010100}]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x1)

09:48:29 executing program 4:
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x84, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6gre0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_team\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x20}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000000}, 0x28048800) (async)
r0 = syz_io_uring_complete(0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000000, 0x108013, r0, 0x10000000) (async)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="02070905120000002cbd7000fcdbdf2502000a0000040000e3f58d180000000002000b0080b30000050000000000000002000100000004d501012e020000000002000100080004d43f04b204010000000800120002000100b26b3f00ffff000006003300044000000100000000000000fc020000000000000000000000000000fe8000000000000000000000000000aa"], 0x90}}, 0x20044844) (async)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x5c67)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000003c0)=0xffffffffffffffff, 0x4) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)

09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
io_uring_setup(0x66aa, &(0x7f0000000200)={0x0, 0xb159, 0x800, 0x1, 0x308, 0x0, r1})
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x80}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7f}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000050}, 0x4000) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:29 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000300), 0xffffffffffffffff)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xf0, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:apt_lock_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:dpkg_var_lib_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:console_device_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:zero_device_t:s0\x00'}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40002}, 0x8000)

[ 2659.687841][T25167] FAULT_INJECTION: forcing a failure.
[ 2659.687841][T25167] name failslab, interval 1, probability 0, space 0, times 0
[ 2659.710268][T25167] CPU: 0 PID: 25167 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2659.721739][T25167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2659.731629][T25167] Call Trace:
[ 2659.734742][T25167]  <TASK>
09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
io_uring_setup(0x66aa, &(0x7f0000000200)={0x0, 0xb159, 0x800, 0x1, 0x308, 0x0, r1})
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x80}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7f}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000050}, 0x4000)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
io_uring_setup(0x66aa, &(0x7f0000000200)={0x0, 0xb159, 0x800, 0x1, 0x308, 0x0, r1}) (async)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x80}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7f}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000050}, 0x4000) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:29 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
timer_create(0x6, &(0x7f0000000200)={0x0, 0x5, 0x4, @thr={&(0x7f0000000140)="07512bfe5245261cae8573be07dc8a9b85688433936fefcdbb459affddc9d146acf7d46d30fb0899148fd942017f2eba3535679543e4f1ca909e2efb0148be4d570bd549ebe81171f8313f55890b94b90cc0bb18647413", &(0x7f00000001c0)="0df44ab7808fb5"}}, &(0x7f0000000240)) (async)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)={0x15c, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x4}, 0x40080) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (rerun: 64)

09:48:29 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:29 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:29 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:29 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4200400c}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x6c, r1, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vlan0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_hsr\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syzkaller0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010100}]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x1)

09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x840, 0x3)
openat$cgroup_ro(r1, &(0x7f0000000140)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r3, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0)

[ 2659.737523][T25167]  dump_stack_lvl+0x151/0x1b7
[ 2659.742034][T25167]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2659.747328][T25167]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 2659.753576][T25167]  dump_stack+0x15/0x17
[ 2659.757567][T25167]  should_fail+0x3c0/0x510
[ 2659.761826][T25167]  __should_failslab+0x9f/0xe0
[ 2659.766430][T25167]  should_failslab+0x9/0x20
09:48:29 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52)

09:48:29 executing program 1:
syz_clone(0x9190000, &(0x7f0000000280)="e9eafa69763661b0a91d939b3fb9576cb7215dec2c957b9b3a0d9bb8a438080e56b2e7e8a5866a6041629e97cbdd2c1c787f89b2cef613e7b8d908d50842c7da8571439abcb805a1edbd73775f47991c1394762a456c3008fbe897435dbf580564553e6ed5a34d8a04261ff0141fdad3d3d54170e0c7b2a1b3bb330f37fe801e623a856b65c8ed8a93bc22efdac7293f2d039acf7a3270bb9af4af83c6bc382c8836b44417b88f6854392047e9b7f63902b15c7fe1913e9d376a0463ad16f0154c537829dbf621e670c9b3c4a4f09b8bd0bac5d9b4d73ebaffc7", 0xda, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)="fcb45a013a77fa9b0ca78a313a6c6aa8da218967a78431f99754e87adbe249ca78a15d4a65ad3c23708a22")
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x2d25, &(0x7f00000001c0)={0x0, 0x5ad9, 0x4, 0x1, 0x68, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000240))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000180))

09:48:29 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53)

09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async, rerun: 64)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x840, 0x3) (rerun: 64)
openat$cgroup_ro(r1, &(0x7f0000000140)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r3, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0)

09:48:29 executing program 1:
syz_clone(0x9190000, &(0x7f0000000280)="e9eafa69763661b0a91d939b3fb9576cb7215dec2c957b9b3a0d9bb8a438080e56b2e7e8a5866a6041629e97cbdd2c1c787f89b2cef613e7b8d908d50842c7da8571439abcb805a1edbd73775f47991c1394762a456c3008fbe897435dbf580564553e6ed5a34d8a04261ff0141fdad3d3d54170e0c7b2a1b3bb330f37fe801e623a856b65c8ed8a93bc22efdac7293f2d039acf7a3270bb9af4af83c6bc382c8836b44417b88f6854392047e9b7f63902b15c7fe1913e9d376a0463ad16f0154c537829dbf621e670c9b3c4a4f09b8bd0bac5d9b4d73ebaffc7", 0xda, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)="fcb45a013a77fa9b0ca78a313a6c6aa8da218967a78431f99754e87adbe249ca78a15d4a65ad3c23708a22")
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x2d25, &(0x7f00000001c0)={0x0, 0x5ad9, 0x4, 0x1, 0x68, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000240))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000180))
syz_clone(0x9190000, &(0x7f0000000280)="e9eafa69763661b0a91d939b3fb9576cb7215dec2c957b9b3a0d9bb8a438080e56b2e7e8a5866a6041629e97cbdd2c1c787f89b2cef613e7b8d908d50842c7da8571439abcb805a1edbd73775f47991c1394762a456c3008fbe897435dbf580564553e6ed5a34d8a04261ff0141fdad3d3d54170e0c7b2a1b3bb330f37fe801e623a856b65c8ed8a93bc22efdac7293f2d039acf7a3270bb9af4af83c6bc382c8836b44417b88f6854392047e9b7f63902b15c7fe1913e9d376a0463ad16f0154c537829dbf621e670c9b3c4a4f09b8bd0bac5d9b4d73ebaffc7", 0xda, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)="fcb45a013a77fa9b0ca78a313a6c6aa8da218967a78431f99754e87adbe249ca78a15d4a65ad3c23708a22") (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x2d25, &(0x7f00000001c0)={0x0, 0x5ad9, 0x4, 0x1, 0x68, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000240)) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000180)) (async)

09:48:29 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54)

[ 2659.766455][T25167]  kmem_cache_alloc+0x4f/0x2f0
[ 2659.766475][T25167]  ? anon_vma_fork+0xf7/0x4f0
[ 2659.766497][T25167]  anon_vma_fork+0xf7/0x4f0
[ 2659.766516][T25167]  ? anon_vma_name+0x4c/0x70
[ 2659.766537][T25167]  dup_mmap+0x750/0xea0
[ 2659.766558][T25167]  ? __delayed_free_task+0x20/0x20
[ 2659.766577][T25167]  ? mm_init+0x807/0x960
[ 2659.766593][T25167]  dup_mm+0x91/0x330
[ 2659.766609][T25167]  copy_mm+0x108/0x1b0
[ 2659.766626][T25167]  copy_process+0x1295/0x3250
[ 2659.766651][T25167]  ? proc_fail_nth_write+0x213/0x290
[ 2659.766671][T25167]  ? proc_fail_nth_read+0x220/0x220
[ 2659.766690][T25167]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2659.766707][T25167]  ? vfs_write+0x9af/0x1050
[ 2659.766728][T25167]  kernel_clone+0x22d/0x990
[ 2659.766744][T25167]  ? file_end_write+0x1b0/0x1b0
[ 2659.766764][T25167]  ? __kasan_check_write+0x14/0x20
[ 2659.766781][T25167]  ? create_io_thread+0x1e0/0x1e0
[ 2659.766799][T25167]  ? __mutex_lock_slowpath+0x10/0x10
[ 2659.766820][T25167]  __x64_sys_clone+0x289/0x310
[ 2659.766838][T25167]  ? __do_sys_vfork+0x130/0x130
[ 2659.766857][T25167]  ? debug_smp_processor_id+0x17/0x20
[ 2659.766876][T25167]  do_syscall_64+0x44/0xd0
[ 2659.766894][T25167]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2659.766912][T25167] RIP: 0033:0x7f5b7e88a639
[ 2659.766928][T25167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2659.766945][T25167] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2659.766965][T25167] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2659.766979][T25167] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2659.766991][T25167] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2659.767004][T25167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2659.767016][T25167] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2659.767032][T25167]  </TASK>
[ 2659.820325][T25217] FAULT_INJECTION: forcing a failure.
[ 2659.820325][T25217] name failslab, interval 1, probability 0, space 0, times 0
[ 2659.820351][T25217] CPU: 1 PID: 25217 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2659.820371][T25217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2659.820381][T25217] Call Trace:
[ 2659.820386][T25217]  <TASK>
[ 2659.820393][T25217]  dump_stack_lvl+0x151/0x1b7
[ 2659.820415][T25217]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2659.820435][T25217]  dump_stack+0x15/0x17
[ 2659.820451][T25217]  should_fail+0x3c0/0x510
[ 2659.820468][T25217]  __should_failslab+0x9f/0xe0
[ 2659.820487][T25217]  should_failslab+0x9/0x20
[ 2659.820503][T25217]  kmem_cache_alloc+0x4f/0x2f0
[ 2659.820519][T25217]  ? anon_vma_fork+0x1b9/0x4f0
[ 2659.820536][T25217]  anon_vma_fork+0x1b9/0x4f0
[ 2659.820554][T25217]  dup_mmap+0x750/0xea0
[ 2659.820571][T25217]  ? __delayed_free_task+0x20/0x20
[ 2659.820587][T25217]  ? mm_init+0x807/0x960
[ 2659.820603][T25217]  dup_mm+0x91/0x330
[ 2659.820617][T25217]  copy_mm+0x108/0x1b0
[ 2659.820649][T25217]  copy_process+0x1295/0x3250
[ 2659.820666][T25217]  ? proc_fail_nth_write+0x213/0x290
[ 2659.820684][T25217]  ? proc_fail_nth_read+0x220/0x220
[ 2659.820701][T25217]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2659.820716][T25217]  ? vfs_write+0x9af/0x1050
[ 2659.820734][T25217]  kernel_clone+0x22d/0x990
[ 2659.820749][T25217]  ? file_end_write+0x1b0/0x1b0
[ 2659.820766][T25217]  ? __kasan_check_write+0x14/0x20
[ 2659.820781][T25217]  ? create_io_thread+0x1e0/0x1e0
[ 2659.820797][T25217]  ? __mutex_lock_slowpath+0x10/0x10
[ 2659.820815][T25217]  __x64_sys_clone+0x289/0x310
[ 2659.820831][T25217]  ? __do_sys_vfork+0x130/0x130
[ 2659.820848][T25217]  ? debug_smp_processor_id+0x17/0x20
[ 2659.820864][T25217]  do_syscall_64+0x44/0xd0
[ 2659.820880][T25217]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
09:48:29 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
timer_create(0x6, &(0x7f0000000200)={0x0, 0x5, 0x4, @thr={&(0x7f0000000140)="07512bfe5245261cae8573be07dc8a9b85688433936fefcdbb459affddc9d146acf7d46d30fb0899148fd942017f2eba3535679543e4f1ca909e2efb0148be4d570bd549ebe81171f8313f55890b94b90cc0bb18647413", &(0x7f00000001c0)="0df44ab7808fb5"}}, &(0x7f0000000240)) (async)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)={0x15c, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x4}, 0x40080)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:29 executing program 1:
syz_clone(0x9190000, &(0x7f0000000280)="e9eafa69763661b0a91d939b3fb9576cb7215dec2c957b9b3a0d9bb8a438080e56b2e7e8a5866a6041629e97cbdd2c1c787f89b2cef613e7b8d908d50842c7da8571439abcb805a1edbd73775f47991c1394762a456c3008fbe897435dbf580564553e6ed5a34d8a04261ff0141fdad3d3d54170e0c7b2a1b3bb330f37fe801e623a856b65c8ed8a93bc22efdac7293f2d039acf7a3270bb9af4af83c6bc382c8836b44417b88f6854392047e9b7f63902b15c7fe1913e9d376a0463ad16f0154c537829dbf621e670c9b3c4a4f09b8bd0bac5d9b4d73ebaffc7", 0xda, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)="fcb45a013a77fa9b0ca78a313a6c6aa8da218967a78431f99754e87adbe249ca78a15d4a65ad3c23708a22") (async)
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x2d25, &(0x7f00000001c0)={0x0, 0x5ad9, 0x4, 0x1, 0x68, 0x0, r0}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000240)) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000180))

09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x840, 0x3)
openat$cgroup_ro(r1, &(0x7f0000000140)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r3, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0)

09:48:29 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000740)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x40, r2, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0x42000}, 0x1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000240), r3)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040026bd7000fedbdf25087374656d5f753a6f626a6563745f723a70616d5f636f6e736f6c655f657865635f743a7330000506006873723000"/77], 0x5c}, 0x1, 0x0, 0x0, 0x2000080}, 0x4004000)
syz_io_uring_setup(0x1a67, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x20000000}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000640), &(0x7f0000000580))
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000780)={0x6c, 0x0, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'virt_wifi0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}]}, 0x6c}}, 0x24000041)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)={0xa8, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:tun_tap_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bridge_slave_0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}]}, 0xa8}}, 0x40001)

09:48:29 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x94, 0x0, 0x2, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0xfffffffffffffff7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x6}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
dup2(r0, r2)
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x70c06b19df14920e, 0x80010, r0, 0x10000000)
timer_create(0x2, &(0x7f0000000200)={0x0, 0x13, 0x1, @thr={&(0x7f0000000100)="02a45888562643facff667cc32697c38a8ebc54231908e93af2e490db5381e7294842fcb3a71ff894e8fa1f97e7743ce270fc01d466b6c7ab67f17e329a1d719dd036d7e4c68b18b824019804d760adf9daea3525c361d098a98d89b45f80c7d8700736e378aca2aba748c01e5484ed838429e6a74bd93a93f77d7547b5c46aa862dbd375cb9d676f212be4c1154bc2a4c15628603000c3808a60fe4c68509c92a29c01ac03ed19c891a85a44ab1d0655bf56e143980a7df328085b9af27", &(0x7f00000001c0)="da65ec2e0b5fa749b671ac0982ca3f1a9a83ddbb94127254f87ed66f21e77d6795890b6573e094893e773360973f3850a487f5fec7a3"}}, &(0x7f0000000240))

[ 2659.820897][T25217] RIP: 0033:0x7f5b7e88a639
[ 2659.820911][T25217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2659.820925][T25217] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2659.820945][T25217] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2659.820959][T25217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x332}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x43ee, &(0x7f0000000140)={0x0, 0x68f8, 0x100, 0x3, 0x197, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000100)={0x2, 0x8, 0xb160})

09:48:29 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000740)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x40, r2, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0x42000}, 0x1) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000240), r3) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040026bd7000fedbdf25087374656d5f753a6f626a6563745f723a70616d5f636f6e736f6c655f657865635f743a7330000506006873723000"/77], 0x5c}, 0x1, 0x0, 0x0, 0x2000080}, 0x4004000) (async)
syz_io_uring_setup(0x1a67, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x20000000}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000640), &(0x7f0000000580))
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000780)={0x6c, 0x0, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'virt_wifi0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}]}, 0x6c}}, 0x24000041) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)={0xa8, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:tun_tap_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bridge_slave_0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}]}, 0xa8}}, 0x40001)

09:48:29 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000001c0)={0x10201, 0x1, 0x5000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x1000002, 0x30, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000008000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

[ 2659.820969][T25217] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2659.820979][T25217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2659.820990][T25217] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2659.821004][T25217]  </TASK>
[ 2659.842058][T25225] FAULT_INJECTION: forcing a failure.
[ 2659.842058][T25225] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2659.842084][T25225] CPU: 1 PID: 25225 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
09:48:29 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async, rerun: 64)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x94, 0x0, 0x2, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0xfffffffffffffff7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x6}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) (async, rerun: 64)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async, rerun: 64)
dup2(r0, r2) (rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x70c06b19df14920e, 0x80010, r0, 0x10000000) (async)
timer_create(0x2, &(0x7f0000000200)={0x0, 0x13, 0x1, @thr={&(0x7f0000000100)="02a45888562643facff667cc32697c38a8ebc54231908e93af2e490db5381e7294842fcb3a71ff894e8fa1f97e7743ce270fc01d466b6c7ab67f17e329a1d719dd036d7e4c68b18b824019804d760adf9daea3525c361d098a98d89b45f80c7d8700736e378aca2aba748c01e5484ed838429e6a74bd93a93f77d7547b5c46aa862dbd375cb9d676f212be4c1154bc2a4c15628603000c3808a60fe4c68509c92a29c01ac03ed19c891a85a44ab1d0655bf56e143980a7df328085b9af27", &(0x7f00000001c0)="da65ec2e0b5fa749b671ac0982ca3f1a9a83ddbb94127254f87ed66f21e77d6795890b6573e094893e773360973f3850a487f5fec7a3"}}, &(0x7f0000000240))

09:48:29 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x332}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x43ee, &(0x7f0000000140)={0x0, 0x68f8, 0x100, 0x3, 0x197, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000100)={0x2, 0x8, 0xb160})
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x332}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
syz_io_uring_setup(0x43ee, &(0x7f0000000140)={0x0, 0x68f8, 0x100, 0x3, 0x197, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) (async)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000100)={0x2, 0x8, 0xb160}) (async)

09:48:29 executing program 3:
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async, rerun: 64)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000740)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x40, r2, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0x42000}, 0x1) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async, rerun: 64)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000240), r3) (async, rerun: 64)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040026bd7000fedbdf25087374656d5f753a6f626a6563745f723a70616d5f636f6e736f6c655f657865635f743a7330000506006873723000"/77], 0x5c}, 0x1, 0x0, 0x0, 0x2000080}, 0x4004000)
syz_io_uring_setup(0x1a67, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x20000000}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000640), &(0x7f0000000580)) (async, rerun: 32)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000780)={0x6c, 0x0, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'virt_wifi0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}]}, 0x6c}}, 0x24000041) (rerun: 32)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)={0xa8, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:tun_tap_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bridge_slave_0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}]}, 0xa8}}, 0x40001)

[ 2659.842105][T25225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2659.842115][T25225] Call Trace:
[ 2659.842119][T25225]  <TASK>
[ 2659.842126][T25225]  dump_stack_lvl+0x151/0x1b7
[ 2659.842158][T25225]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2659.842176][T25225]  ? stack_trace_save+0x1f0/0x1f0
[ 2659.842193][T25225]  ? __kernel_text_address+0x9a/0x110
[ 2659.842213][T25225]  dump_stack+0x15/0x17
[ 2659.842229][T25225]  should_fail+0x3c0/0x510
[ 2659.842247][T25225]  should_fail_alloc_page+0x58/0x70
[ 2659.842265][T25225]  __alloc_pages+0x1de/0x7c0
[ 2659.842283][T25225]  ? stack_trace_save+0x12d/0x1f0
[ 2659.842298][T25225]  ? stack_trace_snprint+0x100/0x100
[ 2659.842314][T25225]  ? __count_vm_events+0x30/0x30
[ 2659.842331][T25225]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2659.842345][T25225]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2659.842358][T25225]  ? kmem_cache_alloc+0x189/0x2f0
[ 2659.842374][T25225]  ? anon_vma_fork+0x1b9/0x4f0
[ 2659.842392][T25225]  get_zeroed_page+0x19/0x40
[ 2659.842409][T25225]  __pud_alloc+0x8b/0x260
[ 2659.842424][T25225]  ? do_handle_mm_fault+0x2370/0x2370
[ 2659.842442][T25225]  copy_page_range+0xd9e/0x1090
[ 2659.842464][T25225]  ? pfn_valid+0x1e0/0x1e0
[ 2659.842485][T25225]  dup_mmap+0x99f/0xea0
[ 2659.842503][T25225]  ? __delayed_free_task+0x20/0x20
[ 2659.842522][T25225]  ? mm_init+0x807/0x960
[ 2659.842539][T25225]  dup_mm+0x91/0x330
[ 2659.842554][T25225]  copy_mm+0x108/0x1b0
[ 2659.842571][T25225]  copy_process+0x1295/0x3250
[ 2659.842588][T25225]  ? proc_fail_nth_write+0x213/0x290
[ 2659.842607][T25225]  ? proc_fail_nth_read+0x220/0x220
[ 2659.842626][T25225]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2659.842641][T25225]  ? vfs_write+0x9af/0x1050
[ 2659.842662][T25225]  kernel_clone+0x22d/0x990
[ 2659.842678][T25225]  ? file_end_write+0x1b0/0x1b0
[ 2659.842695][T25225]  ? __kasan_check_write+0x14/0x20
[ 2659.842711][T25225]  ? create_io_thread+0x1e0/0x1e0
[ 2659.842727][T25225]  ? __mutex_lock_slowpath+0x10/0x10
[ 2659.842747][T25225]  __x64_sys_clone+0x289/0x310
[ 2659.842765][T25225]  ? __do_sys_vfork+0x130/0x130
[ 2659.842781][T25225]  ? debug_smp_processor_id+0x17/0x20
[ 2659.842795][T25225]  do_syscall_64+0x44/0xd0
[ 2659.842809][T25225]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2659.842823][T25225] RIP: 0033:0x7f5b7e88a639
[ 2659.842836][T25225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2659.842850][T25225] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2659.842868][T25225] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2659.842879][T25225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2659.842888][T25225] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2659.842897][T25225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2659.842906][T25225] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2659.842920][T25225]  </TASK>
[ 2659.872808][T25238] FAULT_INJECTION: forcing a failure.
[ 2659.872808][T25238] name failslab, interval 1, probability 0, space 0, times 0
[ 2660.610374][T25238] CPU: 0 PID: 25238 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2660.621743][T25238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2660.631655][T25238] Call Trace:
[ 2660.634760][T25238]  <TASK>
[ 2660.637542][T25238]  dump_stack_lvl+0x151/0x1b7
[ 2660.642068][T25238]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2660.647347][T25238]  dump_stack+0x15/0x17
[ 2660.651341][T25238]  should_fail+0x3c0/0x510
[ 2660.655592][T25238]  __should_failslab+0x9f/0xe0
[ 2660.660192][T25238]  should_failslab+0x9/0x20
[ 2660.664532][T25238]  kmem_cache_alloc+0x4f/0x2f0
[ 2660.669129][T25238]  ? vm_area_dup+0x26/0x1d0
[ 2660.673469][T25238]  vm_area_dup+0x26/0x1d0
[ 2660.677635][T25238]  dup_mmap+0x6b8/0xea0
[ 2660.681629][T25238]  ? __delayed_free_task+0x20/0x20
[ 2660.686575][T25238]  ? mm_init+0x807/0x960
[ 2660.690663][T25238]  dup_mm+0x91/0x330
[ 2660.694387][T25238]  copy_mm+0x108/0x1b0
[ 2660.698299][T25238]  copy_process+0x1295/0x3250
[ 2660.702804][T25238]  ? proc_fail_nth_write+0x213/0x290
[ 2660.707935][T25238]  ? proc_fail_nth_read+0x220/0x220
[ 2660.712957][T25238]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2660.717904][T25238]  ? vfs_write+0x9af/0x1050
[ 2660.722252][T25238]  kernel_clone+0x22d/0x990
[ 2660.726584][T25238]  ? file_end_write+0x1b0/0x1b0
[ 2660.731267][T25238]  ? __kasan_check_write+0x14/0x20
[ 2660.736216][T25238]  ? create_io_thread+0x1e0/0x1e0
[ 2660.741090][T25238]  ? __mutex_lock_slowpath+0x10/0x10
[ 2660.746197][T25238]  __x64_sys_clone+0x289/0x310
[ 2660.750796][T25238]  ? __do_sys_vfork+0x130/0x130
[ 2660.755483][T25238]  ? debug_smp_processor_id+0x17/0x20
[ 2660.760711][T25238]  do_syscall_64+0x44/0xd0
[ 2660.764945][T25238]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2660.770671][T25238] RIP: 0033:0x7f5b7e88a639
[ 2660.774925][T25238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2660.794397][T25238] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2660.802610][T25238] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2660.810420][T25238] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2660.818237][T25238] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2660.826069][T25238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2660.833857][T25238] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2660.841668][T25238]  </TASK>
09:48:30 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55)

09:48:30 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000001c0)={0x10201, 0x1, 0x5000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x1000002, 0x30, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000008000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000001c0)={0x10201, 0x1, 0x5000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x1000002, 0x30, r0, 0x10000000) (async)
mmap$IORING_OFF_SQES(&(0x7f0000008000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:30 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x332}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async, rerun: 64)
syz_io_uring_setup(0x43ee, &(0x7f0000000140)={0x0, 0x68f8, 0x100, 0x3, 0x197, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) (async, rerun: 64)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000100)={0x2, 0x8, 0xb160})

09:48:30 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x94, 0x0, 0x2, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0xfffffffffffffff7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x6}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
dup2(r0, r2) (async)
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x70c06b19df14920e, 0x80010, r0, 0x10000000) (async)
timer_create(0x2, &(0x7f0000000200)={0x0, 0x13, 0x1, @thr={&(0x7f0000000100)="02a45888562643facff667cc32697c38a8ebc54231908e93af2e490db5381e7294842fcb3a71ff894e8fa1f97e7743ce270fc01d466b6c7ab67f17e329a1d719dd036d7e4c68b18b824019804d760adf9daea3525c361d098a98d89b45f80c7d8700736e378aca2aba748c01e5484ed838429e6a74bd93a93f77d7547b5c46aa862dbd375cb9d676f212be4c1154bc2a4c15628603000c3808a60fe4c68509c92a29c01ac03ed19c891a85a44ab1d0655bf56e143980a7df328085b9af27", &(0x7f00000001c0)="da65ec2e0b5fa749b671ac0982ca3f1a9a83ddbb94127254f87ed66f21e77d6795890b6573e094893e773360973f3850a487f5fec7a3"}}, &(0x7f0000000240))

09:48:30 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r1, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x198, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x7}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0x198}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a61, &(0x7f0000000000)={0x0, 0x0, 0x20, 0xfffffffe, 0x6a}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))

09:48:30 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
fstat(r0, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x2011, r1, 0x10000000)

09:48:30 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r1, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x198, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x7}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0x198}, 0x1, 0x0, 0x0, 0x1}, 0x40000) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a61, &(0x7f0000000000)={0x0, 0x0, 0x20, 0xfffffffe, 0x6a}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))

09:48:30 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000001c0)={0x10201, 0x1, 0x5000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x1000002, 0x30, r0, 0x10000000)
mmap$IORING_OFF_SQES(&(0x7f0000008000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000001c0)={0x10201, 0x1, 0x5000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x1000002, 0x30, r0, 0x10000000) (async)
mmap$IORING_OFF_SQES(&(0x7f0000008000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:30 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x2e, 0x0, @thr={&(0x7f0000000100)="767175d7508d215da4f2e679c67319494ad8c83dce506799f4881c044ffe612e938b95288ffa3703506f8eef8faa646a93f7f4909ea13d144686c6cb52c942412c6b2c4cc69478d73145c286dc24838e2f54890c39c36eeb26e1cd5ab6d259172e9bd978d9a88ec01f6d6f754e51ef25ca099837e0037ece2bcb657a94963b96ce8eb3afebd5469e49fc8b78f46b0dafd95d5e46f4c1af6b910ccd591070f0da8e9cf011326ef5c44c1dc2e1006787f65a9525d47b7ef4ba8eef59022f5b209ae6bf2c76818eaf54742a545bde5d6c9b6d34fe3bf8a4eee1cdf90c1d7df45b2b342e06fcc99ac79cf38e508870e00ace1dd0", &(0x7f0000000200)="8a588c3b4786023754271ebe1148ce72b7461d"}}, &(0x7f0000000280))
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@newnexthop={0x98, 0x68, 0x400, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x2, 0x0, 0x4df9423954f56d61}, [@NHA_RES_GROUP={0x34, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x9}, @NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x9}, @NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x5286}, @NHA_RES_GROUP_BUCKETS={0x6}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x20}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x4}]}, @NHA_OIF={0x8, 0x5, r1}, @NHA_GROUP={0x44, 0x2, [{0x0, 0x20}, {0x1, 0x81}, {0x2, 0xff}, {0x1, 0x40}, {0x2}, {0x1, 0x7}, {0x1, 0x6}, {0x1, 0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4}, 0x5)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:30 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r1, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x198, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x7}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0x198}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
syz_io_uring_setup(0x1a61, &(0x7f0000000000)={0x0, 0x0, 0x20, 0xfffffffe, 0x6a}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r1, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014) (async)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x198, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x7}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0x198}, 0x1, 0x0, 0x0, 0x1}, 0x40000) (async)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff) (async)
syz_io_uring_setup(0x1a61, &(0x7f0000000000)={0x0, 0x0, 0x20, 0xfffffffe, 0x6a}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100)) (async)

09:48:30 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
fstat(r0, &(0x7f0000000100)) (async)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x2011, r1, 0x10000000)

[ 2660.923379][T25425] FAULT_INJECTION: forcing a failure.
[ 2660.923379][T25425] name failslab, interval 1, probability 0, space 0, times 0
[ 2660.960270][T25425] CPU: 0 PID: 25425 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2660.971734][T25425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2660.981631][T25425] Call Trace:
[ 2660.984751][T25425]  <TASK>
[ 2660.987530][T25425]  dump_stack_lvl+0x151/0x1b7
[ 2660.992042][T25425]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2660.997337][T25425]  dump_stack+0x15/0x17
[ 2661.001328][T25425]  should_fail+0x3c0/0x510
[ 2661.005587][T25425]  __should_failslab+0x9f/0xe0
[ 2661.010181][T25425]  should_failslab+0x9/0x20
[ 2661.014520][T25425]  kmem_cache_alloc+0x4f/0x2f0
[ 2661.019119][T25425]  ? vm_area_dup+0x26/0x1d0
[ 2661.023460][T25425]  vm_area_dup+0x26/0x1d0
[ 2661.027626][T25425]  dup_mmap+0x6b8/0xea0
[ 2661.031620][T25425]  ? __delayed_free_task+0x20/0x20
[ 2661.036567][T25425]  ? mm_init+0x807/0x960
[ 2661.040647][T25425]  dup_mm+0x91/0x330
[ 2661.044379][T25425]  copy_mm+0x108/0x1b0
[ 2661.048282][T25425]  copy_process+0x1295/0x3250
[ 2661.052800][T25425]  ? proc_fail_nth_write+0x213/0x290
[ 2661.057915][T25425]  ? proc_fail_nth_read+0x220/0x220
[ 2661.062972][T25425]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2661.067896][T25425]  ? vfs_write+0x9af/0x1050
[ 2661.072238][T25425]  kernel_clone+0x22d/0x990
[ 2661.076575][T25425]  ? file_end_write+0x1b0/0x1b0
[ 2661.081263][T25425]  ? __kasan_check_write+0x14/0x20
[ 2661.086211][T25425]  ? create_io_thread+0x1e0/0x1e0
[ 2661.091070][T25425]  ? __mutex_lock_slowpath+0x10/0x10
[ 2661.096190][T25425]  __x64_sys_clone+0x289/0x310
[ 2661.100802][T25425]  ? __do_sys_vfork+0x130/0x130
[ 2661.105477][T25425]  ? debug_smp_processor_id+0x17/0x20
[ 2661.110684][T25425]  do_syscall_64+0x44/0xd0
[ 2661.114939][T25425]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2661.120664][T25425] RIP: 0033:0x7f5b7e88a639
[ 2661.124929][T25425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2661.144374][T25425] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2661.152608][T25425] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2661.160419][T25425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:30 executing program 3:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x4200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:30 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56)

09:48:30 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x2e, 0x0, @thr={&(0x7f0000000100)="767175d7508d215da4f2e679c67319494ad8c83dce506799f4881c044ffe612e938b95288ffa3703506f8eef8faa646a93f7f4909ea13d144686c6cb52c942412c6b2c4cc69478d73145c286dc24838e2f54890c39c36eeb26e1cd5ab6d259172e9bd978d9a88ec01f6d6f754e51ef25ca099837e0037ece2bcb657a94963b96ce8eb3afebd5469e49fc8b78f46b0dafd95d5e46f4c1af6b910ccd591070f0da8e9cf011326ef5c44c1dc2e1006787f65a9525d47b7ef4ba8eef59022f5b209ae6bf2c76818eaf54742a545bde5d6c9b6d34fe3bf8a4eee1cdf90c1d7df45b2b342e06fcc99ac79cf38e508870e00ace1dd0", &(0x7f0000000200)="8a588c3b4786023754271ebe1148ce72b7461d"}}, &(0x7f0000000280))
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@newnexthop={0x98, 0x68, 0x400, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x2, 0x0, 0x4df9423954f56d61}, [@NHA_RES_GROUP={0x34, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x9}, @NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x9}, @NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x5286}, @NHA_RES_GROUP_BUCKETS={0x6}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x20}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x4}]}, @NHA_OIF={0x8, 0x5, r1}, @NHA_GROUP={0x44, 0x2, [{0x0, 0x20}, {0x1, 0x81}, {0x2, 0xff}, {0x1, 0x40}, {0x2}, {0x1, 0x7}, {0x1, 0x6}, {0x1, 0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4}, 0x5)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x2e, 0x0, @thr={&(0x7f0000000100)="767175d7508d215da4f2e679c67319494ad8c83dce506799f4881c044ffe612e938b95288ffa3703506f8eef8faa646a93f7f4909ea13d144686c6cb52c942412c6b2c4cc69478d73145c286dc24838e2f54890c39c36eeb26e1cd5ab6d259172e9bd978d9a88ec01f6d6f754e51ef25ca099837e0037ece2bcb657a94963b96ce8eb3afebd5469e49fc8b78f46b0dafd95d5e46f4c1af6b910ccd591070f0da8e9cf011326ef5c44c1dc2e1006787f65a9525d47b7ef4ba8eef59022f5b209ae6bf2c76818eaf54742a545bde5d6c9b6d34fe3bf8a4eee1cdf90c1d7df45b2b342e06fcc99ac79cf38e508870e00ace1dd0", &(0x7f0000000200)="8a588c3b4786023754271ebe1148ce72b7461d"}}, &(0x7f0000000280)) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@newnexthop={0x98, 0x68, 0x400, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x2, 0x0, 0x4df9423954f56d61}, [@NHA_RES_GROUP={0x34, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x9}, @NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x9}, @NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x5286}, @NHA_RES_GROUP_BUCKETS={0x6}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x20}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x4}]}, @NHA_OIF={0x8, 0x5, r1}, @NHA_GROUP={0x44, 0x2, [{0x0, 0x20}, {0x1, 0x81}, {0x2, 0xff}, {0x1, 0x40}, {0x2}, {0x1, 0x7}, {0x1, 0x6}, {0x1, 0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4}, 0x5) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:30 executing program 4:
r0 = syz_io_uring_setup(0x6a36, &(0x7f0000000600)={0x0, 0x0, 0x8, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000140))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x5ca, &(0x7f0000000580)={0x0, 0x6c9d, 0x20, 0x3, 0x50, 0x0, r1}, &(0x7f0000000000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000000100), &(0x7f0000000180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f00000002c0))
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x28000, 0x0)
syz_clone3(&(0x7f0000000340)={0x200600000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0), {0x3d}, &(0x7f00000001c0)=""/45, 0x2d, &(0x7f0000000200)=""/180, &(0x7f00000002c0)=[r2], 0x1, {r3}}, 0x58)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000540)={r3, r3, 0x15}, 0x10)
r4 = io_uring_setup(0x1a3f, &(0x7f00000003c0)={0x0, 0x94a5, 0x0, 0x3, 0x3d0, 0x0, r3})
syz_io_uring_setup(0x8d9, &(0x7f0000000440)={0x0, 0x3326, 0x400, 0x0, 0x2c2, 0x0, r4}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000004c0), &(0x7f0000000500))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2661.168226][T25425] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2661.176047][T25425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2661.183857][T25425] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2661.191667][T25425]  </TASK>
09:48:30 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
fstat(r0, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x2011, r1, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
fstat(r0, &(0x7f0000000100)) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x2011, r1, 0x10000000) (async)

09:48:30 executing program 5:
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80900)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
dup2(r2, r1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_io_uring_setup(0x1a60, &(0x7f0000000100)={0x0, 0x943, 0x8, 0x0, 0x200, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r3, 0x10000000)

[ 2661.236830][T25476] FAULT_INJECTION: forcing a failure.
[ 2661.236830][T25476] name failslab, interval 1, probability 0, space 0, times 0
[ 2661.261580][T25476] CPU: 1 PID: 25476 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2661.273039][T25476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2661.282937][T25476] Call Trace:
09:48:30 executing program 4:
r0 = syz_io_uring_setup(0x6a36, &(0x7f0000000600)={0x0, 0x0, 0x8, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_io_uring_setup(0x5ca, &(0x7f0000000580)={0x0, 0x6c9d, 0x20, 0x3, 0x50, 0x0, r1}, &(0x7f0000000000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000000100), &(0x7f0000000180)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f00000002c0)) (async)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x28000, 0x0)
syz_clone3(&(0x7f0000000340)={0x200600000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0), {0x3d}, &(0x7f00000001c0)=""/45, 0x2d, &(0x7f0000000200)=""/180, &(0x7f00000002c0)=[r2], 0x1, {r3}}, 0x58) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000540)={r3, r3, 0x15}, 0x10) (async)
r4 = io_uring_setup(0x1a3f, &(0x7f00000003c0)={0x0, 0x94a5, 0x0, 0x3, 0x3d0, 0x0, r3})
syz_io_uring_setup(0x8d9, &(0x7f0000000440)={0x0, 0x3326, 0x400, 0x0, 0x2c2, 0x0, r4}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000004c0), &(0x7f0000000500)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:30 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x2e, 0x0, @thr={&(0x7f0000000100)="767175d7508d215da4f2e679c67319494ad8c83dce506799f4881c044ffe612e938b95288ffa3703506f8eef8faa646a93f7f4909ea13d144686c6cb52c942412c6b2c4cc69478d73145c286dc24838e2f54890c39c36eeb26e1cd5ab6d259172e9bd978d9a88ec01f6d6f754e51ef25ca099837e0037ece2bcb657a94963b96ce8eb3afebd5469e49fc8b78f46b0dafd95d5e46f4c1af6b910ccd591070f0da8e9cf011326ef5c44c1dc2e1006787f65a9525d47b7ef4ba8eef59022f5b209ae6bf2c76818eaf54742a545bde5d6c9b6d34fe3bf8a4eee1cdf90c1d7df45b2b342e06fcc99ac79cf38e508870e00ace1dd0", &(0x7f0000000200)="8a588c3b4786023754271ebe1148ce72b7461d"}}, &(0x7f0000000280))
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@newnexthop={0x98, 0x68, 0x400, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x2, 0x0, 0x4df9423954f56d61}, [@NHA_RES_GROUP={0x34, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x9}, @NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x9}, @NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x5286}, @NHA_RES_GROUP_BUCKETS={0x6}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x20}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x4}]}, @NHA_OIF={0x8, 0x5, r1}, @NHA_GROUP={0x44, 0x2, [{0x0, 0x20}, {0x1, 0x81}, {0x2, 0xff}, {0x1, 0x40}, {0x2}, {0x1, 0x7}, {0x1, 0x6}, {0x1, 0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4}, 0x5) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:30 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57)

09:48:30 executing program 0:
r0 = syz_clone3(&(0x7f0000001500)={0x81200, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380), {0x14}, &(0x7f00000003c0)=""/4096, 0x1000, &(0x7f00000013c0)=""/193, &(0x7f00000014c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
syz_clone3(&(0x7f00000015c0)={0x3000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x1b}, &(0x7f0000000240)=""/60, 0x3c, &(0x7f0000000280)=""/106, &(0x7f0000001580)=[r0, 0x0], 0x2, {r1}}, 0x58)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)

[ 2661.286065][T25476]  <TASK>
[ 2661.286076][T25476]  dump_stack_lvl+0x151/0x1b7
[ 2661.286103][T25476]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2661.286123][T25476]  dump_stack+0x15/0x17
[ 2661.286139][T25476]  should_fail+0x3c0/0x510
09:48:30 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58)

09:48:30 executing program 0:
r0 = syz_clone3(&(0x7f0000001500)={0x81200, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380), {0x14}, &(0x7f00000003c0)=""/4096, 0x1000, &(0x7f00000013c0)=""/193, &(0x7f00000014c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
syz_clone3(&(0x7f00000015c0)={0x3000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x1b}, &(0x7f0000000240)=""/60, 0x3c, &(0x7f0000000280)=""/106, &(0x7f0000001580)=[r0, 0x0], 0x2, {r1}}, 0x58) (async)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)

[ 2661.286156][T25476]  __should_failslab+0x9f/0xe0
[ 2661.286175][T25476]  should_failslab+0x9/0x20
[ 2661.286191][T25476]  kmem_cache_alloc+0x4f/0x2f0
[ 2661.286207][T25476]  ? vm_area_dup+0x26/0x1d0
[ 2661.286222][T25476]  vm_area_dup+0x26/0x1d0
[ 2661.286236][T25476]  dup_mmap+0x6b8/0xea0
[ 2661.286253][T25476]  ? __delayed_free_task+0x20/0x20
[ 2661.286270][T25476]  ? mm_init+0x807/0x960
[ 2661.286285][T25476]  dup_mm+0x91/0x330
[ 2661.286300][T25476]  copy_mm+0x108/0x1b0
[ 2661.286316][T25476]  copy_process+0x1295/0x3250
[ 2661.286333][T25476]  ? proc_fail_nth_write+0x213/0x290
[ 2661.286351][T25476]  ? proc_fail_nth_read+0x220/0x220
[ 2661.286368][T25476]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2661.286382][T25476]  ? vfs_write+0x9af/0x1050
[ 2661.286398][T25476]  kernel_clone+0x22d/0x990
[ 2661.286409][T25476]  ? file_end_write+0x1b0/0x1b0
[ 2661.286423][T25476]  ? __kasan_check_write+0x14/0x20
09:48:30 executing program 3:
r0 = syz_clone3(&(0x7f0000001500)={0x81200, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380), {0x14}, &(0x7f00000003c0)=""/4096, 0x1000, &(0x7f00000013c0)=""/193, &(0x7f00000014c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
syz_clone3(&(0x7f00000015c0)={0x3000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x1b}, &(0x7f0000000240)=""/60, 0x3c, &(0x7f0000000280)=""/106, &(0x7f0000001580)=[r0, 0x0], 0x2, {r1}}, 0x58)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)

09:48:30 executing program 1:
r0 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0)
getgroups(0x2, &(0x7f0000000080)=[0x0, <r1=>0x0])
keyctl$chown(0x4, r0, 0xee01, r1)
r2 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, r0)
r3 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
r4 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r4)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, r4, 0x1)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:30 executing program 5:
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80900)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) (async)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0) (async, rerun: 64)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (rerun: 64)
dup2(r2, r1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r3 = syz_io_uring_setup(0x1a60, &(0x7f0000000100)={0x0, 0x943, 0x8, 0x0, 0x200, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r3, 0x10000000)

09:48:30 executing program 3:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000005, 0x30, r1, 0x10000000)

[ 2661.286435][T25476]  ? create_io_thread+0x1e0/0x1e0
[ 2661.286450][T25476]  ? __mutex_lock_slowpath+0x10/0x10
[ 2661.286468][T25476]  __x64_sys_clone+0x289/0x310
[ 2661.286496][T25476]  ? __do_sys_vfork+0x130/0x130
[ 2661.286516][T25476]  ? debug_smp_processor_id+0x17/0x20
[ 2661.286534][T25476]  do_syscall_64+0x44/0xd0
[ 2661.286551][T25476]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2661.286568][T25476] RIP: 0033:0x7f5b7e88a639
09:48:31 executing program 1:
r0 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='.request_key_auth\x00', 0x0) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0)
getgroups(0x2, &(0x7f0000000080)=[0x0, <r1=>0x0])
keyctl$chown(0x4, r0, 0xee01, r1) (async)
r2 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, r0) (async)
r3 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
r4 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r4) (async)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, r4, 0x1) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:31 executing program 3:
r0 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r0, 0x100, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="2815c800c4213598bdd9e38042cbb127f0995d1be113368abde5e52af33ddc2042c748fe3960526e34b8f2d54de787ee946bb4dee82c561373c1998ae9d7f800cce44930e926883e6bd3af32cf7ebe13a33bc6ad70e3c66e1daf1b50f755b7b59eff345364fd4deccd6b5a98b37c307b09495afc148866369c03fa6a54a4d6", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25040000001400060064766d72703100"/34], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4, 0x70bd27}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'dvmrp1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)={0xc8, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7fffffffffffffff}, {0xc, 0x90, 0x844}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x17}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x81}, {0xc, 0x90, 0x200}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4044040}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c044}, 0x11)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

[ 2661.286582][T25476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2661.286597][T25476] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2661.286617][T25476] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2661.286631][T25476] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2661.286642][T25476] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2661.286654][T25476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2661.286664][T25476] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2661.286679][T25476]  </TASK>
[ 2661.343585][T25524] FAULT_INJECTION: forcing a failure.
[ 2661.343585][T25524] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2661.343612][T25524] CPU: 0 PID: 25524 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2661.343634][T25524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2661.343645][T25524] Call Trace:
[ 2661.343650][T25524]  <TASK>
[ 2661.343658][T25524]  dump_stack_lvl+0x151/0x1b7
[ 2661.343682][T25524]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2661.343704][T25524]  dump_stack+0x15/0x17
[ 2661.343720][T25524]  should_fail+0x3c0/0x510
[ 2661.343737][T25524]  should_fail_alloc_page+0x58/0x70
[ 2661.343758][T25524]  __alloc_pages+0x1de/0x7c0
[ 2661.343777][T25524]  ? __count_vm_events+0x30/0x30
[ 2661.343795][T25524]  ? __this_cpu_preempt_check+0x13/0x20
[ 2661.343812][T25524]  ? __mod_node_page_state+0xac/0xf0
[ 2661.343830][T25524]  pte_alloc_one+0x73/0x1b0
[ 2661.343848][T25524]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2661.343866][T25524]  __pte_alloc+0x86/0x350
[ 2661.343884][T25524]  ? free_pgtables+0x210/0x210
[ 2661.343901][T25524]  ? _raw_spin_lock+0xa3/0x1b0
[ 2661.343917][T25524]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2661.343932][T25524]  ? __kernel_text_address+0x9a/0x110
[ 2661.343952][T25524]  copy_pte_range+0x1b1f/0x20b0
[ 2661.343972][T25524]  ? __kunmap_atomic+0x80/0x80
[ 2661.344000][T25524]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2661.344017][T25524]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2661.344033][T25524]  ? kmem_cache_alloc+0x189/0x2f0
[ 2661.344051][T25524]  ? vm_area_dup+0x26/0x1d0
[ 2661.344068][T25524]  ? dup_mmap+0x6b8/0xea0
[ 2661.344085][T25524]  ? dup_mm+0x91/0x330
[ 2661.344101][T25524]  ? copy_mm+0x108/0x1b0
[ 2661.344116][T25524]  ? copy_process+0x1295/0x3250
[ 2661.344133][T25524]  ? kernel_clone+0x22d/0x990
[ 2661.344149][T25524]  ? __x64_sys_clone+0x289/0x310
[ 2661.344169][T25524]  ? do_syscall_64+0x44/0xd0
[ 2661.344186][T25524]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2661.344207][T25524]  copy_page_range+0xc1e/0x1090
[ 2661.344231][T25524]  ? pfn_valid+0x1e0/0x1e0
[ 2661.344251][T25524]  dup_mmap+0x99f/0xea0
[ 2661.344270][T25524]  ? __delayed_free_task+0x20/0x20
[ 2661.344289][T25524]  ? mm_init+0x807/0x960
[ 2661.344305][T25524]  dup_mm+0x91/0x330
[ 2661.344322][T25524]  copy_mm+0x108/0x1b0
[ 2661.344339][T25524]  copy_process+0x1295/0x3250
[ 2661.344357][T25524]  ? proc_fail_nth_write+0x213/0x290
[ 2661.344376][T25524]  ? proc_fail_nth_read+0x220/0x220
[ 2661.344394][T25524]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2661.344411][T25524]  ? vfs_write+0x9af/0x1050
[ 2661.344431][T25524]  kernel_clone+0x22d/0x990
[ 2661.344447][T25524]  ? file_end_write+0x1b0/0x1b0
[ 2661.344464][T25524]  ? __kasan_check_write+0x14/0x20
[ 2661.344479][T25524]  ? create_io_thread+0x1e0/0x1e0
[ 2661.344495][T25524]  ? __mutex_lock_slowpath+0x10/0x10
[ 2661.344512][T25524]  __x64_sys_clone+0x289/0x310
[ 2661.344528][T25524]  ? __do_sys_vfork+0x130/0x130
[ 2661.344548][T25524]  ? debug_smp_processor_id+0x17/0x20
[ 2661.344566][T25524]  do_syscall_64+0x44/0xd0
[ 2661.344584][T25524]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2661.344602][T25524] RIP: 0033:0x7f5b7e88a639
[ 2661.344618][T25524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2661.344632][T25524] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2661.344652][T25524] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2661.344668][T25524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2661.344679][T25524] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2661.344692][T25524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2661.344704][T25524] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2661.344720][T25524]  </TASK>
[ 2661.380656][T25535] FAULT_INJECTION: forcing a failure.
[ 2661.380656][T25535] name failslab, interval 1, probability 0, space 0, times 0
[ 2661.925402][T25535] CPU: 0 PID: 25535 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2661.925428][T25535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2661.925438][T25535] Call Trace:
[ 2661.925443][T25535]  <TASK>
[ 2661.925449][T25535]  dump_stack_lvl+0x151/0x1b7
[ 2661.925475][T25535]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2661.925494][T25535]  dump_stack+0x15/0x17
[ 2661.925506][T25535]  should_fail+0x3c0/0x510
[ 2661.925522][T25535]  __should_failslab+0x9f/0xe0
[ 2661.925540][T25535]  should_failslab+0x9/0x20
[ 2661.925554][T25535]  kmem_cache_alloc+0x4f/0x2f0
[ 2661.925568][T25535]  ? vm_area_dup+0x26/0x1d0
[ 2661.925583][T25535]  vm_area_dup+0x26/0x1d0
[ 2661.925596][T25535]  dup_mmap+0x6b8/0xea0
[ 2661.925614][T25535]  ? __delayed_free_task+0x20/0x20
[ 2661.925633][T25535]  ? mm_init+0x807/0x960
[ 2661.925647][T25535]  dup_mm+0x91/0x330
[ 2661.925662][T25535]  copy_mm+0x108/0x1b0
[ 2661.925676][T25535]  copy_process+0x1295/0x3250
[ 2661.925692][T25535]  ? proc_fail_nth_write+0x213/0x290
[ 2661.925710][T25535]  ? proc_fail_nth_read+0x220/0x220
[ 2661.925727][T25535]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2661.925742][T25535]  ? vfs_write+0x9af/0x1050
[ 2662.037676][T25535]  kernel_clone+0x22d/0x990
[ 2662.042010][T25535]  ? file_end_write+0x1b0/0x1b0
[ 2662.046697][T25535]  ? __kasan_check_write+0x14/0x20
[ 2662.051643][T25535]  ? create_io_thread+0x1e0/0x1e0
[ 2662.056506][T25535]  ? __mutex_lock_slowpath+0x10/0x10
[ 2662.061624][T25535]  __x64_sys_clone+0x289/0x310
[ 2662.066223][T25535]  ? __do_sys_vfork+0x130/0x130
[ 2662.070922][T25535]  ? debug_smp_processor_id+0x17/0x20
[ 2662.076120][T25535]  do_syscall_64+0x44/0xd0
[ 2662.080372][T25535]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2662.086097][T25535] RIP: 0033:0x7f5b7e88a639
[ 2662.090353][T25535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2662.109795][T25535] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2662.118046][T25535] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2662.125849][T25535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2662.133659][T25535] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2662.141473][T25535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:31 executing program 4:
r0 = syz_io_uring_setup(0x6a36, &(0x7f0000000600)={0x0, 0x0, 0x8, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async, rerun: 64)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (rerun: 64)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_io_uring_setup(0x5ca, &(0x7f0000000580)={0x0, 0x6c9d, 0x20, 0x3, 0x50, 0x0, r1}, &(0x7f0000000000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000000100), &(0x7f0000000180)) (async, rerun: 64)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f00000002c0)) (async)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x28000, 0x0)
syz_clone3(&(0x7f0000000340)={0x200600000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f00000000c0), {0x3d}, &(0x7f00000001c0)=""/45, 0x2d, &(0x7f0000000200)=""/180, &(0x7f00000002c0)=[r2], 0x1, {r3}}, 0x58)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000540)={r3, r3, 0x15}, 0x10) (async)
r4 = io_uring_setup(0x1a3f, &(0x7f00000003c0)={0x0, 0x94a5, 0x0, 0x3, 0x3d0, 0x0, r3})
syz_io_uring_setup(0x8d9, &(0x7f0000000440)={0x0, 0x3326, 0x400, 0x0, 0x2c2, 0x0, r4}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000004c0), &(0x7f0000000500))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:31 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
keyctl$update(0x2, 0x0, &(0x7f00000006c0)="6771523fdffaf6cc89a7586a5b2a4dc0a8e9c216c281c92669a2b285059fb16ac068fe86d4558d4eb3107d8cf201f24704910db93888f653711d61c04644142a6efdf1591602925e47c971957d93918a6a372d14f462bb759822adfdaa7a5b6a0fb3385087af5dc9f7682bc6fb40db41f9dfed2a7da437fa059f8e7fac0dee9a65215acc1b82b8e0ce281bdc6b95", 0x8e)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="2c69c5f67000fbdbdf25080000001400020000000000000000000000010114000200ff0100000000000000000000000000010568e24b9efde0e165d966116858f2abb936c560ae2a6c109ab14fc56ca6f6a0fd00000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x8080)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xbb83, 0x100, 0x0, 0xb2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)
syz_clone3(&(0x7f0000000500)={0x44101000, &(0x7f0000000200), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280), {0x35}, &(0x7f00000002c0)=""/191, 0xbf, &(0x7f0000000380)=""/182, &(0x7f0000000440)=[r2, r2], 0x2}, 0x58)
syz_open_procfs$namespace(r3, &(0x7f0000000480)='ns/pid\x00')

09:48:31 executing program 0:
r0 = syz_clone3(&(0x7f0000001500)={0x81200, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380), {0x14}, &(0x7f00000003c0)=""/4096, 0x1000, &(0x7f00000013c0)=""/193, &(0x7f00000014c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
syz_clone3(&(0x7f00000015c0)={0x3000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x1b}, &(0x7f0000000240)=""/60, 0x3c, &(0x7f0000000280)=""/106, &(0x7f0000001580)=[r0, 0x0], 0x2, {r1}}, 0x58)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)
syz_clone3(&(0x7f0000001500)={0x81200, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380), {0x14}, &(0x7f00000003c0)=""/4096, 0x1000, &(0x7f00000013c0)=""/193, &(0x7f00000014c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
syz_clone3(&(0x7f00000015c0)={0x3000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x1b}, &(0x7f0000000240)=""/60, 0x3c, &(0x7f0000000280)=""/106, &(0x7f0000001580)=[r0, 0x0], 0x2, {r1}}, 0x58) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000100)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000) (async)

09:48:31 executing program 1:
r0 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0) (async, rerun: 64)
getgroups(0x2, &(0x7f0000000080)=[0x0, <r1=>0x0]) (rerun: 64)
keyctl$chown(0x4, r0, 0xee01, r1) (async)
r2 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, r0) (async)
r3 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) (async)
r4 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r4)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, r4, 0x1)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:31 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59)

09:48:31 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_open(r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2662.149281][T25535] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2662.157095][T25535]  </TASK>
09:48:31 executing program 5:
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80900)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
dup2(r2, r1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_io_uring_setup(0x1a60, &(0x7f0000000100)={0x0, 0x943, 0x8, 0x0, 0x200, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r3, 0x10000000)
open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80900) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) (async)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
dup2(r2, r1) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000100)={0x0, 0x943, 0x8, 0x0, 0x200, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r3, 0x10000000) (async)

09:48:31 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
pidfd_open(0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
r2 = syz_io_uring_setup(0x616e, &(0x7f0000000140)={0x0, 0xb605, 0x10, 0x2, 0xe7, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0xe0c817b558d4475c, r2, 0x10000000)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(r1, 0x8002af76, &(0x7f0000000000))

09:48:31 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
pidfd_open(r1, 0x0) (async, rerun: 32)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2662.189770][T25585] FAULT_INJECTION: forcing a failure.
[ 2662.189770][T25585] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2662.217067][T25585] CPU: 0 PID: 25585 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2662.228540][T25585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
09:48:31 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000100)=0x1)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)

09:48:31 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
pidfd_open(0x0, 0x0) (async, rerun: 64)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (rerun: 64)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
r2 = syz_io_uring_setup(0x616e, &(0x7f0000000140)={0x0, 0xb605, 0x10, 0x2, 0xe7, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0xe0c817b558d4475c, r2, 0x10000000) (async, rerun: 32)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 32)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 32)
ioctl$VHOST_VDPA_GET_VRING_NUM(r1, 0x8002af76, &(0x7f0000000000)) (rerun: 32)

[ 2662.238429][T25585] Call Trace:
[ 2662.241543][T25585]  <TASK>
[ 2662.244329][T25585]  dump_stack_lvl+0x151/0x1b7
[ 2662.248833][T25585]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2662.254128][T25585]  dump_stack+0x15/0x17
[ 2662.258121][T25585]  should_fail+0x3c0/0x510
[ 2662.262380][T25585]  should_fail_alloc_page+0x58/0x70
[ 2662.267406][T25585]  __alloc_pages+0x1de/0x7c0
[ 2662.271883][T25585]  ? __count_vm_events+0x30/0x30
[ 2662.276603][T25585]  ? __this_cpu_preempt_check+0x13/0x20
[ 2662.281984][T25585]  ? __mod_node_page_state+0xac/0xf0
09:48:31 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000100)=0x1) (async)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)

09:48:31 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
pidfd_open(0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
r2 = syz_io_uring_setup(0x616e, &(0x7f0000000140)={0x0, 0xb605, 0x10, 0x2, 0xe7, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0xe0c817b558d4475c, r2, 0x10000000)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(r1, 0x8002af76, &(0x7f0000000000))
syz_io_uring_setup(0x1a64, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
pidfd_open(0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
syz_io_uring_setup(0x616e, &(0x7f0000000140)={0x0, 0xb605, 0x10, 0x2, 0xe7, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0xe0c817b558d4475c, r2, 0x10000000) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$VHOST_VDPA_GET_VRING_NUM(r1, 0x8002af76, &(0x7f0000000000)) (async)

[ 2662.287107][T25585]  pte_alloc_one+0x73/0x1b0
[ 2662.291449][T25585]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2662.296481][T25585]  __pte_alloc+0x86/0x350
[ 2662.300645][T25585]  ? free_pgtables+0x210/0x210
[ 2662.305265][T25585]  ? _raw_spin_lock+0xa3/0x1b0
[ 2662.309846][T25585]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2662.315061][T25585]  ? __kernel_text_address+0x9a/0x110
[ 2662.320279][T25585]  copy_pte_range+0x1b1f/0x20b0
[ 2662.324954][T25585]  ? __kunmap_atomic+0x80/0x80
[ 2662.329546][T25585]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2662.334409][T25585]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2662.339267][T25585]  ? kmem_cache_alloc+0x189/0x2f0
[ 2662.344130][T25585]  ? vm_area_dup+0x26/0x1d0
[ 2662.348477][T25585]  ? dup_mmap+0x6b8/0xea0
[ 2662.352633][T25585]  ? dup_mm+0x91/0x330
[ 2662.356624][T25585]  ? copy_mm+0x108/0x1b0
[ 2662.360705][T25585]  ? copy_process+0x1295/0x3250
[ 2662.365392][T25585]  ? kernel_clone+0x22d/0x990
[ 2662.369906][T25585]  ? __x64_sys_clone+0x289/0x310
[ 2662.374677][T25585]  ? do_syscall_64+0x44/0xd0
[ 2662.379102][T25585]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2662.385008][T25585]  copy_page_range+0xc1e/0x1090
[ 2662.389695][T25585]  ? pfn_valid+0x1e0/0x1e0
[ 2662.393946][T25585]  dup_mmap+0x99f/0xea0
[ 2662.397941][T25585]  ? __delayed_free_task+0x20/0x20
[ 2662.402886][T25585]  ? mm_init+0x807/0x960
[ 2662.406963][T25585]  dup_mm+0x91/0x330
[ 2662.410696][T25585]  copy_mm+0x108/0x1b0
[ 2662.414609][T25585]  copy_process+0x1295/0x3250
[ 2662.419113][T25585]  ? proc_fail_nth_write+0x213/0x290
[ 2662.424231][T25585]  ? proc_fail_nth_read+0x220/0x220
[ 2662.429266][T25585]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2662.434219][T25585]  ? vfs_write+0x9af/0x1050
[ 2662.438559][T25585]  kernel_clone+0x22d/0x990
[ 2662.442895][T25585]  ? file_end_write+0x1b0/0x1b0
[ 2662.447582][T25585]  ? __kasan_check_write+0x14/0x20
[ 2662.452532][T25585]  ? create_io_thread+0x1e0/0x1e0
[ 2662.457388][T25585]  ? __mutex_lock_slowpath+0x10/0x10
[ 2662.462506][T25585]  __x64_sys_clone+0x289/0x310
[ 2662.467115][T25585]  ? __do_sys_vfork+0x130/0x130
[ 2662.471798][T25585]  ? debug_smp_processor_id+0x17/0x20
[ 2662.477002][T25585]  do_syscall_64+0x44/0xd0
[ 2662.481260][T25585]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2662.486984][T25585] RIP: 0033:0x7f5b7e88a639
[ 2662.491236][T25585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2662.510673][T25585] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2662.518920][T25585] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2662.526729][T25585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r2=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r2)
syz_io_uring_complete(r2)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_rr_get_interval(r3, &(0x7f0000002180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)

09:48:32 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000100)=0x1)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)

09:48:32 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6000000, 0x110, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:32 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60)

09:48:32 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async, rerun: 64)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_open(r1, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:32 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:32 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x1000, &(0x7f00000022c0)="983b22ca11b132ddc8eaf3e1af093439263bdddf982c9c2611d292af0e", 0x1d, &(0x7f0000002300), &(0x7f0000002340), &(0x7f0000002380)="d9f8a80775d96d33436f6ecd9441db010985499083bfc6f2a41df0c45f7d27a53d8cfeab0d351c0df758f3a3c9dc46308f23d9a9f0be7cdfdf45099552edddad899534264587ad20f0c57b3f26d39b2fa556aaa643efef6e4c5e260e94aed8b1214bf15eceb8d325612d498261cd7d69cd1ba6bf21ce5abd4a154a2daa380c2dbb970fb6e77f0fc3900b307a89c6df257b6ba02ed8df7f8f994777429fc45d066b0d4c95a4049dd4a32eab1c9243651c7e78977c0c0f403c5ac2f79e1e308f893b381f306651ac7dab6274793ceb8daebf2a2b")
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r3, &(0x7f00000002c0))
read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
r5 = syz_clone3(&(0x7f00000046c0)={0xc4000000, &(0x7f00000044c0), &(0x7f0000004500), &(0x7f0000004540), {0x22}, &(0x7f0000004580)=""/175, 0xaf, &(0x7f0000004640)=""/40, &(0x7f0000004680)=[r1, r1], 0x2}, 0x58)
r6 = syz_clone(0x904080, &(0x7f0000004740)="472608e7500d1b24b0e2245ce351d6397a7a63611ea99d7ae1dce8e2918815d77418c5e4dbea7a4b736755463e05b08d8b54640aaf98339d8e428738776189d1d61bab179ba29f8ce3f0d3bbb469e99dbbb9b5a42c182cd5c5b55f258d592b0eda85037117ecb2bd69a18aca406f42521202cb3489757411088b77b34cb1f0a476906783fb407b1268d6fe63132debbcdae1bc148a9d0b00a33171f01a62903c15c0e1782c4d3a8ae8576dbc6fb632101f17bb58127fa97a676d4fab85143fe2c2299ba5b8731787f7e4c7d776b07f4e40b190655051b879b1a11a836f", 0xdd, &(0x7f0000004840), &(0x7f0000004880), &(0x7f00000048c0)="c8159b4cc0e3fbcc5e9eb7ee3ceb185032a2bcdb8b2fe2b8a6a2ee0b062938350da280c403cc01d6f096a746b0e46303197be202b9b20c78f0ad6e97a845d70ee2f6412afe055de7b9d5f8b0368fffb68cd243badbf131c1bdedc0fe1ef6309ef1dcead9a76bb67f87fd4814c97464fd3f2cd9c602e1e03892ddcb0763951f8abf355dc1d720f2250f466f1dca00063c8f368985e332c6f66185ea4e9587cb5398d52cac8c7ba7cb4d556e9855")
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r7, &(0x7f00000002c0))
syz_clone3(&(0x7f00000049c0)={0x86000000, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200), {0x3f}, &(0x7f0000002240)=""/45, 0x2d, &(0x7f0000002280)=""/1, &(0x7f0000004a40)=[r2, r1, r1, r3, r4, r1, r5, r1, r6, r7], 0xa}, 0x58)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10040, 0x0)
read$FUSE(r8, &(0x7f0000000140)={0x2020}, 0x2020)

09:48:32 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6000000, 0x110, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6000000, 0x110, r0, 0x10000000) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

[ 2662.534540][T25585] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2662.542352][T25585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2662.550162][T25585] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2662.557986][T25585]  </TASK>
09:48:32 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:32 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6000000, 0x110, r0, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r2=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r2)
syz_io_uring_complete(r2)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_rr_get_interval(r3, &(0x7f0000002180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)

[ 2662.608012][T25696] FAULT_INJECTION: forcing a failure.
[ 2662.608012][T25696] name failslab, interval 1, probability 0, space 0, times 0
[ 2662.649875][T25696] CPU: 0 PID: 25696 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2662.661337][T25696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2662.671231][T25696] Call Trace:
[ 2662.674355][T25696]  <TASK>
[ 2662.677134][T25696]  dump_stack_lvl+0x151/0x1b7
[ 2662.681652][T25696]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2662.686948][T25696]  dump_stack+0x15/0x17
[ 2662.690941][T25696]  should_fail+0x3c0/0x510
[ 2662.695185][T25696]  __should_failslab+0x9f/0xe0
[ 2662.699782][T25696]  should_failslab+0x9/0x20
[ 2662.704124][T25696]  kmem_cache_alloc+0x4f/0x2f0
[ 2662.708726][T25696]  ? vm_area_dup+0x26/0x1d0
[ 2662.713064][T25696]  vm_area_dup+0x26/0x1d0
[ 2662.717249][T25696]  dup_mmap+0x6b8/0xea0
[ 2662.721224][T25696]  ? __delayed_free_task+0x20/0x20
[ 2662.726171][T25696]  ? mm_init+0x807/0x960
[ 2662.730247][T25696]  dup_mm+0x91/0x330
[ 2662.733981][T25696]  copy_mm+0x108/0x1b0
[ 2662.737895][T25696]  copy_process+0x1295/0x3250
[ 2662.742407][T25696]  ? proc_fail_nth_write+0x213/0x290
[ 2662.747530][T25696]  ? proc_fail_nth_read+0x220/0x220
[ 2662.752562][T25696]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2662.757505][T25696]  ? vfs_write+0x9af/0x1050
[ 2662.761850][T25696]  kernel_clone+0x22d/0x990
[ 2662.766181][T25696]  ? file_end_write+0x1b0/0x1b0
[ 2662.770874][T25696]  ? __kasan_check_write+0x14/0x20
[ 2662.775814][T25696]  ? create_io_thread+0x1e0/0x1e0
[ 2662.780673][T25696]  ? __mutex_lock_slowpath+0x10/0x10
[ 2662.785804][T25696]  __x64_sys_clone+0x289/0x310
[ 2662.790397][T25696]  ? __do_sys_vfork+0x130/0x130
[ 2662.795082][T25696]  ? debug_smp_processor_id+0x17/0x20
[ 2662.800299][T25696]  do_syscall_64+0x44/0xd0
[ 2662.804550][T25696]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2662.810270][T25696] RIP: 0033:0x7f5b7e88a639
[ 2662.814522][T25696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2662.833977][T25696] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2662.842209][T25696] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:32 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x1000, &(0x7f00000022c0)="983b22ca11b132ddc8eaf3e1af093439263bdddf982c9c2611d292af0e", 0x1d, &(0x7f0000002300), &(0x7f0000002340), &(0x7f0000002380)="d9f8a80775d96d33436f6ecd9441db010985499083bfc6f2a41df0c45f7d27a53d8cfeab0d351c0df758f3a3c9dc46308f23d9a9f0be7cdfdf45099552edddad899534264587ad20f0c57b3f26d39b2fa556aaa643efef6e4c5e260e94aed8b1214bf15eceb8d325612d498261cd7d69cd1ba6bf21ce5abd4a154a2daa380c2dbb970fb6e77f0fc3900b307a89c6df257b6ba02ed8df7f8f994777429fc45d066b0d4c95a4049dd4a32eab1c9243651c7e78977c0c0f403c5ac2f79e1e308f893b381f306651ac7dab6274793ceb8daebf2a2b")
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r3, &(0x7f00000002c0))
read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
r5 = syz_clone3(&(0x7f00000046c0)={0xc4000000, &(0x7f00000044c0), &(0x7f0000004500), &(0x7f0000004540), {0x22}, &(0x7f0000004580)=""/175, 0xaf, &(0x7f0000004640)=""/40, &(0x7f0000004680)=[r1, r1], 0x2}, 0x58)
r6 = syz_clone(0x904080, &(0x7f0000004740)="472608e7500d1b24b0e2245ce351d6397a7a63611ea99d7ae1dce8e2918815d77418c5e4dbea7a4b736755463e05b08d8b54640aaf98339d8e428738776189d1d61bab179ba29f8ce3f0d3bbb469e99dbbb9b5a42c182cd5c5b55f258d592b0eda85037117ecb2bd69a18aca406f42521202cb3489757411088b77b34cb1f0a476906783fb407b1268d6fe63132debbcdae1bc148a9d0b00a33171f01a62903c15c0e1782c4d3a8ae8576dbc6fb632101f17bb58127fa97a676d4fab85143fe2c2299ba5b8731787f7e4c7d776b07f4e40b190655051b879b1a11a836f", 0xdd, &(0x7f0000004840), &(0x7f0000004880), &(0x7f00000048c0)="c8159b4cc0e3fbcc5e9eb7ee3ceb185032a2bcdb8b2fe2b8a6a2ee0b062938350da280c403cc01d6f096a746b0e46303197be202b9b20c78f0ad6e97a845d70ee2f6412afe055de7b9d5f8b0368fffb68cd243badbf131c1bdedc0fe1ef6309ef1dcead9a76bb67f87fd4814c97464fd3f2cd9c602e1e03892ddcb0763951f8abf355dc1d720f2250f466f1dca00063c8f368985e332c6f66185ea4e9587cb5398d52cac8c7ba7cb4d556e9855")
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r7, &(0x7f00000002c0))
syz_clone3(&(0x7f00000049c0)={0x86000000, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200), {0x3f}, &(0x7f0000002240)=""/45, 0x2d, &(0x7f0000002280)=""/1, &(0x7f0000004a40)=[r2, r1, r1, r3, r4, r1, r5, r1, r6, r7], 0xa}, 0x58)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10040, 0x0)
read$FUSE(r8, &(0x7f0000000140)={0x2020}, 0x2020)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x1000, &(0x7f00000022c0)="983b22ca11b132ddc8eaf3e1af093439263bdddf982c9c2611d292af0e", 0x1d, &(0x7f0000002300), &(0x7f0000002340), &(0x7f0000002380)="d9f8a80775d96d33436f6ecd9441db010985499083bfc6f2a41df0c45f7d27a53d8cfeab0d351c0df758f3a3c9dc46308f23d9a9f0be7cdfdf45099552edddad899534264587ad20f0c57b3f26d39b2fa556aaa643efef6e4c5e260e94aed8b1214bf15eceb8d325612d498261cd7d69cd1ba6bf21ce5abd4a154a2daa380c2dbb970fb6e77f0fc3900b307a89c6df257b6ba02ed8df7f8f994777429fc45d066b0d4c95a4049dd4a32eab1c9243651c7e78977c0c0f403c5ac2f79e1e308f893b381f306651ac7dab6274793ceb8daebf2a2b") (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(r3, &(0x7f00000002c0)) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020}, 0x2020) (async)
syz_clone3(&(0x7f00000046c0)={0xc4000000, &(0x7f00000044c0), &(0x7f0000004500), &(0x7f0000004540), {0x22}, &(0x7f0000004580)=""/175, 0xaf, &(0x7f0000004640)=""/40, &(0x7f0000004680)=[r1, r1], 0x2}, 0x58) (async)
syz_clone(0x904080, &(0x7f0000004740)="472608e7500d1b24b0e2245ce351d6397a7a63611ea99d7ae1dce8e2918815d77418c5e4dbea7a4b736755463e05b08d8b54640aaf98339d8e428738776189d1d61bab179ba29f8ce3f0d3bbb469e99dbbb9b5a42c182cd5c5b55f258d592b0eda85037117ecb2bd69a18aca406f42521202cb3489757411088b77b34cb1f0a476906783fb407b1268d6fe63132debbcdae1bc148a9d0b00a33171f01a62903c15c0e1782c4d3a8ae8576dbc6fb632101f17bb58127fa97a676d4fab85143fe2c2299ba5b8731787f7e4c7d776b07f4e40b190655051b879b1a11a836f", 0xdd, &(0x7f0000004840), &(0x7f0000004880), &(0x7f00000048c0)="c8159b4cc0e3fbcc5e9eb7ee3ceb185032a2bcdb8b2fe2b8a6a2ee0b062938350da280c403cc01d6f096a746b0e46303197be202b9b20c78f0ad6e97a845d70ee2f6412afe055de7b9d5f8b0368fffb68cd243badbf131c1bdedc0fe1ef6309ef1dcead9a76bb67f87fd4814c97464fd3f2cd9c602e1e03892ddcb0763951f8abf355dc1d720f2250f466f1dca00063c8f368985e332c6f66185ea4e9587cb5398d52cac8c7ba7cb4d556e9855") (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(r7, &(0x7f00000002c0)) (async)
syz_clone3(&(0x7f00000049c0)={0x86000000, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200), {0x3f}, &(0x7f0000002240)=""/45, 0x2d, &(0x7f0000002280)=""/1, &(0x7f0000004a40)=[r2, r1, r1, r3, r4, r1, r5, r1, r6, r7], 0xa}, 0x58) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10040, 0x0) (async)
read$FUSE(r8, &(0x7f0000000140)={0x2020}, 0x2020) (async)

09:48:32 executing program 1:
syz_io_uring_setup(0x3a64, &(0x7f0000000080)={0x0, 0xdce3, 0x0, 0x0, 0x31f}, &(0x7f0000ff3000/0xc000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0))

09:48:32 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

09:48:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
r1 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r2=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r2)
syz_io_uring_complete(r2)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_rr_get_interval(r3, &(0x7f0000002180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x10000000)

09:48:32 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61)

[ 2662.850018][T25696] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2662.857835][T25696] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2662.865640][T25696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2662.873451][T25696] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2662.881267][T25696]  </TASK>
[ 2662.931625][T25780] FAULT_INJECTION: forcing a failure.
[ 2662.931625][T25780] name failslab, interval 1, probability 0, space 0, times 0
[ 2662.958344][T25780] CPU: 1 PID: 25780 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2662.969803][T25780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2662.979703][T25780] Call Trace:
[ 2662.982817][T25780]  <TASK>
[ 2662.985597][T25780]  dump_stack_lvl+0x151/0x1b7
[ 2662.990112][T25780]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2662.995408][T25780]  dump_stack+0x15/0x17
[ 2662.999399][T25780]  should_fail+0x3c0/0x510
[ 2663.003652][T25780]  __should_failslab+0x9f/0xe0
[ 2663.008250][T25780]  should_failslab+0x9/0x20
[ 2663.012591][T25780]  kmem_cache_alloc+0x4f/0x2f0
[ 2663.017187][T25780]  ? vm_area_dup+0x26/0x1d0
[ 2663.021528][T25780]  ? __kasan_check_read+0x11/0x20
[ 2663.026390][T25780]  vm_area_dup+0x26/0x1d0
[ 2663.030556][T25780]  dup_mmap+0x6b8/0xea0
[ 2663.034547][T25780]  ? __delayed_free_task+0x20/0x20
[ 2663.039495][T25780]  ? mm_init+0x807/0x960
[ 2663.043574][T25780]  dup_mm+0x91/0x330
[ 2663.047307][T25780]  copy_mm+0x108/0x1b0
[ 2663.051210][T25780]  copy_process+0x1295/0x3250
[ 2663.055719][T25780]  ? proc_fail_nth_write+0x213/0x290
[ 2663.060841][T25780]  ? proc_fail_nth_read+0x220/0x220
[ 2663.065905][T25780]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2663.070825][T25780]  ? vfs_write+0x9af/0x1050
[ 2663.075161][T25780]  kernel_clone+0x22d/0x990
[ 2663.079499][T25780]  ? file_end_write+0x1b0/0x1b0
[ 2663.084191][T25780]  ? __kasan_check_write+0x14/0x20
[ 2663.089139][T25780]  ? create_io_thread+0x1e0/0x1e0
[ 2663.093995][T25780]  ? __mutex_lock_slowpath+0x10/0x10
[ 2663.099117][T25780]  __x64_sys_clone+0x289/0x310
[ 2663.103715][T25780]  ? __do_sys_vfork+0x130/0x130
[ 2663.108403][T25780]  ? debug_smp_processor_id+0x17/0x20
[ 2663.113612][T25780]  do_syscall_64+0x44/0xd0
[ 2663.117870][T25780]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2663.123591][T25780] RIP: 0033:0x7f5b7e88a639
[ 2663.127842][T25780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2663.147296][T25780] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2663.155531][T25780] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2663.163341][T25780] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2663.171151][T25780] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:32 executing program 4:
r0 = syz_io_uring_setup(0x7e24, &(0x7f0000000000)={0x0, 0x830f, 0x200, 0x2, 0xfffffffe}, &(0x7f0000000000/0x10000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000003c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x84000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_clone3(&(0x7f0000000300)={0x20000200, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=<r2=>0x0, {0x1c}, &(0x7f00000001c0)=""/31, 0x1f, &(0x7f0000000200)=""/165, &(0x7f00000002c0)=[r1], 0x1}, 0x58)
socket$pptp(0x18, 0x1, 0x2)
mmap$IORING_OFF_SQES(&(0x7f000000f000/0x1000)=nil, 0x1000, 0x4, 0x100010, r0, 0x10000000)
sched_rr_get_interval(r2, &(0x7f0000000380))
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f00000000c0))

09:48:32 executing program 1:
syz_io_uring_setup(0x3a64, &(0x7f0000000080)={0x0, 0xdce3, 0x0, 0x0, 0x31f}, &(0x7f0000ff3000/0xc000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0))

09:48:32 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="994d76bfbd505dba62d294d3c396fcd404c2eda025e5793fbfcd330445dc419a198fedd772d4ce12b2e2d5680e2e3e1a7ab0ddf9cedab46cfb8d38a3829ba41b73514294427fd1d580f85b90f7fa8e965a53132716556714e69d38a6af8f11439e00383bc9d3c1a8044ab263d172b18aba9bb297949a29de6fe385f474c2020c486cc170558a4d7e65f859947ff2bae1c0f9b7974fb05ba34bfd10e23cbaa66d50ddedaef9ea0979dd1c9d263b1eaad9deb22833516373f7057505edf09ed3b8630d00dbe9a65d63280be3282e53a18c11132d54f407762c678b0a490cf077d230d38f20ee6e41ddddff8d6f0eaf733a10af237f", 0xf4, 0xfffffffffffffffb)
keyctl$update(0x2, r1, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6027f0170018000000000000000000000000ffff00000000fe8000000000000000000000000000002c02a4"], 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r1=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r1)
syz_io_uring_complete(r1)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
sched_rr_get_interval(r2, &(0x7f0000002180))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

09:48:32 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x1000, &(0x7f00000022c0)="983b22ca11b132ddc8eaf3e1af093439263bdddf982c9c2611d292af0e", 0x1d, &(0x7f0000002300), &(0x7f0000002340), &(0x7f0000002380)="d9f8a80775d96d33436f6ecd9441db010985499083bfc6f2a41df0c45f7d27a53d8cfeab0d351c0df758f3a3c9dc46308f23d9a9f0be7cdfdf45099552edddad899534264587ad20f0c57b3f26d39b2fa556aaa643efef6e4c5e260e94aed8b1214bf15eceb8d325612d498261cd7d69cd1ba6bf21ce5abd4a154a2daa380c2dbb970fb6e77f0fc3900b307a89c6df257b6ba02ed8df7f8f994777429fc45d066b0d4c95a4049dd4a32eab1c9243651c7e78977c0c0f403c5ac2f79e1e308f893b381f306651ac7dab6274793ceb8daebf2a2b")
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r3, &(0x7f00000002c0))
read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
r5 = syz_clone3(&(0x7f00000046c0)={0xc4000000, &(0x7f00000044c0), &(0x7f0000004500), &(0x7f0000004540), {0x22}, &(0x7f0000004580)=""/175, 0xaf, &(0x7f0000004640)=""/40, &(0x7f0000004680)=[r1, r1], 0x2}, 0x58)
r6 = syz_clone(0x904080, &(0x7f0000004740)="472608e7500d1b24b0e2245ce351d6397a7a63611ea99d7ae1dce8e2918815d77418c5e4dbea7a4b736755463e05b08d8b54640aaf98339d8e428738776189d1d61bab179ba29f8ce3f0d3bbb469e99dbbb9b5a42c182cd5c5b55f258d592b0eda85037117ecb2bd69a18aca406f42521202cb3489757411088b77b34cb1f0a476906783fb407b1268d6fe63132debbcdae1bc148a9d0b00a33171f01a62903c15c0e1782c4d3a8ae8576dbc6fb632101f17bb58127fa97a676d4fab85143fe2c2299ba5b8731787f7e4c7d776b07f4e40b190655051b879b1a11a836f", 0xdd, &(0x7f0000004840), &(0x7f0000004880), &(0x7f00000048c0)="c8159b4cc0e3fbcc5e9eb7ee3ceb185032a2bcdb8b2fe2b8a6a2ee0b062938350da280c403cc01d6f096a746b0e46303197be202b9b20c78f0ad6e97a845d70ee2f6412afe055de7b9d5f8b0368fffb68cd243badbf131c1bdedc0fe1ef6309ef1dcead9a76bb67f87fd4814c97464fd3f2cd9c602e1e03892ddcb0763951f8abf355dc1d720f2250f466f1dca00063c8f368985e332c6f66185ea4e9587cb5398d52cac8c7ba7cb4d556e9855")
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r7, &(0x7f00000002c0))
syz_clone3(&(0x7f00000049c0)={0x86000000, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200), {0x3f}, &(0x7f0000002240)=""/45, 0x2d, &(0x7f0000002280)=""/1, &(0x7f0000004a40)=[r2, r1, r1, r3, r4, r1, r5, r1, r6, r7], 0xa}, 0x58)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10040, 0x0)
read$FUSE(r8, &(0x7f0000000140)={0x2020}, 0x2020)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x1000, &(0x7f00000022c0)="983b22ca11b132ddc8eaf3e1af093439263bdddf982c9c2611d292af0e", 0x1d, &(0x7f0000002300), &(0x7f0000002340), &(0x7f0000002380)="d9f8a80775d96d33436f6ecd9441db010985499083bfc6f2a41df0c45f7d27a53d8cfeab0d351c0df758f3a3c9dc46308f23d9a9f0be7cdfdf45099552edddad899534264587ad20f0c57b3f26d39b2fa556aaa643efef6e4c5e260e94aed8b1214bf15eceb8d325612d498261cd7d69cd1ba6bf21ce5abd4a154a2daa380c2dbb970fb6e77f0fc3900b307a89c6df257b6ba02ed8df7f8f994777429fc45d066b0d4c95a4049dd4a32eab1c9243651c7e78977c0c0f403c5ac2f79e1e308f893b381f306651ac7dab6274793ceb8daebf2a2b") (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(r3, &(0x7f00000002c0)) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020}, 0x2020) (async)
syz_clone3(&(0x7f00000046c0)={0xc4000000, &(0x7f00000044c0), &(0x7f0000004500), &(0x7f0000004540), {0x22}, &(0x7f0000004580)=""/175, 0xaf, &(0x7f0000004640)=""/40, &(0x7f0000004680)=[r1, r1], 0x2}, 0x58) (async)
syz_clone(0x904080, &(0x7f0000004740)="472608e7500d1b24b0e2245ce351d6397a7a63611ea99d7ae1dce8e2918815d77418c5e4dbea7a4b736755463e05b08d8b54640aaf98339d8e428738776189d1d61bab179ba29f8ce3f0d3bbb469e99dbbb9b5a42c182cd5c5b55f258d592b0eda85037117ecb2bd69a18aca406f42521202cb3489757411088b77b34cb1f0a476906783fb407b1268d6fe63132debbcdae1bc148a9d0b00a33171f01a62903c15c0e1782c4d3a8ae8576dbc6fb632101f17bb58127fa97a676d4fab85143fe2c2299ba5b8731787f7e4c7d776b07f4e40b190655051b879b1a11a836f", 0xdd, &(0x7f0000004840), &(0x7f0000004880), &(0x7f00000048c0)="c8159b4cc0e3fbcc5e9eb7ee3ceb185032a2bcdb8b2fe2b8a6a2ee0b062938350da280c403cc01d6f096a746b0e46303197be202b9b20c78f0ad6e97a845d70ee2f6412afe055de7b9d5f8b0368fffb68cd243badbf131c1bdedc0fe1ef6309ef1dcead9a76bb67f87fd4814c97464fd3f2cd9c602e1e03892ddcb0763951f8abf355dc1d720f2250f466f1dca00063c8f368985e332c6f66185ea4e9587cb5398d52cac8c7ba7cb4d556e9855") (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(r7, &(0x7f00000002c0)) (async)
syz_clone3(&(0x7f00000049c0)={0x86000000, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200), {0x3f}, &(0x7f0000002240)=""/45, 0x2d, &(0x7f0000002280)=""/1, &(0x7f0000004a40)=[r2, r1, r1, r3, r4, r1, r5, r1, r6, r7], 0xa}, 0x58) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x10040, 0x0) (async)
read$FUSE(r8, &(0x7f0000000140)={0x2020}, 0x2020) (async)

09:48:32 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62)

09:48:32 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="994d76bfbd505dba62d294d3c396fcd404c2eda025e5793fbfcd330445dc419a198fedd772d4ce12b2e2d5680e2e3e1a7ab0ddf9cedab46cfb8d38a3829ba41b73514294427fd1d580f85b90f7fa8e965a53132716556714e69d38a6af8f11439e00383bc9d3c1a8044ab263d172b18aba9bb297949a29de6fe385f474c2020c486cc170558a4d7e65f859947ff2bae1c0f9b7974fb05ba34bfd10e23cbaa66d50ddedaef9ea0979dd1c9d263b1eaad9deb22833516373f7057505edf09ed3b8630d00dbe9a65d63280be3282e53a18c11132d54f407762c678b0a490cf077d230d38f20ee6e41ddddff8d6f0eaf733a10af237f", 0xf4, 0xfffffffffffffffb)
keyctl$update(0x2, r1, 0x0, 0x0) (async)
syz_emit_ethernet(0x4e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6027f0170018000000000000000000000000ffff00000000fe8000000000000000000000000000002c02a4"], 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:32 executing program 1:
syz_io_uring_setup(0x3a64, &(0x7f0000000080)={0x0, 0xdce3, 0x0, 0x0, 0x31f}, &(0x7f0000ff3000/0xc000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0) (async)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0))

[ 2663.178962][T25780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2663.186773][T25780] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2663.194593][T25780]  </TASK>
09:48:32 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000080))

09:48:32 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="994d76bfbd505dba62d294d3c396fcd404c2eda025e5793fbfcd330445dc419a198fedd772d4ce12b2e2d5680e2e3e1a7ab0ddf9cedab46cfb8d38a3829ba41b73514294427fd1d580f85b90f7fa8e965a53132716556714e69d38a6af8f11439e00383bc9d3c1a8044ab263d172b18aba9bb297949a29de6fe385f474c2020c486cc170558a4d7e65f859947ff2bae1c0f9b7974fb05ba34bfd10e23cbaa66d50ddedaef9ea0979dd1c9d263b1eaad9deb22833516373f7057505edf09ed3b8630d00dbe9a65d63280be3282e53a18c11132d54f407762c678b0a490cf077d230d38f20ee6e41ddddff8d6f0eaf733a10af237f", 0xf4, 0xfffffffffffffffb)
keyctl$update(0x2, r1, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6027f0170018000000000000000000000000ffff00000000fe8000000000000000000000000000002c02a4"], 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="994d76bfbd505dba62d294d3c396fcd404c2eda025e5793fbfcd330445dc419a198fedd772d4ce12b2e2d5680e2e3e1a7ab0ddf9cedab46cfb8d38a3829ba41b73514294427fd1d580f85b90f7fa8e965a53132716556714e69d38a6af8f11439e00383bc9d3c1a8044ab263d172b18aba9bb297949a29de6fe385f474c2020c486cc170558a4d7e65f859947ff2bae1c0f9b7974fb05ba34bfd10e23cbaa66d50ddedaef9ea0979dd1c9d263b1eaad9deb22833516373f7057505edf09ed3b8630d00dbe9a65d63280be3282e53a18c11132d54f407762c678b0a490cf077d230d38f20ee6e41ddddff8d6f0eaf733a10af237f", 0xf4, 0xfffffffffffffffb) (async)
keyctl$update(0x2, r1, 0x0, 0x0) (async)
syz_emit_ethernet(0x4e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6027f0170018000000000000000000000000ffff00000000fe8000000000000000000000000000002c02a4"], 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r1=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r1)
syz_io_uring_complete(r1)
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
sched_rr_get_interval(r2, &(0x7f0000002180))

09:48:32 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000080))
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000080)) (async)

[ 2663.259958][T25842] FAULT_INJECTION: forcing a failure.
[ 2663.259958][T25842] name failslab, interval 1, probability 0, space 0, times 0
[ 2663.288371][T25842] CPU: 0 PID: 25842 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2663.299851][T25842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2663.309729][T25842] Call Trace:
[ 2663.312851][T25842]  <TASK>
[ 2663.315644][T25842]  dump_stack_lvl+0x151/0x1b7
[ 2663.320143][T25842]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2663.325447][T25842]  dump_stack+0x15/0x17
[ 2663.329431][T25842]  should_fail+0x3c0/0x510
[ 2663.333694][T25842]  __should_failslab+0x9f/0xe0
[ 2663.338282][T25842]  should_failslab+0x9/0x20
[ 2663.342621][T25842]  kmem_cache_alloc+0x4f/0x2f0
[ 2663.347220][T25842]  ? vm_area_dup+0x26/0x1d0
[ 2663.351561][T25842]  vm_area_dup+0x26/0x1d0
[ 2663.355727][T25842]  dup_mmap+0x6b8/0xea0
[ 2663.359723][T25842]  ? __delayed_free_task+0x20/0x20
[ 2663.364667][T25842]  ? mm_init+0x807/0x960
[ 2663.368745][T25842]  dup_mm+0x91/0x330
[ 2663.372476][T25842]  copy_mm+0x108/0x1b0
[ 2663.376384][T25842]  copy_process+0x1295/0x3250
[ 2663.380899][T25842]  ? proc_fail_nth_write+0x213/0x290
[ 2663.386015][T25842]  ? proc_fail_nth_read+0x220/0x220
[ 2663.391052][T25842]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2663.395998][T25842]  ? vfs_write+0x9af/0x1050
[ 2663.400335][T25842]  kernel_clone+0x22d/0x990
[ 2663.404671][T25842]  ? file_end_write+0x1b0/0x1b0
[ 2663.409360][T25842]  ? __kasan_check_write+0x14/0x20
[ 2663.414307][T25842]  ? create_io_thread+0x1e0/0x1e0
[ 2663.419167][T25842]  ? __mutex_lock_slowpath+0x10/0x10
[ 2663.424289][T25842]  __x64_sys_clone+0x289/0x310
[ 2663.428888][T25842]  ? __do_sys_vfork+0x130/0x130
[ 2663.433576][T25842]  ? debug_smp_processor_id+0x17/0x20
[ 2663.438782][T25842]  do_syscall_64+0x44/0xd0
[ 2663.443034][T25842]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2663.448762][T25842] RIP: 0033:0x7f5b7e88a639
[ 2663.453016][T25842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2663.472457][T25842] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2663.480700][T25842] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2663.488511][T25842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2663.496323][T25842] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2663.504134][T25842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2663.511945][T25842] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2663.519783][T25842]  </TASK>
09:48:33 executing program 4:
r0 = syz_io_uring_setup(0x7e24, &(0x7f0000000000)={0x0, 0x830f, 0x200, 0x2, 0xfffffffe}, &(0x7f0000000000/0x10000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000003c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x84000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
syz_clone3(&(0x7f0000000300)={0x20000200, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=<r2=>0x0, {0x1c}, &(0x7f00000001c0)=""/31, 0x1f, &(0x7f0000000200)=""/165, &(0x7f00000002c0)=[r1], 0x1}, 0x58)
socket$pptp(0x18, 0x1, 0x2) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f000000f000/0x1000)=nil, 0x1000, 0x4, 0x100010, r0, 0x10000000) (async, rerun: 64)
sched_rr_get_interval(r2, &(0x7f0000000380)) (async, rerun: 64)
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f00000000c0)) (rerun: 64)

09:48:33 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r1=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r1)
syz_io_uring_complete(r1)
read$FUSE(r0, &(0x7f0000000140)={0x2020}, 0x2020)

09:48:33 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000080))

09:48:33 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x6ebf, &(0x7f0000000100)={0x0, 0xb504, 0x2, 0x2, 0x64, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000200))

09:48:33 executing program 1:
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0xfff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:33 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63)

09:48:33 executing program 0:
r0 = syz_io_uring_setup(0x21a2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3e5}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:33 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r1=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r1)
syz_io_uring_complete(r1)

09:48:33 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_io_uring_setup(0x6ebf, &(0x7f0000000100)={0x0, 0xb504, 0x2, 0x2, 0x64, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000200))
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_io_uring_setup(0x6ebf, &(0x7f0000000100)={0x0, 0xb504, 0x2, 0x2, 0x64, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000200)) (async)

09:48:33 executing program 4:
r0 = syz_io_uring_setup(0x7e24, &(0x7f0000000000)={0x0, 0x830f, 0x200, 0x2, 0xfffffffe}, &(0x7f0000000000/0x10000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000003c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x84000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_clone3(&(0x7f0000000300)={0x20000200, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=<r2=>0x0, {0x1c}, &(0x7f00000001c0)=""/31, 0x1f, &(0x7f0000000200)=""/165, &(0x7f00000002c0)=[r1], 0x1}, 0x58)
socket$pptp(0x18, 0x1, 0x2)
mmap$IORING_OFF_SQES(&(0x7f000000f000/0x1000)=nil, 0x1000, 0x4, 0x100010, r0, 0x10000000)
sched_rr_get_interval(r2, &(0x7f0000000380))
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f00000000c0))
syz_io_uring_setup(0x7e24, &(0x7f0000000000)={0x0, 0x830f, 0x200, 0x2, 0xfffffffe}, &(0x7f0000000000/0x10000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000003c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x84000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
syz_clone3(&(0x7f0000000300)={0x20000200, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x1c}, &(0x7f00000001c0)=""/31, 0x1f, &(0x7f0000000200)=""/165, &(0x7f00000002c0)=[r1], 0x1}, 0x58) (async)
socket$pptp(0x18, 0x1, 0x2) (async)
mmap$IORING_OFF_SQES(&(0x7f000000f000/0x1000)=nil, 0x1000, 0x4, 0x100010, r0, 0x10000000) (async)
sched_rr_get_interval(r2, &(0x7f0000000380)) (async)
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f00000000c0)) (async)

09:48:33 executing program 1:
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0xfff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0xfff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:33 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 32)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 32)
syz_io_uring_setup(0x6ebf, &(0x7f0000000100)={0x0, 0xb504, 0x2, 0x2, 0x64, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async, rerun: 32)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000200)) (rerun: 32)

[ 2664.285989][T25932] FAULT_INJECTION: forcing a failure.
[ 2664.285989][T25932] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2664.315836][T25932] CPU: 1 PID: 25932 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2664.327311][T25932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2664.337208][T25932] Call Trace:
[ 2664.340330][T25932]  <TASK>
[ 2664.343106][T25932]  dump_stack_lvl+0x151/0x1b7
[ 2664.347619][T25932]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2664.352915][T25932]  dump_stack+0x15/0x17
[ 2664.356504][T25953] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2664.356901][T25932]  should_fail+0x3c0/0x510
[ 2664.370186][T25932]  should_fail_alloc_page+0x58/0x70
[ 2664.375219][T25932]  __alloc_pages+0x1de/0x7c0
[ 2664.379652][T25932]  ? __count_vm_events+0x30/0x30
[ 2664.384418][T25932]  ? __this_cpu_preempt_check+0x13/0x20
[ 2664.389800][T25932]  ? __mod_node_page_state+0xac/0xf0
[ 2664.394919][T25932]  pte_alloc_one+0x73/0x1b0
[ 2664.395896][T25956] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2664.399259][T25932]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2664.399285][T25932]  __pte_alloc+0x86/0x350
[ 2664.417487][T25932]  ? free_pgtables+0x210/0x210
[ 2664.422082][T25932]  ? _raw_spin_lock+0xa3/0x1b0
[ 2664.426685][T25932]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2664.431891][T25932]  ? __kernel_text_address+0x9a/0x110
[ 2664.437116][T25932]  copy_pte_range+0x1b1f/0x20b0
[ 2664.441790][T25932]  ? __kunmap_atomic+0x80/0x80
[ 2664.446400][T25932]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2664.451246][T25932]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2664.456106][T25932]  ? kmem_cache_alloc+0x189/0x2f0
[ 2664.460998][T25932]  ? vm_area_dup+0x26/0x1d0
[ 2664.465306][T25932]  ? dup_mmap+0x6b8/0xea0
[ 2664.469479][T25932]  ? dup_mm+0x91/0x330
[ 2664.473376][T25932]  ? copy_mm+0x108/0x1b0
[ 2664.477458][T25932]  ? copy_process+0x1295/0x3250
[ 2664.482143][T25932]  ? kernel_clone+0x22d/0x990
[ 2664.486656][T25932]  ? __x64_sys_clone+0x289/0x310
[ 2664.491432][T25932]  ? do_syscall_64+0x44/0xd0
[ 2664.495855][T25932]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2664.501759][T25932]  copy_page_range+0xc1e/0x1090
[ 2664.506451][T25932]  ? pfn_valid+0x1e0/0x1e0
[ 2664.510708][T25932]  dup_mmap+0x99f/0xea0
[ 2664.514690][T25932]  ? __delayed_free_task+0x20/0x20
[ 2664.519640][T25932]  ? mm_init+0x807/0x960
[ 2664.523716][T25932]  dup_mm+0x91/0x330
[ 2664.527448][T25932]  copy_mm+0x108/0x1b0
[ 2664.531360][T25932]  copy_process+0x1295/0x3250
[ 2664.535870][T25932]  ? proc_fail_nth_write+0x213/0x290
[ 2664.540989][T25932]  ? proc_fail_nth_read+0x220/0x220
[ 2664.546024][T25932]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2664.550969][T25932]  ? vfs_write+0x9af/0x1050
[ 2664.555310][T25932]  kernel_clone+0x22d/0x990
[ 2664.559650][T25932]  ? file_end_write+0x1b0/0x1b0
[ 2664.564334][T25932]  ? __kasan_check_write+0x14/0x20
[ 2664.569285][T25932]  ? create_io_thread+0x1e0/0x1e0
[ 2664.574142][T25932]  ? __mutex_lock_slowpath+0x10/0x10
[ 2664.579269][T25932]  __x64_sys_clone+0x289/0x310
[ 2664.583860][T25932]  ? __do_sys_vfork+0x130/0x130
[ 2664.588551][T25932]  ? debug_smp_processor_id+0x17/0x20
[ 2664.593755][T25932]  do_syscall_64+0x44/0xd0
[ 2664.598009][T25932]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2664.603738][T25932] RIP: 0033:0x7f5b7e88a639
[ 2664.607990][T25932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2664.627429][T25932] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:33 executing program 1:
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0xfff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0xfff}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:33 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
dup2(r2, r1)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=@ipv6_getaddr={0x18, 0x16, 0x911}, 0x18}}, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x30, 0xffffffffffffffff, 0x10000000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000080))
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(0xffffffffffffffff, 0x8002af76, &(0x7f0000000280))
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x1c}, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000240)={r4, 0x100, 0xe0, 0x1})

09:48:33 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
dup2(r2, r1)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=@ipv6_getaddr={0x18, 0x16, 0x911}, 0x18}}, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x30, 0xffffffffffffffff, 0x10000000) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000080))
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) (async)
ioctl$VHOST_VDPA_GET_VRING_NUM(0xffffffffffffffff, 0x8002af76, &(0x7f0000000280)) (async)
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x1c}, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000240)={r4, 0x100, 0xe0, 0x1})

09:48:33 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
dup2(r2, r1) (async)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=@ipv6_getaddr={0x18, 0x16, 0x911}, 0x18}}, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x30, 0xffffffffffffffff, 0x10000000) (async, rerun: 64)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000080)) (async, rerun: 64)
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) (async, rerun: 64)
ioctl$VHOST_VDPA_GET_VRING_NUM(0xffffffffffffffff, 0x8002af76, &(0x7f0000000280))
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x1c}, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000240)={r4, 0x100, 0xe0, 0x1})

09:48:33 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
socketpair(0xa, 0x5, 0xffffffff, &(0x7f0000000080))

[ 2664.635675][T25932] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2664.643489][T25932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2664.651301][T25932] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2664.659110][T25932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2664.666920][T25932] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2664.674736][T25932]  </TASK>
09:48:34 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64)

09:48:34 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
socketpair(0xa, 0x5, 0xffffffff, &(0x7f0000000080))

09:48:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r1=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r1)

09:48:34 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000100)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x0, 0x0, 0x70bd27}, 0x14}}, 0x0)
dup2(r1, r0)

09:48:34 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f0000002140)=0xe, 0x81800)
ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f0000002180)=""/88)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:34 executing program 0:
r0 = syz_io_uring_setup(0x21a2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3e5}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:34 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000100)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x0, 0x0, 0x70bd27}, 0x14}}, 0x0) (async)
dup2(r1, r0)

09:48:34 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
socketpair(0xa, 0x5, 0xffffffff, &(0x7f0000000080))

09:48:34 executing program 0:
r0 = syz_io_uring_setup(0x21a2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3e5}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x21a2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3e5}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:34 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000100)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x0, 0x0, 0x70bd27}, 0x14}}, 0x0) (async)
dup2(r1, r0)

09:48:34 executing program 0:
r0 = syz_io_uring_setup(0x7904, &(0x7f0000000000)={0x0, 0x0, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x424, 0x2]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x9, 0x7, 0x10001]}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1000}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x5)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r1, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x6, 0x38000, 0x1]}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x32}}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xdd}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xef}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2664.753253][T26004] FAULT_INJECTION: forcing a failure.
[ 2664.753253][T26004] name failslab, interval 1, probability 0, space 0, times 0
[ 2664.771214][T26004] CPU: 0 PID: 26004 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2664.782668][T26004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2664.792562][T26004] Call Trace:
[ 2664.795684][T26004]  <TASK>
[ 2664.798462][T26004]  dump_stack_lvl+0x151/0x1b7
09:48:34 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f0000002140)=0xe, 0x81800)
ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f0000002180)=""/88) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2664.802977][T26004]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2664.808271][T26004]  dump_stack+0x15/0x17
[ 2664.812262][T26004]  should_fail+0x3c0/0x510
[ 2664.816517][T26004]  __should_failslab+0x9f/0xe0
[ 2664.821119][T26004]  should_failslab+0x9/0x20
[ 2664.825456][T26004]  kmem_cache_alloc+0x4f/0x2f0
[ 2664.830055][T26004]  ? vm_area_dup+0x26/0x1d0
[ 2664.834395][T26004]  vm_area_dup+0x26/0x1d0
[ 2664.838561][T26004]  dup_mmap+0x6b8/0xea0
[ 2664.842554][T26004]  ? __delayed_free_task+0x20/0x20
[ 2664.847500][T26004]  ? mm_init+0x807/0x960
[ 2664.851578][T26004]  dup_mm+0x91/0x330
[ 2664.855313][T26004]  copy_mm+0x108/0x1b0
[ 2664.859216][T26004]  copy_process+0x1295/0x3250
[ 2664.863744][T26004]  ? proc_fail_nth_write+0x213/0x290
[ 2664.868850][T26004]  ? proc_fail_nth_read+0x220/0x220
[ 2664.873892][T26004]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2664.878830][T26004]  ? vfs_write+0x9af/0x1050
[ 2664.883172][T26004]  kernel_clone+0x22d/0x990
[ 2664.887511][T26004]  ? file_end_write+0x1b0/0x1b0
[ 2664.892199][T26004]  ? __kasan_check_write+0x14/0x20
[ 2664.897144][T26004]  ? create_io_thread+0x1e0/0x1e0
[ 2664.902005][T26004]  ? __mutex_lock_slowpath+0x10/0x10
[ 2664.907131][T26004]  __x64_sys_clone+0x289/0x310
[ 2664.911725][T26004]  ? __do_sys_vfork+0x130/0x130
[ 2664.916415][T26004]  ? debug_smp_processor_id+0x17/0x20
[ 2664.921621][T26004]  do_syscall_64+0x44/0xd0
[ 2664.925872][T26004]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2664.931605][T26004] RIP: 0033:0x7f5b7e88a639
[ 2664.935854][T26004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2664.955299][T26004] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2664.963540][T26004] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2664.971350][T26004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2664.979162][T26004] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2664.986973][T26004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2664.994784][T26004] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2665.002599][T26004]  </TASK>
09:48:34 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65)

09:48:34 executing program 0:
r0 = syz_io_uring_setup(0x7904, &(0x7f0000000000)={0x0, 0x0, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x424, 0x2]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x9, 0x7, 0x10001]}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1000}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x5)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r1, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x6, 0x38000, 0x1]}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x32}}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xdd}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xef}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x7904, &(0x7f0000000000)={0x0, 0x0, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x424, 0x2]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x9, 0x7, 0x10001]}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1000}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x5) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff) (async)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r1, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x6, 0x38000, 0x1]}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x32}}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xdd}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xef}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x40) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:34 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async, rerun: 64)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f0000002140)=0xe, 0x81800)
ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f0000002180)=""/88) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020) (async, rerun: 32)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (rerun: 32)

09:48:34 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0)
fsetxattr$security_selinux(r0, &(0x7f0000000100), &(0x7f0000000140)='system_u:object_r:apt_exec_t:s0\x00', 0x20, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:34 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
fsetxattr$security_selinux(r0, &(0x7f0000000100), &(0x7f0000000140)='system_u:object_r:apt_exec_t:s0\x00', 0x20, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2665.059871][T26041] FAULT_INJECTION: forcing a failure.
[ 2665.059871][T26041] name failslab, interval 1, probability 0, space 0, times 0
[ 2665.113057][T26041] CPU: 0 PID: 26041 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2665.124691][T26041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2665.134587][T26041] Call Trace:
[ 2665.137709][T26041]  <TASK>
[ 2665.140487][T26041]  dump_stack_lvl+0x151/0x1b7
[ 2665.145002][T26041]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2665.150295][T26041]  dump_stack+0x15/0x17
[ 2665.154287][T26041]  should_fail+0x3c0/0x510
[ 2665.158583][T26041]  __should_failslab+0x9f/0xe0
[ 2665.163138][T26041]  should_failslab+0x9/0x20
[ 2665.167480][T26041]  kmem_cache_alloc+0x4f/0x2f0
[ 2665.172080][T26041]  ? vm_area_dup+0x26/0x1d0
[ 2665.176417][T26041]  vm_area_dup+0x26/0x1d0
[ 2665.180583][T26041]  dup_mmap+0x6b8/0xea0
[ 2665.184578][T26041]  ? __delayed_free_task+0x20/0x20
[ 2665.189522][T26041]  ? mm_init+0x807/0x960
[ 2665.193602][T26041]  dup_mm+0x91/0x330
[ 2665.197335][T26041]  copy_mm+0x108/0x1b0
[ 2665.201239][T26041]  copy_process+0x1295/0x3250
[ 2665.205754][T26041]  ? proc_fail_nth_write+0x213/0x290
[ 2665.210874][T26041]  ? proc_fail_nth_read+0x220/0x220
[ 2665.215908][T26041]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2665.220853][T26041]  ? vfs_write+0x9af/0x1050
[ 2665.225195][T26041]  kernel_clone+0x22d/0x990
[ 2665.229534][T26041]  ? file_end_write+0x1b0/0x1b0
[ 2665.234228][T26041]  ? __kasan_check_write+0x14/0x20
[ 2665.239167][T26041]  ? create_io_thread+0x1e0/0x1e0
[ 2665.244027][T26041]  ? __mutex_lock_slowpath+0x10/0x10
[ 2665.249159][T26041]  __x64_sys_clone+0x289/0x310
[ 2665.253749][T26041]  ? __do_sys_vfork+0x130/0x130
[ 2665.258438][T26041]  ? debug_smp_processor_id+0x17/0x20
[ 2665.263644][T26041]  do_syscall_64+0x44/0xd0
[ 2665.267894][T26041]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2665.273627][T26041] RIP: 0033:0x7f5b7e88a639
[ 2665.277880][T26041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2665.297318][T26041] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2665.305563][T26041] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:34 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), &(0x7f0000000140)='system_u:object_r:apt_exec_t:s0\x00', 0x20, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:34 executing program 0:
r0 = syz_io_uring_setup(0x7904, &(0x7f0000000000)={0x0, 0x0, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x424, 0x2]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x9, 0x7, 0x10001]}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1000}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x5) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r1, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x6, 0x38000, 0x1]}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x32}}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xdd}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xef}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:34 executing program 1:
syz_io_uring_setup(0x3f39, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0xf1}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xec, 0x0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4a}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x23, 0x20}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x75}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x401}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x22e}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:34 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r1)
keyctl$KEYCTL_MOVE(0x1e, r1, 0x0, 0xffffffffffffffff, 0x0)

09:48:34 executing program 1:
syz_io_uring_setup(0x3f39, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0xf1}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xec, 0x0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4a}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x23, 0x20}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x75}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x401}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x22e}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x3f39, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0xf1}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xec, 0x0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4a}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x23, 0x20}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x75}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x401}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x22e}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

[ 2665.313373][T26041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2665.321187][T26041] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2665.328996][T26041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2665.336806][T26041] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2665.344623][T26041]  </TASK>
09:48:35 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66)

09:48:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2665.506385][T26121] FAULT_INJECTION: forcing a failure.
[ 2665.506385][T26121] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2665.519937][T26121] CPU: 0 PID: 26121 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2665.531388][T26121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2665.541279][T26121] Call Trace:
[ 2665.544404][T26121]  <TASK>
[ 2665.547182][T26121]  dump_stack_lvl+0x151/0x1b7
[ 2665.551697][T26121]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2665.556993][T26121]  dump_stack+0x15/0x17
[ 2665.560986][T26121]  should_fail+0x3c0/0x510
[ 2665.565239][T26121]  should_fail_alloc_page+0x58/0x70
[ 2665.570268][T26121]  __alloc_pages+0x1de/0x7c0
[ 2665.574696][T26121]  ? __count_vm_events+0x30/0x30
[ 2665.579467][T26121]  ? __this_cpu_preempt_check+0x13/0x20
[ 2665.584848][T26121]  ? __mod_node_page_state+0xac/0xf0
[ 2665.589970][T26121]  pte_alloc_one+0x73/0x1b0
[ 2665.594318][T26121]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2665.599354][T26121]  __pte_alloc+0x86/0x350
[ 2665.603509][T26121]  ? free_pgtables+0x210/0x210
[ 2665.608108][T26121]  ? _raw_spin_lock+0xa3/0x1b0
[ 2665.612710][T26121]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2665.617915][T26121]  ? __kernel_text_address+0x9a/0x110
[ 2665.623124][T26121]  copy_pte_range+0x1b1f/0x20b0
[ 2665.627814][T26121]  ? __kunmap_atomic+0x80/0x80
[ 2665.632411][T26121]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2665.637270][T26121]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2665.642132][T26121]  ? kmem_cache_alloc+0x189/0x2f0
[ 2665.646989][T26121]  ? vm_area_dup+0x26/0x1d0
[ 2665.651330][T26121]  ? dup_mmap+0x6b8/0xea0
[ 2665.655496][T26121]  ? dup_mm+0x91/0x330
[ 2665.659401][T26121]  ? copy_mm+0x108/0x1b0
[ 2665.663480][T26121]  ? copy_process+0x1295/0x3250
[ 2665.668167][T26121]  ? kernel_clone+0x22d/0x990
[ 2665.672684][T26121]  ? __x64_sys_clone+0x289/0x310
[ 2665.677455][T26121]  ? do_syscall_64+0x44/0xd0
[ 2665.681884][T26121]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2665.687786][T26121]  copy_page_range+0xc1e/0x1090
[ 2665.692473][T26121]  ? pfn_valid+0x1e0/0x1e0
[ 2665.696725][T26121]  dup_mmap+0x99f/0xea0
[ 2665.700723][T26121]  ? __delayed_free_task+0x20/0x20
[ 2665.705662][T26121]  ? mm_init+0x807/0x960
[ 2665.709741][T26121]  dup_mm+0x91/0x330
[ 2665.713472][T26121]  copy_mm+0x108/0x1b0
[ 2665.717383][T26121]  copy_process+0x1295/0x3250
[ 2665.721893][T26121]  ? proc_fail_nth_write+0x213/0x290
[ 2665.727010][T26121]  ? proc_fail_nth_read+0x220/0x220
[ 2665.732043][T26121]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2665.736988][T26121]  ? vfs_write+0x9af/0x1050
[ 2665.741331][T26121]  kernel_clone+0x22d/0x990
[ 2665.745668][T26121]  ? file_end_write+0x1b0/0x1b0
[ 2665.750355][T26121]  ? __kasan_check_write+0x14/0x20
[ 2665.755303][T26121]  ? create_io_thread+0x1e0/0x1e0
[ 2665.760168][T26121]  ? __mutex_lock_slowpath+0x10/0x10
[ 2665.765283][T26121]  __x64_sys_clone+0x289/0x310
[ 2665.769883][T26121]  ? __do_sys_vfork+0x130/0x130
[ 2665.774573][T26121]  ? debug_smp_processor_id+0x17/0x20
[ 2665.779781][T26121]  do_syscall_64+0x44/0xd0
[ 2665.784037][T26121]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2665.789857][T26121] RIP: 0033:0x7f5b7e88a639
[ 2665.794112][T26121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2665.813551][T26121] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2665.821795][T26121] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2665.829607][T26121] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2665.837419][T26121] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2665.845232][T26121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:35 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x40010200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:35 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='.request_key_auth\x00', 0x0) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r1) (async)
keyctl$KEYCTL_MOVE(0x1e, r1, 0x0, 0xffffffffffffffff, 0x0)

09:48:35 executing program 1:
syz_io_uring_setup(0x3f39, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0xf1}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xec, 0x0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4a}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x23, 0x20}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x75}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x401}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x22e}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:35 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000140)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000540)={0x4, 0x4, {0x7, @struct={0x8, 0x3}, r3, 0x1, 0x3, 0x100000000, 0xca000, 0x10000, 0x1, @struct={0x5, 0x4}, 0x497a, 0x401, [0x7f, 0x800, 0x9, 0x6, 0xcc9, 0x8]}, {0x7, @struct={0x7ff, 0x10000}, 0x0, 0x43b3, 0x400, 0x9, 0x5, 0x8000000000000000, 0x40, @usage=0x6, 0x2, 0x1a, [0x0, 0x7ff, 0x4, 0xca2, 0xffff, 0x1]}, {0x1, @struct={0x0, 0x1764}, 0x0, 0x7, 0x400, 0x2, 0x5, 0x0, 0x20, @struct={0x8, 0x2}, 0x7, 0x1, [0x2, 0x3f, 0x20, 0x4, 0x80000000, 0x7]}, {0x72b60c57, 0x6, 0x1849}})
r4 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCGMRU(r4, 0x80047453, &(0x7f0000000940))
syz_open_procfs$namespace(r1, &(0x7f0000000100)='ns/net\x00')

09:48:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:35 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67)

09:48:35 executing program 1:
io_uring_setup(0x672f, &(0x7f00000001c0)={0x0, 0xe782, 0x10, 0x0, 0x317})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_freezer_state(r1, &(0x7f00000002c0)='THAWED\x00', 0x7)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000240)={0x0, 0x0, 0x40, 0x2, 0x1ac}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:35 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='.request_key_auth\x00', 0x0) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r1)
keyctl$KEYCTL_MOVE(0x1e, r1, 0x0, 0xffffffffffffffff, 0x0)

09:48:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2665.853039][T26121] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2665.860853][T26121]  </TASK>
09:48:35 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000140)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000540)={0x4, 0x4, {0x7, @struct={0x8, 0x3}, r3, 0x1, 0x3, 0x100000000, 0xca000, 0x10000, 0x1, @struct={0x5, 0x4}, 0x497a, 0x401, [0x7f, 0x800, 0x9, 0x6, 0xcc9, 0x8]}, {0x7, @struct={0x7ff, 0x10000}, 0x0, 0x43b3, 0x400, 0x9, 0x5, 0x8000000000000000, 0x40, @usage=0x6, 0x2, 0x1a, [0x0, 0x7ff, 0x4, 0xca2, 0xffff, 0x1]}, {0x1, @struct={0x0, 0x1764}, 0x0, 0x7, 0x400, 0x2, 0x5, 0x0, 0x20, @struct={0x8, 0x2}, 0x7, 0x1, [0x2, 0x3f, 0x20, 0x4, 0x80000000, 0x7]}, {0x72b60c57, 0x6, 0x1849}})
r4 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCGMRU(r4, 0x80047453, &(0x7f0000000940)) (async, rerun: 64)
syz_open_procfs$namespace(r1, &(0x7f0000000100)='ns/net\x00') (rerun: 64)

[ 2665.912951][T26183] FAULT_INJECTION: forcing a failure.
[ 2665.912951][T26183] name failslab, interval 1, probability 0, space 0, times 0
[ 2665.932070][T26183] CPU: 1 PID: 26183 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2665.943533][T26183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2665.953430][T26183] Call Trace:
[ 2665.956553][T26183]  <TASK>
[ 2665.959329][T26183]  dump_stack_lvl+0x151/0x1b7
[ 2665.963843][T26183]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2665.969137][T26183]  dump_stack+0x15/0x17
[ 2665.973128][T26183]  should_fail+0x3c0/0x510
[ 2665.977391][T26183]  __should_failslab+0x9f/0xe0
[ 2665.982023][T26183]  should_failslab+0x9/0x20
[ 2665.986348][T26183]  kmem_cache_alloc+0x4f/0x2f0
[ 2665.990922][T26183]  ? vm_area_dup+0x26/0x1d0
[ 2665.995260][T26183]  ? __kasan_check_read+0x11/0x20
[ 2666.000124][T26183]  vm_area_dup+0x26/0x1d0
[ 2666.004289][T26183]  dup_mmap+0x6b8/0xea0
[ 2666.008279][T26183]  ? __delayed_free_task+0x20/0x20
[ 2666.013226][T26183]  ? mm_init+0x807/0x960
[ 2666.017306][T26183]  dup_mm+0x91/0x330
[ 2666.021039][T26183]  copy_mm+0x108/0x1b0
[ 2666.024944][T26183]  copy_process+0x1295/0x3250
[ 2666.029458][T26183]  ? proc_fail_nth_write+0x213/0x290
[ 2666.034584][T26183]  ? proc_fail_nth_read+0x220/0x220
[ 2666.039611][T26183]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2666.044566][T26183]  ? vfs_write+0x9af/0x1050
[ 2666.048898][T26183]  kernel_clone+0x22d/0x990
[ 2666.053235][T26183]  ? file_end_write+0x1b0/0x1b0
[ 2666.057923][T26183]  ? __kasan_check_write+0x14/0x20
[ 2666.062871][T26183]  ? create_io_thread+0x1e0/0x1e0
[ 2666.067730][T26183]  ? __mutex_lock_slowpath+0x10/0x10
[ 2666.072858][T26183]  __x64_sys_clone+0x289/0x310
[ 2666.077450][T26183]  ? __do_sys_vfork+0x130/0x130
[ 2666.082140][T26183]  ? debug_smp_processor_id+0x17/0x20
[ 2666.087347][T26183]  do_syscall_64+0x44/0xd0
[ 2666.091598][T26183]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2666.097334][T26183] RIP: 0033:0x7f5b7e88a639
[ 2666.101579][T26183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2666.121021][T26183] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2666.129264][T26183] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2666.137075][T26183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2666.144886][T26183] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2666.152698][T26183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:35 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x28a}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:35 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x40010200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x40010200, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:35 executing program 1:
io_uring_setup(0x672f, &(0x7f00000001c0)={0x0, 0xe782, 0x10, 0x0, 0x317})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_freezer_state(r1, &(0x7f00000002c0)='THAWED\x00', 0x7)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000240)={0x0, 0x0, 0x40, 0x2, 0x1ac}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:35 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x28a}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:35 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68)

[ 2666.160508][T26183] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2666.168324][T26183]  </TASK>
09:48:35 executing program 1:
io_uring_setup(0x672f, &(0x7f00000001c0)={0x0, 0xe782, 0x10, 0x0, 0x317})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_freezer_state(r1, &(0x7f00000002c0)='THAWED\x00', 0x7) (async, rerun: 64)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async, rerun: 64)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x1a64, &(0x7f0000000240)={0x0, 0x0, 0x40, 0x2, 0x1ac}, &(0x7f0000004000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:35 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x28a}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:35 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x40010200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:35 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xb4002c60}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x8c, r1, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x8}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x3, 0x2, 0xbd, 0x1, 0x3]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x4804)

09:48:35 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000140)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000540)={0x4, 0x4, {0x7, @struct={0x8, 0x3}, r3, 0x1, 0x3, 0x100000000, 0xca000, 0x10000, 0x1, @struct={0x5, 0x4}, 0x497a, 0x401, [0x7f, 0x800, 0x9, 0x6, 0xcc9, 0x8]}, {0x7, @struct={0x7ff, 0x10000}, 0x0, 0x43b3, 0x400, 0x9, 0x5, 0x8000000000000000, 0x40, @usage=0x6, 0x2, 0x1a, [0x0, 0x7ff, 0x4, 0xca2, 0xffff, 0x1]}, {0x1, @struct={0x0, 0x1764}, 0x0, 0x7, 0x400, 0x2, 0x5, 0x0, 0x20, @struct={0x8, 0x2}, 0x7, 0x1, [0x2, 0x3f, 0x20, 0x4, 0x80000000, 0x7]}, {0x72b60c57, 0x6, 0x1849}}) (async)
r4 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCGMRU(r4, 0x80047453, &(0x7f0000000940)) (async)
syz_open_procfs$namespace(r1, &(0x7f0000000100)='ns/net\x00')

[ 2666.221987][T26281] FAULT_INJECTION: forcing a failure.
[ 2666.221987][T26281] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2666.258824][T26281] CPU: 1 PID: 26281 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
09:48:35 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:35 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:35 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000c2, 0x150)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2666.270287][T26281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2666.280184][T26281] Call Trace:
[ 2666.283302][T26281]  <TASK>
[ 2666.286112][T26281]  dump_stack_lvl+0x151/0x1b7
[ 2666.290594][T26281]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2666.295888][T26281]  dump_stack+0x15/0x17
[ 2666.299879][T26281]  should_fail+0x3c0/0x510
[ 2666.304132][T26281]  should_fail_alloc_page+0x58/0x70
[ 2666.309165][T26281]  __alloc_pages+0x1de/0x7c0
[ 2666.313593][T26281]  ? __count_vm_events+0x30/0x30
09:48:35 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:35 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x6a57, &(0x7f0000000100)={0x0, 0xa486, 0x2, 0x0, 0x7e}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2666.318364][T26281]  ? __this_cpu_preempt_check+0x13/0x20
[ 2666.323754][T26281]  ? __mod_node_page_state+0xac/0xf0
[ 2666.328869][T26281]  pte_alloc_one+0x73/0x1b0
[ 2666.333240][T26281]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2666.338242][T26281]  __pte_alloc+0x86/0x350
[ 2666.342408][T26281]  ? free_pgtables+0x210/0x210
[ 2666.347010][T26281]  ? _raw_spin_lock+0xa3/0x1b0
[ 2666.351628][T26281]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 2666.356814][T26281]  ? __kernel_text_address+0x9a/0x110
[ 2666.362024][T26281]  copy_pte_range+0x1b1f/0x20b0
[ 2666.366725][T26281]  ? __kunmap_atomic+0x80/0x80
[ 2666.371312][T26281]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2666.376169][T26281]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2666.381027][T26281]  ? kmem_cache_alloc+0x189/0x2f0
[ 2666.385884][T26281]  ? vm_area_dup+0x26/0x1d0
[ 2666.390223][T26281]  ? dup_mmap+0x6b8/0xea0
[ 2666.394392][T26281]  ? dup_mm+0x91/0x330
[ 2666.398301][T26281]  ? copy_mm+0x108/0x1b0
[ 2666.402375][T26281]  ? copy_process+0x1295/0x3250
[ 2666.407059][T26281]  ? kernel_clone+0x22d/0x990
[ 2666.411574][T26281]  ? __x64_sys_clone+0x289/0x310
[ 2666.416348][T26281]  ? do_syscall_64+0x44/0xd0
[ 2666.420772][T26281]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2666.426676][T26281]  copy_page_range+0xc1e/0x1090
[ 2666.431370][T26281]  ? pfn_valid+0x1e0/0x1e0
[ 2666.435621][T26281]  dup_mmap+0x99f/0xea0
[ 2666.439609][T26281]  ? __delayed_free_task+0x20/0x20
[ 2666.444563][T26281]  ? mm_init+0x807/0x960
[ 2666.448637][T26281]  dup_mm+0x91/0x330
[ 2666.452366][T26281]  copy_mm+0x108/0x1b0
[ 2666.456272][T26281]  copy_process+0x1295/0x3250
[ 2666.460796][T26281]  ? proc_fail_nth_write+0x213/0x290
[ 2666.465914][T26281]  ? proc_fail_nth_read+0x220/0x220
[ 2666.470988][T26281]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2666.475893][T26281]  ? vfs_write+0x9af/0x1050
[ 2666.480230][T26281]  kernel_clone+0x22d/0x990
[ 2666.484565][T26281]  ? file_end_write+0x1b0/0x1b0
[ 2666.489255][T26281]  ? __kasan_check_write+0x14/0x20
[ 2666.494200][T26281]  ? create_io_thread+0x1e0/0x1e0
[ 2666.499061][T26281]  ? __mutex_lock_slowpath+0x10/0x10
[ 2666.504180][T26281]  __x64_sys_clone+0x289/0x310
[ 2666.508783][T26281]  ? __do_sys_vfork+0x130/0x130
[ 2666.513472][T26281]  ? debug_smp_processor_id+0x17/0x20
[ 2666.518677][T26281]  do_syscall_64+0x44/0xd0
[ 2666.522932][T26281]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2666.528656][T26281] RIP: 0033:0x7f5b7e88a639
[ 2666.532913][T26281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2666.552351][T26281] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2666.560592][T26281] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:36 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69)

09:48:36 executing program 3:
syz_io_uring_setup(0x0, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:36 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xb4002c60}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x8c, r1, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x8}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x3, 0x2, 0xbd, 0x1, 0x3]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x4804)

09:48:36 executing program 0:
r0 = syz_io_uring_setup(0x10001a64, &(0x7f0000000000)={0x0, 0x200, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:36 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x6a57, &(0x7f0000000100)={0x0, 0xa486, 0x2, 0x0, 0x7e}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:36 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x49003)

09:48:36 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x49003)

[ 2666.568403][T26281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2666.576218][T26281] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2666.584026][T26281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2666.591841][T26281] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2666.599650][T26281]  </TASK>
09:48:36 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x1}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xb4002c60}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x8c, r1, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x8}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x3, 0x2, 0xbd, 0x1, 0x3]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x4804)

09:48:36 executing program 0:
r0 = syz_io_uring_setup(0x10001a64, &(0x7f0000000000)={0x0, 0x200, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:36 executing program 3:
syz_io_uring_setup(0x0, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2666.639971][T26349] FAULT_INJECTION: forcing a failure.
[ 2666.639971][T26349] name failslab, interval 1, probability 0, space 0, times 0
[ 2666.657845][T26349] CPU: 1 PID: 26349 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2666.669296][T26349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2666.679192][T26349] Call Trace:
[ 2666.682315][T26349]  <TASK>
[ 2666.685092][T26349]  dump_stack_lvl+0x151/0x1b7
09:48:36 executing program 3:
syz_io_uring_setup(0x0, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:36 executing program 3:
syz_io_uring_setup(0x1a64, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2666.689608][T26349]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2666.694903][T26349]  dump_stack+0x15/0x17
[ 2666.698900][T26349]  should_fail+0x3c0/0x510
[ 2666.703145][T26349]  __should_failslab+0x9f/0xe0
[ 2666.707791][T26349]  should_failslab+0x9/0x20
[ 2666.712093][T26349]  kmem_cache_alloc+0x4f/0x2f0
[ 2666.716686][T26349]  ? anon_vma_clone+0xa1/0x4f0
[ 2666.721285][T26349]  anon_vma_clone+0xa1/0x4f0
[ 2666.725714][T26349]  anon_vma_fork+0x91/0x4f0
[ 2666.730060][T26349]  ? anon_vma_name+0x43/0x70
[ 2666.734485][T26349]  dup_mmap+0x750/0xea0
[ 2666.738470][T26349]  ? __delayed_free_task+0x20/0x20
[ 2666.743417][T26349]  ? mm_init+0x807/0x960
[ 2666.747499][T26349]  dup_mm+0x91/0x330
[ 2666.751229][T26349]  copy_mm+0x108/0x1b0
[ 2666.755137][T26349]  copy_process+0x1295/0x3250
[ 2666.759647][T26349]  ? proc_fail_nth_write+0x213/0x290
[ 2666.764775][T26349]  ? proc_fail_nth_read+0x220/0x220
[ 2666.769804][T26349]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2666.774749][T26349]  ? vfs_write+0x9af/0x1050
[ 2666.779087][T26349]  kernel_clone+0x22d/0x990
[ 2666.783445][T26349]  ? file_end_write+0x1b0/0x1b0
[ 2666.788116][T26349]  ? __kasan_check_write+0x14/0x20
[ 2666.793061][T26349]  ? create_io_thread+0x1e0/0x1e0
[ 2666.797922][T26349]  ? __mutex_lock_slowpath+0x10/0x10
[ 2666.803043][T26349]  __x64_sys_clone+0x289/0x310
[ 2666.807643][T26349]  ? __do_sys_vfork+0x130/0x130
[ 2666.812330][T26349]  ? debug_smp_processor_id+0x17/0x20
[ 2666.817538][T26349]  do_syscall_64+0x44/0xd0
[ 2666.821791][T26349]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2666.827516][T26349] RIP: 0033:0x7f5b7e88a639
[ 2666.831771][T26349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2666.851210][T26349] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2666.859455][T26349] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2666.867267][T26349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2666.875091][T26349] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2666.882889][T26349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:36 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70)

09:48:36 executing program 3:
syz_io_uring_setup(0x1a64, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:36 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x49003)

09:48:36 executing program 0:
r0 = syz_io_uring_setup(0x10001a64, &(0x7f0000000000)={0x0, 0x200, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2666.890699][T26349] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2666.898516][T26349]  </TASK>
[ 2666.952205][T26440] FAULT_INJECTION: forcing a failure.
[ 2666.952205][T26440] name failslab, interval 1, probability 0, space 0, times 0
[ 2666.966653][T26440] CPU: 1 PID: 26440 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2666.978104][T26440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2666.988001][T26440] Call Trace:
[ 2666.991120][T26440]  <TASK>
[ 2666.993899][T26440]  dump_stack_lvl+0x151/0x1b7
[ 2666.998413][T26440]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2667.003708][T26440]  dump_stack+0x15/0x17
[ 2667.007698][T26440]  should_fail+0x3c0/0x510
[ 2667.011949][T26440]  __should_failslab+0x9f/0xe0
[ 2667.016547][T26440]  should_failslab+0x9/0x20
[ 2667.020886][T26440]  kmem_cache_alloc+0x4f/0x2f0
[ 2667.025486][T26440]  ? vm_area_dup+0x26/0x1d0
[ 2667.029833][T26440]  ? __kasan_check_read+0x11/0x20
[ 2667.034687][T26440]  vm_area_dup+0x26/0x1d0
[ 2667.038851][T26440]  dup_mmap+0x6b8/0xea0
[ 2667.042844][T26440]  ? __delayed_free_task+0x20/0x20
[ 2667.047791][T26440]  ? mm_init+0x807/0x960
[ 2667.051870][T26440]  dup_mm+0x91/0x330
[ 2667.055602][T26440]  copy_mm+0x108/0x1b0
[ 2667.059520][T26440]  copy_process+0x1295/0x3250
[ 2667.064023][T26440]  ? proc_fail_nth_write+0x213/0x290
[ 2667.069144][T26440]  ? proc_fail_nth_read+0x220/0x220
[ 2667.074176][T26440]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2667.079125][T26440]  ? vfs_write+0x9af/0x1050
[ 2667.083463][T26440]  kernel_clone+0x22d/0x990
[ 2667.087805][T26440]  ? file_end_write+0x1b0/0x1b0
[ 2667.092491][T26440]  ? __kasan_check_write+0x14/0x20
[ 2667.097435][T26440]  ? create_io_thread+0x1e0/0x1e0
[ 2667.102302][T26440]  ? __mutex_lock_slowpath+0x10/0x10
[ 2667.107418][T26440]  __x64_sys_clone+0x289/0x310
[ 2667.112018][T26440]  ? __do_sys_vfork+0x130/0x130
[ 2667.116703][T26440]  ? fpregs_restore_userregs+0x1f0/0x3a0
[ 2667.122174][T26440]  ? switch_fpu_return+0xe/0x10
[ 2667.126859][T26440]  do_syscall_64+0x44/0xd0
[ 2667.131112][T26440]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2667.136839][T26440] RIP: 0033:0x7f5b7e88a639
[ 2667.141096][T26440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2667.160536][T26440] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2667.168777][T26440] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2667.176589][T26440] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2667.184401][T26440] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2667.192212][T26440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:36 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x6a57, &(0x7f0000000100)={0x0, 0xa486, 0x2, 0x0, 0x7e}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:36 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x440000, 0x14)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r1, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1000}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4008811)

09:48:36 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_clone(0x8002000, &(0x7f00000014c0)="910400000000000000e3ae", 0xb, &(0x7f0000001280), &(0x7f0000001300), &(0x7f0000001340)="233ccb9d6c9cd720458b9a6044966c62dcadc417183176764703f92c5fcadd598d76cfa3b2810f1da706b01ce8ea6bff0200f658136c339378e8b51e74f66ce28f2e3e8fc4bb62bd1654d3633c3e54bd0ff58cff33cfed2da61c07652c34377a1a6d5ab0bb8bef5163d65c715de6f90dea9e684dad2676a82edc16ff956412085808365ec840b9")
syz_clone3(&(0x7f0000001440)={0x40b378b30ff2550c, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x3a}, &(0x7f00000001c0)=""/4096, 0x1000, &(0x7f00000011c0)=""/147, &(0x7f0000001400)=[r1], 0x1}, 0x58)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:36 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x1a3)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000140))

09:48:36 executing program 3:
syz_io_uring_setup(0x1a64, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:36 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71)

09:48:36 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x1a3)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000140))

09:48:36 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x440000, 0x14)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r1, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1000}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4008811)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x440000, 0x14) (async)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), 0xffffffffffffffff) (async)
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r1, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1000}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4008811) (async)

[ 2667.200028][T26440] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2667.207839][T26440]  </TASK>
09:48:36 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_clone(0x8002000, &(0x7f00000014c0)="910400000000000000e3ae", 0xb, &(0x7f0000001280), &(0x7f0000001300), &(0x7f0000001340)="233ccb9d6c9cd720458b9a6044966c62dcadc417183176764703f92c5fcadd598d76cfa3b2810f1da706b01ce8ea6bff0200f658136c339378e8b51e74f66ce28f2e3e8fc4bb62bd1654d3633c3e54bd0ff58cff33cfed2da61c07652c34377a1a6d5ab0bb8bef5163d65c715de6f90dea9e684dad2676a82edc16ff956412085808365ec840b9")
syz_clone3(&(0x7f0000001440)={0x40b378b30ff2550c, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x3a}, &(0x7f00000001c0)=""/4096, 0x1000, &(0x7f00000011c0)=""/147, &(0x7f0000001400)=[r1], 0x1}, 0x58)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x8002000, &(0x7f00000014c0)="910400000000000000e3ae", 0xb, &(0x7f0000001280), &(0x7f0000001300), &(0x7f0000001340)="233ccb9d6c9cd720458b9a6044966c62dcadc417183176764703f92c5fcadd598d76cfa3b2810f1da706b01ce8ea6bff0200f658136c339378e8b51e74f66ce28f2e3e8fc4bb62bd1654d3633c3e54bd0ff58cff33cfed2da61c07652c34377a1a6d5ab0bb8bef5163d65c715de6f90dea9e684dad2676a82edc16ff956412085808365ec840b9") (async)
syz_clone3(&(0x7f0000001440)={0x40b378b30ff2550c, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x3a}, &(0x7f00000001c0)=""/4096, 0x1000, &(0x7f00000011c0)=""/147, &(0x7f0000001400)=[r1], 0x1}, 0x58) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:36 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x1a3)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000140))

09:48:36 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2667.261777][T26477] FAULT_INJECTION: forcing a failure.
[ 2667.261777][T26477] name failslab, interval 1, probability 0, space 0, times 0
[ 2667.279981][T26477] CPU: 1 PID: 26477 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2667.291452][T26477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2667.301348][T26477] Call Trace:
[ 2667.304472][T26477]  <TASK>
[ 2667.307248][T26477]  dump_stack_lvl+0x151/0x1b7
09:48:36 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2667.311762][T26477]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2667.317055][T26477]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 2667.323307][T26477]  dump_stack+0x15/0x17
[ 2667.327297][T26477]  should_fail+0x3c0/0x510
[ 2667.331550][T26477]  __should_failslab+0x9f/0xe0
[ 2667.336149][T26477]  should_failslab+0x9/0x20
[ 2667.340489][T26477]  kmem_cache_alloc+0x4f/0x2f0
[ 2667.345086][T26477]  ? anon_vma_fork+0xf7/0x4f0
[ 2667.349605][T26477]  anon_vma_fork+0xf7/0x4f0
[ 2667.353938][T26477]  ? anon_vma_name+0x43/0x70
[ 2667.358362][T26477]  dup_mmap+0x750/0xea0
[ 2667.362356][T26477]  ? __delayed_free_task+0x20/0x20
[ 2667.367304][T26477]  ? mm_init+0x807/0x960
[ 2667.371381][T26477]  dup_mm+0x91/0x330
[ 2667.375113][T26477]  copy_mm+0x108/0x1b0
[ 2667.379018][T26477]  copy_process+0x1295/0x3250
[ 2667.383543][T26477]  ? proc_fail_nth_write+0x213/0x290
[ 2667.388653][T26477]  ? proc_fail_nth_read+0x220/0x220
[ 2667.393686][T26477]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2667.398637][T26477]  ? vfs_write+0x9af/0x1050
[ 2667.402980][T26477]  kernel_clone+0x22d/0x990
[ 2667.407314][T26477]  ? file_end_write+0x1b0/0x1b0
[ 2667.412000][T26477]  ? __kasan_check_write+0x14/0x20
[ 2667.416947][T26477]  ? create_io_thread+0x1e0/0x1e0
[ 2667.421808][T26477]  ? __mutex_lock_slowpath+0x10/0x10
[ 2667.426932][T26477]  __x64_sys_clone+0x289/0x310
[ 2667.431529][T26477]  ? __do_sys_vfork+0x130/0x130
[ 2667.436215][T26477]  ? debug_smp_processor_id+0x17/0x20
[ 2667.441428][T26477]  do_syscall_64+0x44/0xd0
[ 2667.445675][T26477]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2667.451401][T26477] RIP: 0033:0x7f5b7e88a639
[ 2667.455656][T26477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2667.475445][T26477] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2667.483695][T26477] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2667.491499][T26477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2667.499313][T26477] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:37 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x2997, &(0x7f0000000100)={0x0, 0xee7e, 0x200, 0x2, 0x268, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0))

09:48:37 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3)
r3 = openat$cgroup_ro(r1, &(0x7f0000000340)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
accept4$bt_l2cap(r2, &(0x7f00000002c0)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x0)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$negate(0xd, r5, 0x9, 0xffffffffffffffff)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r4, 0x4004af77, &(0x7f00000001c0))
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000140))
mmap$IORING_OFF_SQES(&(0x7f0000fed000/0x13000)=nil, 0x13000, 0x4, 0x1010, r1, 0x10000000)
r6 = openat(r4, &(0x7f0000000280)='./file0\x00', 0x940, 0x20)
ioctl$KVM_CHECK_EXTENSION_VM(r6, 0xae03, 0x8)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x82040, 0x0)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000300)={0x2})
ioctl$KVM_PPC_ALLOCATE_HTAB(r7, 0xc004aea7, &(0x7f0000000100)=0x101)

09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:37 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_clone(0x8002000, &(0x7f00000014c0)="910400000000000000e3ae", 0xb, &(0x7f0000001280), &(0x7f0000001300), &(0x7f0000001340)="233ccb9d6c9cd720458b9a6044966c62dcadc417183176764703f92c5fcadd598d76cfa3b2810f1da706b01ce8ea6bff0200f658136c339378e8b51e74f66ce28f2e3e8fc4bb62bd1654d3633c3e54bd0ff58cff33cfed2da61c07652c34377a1a6d5ab0bb8bef5163d65c715de6f90dea9e684dad2676a82edc16ff956412085808365ec840b9")
syz_clone3(&(0x7f0000001440)={0x40b378b30ff2550c, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x3a}, &(0x7f00000001c0)=""/4096, 0x1000, &(0x7f00000011c0)=""/147, &(0x7f0000001400)=[r1], 0x1}, 0x58)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x8002000, &(0x7f00000014c0)="910400000000000000e3ae", 0xb, &(0x7f0000001280), &(0x7f0000001300), &(0x7f0000001340)="233ccb9d6c9cd720458b9a6044966c62dcadc417183176764703f92c5fcadd598d76cfa3b2810f1da706b01ce8ea6bff0200f658136c339378e8b51e74f66ce28f2e3e8fc4bb62bd1654d3633c3e54bd0ff58cff33cfed2da61c07652c34377a1a6d5ab0bb8bef5163d65c715de6f90dea9e684dad2676a82edc16ff956412085808365ec840b9") (async)
syz_clone3(&(0x7f0000001440)={0x40b378b30ff2550c, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x3a}, &(0x7f00000001c0)=""/4096, 0x1000, &(0x7f00000011c0)=""/147, &(0x7f0000001400)=[r1], 0x1}, 0x58) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:37 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x440000, 0x14)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r1, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1000}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4008811)

09:48:37 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72)

09:48:37 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
r3 = openat$cgroup_ro(r1, &(0x7f0000000340)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
accept4$bt_l2cap(r2, &(0x7f00000002c0)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x0) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$negate(0xd, r5, 0x9, 0xffffffffffffffff) (async)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r4, 0x4004af77, &(0x7f00000001c0))
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000140)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000fed000/0x13000)=nil, 0x13000, 0x4, 0x1010, r1, 0x10000000)
r6 = openat(r4, &(0x7f0000000280)='./file0\x00', 0x940, 0x20)
ioctl$KVM_CHECK_EXTENSION_VM(r6, 0xae03, 0x8) (async)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x82040, 0x0)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000300)={0x2}) (async)
ioctl$KVM_PPC_ALLOCATE_HTAB(r7, 0xc004aea7, &(0x7f0000000100)=0x101)

[ 2667.507123][T26477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2667.514932][T26477] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2667.522745][T26477]  </TASK>
09:48:37 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x2997, &(0x7f0000000100)={0x0, 0xee7e, 0x200, 0x2, 0x268, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0))

09:48:37 executing program 1:
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xc82}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x10008880}, 0x40400c4)
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x800, 0x2, 0x4000000, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00c8002000946d0aa99b14a98a0d30fa9906"], 0x14}}, 0x0)
fstat(r0, &(0x7f0000000580))
sendmsg$DEVLINK_CMD_SB_POOL_SET(r2, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x110, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x11, 0x81}, {0x8, 0x13, 0x43d}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9f}, {0x6, 0x11, 0xd8}, {0x8, 0x13, 0x68}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffff00}, {0x6, 0x11, 0x6}, {0x8, 0x13, 0xe6}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x5}, {0x8, 0x13, 0x9}, {0x5, 0x14, 0x1}}]}, 0x110}, 0x1, 0x0, 0x0, 0x28080004}, 0x4040)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r5, &(0x7f00000002c0))
r6 = dup2(r1, r3)
syz_clone3(&(0x7f00000008c0)={0x14100000, &(0x7f0000000700), &(0x7f0000000740), &(0x7f0000000780), {0x15}, &(0x7f00000007c0)=""/120, 0x78, &(0x7f0000000840)=""/49, &(0x7f0000000880)=[r5, 0x0, 0x0], 0x3, {r6}}, 0x58)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r4, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f00000006c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x60, r4, 0x4, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20008040)

[ 2667.580637][T26533] FAULT_INJECTION: forcing a failure.
[ 2667.580637][T26533] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2667.602072][T26533] CPU: 0 PID: 26533 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2667.613541][T26533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2667.623426][T26533] Call Trace:
[ 2667.626557][T26533]  <TASK>
09:48:37 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x2997, &(0x7f0000000100)={0x0, 0xee7e, 0x200, 0x2, 0x268, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
syz_io_uring_setup(0x2997, &(0x7f0000000100)={0x0, 0xee7e, 0x200, 0x2, 0x268, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000003000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async)

09:48:37 executing program 1:
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xc82}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x10008880}, 0x40400c4) (async)
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x800, 0x2, 0x4000000, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00c8002000946d0aa99b14a98a0d30fa9906"], 0x14}}, 0x0) (async)
fstat(r0, &(0x7f0000000580)) (async)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r2, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x110, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x11, 0x81}, {0x8, 0x13, 0x43d}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9f}, {0x6, 0x11, 0xd8}, {0x8, 0x13, 0x68}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffff00}, {0x6, 0x11, 0x6}, {0x8, 0x13, 0xe6}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x5}, {0x8, 0x13, 0x9}, {0x5, 0x14, 0x1}}]}, 0x110}, 0x1, 0x0, 0x0, 0x28080004}, 0x4040)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r5, &(0x7f00000002c0))
r6 = dup2(r1, r3)
syz_clone3(&(0x7f00000008c0)={0x14100000, &(0x7f0000000700), &(0x7f0000000740), &(0x7f0000000780), {0x15}, &(0x7f00000007c0)=""/120, 0x78, &(0x7f0000000840)=""/49, &(0x7f0000000880)=[r5, 0x0, 0x0], 0x3, {r6}}, 0x58) (async)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r4, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f00000006c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x60, r4, 0x4, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20008040)

09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:37 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r2, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
r3 = openat$cgroup_ro(r1, &(0x7f0000000340)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
accept4$bt_l2cap(r2, &(0x7f00000002c0)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x0)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$negate(0xd, r5, 0x9, 0xffffffffffffffff) (async)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async, rerun: 64)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r4, 0x4004af77, &(0x7f00000001c0)) (async, rerun: 64)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r1, 0x8010af78, &(0x7f0000000140)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000fed000/0x13000)=nil, 0x13000, 0x4, 0x1010, r1, 0x10000000) (async)
r6 = openat(r4, &(0x7f0000000280)='./file0\x00', 0x940, 0x20)
ioctl$KVM_CHECK_EXTENSION_VM(r6, 0xae03, 0x8) (async)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x82040, 0x0)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000300)={0x2}) (async)
ioctl$KVM_PPC_ALLOCATE_HTAB(r7, 0xc004aea7, &(0x7f0000000100)=0x101)

09:48:37 executing program 0:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fstat(r1, &(0x7f0000000200))
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000003e0000082cbd7000fddbdf250a0000005ca4768a41763ec8049e18203501be9c41c2eeb9c91e0c617cf9706a9c32bd0ed197e42a9168b73338e9c78be318f2dac1055bf45af070ca948e667e15f3946b68e7341b562f418cc02a567d8ab4e3fdb70186b1a92bb639efb1c091135ad3057507c3e99fa50cca511a280631da148dd1e368813a89de9885ec450130689bda843c9ec7a36679eb7185da0c87c5fd545a08ae2bdf816dd153cb1cdd9c195cb73813cd861006b2f69bc4822bdee8142cef1ce78ee9d626372c"], 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x44040)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0xd, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)

09:48:37 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000100)={0x0, <r1=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=r1, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:37 executing program 5:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x6, 0x7})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x440, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)

09:48:37 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 73)

[ 2667.629327][T26533]  dump_stack_lvl+0x151/0x1b7
[ 2667.633849][T26533]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2667.639143][T26533]  ? __switch_to+0x617/0x1170
[ 2667.639169][T26533]  ? native_set_ldt+0x360/0x360
[ 2667.639192][T26533]  dump_stack+0x15/0x17
[ 2667.639211][T26533]  should_fail+0x3c0/0x510
09:48:37 executing program 0:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 64)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (rerun: 64)
fstat(r1, &(0x7f0000000200)) (async)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000003e0000082cbd7000fddbdf250a0000005ca4768a41763ec8049e18203501be9c41c2eeb9c91e0c617cf9706a9c32bd0ed197e42a9168b73338e9c78be318f2dac1055bf45af070ca948e667e15f3946b68e7341b562f418cc02a567d8ab4e3fdb70186b1a92bb639efb1c091135ad3057507c3e99fa50cca511a280631da148dd1e368813a89de9885ec450130689bda843c9ec7a36679eb7185da0c87c5fd545a08ae2bdf816dd153cb1cdd9c195cb73813cd861006b2f69bc4822bdee8142cef1ce78ee9d626372c"], 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x44040) (async, rerun: 64)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (rerun: 64)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0xd, 0x0, 0x0, 0x0) (async, rerun: 32)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000) (rerun: 32)

09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:37 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000100)={0x0, <r1=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=r1, 0x4) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2667.639228][T26533]  should_fail_alloc_page+0x58/0x70
[ 2667.639248][T26533]  __alloc_pages+0x1de/0x7c0
[ 2667.639268][T26533]  ? __count_vm_events+0x30/0x30
[ 2667.639286][T26533]  ? __this_cpu_preempt_check+0x13/0x20
[ 2667.639306][T26533]  pte_alloc_one+0x73/0x1b0
[ 2667.639324][T26533]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2667.639344][T26533]  __pte_alloc+0x86/0x350
[ 2667.639363][T26533]  ? free_pgtables+0x210/0x210
[ 2667.639381][T26533]  ? _raw_spin_lock+0xa3/0x1b0
[ 2667.639398][T26533]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
09:48:37 executing program 5:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x6, 0x7})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x440, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x6, 0x7}) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x440, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000) (async)

[ 2667.639414][T26533]  ? __kernel_text_address+0x9a/0x110
[ 2667.639436][T26533]  copy_pte_range+0x1b1f/0x20b0
[ 2667.639457][T26533]  ? __kunmap_atomic+0x80/0x80
[ 2667.639473][T26533]  ? __kasan_slab_alloc+0xc4/0xe0
[ 2667.639488][T26533]  ? __kasan_slab_alloc+0xb2/0xe0
[ 2667.639511][T26533]  ? kmem_cache_alloc+0x189/0x2f0
[ 2667.639530][T26533]  ? vm_area_dup+0x26/0x1d0
[ 2667.639547][T26533]  ? dup_mmap+0x6b8/0xea0
[ 2667.639565][T26533]  ? dup_mm+0x91/0x330
[ 2667.639581][T26533]  ? copy_mm+0x108/0x1b0
[ 2667.639597][T26533]  ? copy_process+0x1295/0x3250
09:48:37 executing program 1:
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xc82}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x10008880}, 0x40400c4) (async)
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0)={0x0, 0x0, 0x800, 0x2, 0x4000000, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00c8002000946d0aa99b14a98a0d30fa9906"], 0x14}}, 0x0)
fstat(r0, &(0x7f0000000580)) (async, rerun: 32)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r2, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x110, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x11, 0x81}, {0x8, 0x13, 0x43d}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9f}, {0x6, 0x11, 0xd8}, {0x8, 0x13, 0x68}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffff00}, {0x6, 0x11, 0x6}, {0x8, 0x13, 0xe6}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x5}, {0x8, 0x13, 0x9}, {0x5, 0x14, 0x1}}]}, 0x110}, 0x1, 0x0, 0x0, 0x28080004}, 0x4040) (async, rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r5, &(0x7f00000002c0))
r6 = dup2(r1, r3)
syz_clone3(&(0x7f00000008c0)={0x14100000, &(0x7f0000000700), &(0x7f0000000740), &(0x7f0000000780), {0x15}, &(0x7f00000007c0)=""/120, 0x78, &(0x7f0000000840)=""/49, &(0x7f0000000880)=[r5, 0x0, 0x0], 0x3, {r6}}, 0x58) (async, rerun: 64)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r4, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014) (rerun: 64)
sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f00000006c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x60, r4, 0x4, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20008040)

[ 2667.639614][T26533]  ? kernel_clone+0x22d/0x990
[ 2667.639629][T26533]  ? __x64_sys_clone+0x289/0x310
[ 2667.639644][T26533]  ? do_syscall_64+0x44/0xd0
[ 2667.639661][T26533]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2667.639682][T26533]  copy_page_range+0xc1e/0x1090
[ 2667.639706][T26533]  ? pfn_valid+0x1e0/0x1e0
[ 2667.639727][T26533]  dup_mmap+0x99f/0xea0
[ 2667.639745][T26533]  ? __delayed_free_task+0x20/0x20
[ 2667.639763][T26533]  ? mm_init+0x807/0x960
[ 2667.639779][T26533]  dup_mm+0x91/0x330
[ 2667.639808][T26533]  copy_mm+0x108/0x1b0
[ 2667.639825][T26533]  copy_process+0x1295/0x3250
[ 2667.639844][T26533]  ? proc_fail_nth_write+0x213/0x290
[ 2667.639865][T26533]  ? proc_fail_nth_read+0x220/0x220
[ 2667.639885][T26533]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2667.639903][T26533]  ? vfs_write+0x9af/0x1050
[ 2667.639923][T26533]  kernel_clone+0x22d/0x990
[ 2667.639940][T26533]  ? file_end_write+0x1b0/0x1b0
[ 2667.639959][T26533]  ? __kasan_check_write+0x14/0x20
[ 2667.639977][T26533]  ? create_io_thread+0x1e0/0x1e0
[ 2667.639994][T26533]  ? __mutex_lock_slowpath+0x10/0x10
[ 2667.640015][T26533]  __x64_sys_clone+0x289/0x310
09:48:37 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000100)={0x0, <r1=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=r1, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000100), 0x8) (async)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=r1, 0x4) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

[ 2667.640033][T26533]  ? __do_sys_vfork+0x130/0x130
[ 2667.640053][T26533]  ? debug_smp_processor_id+0x17/0x20
[ 2667.640070][T26533]  do_syscall_64+0x44/0xd0
[ 2667.640088][T26533]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2667.640105][T26533] RIP: 0033:0x7f5b7e88a639
[ 2667.640122][T26533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2667.640138][T26533] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2667.640159][T26533] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2667.640174][T26533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2667.640186][T26533] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2667.640199][T26533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2667.640211][T26533] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2667.640227][T26533]  </TASK>
[ 2667.690431][T26597] FAULT_INJECTION: forcing a failure.
09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, 0x0, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:37 executing program 5:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x6, 0x7}) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x440, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r1, 0x10000000)

[ 2667.690431][T26597] name failslab, interval 1, probability 0, space 0, times 0
[ 2668.000578][T26597] CPU: 0 PID: 26597 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2668.012027][T26597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2668.021926][T26597] Call Trace:
[ 2668.025057][T26597]  <TASK>
[ 2668.027823][T26597]  dump_stack_lvl+0x151/0x1b7
[ 2668.032340][T26597]  ? bfq_pos_tree_add_move+0x43e/0x43e
09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, 0x0, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

[ 2668.037632][T26597]  dump_stack+0x15/0x17
[ 2668.041624][T26597]  should_fail+0x3c0/0x510
[ 2668.045879][T26597]  __should_failslab+0x9f/0xe0
[ 2668.050476][T26597]  should_failslab+0x9/0x20
[ 2668.054817][T26597]  kmem_cache_alloc+0x4f/0x2f0
[ 2668.059428][T26597]  ? vm_area_dup+0x26/0x1d0
[ 2668.063755][T26597]  ? __kasan_check_read+0x11/0x20
[ 2668.068623][T26597]  vm_area_dup+0x26/0x1d0
[ 2668.072782][T26597]  dup_mmap+0x6b8/0xea0
[ 2668.076778][T26597]  ? __delayed_free_task+0x20/0x20
[ 2668.081722][T26597]  ? mm_init+0x807/0x960
[ 2668.085814][T26597]  dup_mm+0x91/0x330
[ 2668.089532][T26597]  copy_mm+0x108/0x1b0
[ 2668.093438][T26597]  copy_process+0x1295/0x3250
[ 2668.097964][T26597]  ? proc_fail_nth_write+0x213/0x290
[ 2668.103073][T26597]  ? proc_fail_nth_read+0x220/0x220
[ 2668.108114][T26597]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2668.113052][T26597]  ? vfs_write+0x9af/0x1050
[ 2668.117394][T26597]  kernel_clone+0x22d/0x990
[ 2668.121738][T26597]  ? file_end_write+0x1b0/0x1b0
[ 2668.126418][T26597]  ? __kasan_check_write+0x14/0x20
[ 2668.131374][T26597]  ? create_io_thread+0x1e0/0x1e0
[ 2668.136228][T26597]  ? __mutex_lock_slowpath+0x10/0x10
[ 2668.141345][T26597]  __x64_sys_clone+0x289/0x310
[ 2668.145949][T26597]  ? __do_sys_vfork+0x130/0x130
[ 2668.150634][T26597]  ? debug_smp_processor_id+0x17/0x20
[ 2668.155844][T26597]  do_syscall_64+0x44/0xd0
[ 2668.160093][T26597]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2668.165821][T26597] RIP: 0033:0x7f5b7e88a639
[ 2668.170081][T26597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2668.189515][T26597] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2668.197758][T26597] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2668.205569][T26597] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2668.213383][T26597] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2668.221200][T26597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2668.229004][T26597] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2668.236820][T26597]  </TASK>
09:48:37 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 74)

09:48:37 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000003000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=@bridge_delvlan={0x30, 0x71, 0x200, 0x70bd2b, 0x25dfdbfe, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xe}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x3f}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004014}, 0x1)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
timer_create(0x7, &(0x7f0000000280)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000100)="5293285c1de0ba8bf963bb4f880ef333e4847d77be7a55103ebbfb6a5017eaa72edfb77f38ea5998cb4a85a160c596a9b0b9a0577f4ca5aab2b5f0205b145c3c7b3dc949b391877bc97678ab6c9b2e5328f9f236642c88ed4665ec99a4517f98dfab0117ae5a2b44", &(0x7f0000000180)="43b1e1e4b09c767d954667954a5db1424750216e414b4ced50b5612a16b63d6d259c5256e0f04ae87414b48c83ac4f9674afc2ab229b57bb32899ff88b4f8a776df533101db6cc713a24c61ff01a9f7998cf80830e53cdf5256defc6f9b199ca191e9b247bcd5b1d21c57c353feb19ad23ca6c20c103414821888dfc2e94d1a67f609d46aaa05c879be8a9b4bc927e33ced904063f2881a9092ceb1e484cb8985359f46f3585bc52ecbbe044d57769ad38be642a000bf7e1af0916ef0aaa4b562dc2a409d11f32e13550bdaf5cd3370372f10cc9478b9ee1920cb6903fd79d9951a13e943327f7"}}, &(0x7f00000002c0))

09:48:37 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, 0x0, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:37 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000100)={'pim6reg', 0x32, 0x34}, 0xa)

09:48:37 executing program 0:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fstat(r1, &(0x7f0000000200))
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000003e0000082cbd7000fddbdf250a0000005ca4768a41763ec8049e18203501be9c41c2eeb9c91e0c617cf9706a9c32bd0ed197e42a9168b73338e9c78be318f2dac1055bf45af070ca948e667e15f3946b68e7341b562f418cc02a567d8ab4e3fdb70186b1a92bb639efb1c091135ad3057507c3e99fa50cca511a280631da148dd1e368813a89de9885ec450130689bda843c9ec7a36679eb7185da0c87c5fd545a08ae2bdf816dd153cb1cdd9c195cb73813cd861006b2f69bc4822bdee8142cef1ce78ee9d626372c"], 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x44040)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
syz_clone(0x0, 0x0, 0xd, 0x0, 0x0, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)

09:48:37 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000100)={'pim6reg', 0x32, 0x34}, 0xa)

[ 2668.293155][T26720] FAULT_INJECTION: forcing a failure.
[ 2668.293155][T26720] name failslab, interval 1, probability 0, space 0, times 0
[ 2668.326714][T26720] CPU: 1 PID: 26720 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2668.338172][T26720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2668.348068][T26720] Call Trace:
[ 2668.351192][T26720]  <TASK>
[ 2668.353971][T26720]  dump_stack_lvl+0x151/0x1b7
[ 2668.358482][T26720]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2668.363778][T26720]  ? do_syscall_64+0x44/0xd0
[ 2668.368203][T26720]  dump_stack+0x15/0x17
[ 2668.372196][T26720]  should_fail+0x3c0/0x510
[ 2668.376450][T26720]  __should_failslab+0x9f/0xe0
[ 2668.381050][T26720]  should_failslab+0x9/0x20
[ 2668.385385][T26720]  kmem_cache_alloc+0x4f/0x2f0
[ 2668.389987][T26720]  ? anon_vma_clone+0xa1/0x4f0
[ 2668.394589][T26720]  anon_vma_clone+0xa1/0x4f0
[ 2668.399023][T26720]  anon_vma_fork+0x91/0x4f0
[ 2668.403359][T26720]  ? anon_vma_name+0x43/0x70
[ 2668.407783][T26720]  dup_mmap+0x750/0xea0
[ 2668.411775][T26720]  ? __delayed_free_task+0x20/0x20
[ 2668.416720][T26720]  ? mm_init+0x807/0x960
[ 2668.420813][T26720]  dup_mm+0x91/0x330
[ 2668.424531][T26720]  copy_mm+0x108/0x1b0
[ 2668.428438][T26720]  copy_process+0x1295/0x3250
[ 2668.432949][T26720]  ? proc_fail_nth_write+0x213/0x290
[ 2668.438069][T26720]  ? proc_fail_nth_read+0x220/0x220
[ 2668.443105][T26720]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2668.448051][T26720]  ? vfs_write+0x9af/0x1050
[ 2668.452399][T26720]  kernel_clone+0x22d/0x990
[ 2668.456735][T26720]  ? file_end_write+0x1b0/0x1b0
[ 2668.461415][T26720]  ? __kasan_check_write+0x14/0x20
[ 2668.466364][T26720]  ? create_io_thread+0x1e0/0x1e0
[ 2668.471224][T26720]  ? __mutex_lock_slowpath+0x10/0x10
[ 2668.476345][T26720]  __x64_sys_clone+0x289/0x310
[ 2668.480944][T26720]  ? __do_sys_vfork+0x130/0x130
[ 2668.485636][T26720]  ? debug_smp_processor_id+0x17/0x20
[ 2668.490842][T26720]  do_syscall_64+0x44/0xd0
[ 2668.495092][T26720]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2668.500819][T26720] RIP: 0033:0x7f5b7e88a639
[ 2668.505073][T26720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2668.524513][T26720] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2668.532758][T26720] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:38 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xb36d, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000004000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f0000000080)={0x0, 0x1, 0x40, 0x0, 0x0, 0x0, r0}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r1 = dup2(r0, 0xffffffffffffffff)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f00000001c0)=""/69)

09:48:38 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000003000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 32)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 32)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=@bridge_delvlan={0x30, 0x71, 0x200, 0x70bd2b, 0x25dfdbfe, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xe}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x3f}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004014}, 0x1) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
timer_create(0x7, &(0x7f0000000280)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000100)="5293285c1de0ba8bf963bb4f880ef333e4847d77be7a55103ebbfb6a5017eaa72edfb77f38ea5998cb4a85a160c596a9b0b9a0577f4ca5aab2b5f0205b145c3c7b3dc949b391877bc97678ab6c9b2e5328f9f236642c88ed4665ec99a4517f98dfab0117ae5a2b44", &(0x7f0000000180)="43b1e1e4b09c767d954667954a5db1424750216e414b4ced50b5612a16b63d6d259c5256e0f04ae87414b48c83ac4f9674afc2ab229b57bb32899ff88b4f8a776df533101db6cc713a24c61ff01a9f7998cf80830e53cdf5256defc6f9b199ca191e9b247bcd5b1d21c57c353feb19ad23ca6c20c103414821888dfc2e94d1a67f609d46aaa05c879be8a9b4bc927e33ced904063f2881a9092ceb1e484cb8985359f46f3585bc52ecbbe044d57769ad38be642a000bf7e1af0916ef0aaa4b562dc2a409d11f32e13550bdaf5cd3370372f10cc9478b9ee1920cb6903fd79d9951a13e943327f7"}}, &(0x7f00000002c0))

09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:38 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000100)={'pim6reg', 0x32, 0x34}, 0xa)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000100)={'pim6reg', 0x32, 0x34}, 0xa) (async)

09:48:38 executing program 5:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r6, 0xd000941e, &(0x7f0000000580)={0x0, "6245b7463551de2a75f5205c1cde0d3b"})

09:48:38 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xb36d, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000004000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f0000000080)={0x0, 0x1, 0x40, 0x0, 0x0, 0x0, r0}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r1 = dup2(r0, 0xffffffffffffffff)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f00000001c0)=""/69)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xb36d, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000004000/0x1000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f0000000080)={0x0, 0x1, 0x40, 0x0, 0x0, 0x0, r0}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
dup2(r0, 0xffffffffffffffff) (async)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f00000001c0)=""/69) (async)

09:48:38 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 75)

[ 2668.540587][T26720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2668.548379][T26720] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2668.556193][T26720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2668.564002][T26720] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2668.571818][T26720]  </TASK>
09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), &(0x7f0000001440))

09:48:38 executing program 5:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000) (async, rerun: 32)
dup2(r1, r2) (rerun: 32)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000) (async)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000)) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r6, 0xd000941e, &(0x7f0000000580)={0x0, "6245b7463551de2a75f5205c1cde0d3b"})

09:48:38 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000003000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=@bridge_delvlan={0x30, 0x71, 0x200, 0x70bd2b, 0x25dfdbfe, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xe}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x3f}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004014}, 0x1) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
timer_create(0x7, &(0x7f0000000280)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000100)="5293285c1de0ba8bf963bb4f880ef333e4847d77be7a55103ebbfb6a5017eaa72edfb77f38ea5998cb4a85a160c596a9b0b9a0577f4ca5aab2b5f0205b145c3c7b3dc949b391877bc97678ab6c9b2e5328f9f236642c88ed4665ec99a4517f98dfab0117ae5a2b44", &(0x7f0000000180)="43b1e1e4b09c767d954667954a5db1424750216e414b4ced50b5612a16b63d6d259c5256e0f04ae87414b48c83ac4f9674afc2ab229b57bb32899ff88b4f8a776df533101db6cc713a24c61ff01a9f7998cf80830e53cdf5256defc6f9b199ca191e9b247bcd5b1d21c57c353feb19ad23ca6c20c103414821888dfc2e94d1a67f609d46aaa05c879be8a9b4bc927e33ced904063f2881a9092ceb1e484cb8985359f46f3585bc52ecbbe044d57769ad38be642a000bf7e1af0916ef0aaa4b562dc2a409d11f32e13550bdaf5cd3370372f10cc9478b9ee1920cb6903fd79d9951a13e943327f7"}}, &(0x7f00000002c0))

[ 2668.647433][T26796] FAULT_INJECTION: forcing a failure.
[ 2668.647433][T26796] name failslab, interval 1, probability 0, space 0, times 0
[ 2668.673812][T26796] CPU: 0 PID: 26796 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2668.685278][T26796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2668.695173][T26796] Call Trace:
[ 2668.698296][T26796]  <TASK>
[ 2668.701074][T26796]  dump_stack_lvl+0x151/0x1b7
[ 2668.705587][T26796]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2668.710887][T26796]  dump_stack+0x15/0x17
[ 2668.714875][T26796]  should_fail+0x3c0/0x510
[ 2668.719130][T26796]  __should_failslab+0x9f/0xe0
[ 2668.723730][T26796]  should_failslab+0x9/0x20
[ 2668.728066][T26796]  kmem_cache_alloc+0x4f/0x2f0
[ 2668.732668][T26796]  ? anon_vma_clone+0xa1/0x4f0
[ 2668.737268][T26796]  anon_vma_clone+0xa1/0x4f0
[ 2668.741693][T26796]  anon_vma_fork+0x91/0x4f0
[ 2668.746034][T26796]  ? anon_vma_name+0x43/0x70
[ 2668.750461][T26796]  dup_mmap+0x750/0xea0
[ 2668.754454][T26796]  ? __delayed_free_task+0x20/0x20
[ 2668.759397][T26796]  ? mm_init+0x807/0x960
[ 2668.763483][T26796]  dup_mm+0x91/0x330
[ 2668.767209][T26796]  copy_mm+0x108/0x1b0
[ 2668.771117][T26796]  copy_process+0x1295/0x3250
[ 2668.775632][T26796]  ? proc_fail_nth_write+0x213/0x290
[ 2668.780748][T26796]  ? proc_fail_nth_read+0x220/0x220
[ 2668.785781][T26796]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2668.790729][T26796]  ? vfs_write+0x9af/0x1050
[ 2668.795069][T26796]  kernel_clone+0x22d/0x990
[ 2668.799409][T26796]  ? file_end_write+0x1b0/0x1b0
[ 2668.804095][T26796]  ? __kasan_check_write+0x14/0x20
[ 2668.809045][T26796]  ? create_io_thread+0x1e0/0x1e0
[ 2668.813903][T26796]  ? __mutex_lock_slowpath+0x10/0x10
[ 2668.819023][T26796]  __x64_sys_clone+0x289/0x310
[ 2668.823625][T26796]  ? __do_sys_vfork+0x130/0x130
[ 2668.828310][T26796]  ? debug_smp_processor_id+0x17/0x20
[ 2668.833514][T26796]  do_syscall_64+0x44/0xd0
[ 2668.837767][T26796]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2668.843495][T26796] RIP: 0033:0x7f5b7e88a639
[ 2668.847749][T26796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2668.867198][T26796] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2668.875458][T26796] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2668.883244][T26796] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2668.891055][T26796] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2668.898897][T26796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2668.906681][T26796] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2668.914493][T26796]  </TASK>
09:48:38 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x1200180, &(0x7f0000000500)="8e3bf9fd1c8985cb2ff58d2e717b50910007b0173f6d4d830e45809fda26807479f026035ec97bf97d42733ee9eba2356ce887375e24feb3b637a53cfbb6cb0860687631d3d672899667c129584d33efb540667cae090f8471abb8f22dd668fc87c6563fb8bcaa8cb2ab3ae6841df7", 0x6f, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="1c445714f82e7735e2ed45ef0a65648dd95d23ce08dd67a01e99a833446cace959d73853486833a717eb9afd6ff2d7b51b9ac6d9e3ce11c5169dec833b548153f82fb83a0c4a978c5beb398bfbc38f605d136fcd59436afb9da0784c7c01fd381f89d30b0c60e5c50abbdac8822e4205cc72ee865c40543a4a52c678a155dec0dff89e9b5b9dc09118ef8acc36391eeb98be3e2650f46c2d1a0031dc5065d3e80f621438221afc0f2a84a91760b3c44817d7e389ef293ec9e5a263b753974ccb7ae80af238454711570a21a4f4082a492517ed1cc018b49fad6652fec56e3a0d16fe68db41c99fabf1e4314ce28f01")
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000100)={0x0, 0x400, 0xfffffffffffffc00})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, 0x0, &(0x7f0000001440))

09:48:38 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xb36d, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000004000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f0000000080)={0x0, 0x1, 0x40, 0x0, 0x0, 0x0, r0}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r1 = dup2(r0, 0xffffffffffffffff)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f00000001c0)=""/69)
syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0xb36d, 0x8}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000004000/0x1000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f0000000080)={0x0, 0x1, 0x40, 0x0, 0x0, 0x0, r0}, &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
dup2(r0, 0xffffffffffffffff) (async)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f00000001c0)=""/69) (async)

09:48:38 executing program 4:
r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
r3 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x10000000)

09:48:38 executing program 5:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000) (async)
dup2(r1, r2) (async)
r4 = syz_io_uring_complete(0x0) (async)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014) (async)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000) (async)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r6, 0xd000941e, &(0x7f0000000580)={0x0, "6245b7463551de2a75f5205c1cde0d3b"})

09:48:38 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 76)

09:48:38 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x1, 0x20}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000140), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r1)
keyctl$unlink(0x9, r1, 0xfffffffffffffffd)

09:48:38 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x1200180, &(0x7f0000000500)="8e3bf9fd1c8985cb2ff58d2e717b50910007b0173f6d4d830e45809fda26807479f026035ec97bf97d42733ee9eba2356ce887375e24feb3b637a53cfbb6cb0860687631d3d672899667c129584d33efb540667cae090f8471abb8f22dd668fc87c6563fb8bcaa8cb2ab3ae6841df7", 0x6f, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="1c445714f82e7735e2ed45ef0a65648dd95d23ce08dd67a01e99a833446cace959d73853486833a717eb9afd6ff2d7b51b9ac6d9e3ce11c5169dec833b548153f82fb83a0c4a978c5beb398bfbc38f605d136fcd59436afb9da0784c7c01fd381f89d30b0c60e5c50abbdac8822e4205cc72ee865c40543a4a52c678a155dec0dff89e9b5b9dc09118ef8acc36391eeb98be3e2650f46c2d1a0031dc5065d3e80f621438221afc0f2a84a91760b3c44817d7e389ef293ec9e5a263b753974ccb7ae80af238454711570a21a4f4082a492517ed1cc018b49fad6652fec56e3a0d16fe68db41c99fabf1e4314ce28f01")
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000100)={0x0, 0x400, 0xfffffffffffffc00})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x1200180, &(0x7f0000000500)="8e3bf9fd1c8985cb2ff58d2e717b50910007b0173f6d4d830e45809fda26807479f026035ec97bf97d42733ee9eba2356ce887375e24feb3b637a53cfbb6cb0860687631d3d672899667c129584d33efb540667cae090f8471abb8f22dd668fc87c6563fb8bcaa8cb2ab3ae6841df7", 0x6f, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="1c445714f82e7735e2ed45ef0a65648dd95d23ce08dd67a01e99a833446cace959d73853486833a717eb9afd6ff2d7b51b9ac6d9e3ce11c5169dec833b548153f82fb83a0c4a978c5beb398bfbc38f605d136fcd59436afb9da0784c7c01fd381f89d30b0c60e5c50abbdac8822e4205cc72ee865c40543a4a52c678a155dec0dff89e9b5b9dc09118ef8acc36391eeb98be3e2650f46c2d1a0031dc5065d3e80f621438221afc0f2a84a91760b3c44817d7e389ef293ec9e5a263b753974ccb7ae80af238454711570a21a4f4082a492517ed1cc018b49fad6652fec56e3a0d16fe68db41c99fabf1e4314ce28f01") (async)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000100)={0x0, 0x400, 0xfffffffffffffc00}) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

09:48:38 executing program 4:
r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
r3 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x10000000)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0x0) (async)
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) (async)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x10000000) (async)

09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, 0x0, &(0x7f0000001440))

09:48:38 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000080)=0x1)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:38 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x1, 0x20}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000140), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='.request_key_auth\x00', 0x0)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r1)
keyctl$unlink(0x9, r1, 0xfffffffffffffffd)
syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x1, 0x20}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000140), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='.request_key_auth\x00', 0x0) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r1) (async)
keyctl$unlink(0x9, r1, 0xfffffffffffffffd) (async)

09:48:38 executing program 4:
r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
r3 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x10000000)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0x0) (async)
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) (async)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x10000000) (async)

09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, 0x0, &(0x7f0000001440))

09:48:38 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x1, 0x20}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000140), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='.request_key_auth\x00', 0x0) (async)
request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r1) (async)
keyctl$unlink(0x9, r1, 0xfffffffffffffffd)

[ 2669.081070][T26930] FAULT_INJECTION: forcing a failure.
[ 2669.081070][T26930] name failslab, interval 1, probability 0, space 0, times 0
[ 2669.131150][T26930] CPU: 1 PID: 26930 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2669.142612][T26930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2669.152507][T26930] Call Trace:
[ 2669.155633][T26930]  <TASK>
[ 2669.158408][T26930]  dump_stack_lvl+0x151/0x1b7
[ 2669.162924][T26930]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2669.168217][T26930]  dump_stack+0x15/0x17
[ 2669.172209][T26930]  should_fail+0x3c0/0x510
[ 2669.176465][T26930]  __should_failslab+0x9f/0xe0
[ 2669.181060][T26930]  should_failslab+0x9/0x20
[ 2669.185409][T26930]  kmem_cache_alloc+0x4f/0x2f0
[ 2669.190001][T26930]  ? vm_area_dup+0x26/0x1d0
[ 2669.194342][T26930]  vm_area_dup+0x26/0x1d0
[ 2669.198527][T26930]  dup_mmap+0x6b8/0xea0
[ 2669.202509][T26930]  ? __delayed_free_task+0x20/0x20
[ 2669.207447][T26930]  ? mm_init+0x807/0x960
[ 2669.211526][T26930]  dup_mm+0x91/0x330
[ 2669.215258][T26930]  copy_mm+0x108/0x1b0
[ 2669.219162][T26930]  copy_process+0x1295/0x3250
[ 2669.223678][T26930]  ? __schedule+0xaae/0x1010
[ 2669.228102][T26930]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2669.233049][T26930]  ? vfs_write+0x9af/0x1050
[ 2669.237390][T26930]  kernel_clone+0x22d/0x990
[ 2669.241730][T26930]  ? create_io_thread+0x1e0/0x1e0
[ 2669.246588][T26930]  ? __mutex_lock_slowpath+0x10/0x10
[ 2669.251711][T26930]  __x64_sys_clone+0x289/0x310
[ 2669.256316][T26930]  ? __do_sys_vfork+0x130/0x130
[ 2669.260993][T26930]  ? fpregs_restore_userregs+0x1f0/0x3a0
[ 2669.266466][T26930]  ? switch_fpu_return+0xe/0x10
[ 2669.271149][T26930]  do_syscall_64+0x44/0xd0
[ 2669.275405][T26930]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2669.281130][T26930] RIP: 0033:0x7f5b7e88a639
[ 2669.285384][T26930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2669.304826][T26930] RSP: 002b:00007f5b7d5dd118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2669.313070][T26930] RAX: ffffffffffffffda RBX: 00007f5b7e9ab050 RCX: 00007f5b7e88a639
[ 2669.320881][T26930] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:38 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x1200180, &(0x7f0000000500)="8e3bf9fd1c8985cb2ff58d2e717b50910007b0173f6d4d830e45809fda26807479f026035ec97bf97d42733ee9eba2356ce887375e24feb3b637a53cfbb6cb0860687631d3d672899667c129584d33efb540667cae090f8471abb8f22dd668fc87c6563fb8bcaa8cb2ab3ae6841df7", 0x6f, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="1c445714f82e7735e2ed45ef0a65648dd95d23ce08dd67a01e99a833446cace959d73853486833a717eb9afd6ff2d7b51b9ac6d9e3ce11c5169dec833b548153f82fb83a0c4a978c5beb398bfbc38f605d136fcd59436afb9da0784c7c01fd381f89d30b0c60e5c50abbdac8822e4205cc72ee865c40543a4a52c678a155dec0dff89e9b5b9dc09118ef8acc36391eeb98be3e2650f46c2d1a0031dc5065d3e80f621438221afc0f2a84a91760b3c44817d7e389ef293ec9e5a263b753974ccb7ae80af238454711570a21a4f4082a492517ed1cc018b49fad6652fec56e3a0d16fe68db41c99fabf1e4314ce28f01")
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000100)={0x0, 0x400, 0xfffffffffffffc00}) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), 0x0)

[ 2669.328691][T26930] RBP: 00007f5b7d5dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2669.336502][T26930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2669.344317][T26930] R13: 00007ffe8afc07df R14: 00007f5b7d5dd300 R15: 0000000000022000
[ 2669.352129][T26930]  </TASK>
09:48:38 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 77)

09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), 0x0)

09:48:38 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async, rerun: 32)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000080)=0x1) (rerun: 32)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:38 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r2, 0x10000000)

09:48:38 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000240)={0x0, 0x29b, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000040))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000140))
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000180))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x2, &(0x7f00000001c0)={0x0, 0x0, 0x4, @tid=r1}, &(0x7f0000000200))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r3, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @loopback}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004)
sched_rr_get_interval(r1, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:38 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async, rerun: 64)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async, rerun: 64)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000100)) (async)
r2 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r2, 0x10000000)

09:48:38 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000080)=0x1)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000080)=0x1) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

[ 2669.416218][T26996] FAULT_INJECTION: forcing a failure.
[ 2669.416218][T26996] name failslab, interval 1, probability 0, space 0, times 0
[ 2669.446911][T26996] CPU: 1 PID: 26996 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2669.458385][T26996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2669.468265][T26996] Call Trace:
[ 2669.471402][T26996]  <TASK>
[ 2669.474167][T26996]  dump_stack_lvl+0x151/0x1b7
[ 2669.478682][T26996]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2669.483980][T26996]  dump_stack+0x15/0x17
[ 2669.487970][T26996]  should_fail+0x3c0/0x510
[ 2669.492220][T26996]  __should_failslab+0x9f/0xe0
[ 2669.496820][T26996]  should_failslab+0x9/0x20
[ 2669.501159][T26996]  kmem_cache_alloc+0x4f/0x2f0
[ 2669.505759][T26996]  ? anon_vma_clone+0xa1/0x4f0
[ 2669.510361][T26996]  anon_vma_clone+0xa1/0x4f0
[ 2669.514788][T26996]  anon_vma_fork+0x91/0x4f0
[ 2669.519123][T26996]  ? anon_vma_name+0x43/0x70
[ 2669.523554][T26996]  dup_mmap+0x750/0xea0
[ 2669.527547][T26996]  ? __delayed_free_task+0x20/0x20
[ 2669.532490][T26996]  ? mm_init+0x807/0x960
[ 2669.536570][T26996]  dup_mm+0x91/0x330
[ 2669.540302][T26996]  copy_mm+0x108/0x1b0
[ 2669.544211][T26996]  copy_process+0x1295/0x3250
[ 2669.548723][T26996]  ? proc_fail_nth_write+0x213/0x290
[ 2669.553841][T26996]  ? proc_fail_nth_read+0x220/0x220
[ 2669.558884][T26996]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2669.563823][T26996]  ? vfs_write+0x9af/0x1050
[ 2669.568161][T26996]  kernel_clone+0x22d/0x990
[ 2669.572504][T26996]  ? file_end_write+0x1b0/0x1b0
[ 2669.577188][T26996]  ? __kasan_check_write+0x14/0x20
[ 2669.582135][T26996]  ? create_io_thread+0x1e0/0x1e0
[ 2669.587001][T26996]  ? __mutex_lock_slowpath+0x10/0x10
[ 2669.592116][T26996]  __x64_sys_clone+0x289/0x310
[ 2669.596718][T26996]  ? __do_sys_vfork+0x130/0x130
[ 2669.601410][T26996]  ? debug_smp_processor_id+0x17/0x20
[ 2669.606620][T26996]  do_syscall_64+0x44/0xd0
[ 2669.610861][T26996]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2669.616594][T26996] RIP: 0033:0x7f5b7e88a639
[ 2669.620844][T26996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2669.640285][T26996] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2669.648529][T26996] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2669.656343][T26996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:48:38 executing program 3:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xab1, &(0x7f0000001380), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400), 0x0)

09:48:38 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000100)) (async)
r2 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r2, 0x10000000)

09:48:38 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r6, 0xd000941e, &(0x7f0000000580)={0x0, "6245b7463551de2a75f5205c1cde0d3b"})

09:48:39 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x13, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x6c, 0x0, 0x0, 0x1, 0x0, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000090)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r1)

09:48:39 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r6, 0xd000941e, &(0x7f0000000580)={0x0, "6245b7463551de2a75f5205c1cde0d3b"})

09:48:39 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0x61, 0x100800)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000004c0), r1)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f00000002c0))
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r3, &(0x7f00000002c0))
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r4, &(0x7f00000002c0))
syz_clone3(&(0x7f0000000440)={0x2000000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x30}, &(0x7f0000000240)=""/172, 0xac, &(0x7f0000000300)=""/196, &(0x7f0000000400)=[r2, 0x0, r3, 0x0, 0xffffffffffffffff, 0x0, r4], 0x7, {r1}}, 0x58)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000100)=""/76)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
socket$igmp6(0xa, 0x3, 0x2)

09:48:39 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000240)={0x0, 0x29b, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000040)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000140)) (async, rerun: 64)
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000180)) (rerun: 64)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x2, &(0x7f00000001c0)={0x0, 0x0, 0x4, @tid=r1}, &(0x7f0000000200)) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r3, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @loopback}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) (async)
sched_rr_get_interval(r1, &(0x7f0000000100)) (async, rerun: 32)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (rerun: 32)

[ 2669.664151][T26996] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2669.671963][T26996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2669.679776][T26996] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2669.687586][T26996]  </TASK>
09:48:39 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 78)

09:48:39 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fcdbdf25040000000c00068006000e004e2200001c000280080009006af8ffff0006000b000272ff6911000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4041}, 0x4004001)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000440)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000480))
openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x204000, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), r0)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0x74, r2, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7fffffff}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x5}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
setsockopt$MRT6_ASSERT(r0, 0x29, 0xcf, &(0x7f0000000080), 0x4)

09:48:39 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fcdbdf25040000000c00068006000e004e2200001c000280080009006af8ffff0006000b000272ff6911000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4041}, 0x4004001)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000440)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000480))
openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x204000, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), r0)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0x74, r2, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7fffffff}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x5}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x4}, 0x40000) (async)
setsockopt$MRT6_ASSERT(r0, 0x29, 0xcf, &(0x7f0000000080), 0x4)

09:48:39 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r6, 0xd000941e, &(0x7f0000000580)={0x0, "6245b7463551de2a75f5205c1cde0d3b"})

09:48:39 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0x61, 0x100800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_genetlink_get_family_id$devlink(&(0x7f00000004c0), r1) (async)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f00000002c0)) (async)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r3, &(0x7f00000002c0)) (async)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r4, &(0x7f00000002c0)) (async)
syz_clone3(&(0x7f0000000440)={0x2000000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x30}, &(0x7f0000000240)=""/172, 0xac, &(0x7f0000000300)=""/196, &(0x7f0000000400)=[r2, 0x0, r3, 0x0, 0xffffffffffffffff, 0x0, r4], 0x7, {r1}}, 0x58) (async)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000100)=""/76) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
socket$igmp6(0xa, 0x3, 0x2)

09:48:39 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fcdbdf25040000000c00068006000e004e2200001c000280080009006af8ffff0006000b000272ff6911000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4041}, 0x4004001) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000440)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000480))
openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x204000, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), r0)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0x74, r2, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7fffffff}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x5}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
setsockopt$MRT6_ASSERT(r0, 0x29, 0xcf, &(0x7f0000000080), 0x4)

09:48:39 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)

09:48:39 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000240)={0x0, 0x29b, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000040))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000140))
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000180))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x2, &(0x7f00000001c0)={0x0, 0x0, 0x4, @tid=r1}, &(0x7f0000000200))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r3, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @loopback}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004)
sched_rr_get_interval(r1, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
syz_io_uring_setup(0x1a64, &(0x7f0000000240)={0x0, 0x29b, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000040)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000140)) (async)
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000180)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
timer_create(0x2, &(0x7f00000001c0)={0x0, 0x0, 0x4, @tid=r1}, &(0x7f0000000200)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), 0xffffffffffffffff) (async)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r3, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @loopback}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) (async)
sched_rr_get_interval(r1, &(0x7f0000000100)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)

[ 2669.743083][T27050] FAULT_INJECTION: forcing a failure.
[ 2669.743083][T27050] name failslab, interval 1, probability 0, space 0, times 0
[ 2669.813806][T27050] CPU: 0 PID: 27050 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2669.825266][T27050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2669.835163][T27050] Call Trace:
[ 2669.838288][T27050]  <TASK>
[ 2669.841063][T27050]  dump_stack_lvl+0x151/0x1b7
[ 2669.845580][T27050]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2669.850877][T27050]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 2669.857123][T27050]  dump_stack+0x15/0x17
09:48:39 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x13, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x6c, 0x0, 0x0, 0x1, 0x0, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000090)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r1)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x13, r0, 0x10000000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x6c, 0x0, 0x0, 0x1, 0x0, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000090) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r1) (async)

09:48:39 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x3954, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x1})

[ 2669.861112][T27050]  should_fail+0x3c0/0x510
[ 2669.865373][T27050]  __should_failslab+0x9f/0xe0
[ 2669.869976][T27050]  should_failslab+0x9/0x20
[ 2669.874304][T27050]  kmem_cache_alloc+0x4f/0x2f0
[ 2669.878906][T27050]  ? anon_vma_fork+0xf7/0x4f0
[ 2669.883416][T27050]  anon_vma_fork+0xf7/0x4f0
[ 2669.887755][T27050]  ? anon_vma_name+0x43/0x70
[ 2669.892185][T27050]  dup_mmap+0x750/0xea0
[ 2669.896176][T27050]  ? __delayed_free_task+0x20/0x20
[ 2669.901127][T27050]  ? mm_init+0x807/0x960
[ 2669.905203][T27050]  dup_mm+0x91/0x330
[ 2669.908934][T27050]  copy_mm+0x108/0x1b0
[ 2669.912838][T27050]  copy_process+0x1295/0x3250
[ 2669.917362][T27050]  ? proc_fail_nth_write+0x213/0x290
[ 2669.922481][T27050]  ? proc_fail_nth_read+0x220/0x220
[ 2669.927517][T27050]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2669.932453][T27050]  ? vfs_write+0x9af/0x1050
[ 2669.936796][T27050]  kernel_clone+0x22d/0x990
[ 2669.941132][T27050]  ? file_end_write+0x1b0/0x1b0
[ 2669.945818][T27050]  ? __kasan_check_write+0x14/0x20
[ 2669.950773][T27050]  ? create_io_thread+0x1e0/0x1e0
[ 2669.955628][T27050]  ? __mutex_lock_slowpath+0x10/0x10
[ 2669.960746][T27050]  __x64_sys_clone+0x289/0x310
[ 2669.965349][T27050]  ? __do_sys_vfork+0x130/0x130
[ 2669.970031][T27050]  ? debug_smp_processor_id+0x17/0x20
[ 2669.975246][T27050]  do_syscall_64+0x44/0xd0
[ 2669.979490][T27050]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2669.985219][T27050] RIP: 0033:0x7f5b7e88a639
[ 2669.989475][T27050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2670.008926][T27050] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2670.017159][T27050] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2670.024969][T27050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2670.032885][T27050] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2670.040693][T27050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2670.048505][T27050] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2670.056318][T27050]  </TASK>
[ 2670.062551][T27050] ==================================================================
[ 2670.070429][T27050] BUG: KASAN: use-after-free in vm_area_free+0x7e/0x230
[ 2670.077201][T27050] Write of size 4 at addr ffff88810d564be8 by task syz-executor.2/27050
[ 2670.085358][T27050] 
[ 2670.087547][T27050] CPU: 1 PID: 27050 Comm: syz-executor.2 Tainted: G        W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2670.098983][T27050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2670.108879][T27050] Call Trace:
[ 2670.112001][T27050]  <TASK>
[ 2670.114782][T27050]  dump_stack_lvl+0x151/0x1b7
[ 2670.119294][T27050]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2670.124588][T27050]  ? panic+0x727/0x727
[ 2670.128491][T27050]  ? slab_free_freelist_hook+0xc9/0x1a0
[ 2670.133873][T27050]  print_address_description+0x87/0x3d0
[ 2670.139256][T27050]  kasan_report+0x1a6/0x1f0
[ 2670.143595][T27050]  ? vm_area_free+0x7e/0x230
[ 2670.148021][T27050]  ? vm_area_free+0x7e/0x230
[ 2670.152446][T27050]  kasan_check_range+0x2aa/0x2e0
[ 2670.157225][T27050]  __kasan_check_write+0x14/0x20
[ 2670.161997][T27050]  vm_area_free+0x7e/0x230
[ 2670.166248][T27050]  dup_mmap+0xbcd/0xea0
[ 2670.170241][T27050]  ? __delayed_free_task+0x20/0x20
[ 2670.175188][T27050]  ? mm_init+0x807/0x960
[ 2670.179267][T27050]  dup_mm+0x91/0x330
[ 2670.182999][T27050]  copy_mm+0x108/0x1b0
[ 2670.186906][T27050]  copy_process+0x1295/0x3250
[ 2670.191417][T27050]  ? proc_fail_nth_write+0x213/0x290
[ 2670.196544][T27050]  ? proc_fail_nth_read+0x220/0x220
[ 2670.201573][T27050]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2670.206517][T27050]  ? vfs_write+0x9af/0x1050
[ 2670.210861][T27050]  kernel_clone+0x22d/0x990
[ 2670.215197][T27050]  ? file_end_write+0x1b0/0x1b0
[ 2670.219886][T27050]  ? __kasan_check_write+0x14/0x20
[ 2670.224830][T27050]  ? create_io_thread+0x1e0/0x1e0
[ 2670.229692][T27050]  ? __mutex_lock_slowpath+0x10/0x10
[ 2670.234812][T27050]  __x64_sys_clone+0x289/0x310
[ 2670.239411][T27050]  ? __do_sys_vfork+0x130/0x130
[ 2670.244100][T27050]  ? debug_smp_processor_id+0x17/0x20
[ 2670.249307][T27050]  do_syscall_64+0x44/0xd0
[ 2670.253558][T27050]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2670.259296][T27050] RIP: 0033:0x7f5b7e88a639
[ 2670.263543][T27050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2670.282982][T27050] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2670.291226][T27050] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2670.299036][T27050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2670.306857][T27050] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2670.314661][T27050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2670.322470][T27050] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2670.330286][T27050]  </TASK>
[ 2670.333154][T27050] 
[ 2670.335341][T27050] Allocated by task 26996:
[ 2670.339567][T27050]  __kasan_slab_alloc+0xb2/0xe0
[ 2670.344253][T27050]  kmem_cache_alloc+0x189/0x2f0
[ 2670.348941][T27050]  vm_area_dup+0x26/0x1d0
[ 2670.353105][T27050]  dup_mmap+0x6b8/0xea0
[ 2670.357100][T27050]  dup_mm+0x91/0x330
[ 2670.360841][T27050]  copy_mm+0x108/0x1b0
[ 2670.364736][T27050]  copy_process+0x1295/0x3250
[ 2670.369250][T27050]  kernel_clone+0x22d/0x990
[ 2670.373589][T27050]  __x64_sys_clone+0x289/0x310
[ 2670.378187][T27050]  do_syscall_64+0x44/0xd0
[ 2670.382441][T27050]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2670.388169][T27050] 
[ 2670.390340][T27050] Freed by task 27033:
[ 2670.394245][T27050]  kasan_set_track+0x4c/0x70
[ 2670.398694][T27050]  kasan_set_free_info+0x23/0x40
[ 2670.403443][T27050]  ____kasan_slab_free+0x126/0x160
[ 2670.408391][T27050]  __kasan_slab_free+0x11/0x20
[ 2670.412989][T27050]  slab_free_freelist_hook+0xc9/0x1a0
[ 2670.418198][T27050]  kmem_cache_free+0x11a/0x2e0
[ 2670.422816][T27050]  vm_area_free+0x1ae/0x230
[ 2670.427137][T27050]  exit_mmap+0x5dd/0x7a0
[ 2670.431218][T27050]  __mmput+0x95/0x300
[ 2670.435036][T27050]  mmput+0x50/0x60
[ 2670.438596][T27050]  exit_mm+0x50d/0x760
[ 2670.442502][T27050]  do_exit+0x63c/0x24d0
[ 2670.446495][T27050]  __ia32_sys_exit+0x0/0x40
[ 2670.450832][T27050]  do_syscall_64+0x44/0xd0
[ 2670.455106][T27050]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2670.460813][T27050] 
[ 2670.462982][T27050] The buggy address belongs to the object at ffff88810d564b90
[ 2670.462982][T27050]  which belongs to the cache vm_area_struct of size 232
[ 2670.477129][T27050] The buggy address is located 88 bytes inside of
[ 2670.477129][T27050]  232-byte region [ffff88810d564b90, ffff88810d564c78)
[ 2670.490149][T27050] The buggy address belongs to the page:
[ 2670.495620][T27050] page:ffffea0004355900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d564
[ 2670.505684][T27050] flags: 0x4000000000000200(slab|zone=1)
09:48:40 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0x61, 0x100800) (async)
fsetxattr$security_selinux(r1, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_genetlink_get_family_id$devlink(&(0x7f00000004c0), r1) (async)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r2, &(0x7f00000002c0)) (async)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r3, &(0x7f00000002c0)) (async)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r4, &(0x7f00000002c0))
syz_clone3(&(0x7f0000000440)={0x2000000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x30}, &(0x7f0000000240)=""/172, 0xac, &(0x7f0000000300)=""/196, &(0x7f0000000400)=[r2, 0x0, r3, 0x0, 0xffffffffffffffff, 0x0, r4], 0x7, {r1}}, 0x58)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000100)=""/76)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
socket$igmp6(0xa, 0x3, 0x2)

09:48:40 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)

[ 2670.511163][T27050] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100274000
[ 2670.519583][T27050] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
[ 2670.527998][T27050] page dumped because: kasan: bad access detected
[ 2670.534238][T27050] page_owner tracks the page as allocated
[ 2670.539792][T27050] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 23440, ts 2649683670156, free_ts 2649624046343
[ 2670.556024][T27050]  post_alloc_hook+0x1ab/0x1b0
[ 2670.560625][T27050]  get_page_from_freelist+0x38b/0x400
[ 2670.565831][T27050]  __alloc_pages+0x3a8/0x7c0
[ 2670.570256][T27050]  allocate_slab+0x62/0x580
[ 2670.574599][T27050]  ___slab_alloc+0x2e2/0x6f0
[ 2670.579020][T27050]  __slab_alloc+0x4a/0x90
[ 2670.583185][T27050]  kmem_cache_alloc+0x205/0x2f0
[ 2670.587871][T27050]  vm_area_alloc+0x24/0x130
[ 2670.592210][T27050]  mmap_region+0xb80/0x1af0
[ 2670.596550][T27050]  do_mmap+0x785/0xe40
[ 2670.600470][T27050]  vm_mmap_pgoff+0x1d4/0x420
[ 2670.604883][T27050]  ksys_mmap_pgoff+0x15d/0x1e0
[ 2670.609481][T27050]  __x64_sys_mmap+0x103/0x120
[ 2670.613993][T27050]  do_syscall_64+0x44/0xd0
[ 2670.618247][T27050]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2670.624083][T27050] page last free stack trace:
[ 2670.628595][T27050]  free_pcp_prepare+0x448/0x450
[ 2670.633281][T27050]  free_unref_page+0x9c/0x370
[ 2670.637796][T27050]  __free_pages+0xd8/0x100
[ 2670.642046][T27050]  __vunmap+0x846/0x980
[ 2670.646039][T27050]  free_work+0x66/0x90
[ 2670.649945][T27050]  process_one_work+0x6db/0xc00
[ 2670.654634][T27050]  worker_thread+0xb3e/0x1340
[ 2670.659156][T27050]  kthread+0x41c/0x500
[ 2670.663050][T27050]  ret_from_fork+0x1f/0x30
[ 2670.667305][T27050] 
[ 2670.669479][T27050] Memory state around the buggy address:
[ 2670.674944][T27050]  ffff88810d564a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2670.682841][T27050]  ffff88810d564b00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[ 2670.690747][T27050] >ffff88810d564b80: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2670.698646][T27050]                                                           ^
[ 2670.705934][T27050]  ffff88810d564c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
09:48:40 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 79)

09:48:40 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x3954, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x1})

09:48:40 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x80901)
r2 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x100, 0xba45e19deb0d296d)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.io_service_time\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1b, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1836000003000000000000000000000020561aa728d6f9ff185800000600000000000000000000005c80af00010000005000fcffffff8b4e6f00b6b88bb10cf6d91c1068e801f59bff5ffb4b23b0010e571a51bd332812606b2cb095aab126981636f27385278e2bfc0700"/122], &(0x7f0000000140)='syzkaller\x00', 0xe7fe, 0xb0, &(0x7f0000000180)=""/176, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x10, 0xffffff7f, 0x6}, 0x10, 0x0, r0, 0x0, &(0x7f0000000380)=[r1, r2, r3]}, 0x80)
r4 = syz_io_uring_setup(0x5615, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r4, 0x10000000)

09:48:40 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000000))

09:48:40 executing program 0:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x13, r0, 0x10000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x6c, 0x0, 0x0, 0x1, 0x0, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000090)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r1)

09:48:40 executing program 4:
r0 = syz_io_uring_setup(0xd4a, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000100))
read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020}, 0x2020)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

[ 2670.713832][T27050]  ffff88810d564c80: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb
[ 2670.721723][T27050] ==================================================================
[ 2670.729622][T27050] Disabling lock debugging due to kernel taint
09:48:40 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x80901)
r2 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x100, 0xba45e19deb0d296d)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.io_service_time\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1b, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1836000003000000000000000000000020561aa728d6f9ff185800000600000000000000000000005c80af00010000005000fcffffff8b4e6f00b6b88bb10cf6d91c1068e801f59bff5ffb4b23b0010e571a51bd332812606b2cb095aab126981636f27385278e2bfc0700"/122], &(0x7f0000000140)='syzkaller\x00', 0xe7fe, 0xb0, &(0x7f0000000180)=""/176, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x10, 0xffffff7f, 0x6}, 0x10, 0x0, r0, 0x0, &(0x7f0000000380)=[r1, r2, r3]}, 0x80)
r4 = syz_io_uring_setup(0x5615, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r4, 0x10000000)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x80901) (async)
openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x100, 0xba45e19deb0d296d) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.io_service_time\x00', 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1b, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1836000003000000000000000000000020561aa728d6f9ff185800000600000000000000000000005c80af00010000005000fcffffff8b4e6f00b6b88bb10cf6d91c1068e801f59bff5ffb4b23b0010e571a51bd332812606b2cb095aab126981636f27385278e2bfc0700"/122], &(0x7f0000000140)='syzkaller\x00', 0xe7fe, 0xb0, &(0x7f0000000180)=""/176, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x10, 0xffffff7f, 0x6}, 0x10, 0x0, r0, 0x0, &(0x7f0000000380)=[r1, r2, r3]}, 0x80) (async)
syz_io_uring_setup(0x5615, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r4, 0x10000000) (async)

09:48:40 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x3954, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x1})

09:48:40 executing program 4:
r0 = syz_io_uring_setup(0xd4a, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000100)) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020}, 0x2020)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:40 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r2 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={<r3=>r1, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r1, r2)
r4 = syz_io_uring_complete(0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r5, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)

09:48:40 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r0, r1)
r3 = syz_io_uring_complete(0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r4, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r3, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, r4, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000)

[ 2670.820543][T27136] FAULT_INJECTION: forcing a failure.
[ 2670.820543][T27136] name fail_page_alloc, interval 1, probability 0, space 0, times 0
09:48:40 executing program 5:
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x80901)
r2 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x100, 0xba45e19deb0d296d)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.io_service_time\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1b, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1836000003000000000000000000000020561aa728d6f9ff185800000600000000000000000000005c80af00010000005000fcffffff8b4e6f00b6b88bb10cf6d91c1068e801f59bff5ffb4b23b0010e571a51bd332812606b2cb095aab126981636f27385278e2bfc0700"/122], &(0x7f0000000140)='syzkaller\x00', 0xe7fe, 0xb0, &(0x7f0000000180)=""/176, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x10, 0xffffff7f, 0x6}, 0x10, 0x0, r0, 0x0, &(0x7f0000000380)=[r1, r2, r3]}, 0x80)
r4 = syz_io_uring_setup(0x5615, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r4, 0x10000000)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r0, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x80901) (async)
openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x100, 0xba45e19deb0d296d) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.io_service_time\x00', 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1b, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1836000003000000000000000000000020561aa728d6f9ff185800000600000000000000000000005c80af00010000005000fcffffff8b4e6f00b6b88bb10cf6d91c1068e801f59bff5ffb4b23b0010e571a51bd332812606b2cb095aab126981636f27385278e2bfc0700"/122], &(0x7f0000000140)='syzkaller\x00', 0xe7fe, 0xb0, &(0x7f0000000180)=""/176, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x10, 0xffffff7f, 0x6}, 0x10, 0x0, r0, 0x0, &(0x7f0000000380)=[r1, r2, r3]}, 0x80) (async)
syz_io_uring_setup(0x5615, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r4, 0x10000000) (async)

[ 2670.874596][T27136] CPU: 1 PID: 27136 Comm: syz-executor.2 Tainted: G    B   W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2670.886060][T27136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2670.895956][T27136] Call Trace:
[ 2670.899077][T27136]  <TASK>
[ 2670.901857][T27136]  dump_stack_lvl+0x151/0x1b7
[ 2670.906368][T27136]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2670.911668][T27136]  ? __switch_to+0x617/0x1170
[ 2670.916173][T27136]  ? native_set_ldt+0x360/0x360
[ 2670.920860][T27136]  dump_stack+0x15/0x17
[ 2670.924858][T27136]  should_fail+0x3c0/0x510
[ 2670.929107][T27136]  should_fail_alloc_page+0x58/0x70
[ 2670.934137][T27136]  __alloc_pages+0x1de/0x7c0
[ 2670.938565][T27136]  ? __count_vm_events+0x30/0x30
[ 2670.943339][T27136]  pte_alloc_one+0x73/0x1b0
[ 2670.947677][T27136]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 2670.952719][T27136]  __pte_alloc+0x86/0x350
[ 2670.956876][T27136]  ? is_module_text_address+0xe1/0x140
[ 2670.962182][T27136]  ? free_pgtables+0x210/0x210
[ 2670.966770][T27136]  ? __kernel_text_address+0x9a/0x110
[ 2670.971977][T27136]  ? unwind_get_return_address+0x4c/0x90
[ 2670.977457][T27136]  copy_pte_range+0x1b1f/0x20b0
[ 2670.982133][T27136]  ? stack_trace_save+0x12d/0x1f0
[ 2670.987015][T27136]  ? anon_vma_clone+0xa1/0x4f0
[ 2670.991598][T27136]  ? __kunmap_atomic+0x80/0x80
[ 2670.996192][T27136]  ? dup_mmap+0x750/0xea0
[ 2671.000359][T27136]  ? dup_mm+0x91/0x330
[ 2671.004264][T27136]  ? copy_mm+0x108/0x1b0
[ 2671.008342][T27136]  ? copy_process+0x1295/0x3250
[ 2671.013030][T27136]  ? kernel_clone+0x22d/0x990
[ 2671.017544][T27136]  ? __x64_sys_clone+0x289/0x310
[ 2671.022314][T27136]  ? do_syscall_64+0x44/0xd0
[ 2671.026743][T27136]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2671.032645][T27136]  copy_page_range+0xc1e/0x1090
[ 2671.037333][T27136]  ? pfn_valid+0x1e0/0x1e0
[ 2671.041593][T27136]  dup_mmap+0x99f/0xea0
[ 2671.045578][T27136]  ? __delayed_free_task+0x20/0x20
[ 2671.050531][T27136]  ? mm_init+0x807/0x960
[ 2671.054603][T27136]  dup_mm+0x91/0x330
[ 2671.058336][T27136]  copy_mm+0x108/0x1b0
[ 2671.062240][T27136]  copy_process+0x1295/0x3250
[ 2671.066754][T27136]  ? proc_fail_nth_write+0x213/0x290
[ 2671.071873][T27136]  ? proc_fail_nth_read+0x220/0x220
[ 2671.076913][T27136]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2671.081855][T27136]  ? vfs_write+0x9af/0x1050
[ 2671.086200][T27136]  kernel_clone+0x22d/0x990
[ 2671.090536][T27136]  ? file_end_write+0x1b0/0x1b0
[ 2671.095219][T27136]  ? __kasan_check_write+0x14/0x20
[ 2671.100167][T27136]  ? create_io_thread+0x1e0/0x1e0
[ 2671.105028][T27136]  ? __mutex_lock_slowpath+0x10/0x10
[ 2671.110149][T27136]  __x64_sys_clone+0x289/0x310
[ 2671.114749][T27136]  ? __do_sys_vfork+0x130/0x130
[ 2671.119445][T27136]  ? debug_smp_processor_id+0x17/0x20
[ 2671.124681][T27136]  do_syscall_64+0x44/0xd0
[ 2671.128896][T27136]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2671.134623][T27136] RIP: 0033:0x7f5b7e88a639
[ 2671.138877][T27136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2671.158317][T27136] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2671.166569][T27136] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2671.174373][T27136] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2671.182185][T27136] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2671.189994][T27136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2671.197807][T27136] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2671.205621][T27136]  </TASK>
09:48:40 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 80)

09:48:40 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0xfffffffc}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:40 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
mmap$IORING_OFF_SQES(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x10000000)

09:48:40 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r0, r1)
syz_io_uring_complete(0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x228, r3, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x228}, 0x1, 0x0, 0x0, 0x4}, 0x8014)

09:48:40 executing program 4:
r0 = syz_io_uring_setup(0xd4a, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000100)) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020}, 0x2020)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:40 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000002440)={&(0x7f0000002240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002400)={&(0x7f0000002480)={0x120, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xc}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x6c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x31}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0xc}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, '\x00', 0xb}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1c}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x13}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x120}, 0x1, 0x0, 0x0, 0x10}, 0x4004804)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
timer_create(0x4, &(0x7f0000002140)={0x0, 0x3e, 0x2, @tid=r3}, &(0x7f0000002180))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, &(0x7f00000021c0))

09:48:40 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0xfffffffc}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:40 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0xfffffffc}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:40 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x10000000)

09:48:40 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r0, r1)
syz_io_uring_complete(0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)

[ 2671.398039][T27206] FAULT_INJECTION: forcing a failure.
[ 2671.398039][T27206] name failslab, interval 1, probability 0, space 0, times 0
[ 2671.428439][T27206] CPU: 1 PID: 27206 Comm: syz-executor.2 Tainted: G    B   W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2671.439892][T27206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2671.449790][T27206] Call Trace:
[ 2671.452913][T27206]  <TASK>
[ 2671.455689][T27206]  dump_stack_lvl+0x151/0x1b7
[ 2671.460209][T27206]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2671.465499][T27206]  dump_stack+0x15/0x17
[ 2671.469492][T27206]  should_fail+0x3c0/0x510
[ 2671.473746][T27206]  __should_failslab+0x9f/0xe0
[ 2671.478339][T27206]  should_failslab+0x9/0x20
[ 2671.482682][T27206]  kmem_cache_alloc+0x4f/0x2f0
[ 2671.487282][T27206]  ? vm_area_dup+0x26/0x1d0
[ 2671.491618][T27206]  ? __kasan_check_read+0x11/0x20
09:48:41 executing program 5:
syz_io_uring_setup(0x489c, &(0x7f0000000640)={0x0, 0xd407, 0x0, 0x2, 0xe9}, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000006c0), &(0x7f0000000700))
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000140)={0x0, 0x100, 0x7, 0x1})
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='devices.list\x00', 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000580)=r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x1, 0x80000001)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r2, 0x8004f50e, &(0x7f0000001540))
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000b"], 0x48, 0xfffffffffffffffe)
r3 = socket$pptp(0x18, 0x1, 0x2)
r4 = openat(r1, &(0x7f0000000740)='./file0\x00', 0x200000, 0x2)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000780)=""/252, &(0x7f0000000880)=""/174, &(0x7f0000000940)=""/127, 0x4000})
ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
socket(0x1d, 0x800, 0x5)

09:48:41 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000002440)={&(0x7f0000002240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002400)={&(0x7f0000002480)={0x120, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xc}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x6c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x31}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0xc}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, '\x00', 0xb}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1c}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x13}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x120}, 0x1, 0x0, 0x0, 0x10}, 0x4004804) (async)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
timer_create(0x4, &(0x7f0000002140)={0x0, 0x3e, 0x2, @tid=r3}, &(0x7f0000002180)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000) (async)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, &(0x7f00000021c0))

[ 2671.496486][T27206]  vm_area_dup+0x26/0x1d0
[ 2671.500649][T27206]  dup_mmap+0x6b8/0xea0
[ 2671.504641][T27206]  ? __delayed_free_task+0x20/0x20
[ 2671.509587][T27206]  ? mm_init+0x807/0x960
[ 2671.513666][T27206]  dup_mm+0x91/0x330
[ 2671.517396][T27206]  copy_mm+0x108/0x1b0
[ 2671.521305][T27206]  copy_process+0x1295/0x3250
[ 2671.525814][T27206]  ? proc_fail_nth_write+0x213/0x290
[ 2671.530939][T27206]  ? proc_fail_nth_read+0x220/0x220
[ 2671.535996][T27206]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2671.540917][T27206]  ? vfs_write+0x9af/0x1050
[ 2671.545257][T27206]  kernel_clone+0x22d/0x990
[ 2671.549595][T27206]  ? file_end_write+0x1b0/0x1b0
[ 2671.554282][T27206]  ? __kasan_check_write+0x14/0x20
[ 2671.559233][T27206]  ? create_io_thread+0x1e0/0x1e0
[ 2671.564088][T27206]  ? __mutex_lock_slowpath+0x10/0x10
[ 2671.569208][T27206]  __x64_sys_clone+0x289/0x310
[ 2671.573807][T27206]  ? __do_sys_vfork+0x130/0x130
[ 2671.578493][T27206]  ? debug_smp_processor_id+0x17/0x20
[ 2671.583700][T27206]  do_syscall_64+0x44/0xd0
[ 2671.587956][T27206]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2671.593682][T27206] RIP: 0033:0x7f5b7e88a639
[ 2671.597944][T27206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2671.617374][T27206] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2671.625620][T27206] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2671.633432][T27206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2671.641244][T27206] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
09:48:41 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 81)

09:48:41 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x10000000)

09:48:41 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000002440)={&(0x7f0000002240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002400)={&(0x7f0000002480)={0x120, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xc}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x6c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x31}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0xc}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, '\x00', 0xb}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1c}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x13}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x120}, 0x1, 0x0, 0x0, 0x10}, 0x4004804) (async)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
timer_create(0x4, &(0x7f0000002140)={0x0, 0x3e, 0x2, @tid=r3}, &(0x7f0000002180))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, &(0x7f00000021c0))

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r0, r1)
syz_io_uring_complete(0x0)

09:48:41 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_setup(0x6f91, &(0x7f0000000380)={0x0, 0x464e, 0x4, 0x3, 0x392, 0x0, r0})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0000000000000039c10001000000"], 0x14}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000880)={0x8, 0x2, {0x5, @usage=0x1f, 0x0, 0x1, 0x48, 0x20b, 0x7, 0x5, 0x40, @struct={0x4, 0x63fa}, 0x6, 0x4, [0x1c0, 0xfffffffffffffffe, 0xa90, 0xe92, 0x5, 0x1]}, {0x6, @struct={0x1, 0x1}, 0x0, 0x8, 0x3, 0x80, 0x1000, 0xfff, 0x4c4, @struct={0xe3c, 0x3}, 0x1, 0x8, [0x0, 0x80, 0x9, 0x2, 0xe6]}, {0x9, @usage=0x9, <r3=>0x0, 0x7ff, 0x2, 0x7ff, 0x9, 0x4, 0x1, @struct={0x4, 0x3f000000}, 0x0, 0x718, [0xfb12, 0x5, 0x6, 0x3, 0x2, 0x1557]}, {0x6, 0x5, 0x3}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000c80)={0x2, 0x1, {0x7, @usage=0x15, 0x0, 0x1, 0x100000001, 0x8, 0x9, 0x5, 0xd1, @struct={0x4, 0x7fff}, 0x68cb, 0xffffffff, [0xc46, 0x3, 0x100000001, 0x7, 0x8, 0x2]}, {0x6, @usage=0x40, r3, 0x39c, 0xd10, 0x1, 0x3, 0xed4, 0x16, @usage=0x40, 0x1, 0x6, [0x1, 0x6, 0x40, 0x80000000, 0x1, 0x2]}, {0x200000000000000, @usage=0x10000, 0x0, 0x7c0f, 0x2, 0x0, 0x5, 0x1, 0x41, @struct={0x1, 0x97}, 0x40, 0x7, [0xf8ba724, 0x9, 0x101, 0x4, 0x1ff, 0x6]}, {0x2, 0xef3, 0x1a}})
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x224, r4, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x224}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xac, r4, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0xac}, 0x1, 0x0, 0x0, 0x4040884}, 0x48080)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000540)={0x194, r4, 0x112, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x9}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf9, 0xa9, @random="4ae63912441dd0db9b0f38ec966688962491a5f0ad75f65136d05eb2c6826c12f2628fd70b5f77067871f3ca1e5f295c09603a71ebd9a893b5396f7e1633f98acbf2abbbe7add130e4523a38dd1886d93fc47d2cf1405ef9eea8b79b69eb7f82a77baf30d4233f6b1cba1ee5d07e0bdb8afaa7d28a04586668e6aa856980e6626a4a28bbc719c46dc43d40d0c5f1e1109111f751ffd2250f0453a98ee96acb56d9aefbee1caa5b9c553799f10eb08ad4c672c48ea1881bb5174ff1637b2abcc55426b4cc8467a7346e46cbbcb239a0232997453f267acc4358d9ae9443b42668baa01e1cb976bb33be5e9c4479857d122296adc737"}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x7}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x194}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000090)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r5, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x4c, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:system_map_t:s0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:41 executing program 5:
syz_io_uring_setup(0x489c, &(0x7f0000000640)={0x0, 0xd407, 0x0, 0x2, 0xe9}, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000006c0), &(0x7f0000000700))
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000140)={0x0, 0x100, 0x7, 0x1})
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='devices.list\x00', 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000580)=r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x1, 0x80000001)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r2, 0x8004f50e, &(0x7f0000001540))
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000b"], 0x48, 0xfffffffffffffffe)
r3 = socket$pptp(0x18, 0x1, 0x2)
r4 = openat(r1, &(0x7f0000000740)='./file0\x00', 0x200000, 0x2)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000780)=""/252, &(0x7f0000000880)=""/174, &(0x7f0000000940)=""/127, 0x4000})
ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
socket(0x1d, 0x800, 0x5)
syz_io_uring_setup(0x489c, &(0x7f0000000640)={0x0, 0xd407, 0x0, 0x2, 0xe9}, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000006c0), &(0x7f0000000700)) (async)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000140)={0x0, 0x100, 0x7, 0x1}) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='devices.list\x00', 0x0, 0x0) (async)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000580)=r1) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$inet(0x2, 0x1, 0x80000001) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$F2FS_IOC_GET_PIN_FILE(r2, 0x8004f50e, &(0x7f0000001540)) (async)
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000b"], 0x48, 0xfffffffffffffffe) (async)
socket$pptp(0x18, 0x1, 0x2) (async)
openat(r1, &(0x7f0000000740)='./file0\x00', 0x200000, 0x2) (async)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000780)=""/252, &(0x7f0000000880)=""/174, &(0x7f0000000940)=""/127, 0x4000}) (async)
ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000100)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
socket(0x1d, 0x800, 0x5) (async)

[ 2671.649054][T27206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2671.656865][T27206] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2671.664677][T27206]  </TASK>
09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x4fa})
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x615f882f}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2f3dab143b383ad5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xbc}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000c0}, 0x40000)
dup2(r0, r1)

09:48:41 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f00000001c0)={0x0, 0xef4, 0x4, 0x1})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x10001}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1000}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40800}, 0x80)
syz_io_uring_setup(0x1a65, &(0x7f0000000000)={0x0, 0x0, 0x200}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r2 = socket(0x5, 0x80000, 0xff)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000005c0), r0)
sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f00000006c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000a}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x54, r3, 0x800, 0x70bd29, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40840)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r4=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r4)
syz_io_uring_complete(r4)

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={r0, 0x4fa})
dup2(r0, r1)

[ 2671.691935][T27235] FAULT_INJECTION: forcing a failure.
[ 2671.691935][T27235] name failslab, interval 1, probability 0, space 0, times 0
09:48:41 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_setup(0x6f91, &(0x7f0000000380)={0x0, 0x464e, 0x4, 0x3, 0x392, 0x0, r0}) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0000000000000039c10001000000"], 0x14}}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000880)={0x8, 0x2, {0x5, @usage=0x1f, 0x0, 0x1, 0x48, 0x20b, 0x7, 0x5, 0x40, @struct={0x4, 0x63fa}, 0x6, 0x4, [0x1c0, 0xfffffffffffffffe, 0xa90, 0xe92, 0x5, 0x1]}, {0x6, @struct={0x1, 0x1}, 0x0, 0x8, 0x3, 0x80, 0x1000, 0xfff, 0x4c4, @struct={0xe3c, 0x3}, 0x1, 0x8, [0x0, 0x80, 0x9, 0x2, 0xe6]}, {0x9, @usage=0x9, <r3=>0x0, 0x7ff, 0x2, 0x7ff, 0x9, 0x4, 0x1, @struct={0x4, 0x3f000000}, 0x0, 0x718, [0xfb12, 0x5, 0x6, 0x3, 0x2, 0x1557]}, {0x6, 0x5, 0x3}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000c80)={0x2, 0x1, {0x7, @usage=0x15, 0x0, 0x1, 0x100000001, 0x8, 0x9, 0x5, 0xd1, @struct={0x4, 0x7fff}, 0x68cb, 0xffffffff, [0xc46, 0x3, 0x100000001, 0x7, 0x8, 0x2]}, {0x6, @usage=0x40, r3, 0x39c, 0xd10, 0x1, 0x3, 0xed4, 0x16, @usage=0x40, 0x1, 0x6, [0x1, 0x6, 0x40, 0x80000000, 0x1, 0x2]}, {0x200000000000000, @usage=0x10000, 0x0, 0x7c0f, 0x2, 0x0, 0x5, 0x1, 0x41, @struct={0x1, 0x97}, 0x40, 0x7, [0xf8ba724, 0x9, 0x101, 0x4, 0x1ff, 0x6]}, {0x2, 0xef3, 0x1a}}) (async)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x224, r4, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x224}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xac, r4, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0xac}, 0x1, 0x0, 0x0, 0x4040884}, 0x48080)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000540)={0x194, r4, 0x112, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x9}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf9, 0xa9, @random="4ae63912441dd0db9b0f38ec966688962491a5f0ad75f65136d05eb2c6826c12f2628fd70b5f77067871f3ca1e5f295c09603a71ebd9a893b5396f7e1633f98acbf2abbbe7add130e4523a38dd1886d93fc47d2cf1405ef9eea8b79b69eb7f82a77baf30d4233f6b1cba1ee5d07e0bdb8afaa7d28a04586668e6aa856980e6626a4a28bbc719c46dc43d40d0c5f1e1109111f751ffd2250f0453a98ee96acb56d9aefbee1caa5b9c553799f10eb08ad4c672c48ea1881bb5174ff1637b2abcc55426b4cc8467a7346e46cbbcb239a0232997453f267acc4358d9ae9443b42668baa01e1cb976bb33be5e9c4479857d122296adc737"}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x7}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x194}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000090) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r5, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x4c, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:system_map_t:s0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:41 executing program 5:
syz_io_uring_setup(0x489c, &(0x7f0000000640)={0x0, 0xd407, 0x0, 0x2, 0xe9}, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000006c0), &(0x7f0000000700))
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000140)={0x0, 0x100, 0x7, 0x1}) (async)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='devices.list\x00', 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000580)=r1) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x1, 0x80000001) (async)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r2, 0x8004f50e, &(0x7f0000001540)) (async)
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000b"], 0x48, 0xfffffffffffffffe)
r3 = socket$pptp(0x18, 0x1, 0x2)
r4 = openat(r1, &(0x7f0000000740)='./file0\x00', 0x200000, 0x2)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000780)=""/252, &(0x7f0000000880)=""/174, &(0x7f0000000940)=""/127, 0x4000}) (async)
ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)
socket(0x1d, 0x800, 0x5)

09:48:41 executing program 0:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, 0xffffffffffffffff, 0x10000000)

[ 2671.739721][T27235] CPU: 0 PID: 27235 Comm: syz-executor.2 Tainted: G    B   W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2671.751184][T27235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2671.761082][T27235] Call Trace:
[ 2671.764203][T27235]  <TASK>
[ 2671.766978][T27235]  dump_stack_lvl+0x151/0x1b7
[ 2671.771495][T27235]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2671.776790][T27235]  dump_stack+0x15/0x17
[ 2671.780780][T27235]  should_fail+0x3c0/0x510
[ 2671.785038][T27235]  __should_failslab+0x9f/0xe0
[ 2671.789633][T27235]  should_failslab+0x9/0x20
[ 2671.793988][T27235]  kmem_cache_alloc+0x4f/0x2f0
[ 2671.798571][T27235]  ? vm_area_dup+0x26/0x1d0
[ 2671.802909][T27235]  ? __kasan_check_read+0x11/0x20
[ 2671.807767][T27235]  vm_area_dup+0x26/0x1d0
[ 2671.811931][T27235]  dup_mmap+0x6b8/0xea0
[ 2671.815928][T27235]  ? __delayed_free_task+0x20/0x20
[ 2671.820871][T27235]  ? mm_init+0x807/0x960
[ 2671.824950][T27235]  dup_mm+0x91/0x330
[ 2671.828683][T27235]  copy_mm+0x108/0x1b0
[ 2671.832588][T27235]  copy_process+0x1295/0x3250
[ 2671.837102][T27235]  ? proc_fail_nth_write+0x213/0x290
[ 2671.842222][T27235]  ? proc_fail_nth_read+0x220/0x220
[ 2671.847256][T27235]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2671.852203][T27235]  ? vfs_write+0x9af/0x1050
[ 2671.856544][T27235]  kernel_clone+0x22d/0x990
[ 2671.860882][T27235]  ? file_end_write+0x1b0/0x1b0
[ 2671.865576][T27235]  ? __kasan_check_write+0x14/0x20
[ 2671.870515][T27235]  ? create_io_thread+0x1e0/0x1e0
[ 2671.875377][T27235]  ? __mutex_lock_slowpath+0x10/0x10
[ 2671.880501][T27235]  __x64_sys_clone+0x289/0x310
[ 2671.885097][T27235]  ? __do_sys_vfork+0x130/0x130
[ 2671.889784][T27235]  ? debug_smp_processor_id+0x17/0x20
[ 2671.894996][T27235]  do_syscall_64+0x44/0xd0
[ 2671.899243][T27235]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2671.904973][T27235] RIP: 0033:0x7f5b7e88a639
[ 2671.909224][T27235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2671.928669][T27235] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
09:48:41 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 82)

09:48:41 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_setup(0x6f91, &(0x7f0000000380)={0x0, 0x464e, 0x4, 0x3, 0x392, 0x0, r0})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0000000000000039c10001000000"], 0x14}}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000880)={0x8, 0x2, {0x5, @usage=0x1f, 0x0, 0x1, 0x48, 0x20b, 0x7, 0x5, 0x40, @struct={0x4, 0x63fa}, 0x6, 0x4, [0x1c0, 0xfffffffffffffffe, 0xa90, 0xe92, 0x5, 0x1]}, {0x6, @struct={0x1, 0x1}, 0x0, 0x8, 0x3, 0x80, 0x1000, 0xfff, 0x4c4, @struct={0xe3c, 0x3}, 0x1, 0x8, [0x0, 0x80, 0x9, 0x2, 0xe6]}, {0x9, @usage=0x9, <r3=>0x0, 0x7ff, 0x2, 0x7ff, 0x9, 0x4, 0x1, @struct={0x4, 0x3f000000}, 0x0, 0x718, [0xfb12, 0x5, 0x6, 0x3, 0x2, 0x1557]}, {0x6, 0x5, 0x3}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000c80)={0x2, 0x1, {0x7, @usage=0x15, 0x0, 0x1, 0x100000001, 0x8, 0x9, 0x5, 0xd1, @struct={0x4, 0x7fff}, 0x68cb, 0xffffffff, [0xc46, 0x3, 0x100000001, 0x7, 0x8, 0x2]}, {0x6, @usage=0x40, r3, 0x39c, 0xd10, 0x1, 0x3, 0xed4, 0x16, @usage=0x40, 0x1, 0x6, [0x1, 0x6, 0x40, 0x80000000, 0x1, 0x2]}, {0x200000000000000, @usage=0x10000, 0x0, 0x7c0f, 0x2, 0x0, 0x5, 0x1, 0x41, @struct={0x1, 0x97}, 0x40, 0x7, [0xf8ba724, 0x9, 0x101, 0x4, 0x1ff, 0x6]}, {0x2, 0xef3, 0x1a}})
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x224, r4, 0x10, 0x0, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x224}, 0x1, 0x0, 0x0, 0x4}, 0x8014)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xac, r4, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0xac}, 0x1, 0x0, 0x0, 0x4040884}, 0x48080) (async)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000540)={0x194, r4, 0x112, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x9}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf9, 0xa9, @random="4ae63912441dd0db9b0f38ec966688962491a5f0ad75f65136d05eb2c6826c12f2628fd70b5f77067871f3ca1e5f295c09603a71ebd9a893b5396f7e1633f98acbf2abbbe7add130e4523a38dd1886d93fc47d2cf1405ef9eea8b79b69eb7f82a77baf30d4233f6b1cba1ee5d07e0bdb8afaa7d28a04586668e6aa856980e6626a4a28bbc719c46dc43d40d0c5f1e1109111f751ffd2250f0453a98ee96acb56d9aefbee1caa5b9c553799f10eb08ad4c672c48ea1881bb5174ff1637b2abcc55426b4cc8467a7346e46cbbcb239a0232997453f267acc4358d9ae9443b42668baa01e1cb976bb33be5e9c4479857d122296adc737"}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x7}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x194}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000090)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r5, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x4c, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:system_map_t:s0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)

09:48:41 executing program 0:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, 0xffffffffffffffff, 0x10000000)

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(r0, r1)

09:48:41 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async, rerun: 32)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f00000001c0)={0x0, 0xef4, 0x4, 0x1}) (async, rerun: 32)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x10001}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1000}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40800}, 0x80) (async, rerun: 64)
syz_io_uring_setup(0x1a65, &(0x7f0000000000)={0x0, 0x0, 0x200}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (rerun: 64)
r2 = socket(0x5, 0x80000, 0xff) (async)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000005c0), r0)
sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f00000006c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000a}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x54, r3, 0x800, 0x70bd29, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40840) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r4=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r4) (async, rerun: 64)
syz_io_uring_complete(r4) (rerun: 64)

09:48:41 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
r1 = dup2(r0, r0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000002c0)={<r2=>r1, 0x4, 0x3, 0xfffffffffffffffd})
io_uring_setup(0x6be0, &(0x7f0000000300)={0x0, 0x180e, 0x8, 0x2, 0xf7, 0x0, r2})
dup2(r0, r1)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x8c, r3, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:newrole_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:tmpreaper_exec_t:s0\x00'}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x40)

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
dup2(r0, 0xffffffffffffffff)

[ 2671.936912][T27235] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2671.944725][T27235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2671.952535][T27235] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2671.960343][T27235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2671.968157][T27235] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2671.975970][T27235]  </TASK>
09:48:41 executing program 0:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, 0xffffffffffffffff, 0x10000000)

09:48:41 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async, rerun: 32)
r1 = dup2(r0, r0) (rerun: 32)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000002c0)={<r2=>r1, 0x4, 0x3, 0xfffffffffffffffd})
io_uring_setup(0x6be0, &(0x7f0000000300)={0x0, 0x180e, 0x8, 0x2, 0xf7, 0x0, r2}) (async)
dup2(r0, r1) (async, rerun: 64)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff) (rerun: 64)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x8c, r3, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:newrole_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:tmpreaper_exec_t:s0\x00'}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x40)

09:48:41 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f00000001c0)={0x0, 0xef4, 0x4, 0x1}) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x10001}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1000}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40800}, 0x80) (async)
syz_io_uring_setup(0x1a65, &(0x7f0000000000)={0x0, 0x0, 0x200}, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r2 = socket(0x5, 0x80000, 0xff) (async)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000005c0), r0)
sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f00000006c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000a}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x54, r3, 0x800, 0x70bd29, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40840) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
syz_io_uring_setup(0xab1, &(0x7f0000001380)={0x0, 0x4fdc, 0x0, 0x0, 0xc7}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff6000/0x8000)=nil, &(0x7f0000001400)=<r4=>0x0, &(0x7f0000001440))
syz_io_uring_complete(r4)
syz_io_uring_complete(r4)

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
dup2(r0, 0xffffffffffffffff)

09:48:41 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, 0x0)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000000c0))
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)={'syztnl2\x00', <r5=>0x0, 0x0, 0x20, 0x80000000, 0xfffffffb, {{0x9, 0x4, 0x1, 0x7, 0x24, 0x64, 0xfffa, 0x6, 0x788013c06223c419, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x27}, {[@generic={0x7, 0x10, "d89ce2c3f15adf74b3ec1e013d26"}]}}}}})
r6 = syz_io_uring_complete(r3)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x200, 0x5, 0x1, 0x1001, r4, 0xffffffe0, '\x00', r5, r6, 0x1, 0x3, 0x3, 0xb}, 0x48)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)

[ 2672.029850][T27304] FAULT_INJECTION: forcing a failure.
[ 2672.029850][T27304] name failslab, interval 1, probability 0, space 0, times 0
[ 2672.068494][T27304] CPU: 1 PID: 27304 Comm: syz-executor.2 Tainted: G    B   W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2672.079956][T27304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2672.089849][T27304] Call Trace:
[ 2672.092965][T27304]  <TASK>
[ 2672.095743][T27304]  dump_stack_lvl+0x151/0x1b7
[ 2672.100255][T27304]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2672.105564][T27304]  dump_stack+0x15/0x17
[ 2672.109542][T27304]  should_fail+0x3c0/0x510
[ 2672.113795][T27304]  __should_failslab+0x9f/0xe0
[ 2672.118395][T27304]  should_failslab+0x9/0x20
[ 2672.122733][T27304]  kmem_cache_alloc+0x4f/0x2f0
[ 2672.127332][T27304]  ? anon_vma_clone+0xa1/0x4f0
[ 2672.131932][T27304]  anon_vma_clone+0xa1/0x4f0
[ 2672.136359][T27304]  anon_vma_fork+0x91/0x4f0
[ 2672.140700][T27304]  ? anon_vma_name+0x4c/0x70
[ 2672.145126][T27304]  dup_mmap+0x750/0xea0
[ 2672.149119][T27304]  ? __delayed_free_task+0x20/0x20
[ 2672.154064][T27304]  ? mm_init+0x807/0x960
[ 2672.158145][T27304]  dup_mm+0x91/0x330
[ 2672.161875][T27304]  copy_mm+0x108/0x1b0
[ 2672.165783][T27304]  copy_process+0x1295/0x3250
[ 2672.170294][T27304]  ? proc_fail_nth_write+0x213/0x290
[ 2672.175415][T27304]  ? proc_fail_nth_read+0x220/0x220
[ 2672.180452][T27304]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2672.185395][T27304]  ? vfs_write+0x9af/0x1050
[ 2672.189737][T27304]  kernel_clone+0x22d/0x990
[ 2672.194075][T27304]  ? file_end_write+0x1b0/0x1b0
[ 2672.198761][T27304]  ? __kasan_check_write+0x14/0x20
[ 2672.203715][T27304]  ? create_io_thread+0x1e0/0x1e0
[ 2672.208570][T27304]  ? __mutex_lock_slowpath+0x10/0x10
[ 2672.213691][T27304]  __x64_sys_clone+0x289/0x310
[ 2672.218292][T27304]  ? __do_sys_vfork+0x130/0x130
[ 2672.222977][T27304]  ? debug_smp_processor_id+0x17/0x20
[ 2672.228187][T27304]  do_syscall_64+0x44/0xd0
[ 2672.232436][T27304]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2672.238166][T27304] RIP: 0033:0x7f5b7e88a639
[ 2672.242420][T27304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2672.261857][T27304] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2672.270103][T27304] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:41 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 83)

09:48:41 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@empty}, &(0x7f00000001c0)=0x14)

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
dup2(r0, 0xffffffffffffffff)

09:48:41 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async, rerun: 64)
r1 = dup2(r0, r0) (rerun: 64)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000002c0)={<r2=>r1, 0x4, 0x3, 0xfffffffffffffffd})
io_uring_setup(0x6be0, &(0x7f0000000300)={0x0, 0x180e, 0x8, 0x2, 0xf7, 0x0, r2}) (async)
dup2(r0, r1) (async, rerun: 64)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff) (rerun: 64)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x8c, r3, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:newrole_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:tmpreaper_exec_t:s0\x00'}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x40)

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(r0, r1)

09:48:41 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@empty}, &(0x7f00000001c0)=0x14)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@empty}, &(0x7f00000001c0)=0x14) (async)

[ 2672.277935][T27304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2672.285725][T27304] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2672.293534][T27304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2672.301347][T27304] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2672.309164][T27304]  </TASK>
09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(0xffffffffffffffff, r0)

09:48:41 executing program 1:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@empty}, &(0x7f00000001c0)=0x14)

09:48:41 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(0xffffffffffffffff, r0)

09:48:41 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r3, &(0x7f0000000100), 0x0, 0x0, 0x3)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
r7 = syz_clone3(&(0x7f00000007c0)={0x80000, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000640), {0x3b}, &(0x7f0000000680)=""/18, 0x12, &(0x7f00000006c0)=""/175, &(0x7f0000000780)=[r5, r2, r5], 0x3, {r3}}, 0x58)
read$FUSE(r3, &(0x7f0000004980)={0x2020, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0xfffffd8b)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r9, &(0x7f00000002c0))
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r10, &(0x7f00000002c0))
read$FUSE(r3, &(0x7f0000002880)={0x2020, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}, 0x2020)
r12 = pidfd_getfd(r6, r6, 0x0)
r13 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r13, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r13, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_clone3(&(0x7f0000004900)={0x21860000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x27}, &(0x7f0000000540)=""/238, 0xee, &(0x7f0000000280)=""/32, &(0x7f00000048c0)=[r7, r8, r9, r10, r1, r11, r2], 0x7, {r12}}, 0x58)
r14 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r3, &(0x7f0000000c00)={&(0x7f00000004c0), 0xc, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10c, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fffffff}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xffff}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xffff9cd3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x47}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3a}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1ff}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4}, 0xc0)
ioctl$KVM_GET_PIT2(r12, 0x8070ae9f, &(0x7f00000003c0))
sendmsg$DEVLINK_CMD_SB_POOL_SET(r6, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f0000000c40)=ANY=[@ANYBLOB="00000200", @ANYRES16=r14, @ANYBLOB="010026bd7000fedbdf25100000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00ff00000006001100010000000800130056c300000500140000000000080001007063690011000600303030303a30303a31302e300000000008000b00400000000600110002000000080013002dff000005001400000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b003150000006001100001d09da61516c52de23000000080013000900000005001400000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000700005fea46f357496fe200080013000500000005001400010000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0001000100060011000008000008001300080000000500140000000000a18b61dd03a95ee1186fce68c3f157f3877a3863f10a45a3b44eec4f2373c734a43a145778612347b795dbae6fef858298358802d773ee26e6beaca2857fe5b8736434cb21c6c750f164f0d93a51e82f66105c727d4fecdfe4bd35ddc6b85cd451b473509ef826d602189aa8c58ba8130c264d7cce2f90085035ea9d20fdf374d07c61b9c4c87801471cd8be2a0e706c2f3ac793df7887f664f2fc5a709aaf32d17275b11f5bdefa86f6af9260cf2ec10d6b8be877bea4f6b9b42a0000008242611588202a27d4fed04562fbdcd6650f10d082458d9dec6137afa3d07b8bf6c4166008671aac106b28d6e24f26ad93ba96a5c868664461fcc5222e3d2f552d6fd038aea4221dea150f6189ad2397027d00e8d894262726fb2f135e2e1526a1363cb8676892fdc7d9926dae7820343cd301d9144802b7356704797db56f9bf189ee3cb9e3868eb5734603f1eac66781acc302b83b04df2019d6ec63937ea392c6154fd892ee6960058ec49b5c5ce0a1e02bd4e51b093fc077aa60e17769671abd9e200b"], 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)

09:48:41 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180), &(0x7f00000001c0)=0x10)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xe4002, 0x40)
openat$cgroup_ro(r1, &(0x7f0000000140)='memory.events.local\x00', 0x0, 0x0)

[ 2672.415142][T27356] FAULT_INJECTION: forcing a failure.
[ 2672.415142][T27356] name failslab, interval 1, probability 0, space 0, times 0
[ 2672.432500][T27356] CPU: 0 PID: 27356 Comm: syz-executor.2 Tainted: G    B   W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
[ 2672.443954][T27356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2672.453867][T27356] Call Trace:
[ 2672.456973][T27356]  <TASK>
[ 2672.459746][T27356]  dump_stack_lvl+0x151/0x1b7
[ 2672.464260][T27356]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2672.469554][T27356]  dump_stack+0x15/0x17
[ 2672.473550][T27356]  should_fail+0x3c0/0x510
[ 2672.477799][T27356]  __should_failslab+0x9f/0xe0
[ 2672.482400][T27356]  should_failslab+0x9/0x20
[ 2672.486737][T27356]  kmem_cache_alloc+0x4f/0x2f0
[ 2672.491339][T27356]  ? anon_vma_clone+0xa1/0x4f0
[ 2672.495941][T27356]  anon_vma_clone+0xa1/0x4f0
[ 2672.500364][T27356]  anon_vma_fork+0x91/0x4f0
[ 2672.504702][T27356]  ? anon_vma_name+0x43/0x70
[ 2672.509135][T27356]  dup_mmap+0x750/0xea0
[ 2672.513125][T27356]  ? __delayed_free_task+0x20/0x20
[ 2672.518069][T27356]  ? mm_init+0x807/0x960
[ 2672.522169][T27356]  dup_mm+0x91/0x330
[ 2672.525907][T27356]  copy_mm+0x108/0x1b0
[ 2672.529789][T27356]  copy_process+0x1295/0x3250
[ 2672.534306][T27356]  ? proc_fail_nth_write+0x213/0x290
[ 2672.539431][T27356]  ? proc_fail_nth_read+0x220/0x220
[ 2672.544455][T27356]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2672.549404][T27356]  ? vfs_write+0x9af/0x1050
[ 2672.553740][T27356]  kernel_clone+0x22d/0x990
[ 2672.558080][T27356]  ? file_end_write+0x1b0/0x1b0
[ 2672.562774][T27356]  ? __kasan_check_write+0x14/0x20
[ 2672.567714][T27356]  ? create_io_thread+0x1e0/0x1e0
[ 2672.572574][T27356]  ? __mutex_lock_slowpath+0x10/0x10
[ 2672.577694][T27356]  __x64_sys_clone+0x289/0x310
[ 2672.582296][T27356]  ? __do_sys_vfork+0x130/0x130
[ 2672.586987][T27356]  ? debug_smp_processor_id+0x17/0x20
[ 2672.592189][T27356]  do_syscall_64+0x44/0xd0
[ 2672.596444][T27356]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2672.602168][T27356] RIP: 0033:0x7f5b7e88a639
[ 2672.606424][T27356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2672.625865][T27356] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2672.634114][T27356] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
[ 2672.641919][T27356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2672.649733][T27356] RBP: 00007f5b7d5fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2672.657541][T27356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
09:48:42 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, 0x0) (async)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000000c0)) (async)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)={'syztnl2\x00', <r5=>0x0, 0x0, 0x20, 0x80000000, 0xfffffffb, {{0x9, 0x4, 0x1, 0x7, 0x24, 0x64, 0xfffa, 0x6, 0x788013c06223c419, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x27}, {[@generic={0x7, 0x10, "d89ce2c3f15adf74b3ec1e013d26"}]}}}}})
r6 = syz_io_uring_complete(r3)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x200, 0x5, 0x1, 0x1001, r4, 0xffffffe0, '\x00', r5, r6, 0x1, 0x3, 0x3, 0xb}, 0x48)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)

09:48:42 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 84)

09:48:42 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0xfc4, &(0x7f00000001c0)={0x0, 0xdf68, 0x20, 0x0, 0x2da, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000240))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:42 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180), &(0x7f00000001c0)=0x10) (async)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xe4002, 0x40)
openat$cgroup_ro(r1, &(0x7f0000000140)='memory.events.local\x00', 0x0, 0x0)

09:48:42 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(0xffffffffffffffff, r0)

09:48:42 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r3, &(0x7f0000000100), 0x0, 0x0, 0x3)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, &(0x7f0000000180)={0x1, 0x4})
ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x0) (async)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x10000000) (async)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0) (async, rerun: 32)
r7 = syz_clone3(&(0x7f00000007c0)={0x80000, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000640), {0x3b}, &(0x7f0000000680)=""/18, 0x12, &(0x7f00000006c0)=""/175, &(0x7f0000000780)=[r5, r2, r5], 0x3, {r3}}, 0x58) (rerun: 32)
read$FUSE(r3, &(0x7f0000004980)={0x2020, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0xfffffd8b) (async)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r9, &(0x7f00000002c0)) (async)
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_rr_get_interval(r10, &(0x7f00000002c0)) (async)
read$FUSE(r3, &(0x7f0000002880)={0x2020, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}, 0x2020) (async, rerun: 64)
r12 = pidfd_getfd(r6, r6, 0x0) (rerun: 64)
r13 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r13, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r13, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) (async)
syz_clone3(&(0x7f0000004900)={0x21860000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x27}, &(0x7f0000000540)=""/238, 0xee, &(0x7f0000000280)=""/32, &(0x7f00000048c0)=[r7, r8, r9, r10, r1, r11, r2], 0x7, {r12}}, 0x58)
r14 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) (async, rerun: 64)
sendmsg$IPVS_CMD_ZERO(r3, &(0x7f0000000c00)={&(0x7f00000004c0), 0xc, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10c, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fffffff}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xffff}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xffff9cd3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x47}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3a}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1ff}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4}, 0xc0) (rerun: 64)
ioctl$KVM_GET_PIT2(r12, 0x8070ae9f, &(0x7f00000003c0)) (async)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r6, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f0000000c40)=ANY=[@ANYBLOB="00000200", @ANYRES16=r14, @ANYBLOB="010026bd7000fedbdf25100000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00ff00000006001100010000000800130056c300000500140000000000080001007063690011000600303030303a30303a31302e300000000008000b00400000000600110002000000080013002dff000005001400000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b003150000006001100001d09da61516c52de23000000080013000900000005001400000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000700005fea46f357496fe200080013000500000005001400010000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0001000100060011000008000008001300080000000500140000000000a18b61dd03a95ee1186fce68c3f157f3877a3863f10a45a3b44eec4f2373c734a43a145778612347b795dbae6fef858298358802d773ee26e6beaca2857fe5b8736434cb21c6c750f164f0d93a51e82f66105c727d4fecdfe4bd35ddc6b85cd451b473509ef826d602189aa8c58ba8130c264d7cce2f90085035ea9d20fdf374d07c61b9c4c87801471cd8be2a0e706c2f3ac793df7887f664f2fc5a709aaf32d17275b11f5bdefa86f6af9260cf2ec10d6b8be877bea4f6b9b42a0000008242611588202a27d4fed04562fbdcd6650f10d082458d9dec6137afa3d07b8bf6c4166008671aac106b28d6e24f26ad93ba96a5c868664461fcc5222e3d2f552d6fd038aea4221dea150f6189ad2397027d00e8d894262726fb2f135e2e1526a1363cb8676892fdc7d9926dae7820343cd301d9144802b7356704797db56f9bf189ee3cb9e3868eb5734603f1eac66781acc302b83b04df2019d6ec63937ea392c6154fd892ee6960058ec49b5c5ce0a1e02bd4e51b093fc077aa60e17769671abd9e200b"], 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)

09:48:42 executing program 5:
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) (async)
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180), &(0x7f00000001c0)=0x10)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xe4002, 0x40)
openat$cgroup_ro(r1, &(0x7f0000000140)='memory.events.local\x00', 0x0, 0x0)

[ 2672.665354][T27356] R13: 00007ffe8afc07df R14: 00007f5b7d5fe300 R15: 0000000000022000
[ 2672.673167][T27356]  </TASK>
09:48:42 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x2010, 0xffffffffffffffff, 0x10000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(r0, r1)

09:48:42 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0xfc4, &(0x7f00000001c0)={0x0, 0xdf68, 0x20, 0x0, 0x2da, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000240))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0xfc4, &(0x7f00000001c0)={0x0, 0xdf68, 0x20, 0x0, 0x2da, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000240)) (async)
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) (async)

09:48:42 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = io_uring_setup(0x6e6f, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(r0, r1)

[ 2672.726074][T27391] FAULT_INJECTION: forcing a failure.
[ 2672.726074][T27391] name failslab, interval 1, probability 0, space 0, times 0
[ 2672.761965][T27391] CPU: 1 PID: 27391 Comm: syz-executor.2 Tainted: G    B   W         5.15.74-syzkaller-00001-g4ec71a9ec769 #0
09:48:42 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, 0x0)
r2 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000000c0))
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)={'syztnl2\x00', <r5=>0x0, 0x0, 0x20, 0x80000000, 0xfffffffb, {{0x9, 0x4, 0x1, 0x7, 0x24, 0x64, 0xfffa, 0x6, 0x788013c06223c419, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x27}, {[@generic={0x7, 0x10, "d89ce2c3f15adf74b3ec1e013d26"}]}}}}})
r6 = syz_io_uring_complete(r3)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x200, 0x5, 0x1, 0x1001, r4, 0xffffffe0, '\x00', r5, r6, 0x1, 0x3, 0x3, 0xb}, 0x48)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, 0x0) (async)
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) (async)
accept4$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$security_selinux(r4, &(0x7f0000000100), 0x0, 0x0, 0x3) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x0, 0x20, 0x80000000, 0xfffffffb, {{0x9, 0x4, 0x1, 0x7, 0x24, 0x64, 0xfffa, 0x6, 0x788013c06223c419, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x27}, {[@generic={0x7, 0x10, "d89ce2c3f15adf74b3ec1e013d26"}]}}}}}) (async)
syz_io_uring_complete(r3) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x200, 0x5, 0x1, 0x1001, r4, 0xffffffe0, '\x00', r5, r6, 0x1, 0x3, 0x3, 0xb}, 0x48) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x10000000) (async)

09:48:42 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = dup2(r0, r0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000380)={&(0x7f0000000100), 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x190, r2, 0x100, 0x70bd29, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xffff}, {0x6, 0x11, 0x8}, {0x8, 0x15, 0x7fff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x5}, {0x8, 0x15, 0xc00a}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x401}, {0x6, 0x11, 0x8}, {0x8, 0x15, 0xffff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x10000}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7ff}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x6c2ef9ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0xfdf}, {0x8, 0x15, 0x6}}]}, 0x190}, 0x1, 0x0, 0x0, 0x80d0}, 0x40040)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)

09:48:42 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(r0, r1)

[ 2672.773431][T27391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2672.783327][T27391] Call Trace:
[ 2672.786447][T27391]  <TASK>
[ 2672.789224][T27391]  dump_stack_lvl+0x151/0x1b7
[ 2672.793742][T27391]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 2672.799034][T27391]  dump_stack+0x15/0x17
[ 2672.803025][T27391]  should_fail+0x3c0/0x510
[ 2672.807279][T27391]  __should_failslab+0x9f/0xe0
[ 2672.811879][T27391]  should_failslab+0x9/0x20
[ 2672.816222][T27391]  kmem_cache_alloc+0x4f/0x2f0
[ 2672.820829][T27391]  ? anon_vma_clone+0xa1/0x4f0
[ 2672.825425][T27391]  anon_vma_clone+0xa1/0x4f0
[ 2672.829847][T27391]  anon_vma_fork+0x91/0x4f0
[ 2672.834183][T27391]  ? anon_vma_name+0x43/0x70
[ 2672.838609][T27391]  dup_mmap+0x750/0xea0
[ 2672.842605][T27391]  ? __delayed_free_task+0x20/0x20
[ 2672.847548][T27391]  ? mm_init+0x807/0x960
[ 2672.851639][T27391]  dup_mm+0x91/0x330
[ 2672.855360][T27391]  copy_mm+0x108/0x1b0
[ 2672.859272][T27391]  copy_process+0x1295/0x3250
[ 2672.863781][T27391]  ? proc_fail_nth_write+0x213/0x290
[ 2672.868898][T27391]  ? proc_fail_nth_read+0x220/0x220
[ 2672.874031][T27391]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2672.878968][T27391]  ? vfs_write+0x9af/0x1050
[ 2672.883306][T27391]  kernel_clone+0x22d/0x990
[ 2672.887645][T27391]  ? file_end_write+0x1b0/0x1b0
[ 2672.892333][T27391]  ? __kasan_check_write+0x14/0x20
[ 2672.897280][T27391]  ? create_io_thread+0x1e0/0x1e0
[ 2672.902140][T27391]  ? __mutex_lock_slowpath+0x10/0x10
[ 2672.907262][T27391]  __x64_sys_clone+0x289/0x310
[ 2672.911860][T27391]  ? __do_sys_vfork+0x130/0x130
[ 2672.916553][T27391]  ? debug_smp_processor_id+0x17/0x20
[ 2672.921761][T27391]  do_syscall_64+0x44/0xd0
[ 2672.926007][T27391]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2672.931732][T27391] RIP: 0033:0x7f5b7e88a639
[ 2672.935987][T27391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2672.955426][T27391] RSP: 002b:00007f5b7d5fe118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2672.963671][T27391] RAX: ffffffffffffffda RBX: 00007f5b7e9aaf80 RCX: 00007f5b7e88a639
09:48:42 executing program 2:
syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 85)

09:48:42 executing program 5:
r0 = syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = dup2(r0, r0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000380)={&(0x7f0000000100), 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x190, r2, 0x100, 0x70bd29, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xffff}, {0x6, 0x11, 0x8}, {0x8, 0x15, 0x7fff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x5}, {0x8, 0x15, 0xc00a}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x401}, {0x6, 0x11, 0x8}, {0x8, 0x15, 0xffff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x10000}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7ff}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x6c2ef9ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0xfdf}, {0x8, 0x15, 0x6}}]}, 0x190}, 0x1, 0x0, 0x0, 0x80d0}, 0x40040)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000)
syz_io_uring_setup(0x1a60, &(0x7f0000000000), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
dup2(r0, r0) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000380)={&(0x7f0000000100), 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x190, r2, 0x100, 0x70bd29, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xffff}, {0x6, 0x11, 0x8}, {0x8, 0x15, 0x7fff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x5}, {0x8, 0x15, 0xc00a}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x401}, {0x6, 0x11, 0x8}, {0x8, 0x15, 0xffff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x10000}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7ff}, {0x6, 0x11, 0x6}, {0x8, 0x15, 0x6c2ef9ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0xfdf}, {0x8, 0x15, 0x6}}]}, 0x190}, 0x1, 0x0, 0x0, 0x80d0}, 0x40040) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x1ffff000, 0x0, 0x2011, r0, 0x10000000) (async)

09:48:42 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x8217, 0x0, 0x1, 0x124})
dup2(r0, r1)

09:48:42 executing program 1:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
syz_io_uring_setup(0xfc4, &(0x7f00000001c0)={0x0, 0xdf68, 0x20, 0x0, 0x2da, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000240))
syz_io_uring_setup(0x4cfd, &(0x7f00000000c0), &(0x7f0000003000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))

09:48:42 executing program 4:
r0 = syz_io_uring_setup(0x1a64, &(0x7f0000000000), &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) (async)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
accept4$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x81800) (async)
fsetxattr$secu