0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)

20:10:42 executing program 7:
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000080)=0x90, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x6, 0x4)
r1 = accept4(r0, 0x0, &(0x7f0000000180), 0x800)
recvmsg(r1, &(0x7f0000000480)={&(0x7f00000001c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, 0x0, 0x0, &(0x7f0000000400)=""/104, 0x68}, 0x40000000)
sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x31, &(0x7f0000000540)=[{&(0x7f0000000100)=':\x00', 0xfffffdef}], 0x1}, 0x10044001)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000280), 0x10)
sendmsg$inet6(r0, &(0x7f0000000500)={&(0x7f0000000240)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x1}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000580)="1e34c8e457e6066fd9e8d6a676d8e23a1ab6bbf43048d04b2cd17255f5b6ffaea868ee6f2dceb43f784e2a9453eeac3f197e02ebf2624d9845db02483a4d40df02f05f640e18083fefd4f2d6e24d77037428b19f4a6d03017f90c1b2b6a1de39f352c19d95755df710378799eb63b37683fcc9b702a5a6bec870a9f331f2479a9e39086a2f8d6f596c4b033f3298c5e65aebf226ade6626d309d6e2a1922b72616af12262445f77bcef13c1685b3379e25272c72d65b1c13cd4d28bab80fa5d52b0adb2e61f05575346a96166d622d1ed33774a05950d0f30f29d428511e5897329322e84f131484c2eb76fd602b572cdb3cc5baa5e3c3361ceac8", 0xfb}, {&(0x7f0000000340)="e10187c49d59e1b2320a69f40d579cdad783e2e38b43a4213950bcfbbcd91564677d73ba49f3719282ff7d4954e342de5e677ee9c941f27e303bec2d5eb67851f75da3d3d7901f00fcbfc249a51821a9a9cf3e1830ff50a92f1e66b55e473e62a663085dbd41d396ca53f0633f6f500e496d082780ce506acc8b3fa9f47773fed8007fe57dd7b1c08a0c533e76bc194bdb44a51086fffed223ffeb0c", 0x9c}], 0x2}, 0x400c0b0)
r2 = fcntl$getown(0xffffffffffffffff, 0x9)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
perf_event_open(&(0x7f00000002c0)={0x3, 0x80, 0x6, 0x7, 0xff, 0x0, 0x0, 0x4, 0x8f41, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x9, 0x5}, 0x4, 0x4, 0x81, 0x1, 0x0, 0x1375, 0x4, 0x0, 0x4, 0x0, 0x7fff}, r2, 0x5, r3, 0x3)
write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7)

20:10:42 executing program 1:
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000080)=0x90, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x6, 0x4)
r1 = accept4(r0, 0x0, &(0x7f0000000180), 0x800)
recvmsg(r1, &(0x7f0000000480)={&(0x7f00000001c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, 0x0, 0x0, &(0x7f0000000400)=""/104, 0x68}, 0x40000000)
sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x31, &(0x7f0000000540)=[{&(0x7f0000000100)=':\x00', 0xfffffdef}], 0x1}, 0x10044001)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000280), 0x10)
sendmsg$inet6(r0, &(0x7f0000000500)={&(0x7f0000000240)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x1}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000580)="1e34c8e457e6066fd9e8d6a676d8e23a1ab6bbf43048d04b2cd17255f5b6ffaea868ee6f2dceb43f784e2a9453eeac3f197e02ebf2624d9845db02483a4d40df02f05f640e18083fefd4f2d6e24d77037428b19f4a6d03017f90c1b2b6a1de39f352c19d95755df710378799eb63b37683fcc9b702a5a6bec870a9f331f2479a9e39086a2f8d6f596c4b033f3298c5e65aebf226ade6626d309d6e2a1922b72616af12262445f77bcef13c1685b3379e25272c72d65b1c13cd4d28bab80fa5d52b0adb2e61f05575346a96166d622d1ed33774a05950d0f30f29d428511e5897329322e84f131484c2eb76fd602b572cdb3cc5baa5e3c3361ceac8", 0xfb}, {&(0x7f0000000340)="e10187c49d59e1b2320a69f40d579cdad783e2e38b43a4213950bcfbbcd91564677d73ba49f3719282ff7d4954e342de5e677ee9c941f27e303bec2d5eb67851f75da3d3d7901f00fcbfc249a51821a9a9cf3e1830ff50a92f1e66b55e473e62a663085dbd41d396ca53f0633f6f500e496d082780ce506acc8b3fa9f47773fed8007fe57dd7b1c08a0c533e76bc194bdb44a51086fffed223ffeb0c", 0x9c}], 0x2}, 0x400c0b0)
r2 = fcntl$getown(0xffffffffffffffff, 0x9)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
perf_event_open(&(0x7f00000002c0)={0x3, 0x80, 0x6, 0x7, 0xff, 0x0, 0x0, 0x4, 0x8f41, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x9, 0x5}, 0x4, 0x4, 0x81, 0x1, 0x0, 0x1375, 0x4, 0x0, 0x4, 0x0, 0x7fff}, r2, 0x5, r3, 0x3)
write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7)

20:10:42 executing program 2:
r0 = syz_io_uring_setup(0x51e, &(0x7f0000000280)={0x0, 0x7000, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8, 0x100010, r0, 0x10000000)
fallocate(r0, 0x60, 0x6, 0x8)
io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x11540, 0x80)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r4, r5, 0x0, 0x6)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0xd3a5)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000080)={0x0, r4, 0x3f, 0x8c, 0x82, 0x401})

20:10:42 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:10:42 executing program 1:
r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40, 0xa, 0x200, 0x0, 0x0, 0x0, 0x688}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x28, 0x20, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @typed={0xc, 0x11, 0x0, 0x0, @u64}]}, 0x28}}, 0x0)
close_range(r1, r0, 0x0)
perf_event_open(&(0x7f0000000440)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
sendmsg$nl_generic(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1423ac00210000092cbd686b46f6470cb3a2ec0c77468efe5886d81b6ba804cdb4a5fbdb7875fba8d15b5ac6e68a732725035c47bb9f6eef0108f479e52f05e3aedb7819b38664d3be6ad16bdb1f05e6d3df1bc5d13400df3c6dd4c59b12065a606dccd7473488d708f59a463567236abda1ddf0894ab552bdf48f0a1ce5690e862544456d6eb93796473b53c5e4780ad41e8491d86d88904faae51e91a2e0c6"], 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x20040000)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0x52, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00ea00047f35a01b65d69829520b49157e6b0d7f3fea3fe4f9eb9f4922ebc872407698c7e770c038c67b4cfc7b7b9142784eff70241475f1a6942b79619e50e641c01eeefb483a2651d880d2200b72470c788e994fbcf1df04823350473f7c4f9f36c5fce15541a2b8faa3f1a6181cd07fee46138ffaaf921a5c10df6a1f3f89b00073d37fb91a9391ccb3b5948a3748d2449806ea7b4f5f2bc7b53a2bc167fc0ea1aa6441bd8e82c222e8bf1a08e5b765610fcc876cbbdce861134b94fffac9be417a6d5edf8c077129e8dbaa280903b418e5", @ANYRES16=0x0, @ANYBLOB="eb012722d415fd0aa6e99f25be9abd7000fedbdf250f400000050037000100000008003c000600000008003c000000000008003b000700"], 0x3c}, 0x1, 0x0, 0x0, 0x850}, 0x4c184)
keyctl$restrict_keyring(0x1d, r2, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r2)
r3 = add_key$keyring(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(0x0, &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, r3)
add_key$keyring(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$revoke(0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp6\x00')
unshare(0x48020200)

20:10:42 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:10:42 executing program 2:
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
pread64(r1, &(0x7f0000000300)=""/86, 0x56, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r2, 0x0)
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000140), &(0x7f0000000400)={0x0, 0xfb, 0xd4, 0x2, 0x1f, "bd8b5afe0754dcbc93394bdae42139a8", "ad9522320961074609c74ae3b20beb4f608c9aa709039287f1284fbfffd3bbb679329dd3bf9fc30c0bcc76b8f4dd1d56bef00bc9b1efb1fbdf0e14e2f9bb16b0ee1e2733accbf763af321f616e401329d1110731f4e7b545481e1b3e36b0dcd4d81f79a49ba19878e4434bd38e05a417ee4763992570ea79ce84b3b8ab7ca4977bac83af243a53683d99a7f8d9e0ff6e00f12e5321e7e6941f93b6a6a035a61eb616be0ff9f264b09c84b4aac6a0cf65952f5160b94c90ec4294e07498765d"}, 0xd4, 0x3)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})

20:10:42 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:10:43 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:10:43 executing program 6:
ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0)
ioctl$PTP_PEROUT_REQUEST(0xffffffffffffffff, 0x40383d03, &(0x7f0000000000)={{0xfff}, {0x9, 0x5645}, 0xa30a})

20:10:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x101142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
write$P9_RREADLINK(r0, &(0x7f0000000100)=ANY=[], 0x10)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x5)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x5)
pwrite64(r3, &(0x7f0000000200)="1ab8ec59ef9ad6f09dbb72150088ccfdd922232f0039e14ab93fe3da1d6550eae6ad9ffce2ef62659a27cf83a6ba470ed30b18e421816be9d0e0eabf7d113be2ba3b1764854052dfca5781a62fcc58f4d81669a2e077e1", 0x57, 0x17)
rmdir(&(0x7f0000000300)='./file0\x00')
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xfdef)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r4, r1, 0x0, 0x100000001)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000280)={{0x1, 0x1, 0x18, r2}, './file1\x00'})

20:10:57 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:10:57 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:10:57 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:10:57 executing program 2:
r0 = creat(&(0x7f0000000040)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)
ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0)
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="b91e307609ea3731ff72b56d56b08f8ef33d864c396e20b68a1d38c22af331"], 0x8)
pread64(r2, &(0x7f0000000640)=""/186, 0xba, 0x9)
readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/205, 0xcd}, {0x0}], 0x2)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00')
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20, 0x1, {0x3}}, 0x84)
preadv(r3, &(0x7f0000000580)=[{&(0x7f0000001380)=""/213, 0xd5}], 0x1, 0x5545, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000100))
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x20, 0x1d, 0xc21, 0x0, 0x0, {0x6, 0x0, 0x2}, [@nested={0xc, 0xa, 0x0, 0x1, [@typed={0x7, 0x0, 0x0, 0x0, @str=')*\x00'}]}]}, 0x20}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)

20:10:57 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:10:57 executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, &(0x7f0000000540)="4fa961a32c46292c4c203b03c6cfcb7f41a36b2033c451524efa095f3259d324fe60cf5baa606c7c29d5626c6a425a3357a6ef9b122793056fe62dc737af44a1070dcbaede3f1a1a803aeec79b506e019ba9a0faad0ffeddee88e9c7f880a2b88dd7ec8a16c3670691b02178a9efe72a78122fdafe8be129a52b1b4d82cc8adf2f88522df22ee2ca034bd40b6be1e2b77c7b9594a599c877", 0x98, 0x0, 0x0, 0x3}])
syz_usb_connect$cdc_ecm(0x4, 0x0, 0x0, 0x0)
timer_delete(0x0)
capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:10:57 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  337.364266] loop7: detected capacity change from 0 to 41948160
20:10:58 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:10:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000002400), 0x0, &(0x7f0000002480)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB=';\x00'])
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0xe1)
setxattr$incfs_size(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000000180)=0x4, 0x8, 0x3)
creat(&(0x7f00000000c0)='./file0\x00', 0x196964036fb04c6b)

20:10:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  337.633348] FAT-fs (loop1): Unrecognized mount option "gid=0x0000000000000000;" or missing value
[  337.734466] FAT-fs (loop1): Unrecognized mount option "gid=0x0000000000000000;" or missing value
20:10:58 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:10:58 executing program 7:
r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1613bf23, 0x0, @perf_bp={&(0x7f0000000340)}, 0x0, 0x0, 0x0, 0x0, 0x4000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000300)=0x5, 0x4)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x5}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x2000000}}}, 0x108)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000001c0)=0x2)
setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000008c0), 0xc)
mknod(&(0x7f0000000380)='./file0/file0\x00', 0x8000, 0x5)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000240)=0xffffffffffffffff)
unshare(0x48020200)
r2 = accept$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000200)=0x1c)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000003c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000006c0)={0x0, <r4=>0x0})
capset(&(0x7f0000000180)={0x20080522, r4}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r4], 0x2, {r5}}, 0x58)
ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000000280)=r4)

20:10:58 executing program 1:
flock(0xffffffffffffffff, 0x0)
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7ffc0004}, {0x7ff, 0x1, 0x2, 0x6000}]})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x2)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="7762936516bdc9fa44ba27696936f3ddc167bf60127ce1f81165a7fa36a33bb7611ee59ca42b6da994f3953b9b6a530fa4c29683264cecb51ed94aa911d9943b72211e027b772e625b17771221eeb249da0208e605e8852b5eba56bf8d1efc952e4c8034c6f1090191aa47207d2d4b9f82e2208b647162d004a0fd00c7226a3e92d8bb848c632253d47063d3a88e0008b9633066528d4d8250f09fb30c6c0af6154d48c3010b9bf1d9d1dac1a53d63a43fe6db18ab93a62a128192181e09ec683402f8d75ae81aac69e316cccb55052d15405567326a61a31ff1108fd771eaf28013152c9c9cdeaf55cd2d9bba13ddc7cdfb7651ce1d7ee3"])

20:10:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  338.676494] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
20:11:14 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:11:14 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:11:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:11:14 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:11:14 executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, &(0x7f0000000540)="4fa961a32c46292c4c203b03c6cfcb7f41a36b2033c451524efa095f3259d324fe60cf5baa606c7c29d5626c6a425a3357a6ef9b122793056fe62dc737af44a1070dcbaede3f1a1a803aeec79b506e019ba9a0faad0ffeddee88e9c7f880a2b88dd7ec8a16c3670691b02178a9efe72a78122fdafe8be129a52b1b4d82cc8adf2f88522df22ee2ca034bd40b6be1e2b77c7b9594a599c877", 0x98, 0x0, 0x0, 0x3}])
syz_usb_connect$cdc_ecm(0x4, 0x0, 0x0, 0x0)
timer_delete(0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:11:14 executing program 6:
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0/file0\x00'})
recvmsg$unix(r1, &(0x7f0000001800)={&(0x7f0000002d00)=@abs, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000500)=""/4085, 0xff5}, {&(0x7f0000001500)=""/212, 0xd4}, {0xfffffffffffffffd}, {&(0x7f00000016c0)=""/149, 0x95}], 0x4, &(0x7f00000016c0)}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000001840)=0x6, 0x4)
readv(r1, &(0x7f0000000380)=[{&(0x7f0000000140)=""/2, 0x2}, {&(0x7f00000001c0)=""/110, 0x6e}, {&(0x7f00000002c0)=""/52, 0x34}, {&(0x7f0000000300)=""/69, 0x45}], 0x4)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
umount2(&(0x7f0000002cc0)='./file0\x00', 0x9)
ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r2=>r1, {0x101}}, './file0/file0/file0\x00'})
io_uring_enter(r2, 0x72de, 0x4157, 0x0, &(0x7f0000000100)={[0x3825]}, 0x8)
r3 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x10000, &(0x7f0000001600)=ANY=[@ANYBLOB="7472616e733d663f1afe8c4015d291", @ANYRESDEC, @ANYRESHEX=r3, @ANYRESDEC=0xee01, @ANYBLOB=',subj_user=,subj_user=oom_adj\x00,smackfstransmute=ccm-aes-c'])
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12)
dup3(r4, r4, 0x80000)
gettid()
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x46e2, 0x0)
syncfs(r5)
r6 = syz_mount_image$iso9660(&(0x7f0000001880), &(0x7f00000018c0)='./file0\x00', 0x9, 0x4, &(0x7f0000002b40)=[{&(0x7f0000001900)="25f6c6cc312933068565198ea5a1f7229f3467d214ebd6dab0c543fde20fb583ad570f6c7928c9f8b2", 0x29, 0x10000}, {&(0x7f0000001940)="b2f5de252d553e4b39142b4a0cf9ac761185163525aeaf9084944bf5e5823b774425355781b679f04d070e4796e74f4ccd0b4c81c3b7de650bc74a8d6956e78a82254876a0851d855a98c93789e8878947493b00f93fd0bf31e17c165748ab9f833dd0eb6745dcac1c19b544726eb8d65017be691fc08acee23a2e9b75cf7e07157717c5fae2da464d52439c63e958f0912b6787e75217d06e97ebd0d97d2aedafcd106b470db8cf75d6a6f98997f51fcaf110ecedc488a9e05870e91d1845fe7b941479a9f5584101f6334ac560125d5fc99336ea871af0de1c2dd0811ef592ac411d690e21a3fd605b6206c0721f", 0xef, 0x3ff}, {&(0x7f0000001a40)="eeebd324ca380b899424741e3781df5a1b3c5ad82b6a80c5f7c6d214d70707454d7e7ecb0c69edacd1e275aaadc20ae19dcd09ed7151614afe60a09a86c133b6e4b1cd6761e827a637e6b0e8b5ff07690e97d9f85ad442f42e7512003654ec1dfdad9db74fb9c947efd759ac4871b1b40adcd36b884e498fa0ca63851c40eacee834ce895f90bacef4d77f711b4b24e924d7762e9b0e463c9beab4dc14a6b5a0a4da443e9437beeeaf3a09ec45cd306ffdcd2f1b84e2d6a980b651eb367a13d2535445ec54609a02398e0b325dca95d55b1cbc9101fa6155ea483b16f41663733c361d4f8faf097d4a4290aa430bae3f50c5446650c33b33cea7e0c03ebef604b5d5b0ecb48b4604489fde5a62d0fcc48fc127dbb9983ef495232680788f88aaffe1e2b831c5c4a499243cd0b47f15439e968bc5f53160b378030ca9b032272370426e01101085c81c134c7674378677b4c7c182ea0e403613b10f79e168cd3e98cbb05b72b8c3f4e90c9b3f55759f263128f8a9b1fc2fdbcc060c7e5bf802354955d2b9eec4c58eb5d522e53b963037d5f77b6471aedc87da40594229f9b12fb16e65e0848298c862e3615462322c10386e12ce271bc10638ea3a032c158c61517ae387642f8259e651a2b831122730eb0899b75b0d36eb19f7f72af2e898770f89b831607f0276cc010d36f8ce5db1c680d28139e89f9aa8b2ca77fc5bdb1cd73b951ee47bb1eb00de1228cef68e6bdb5bce3a83a9ab11f5598bcb1eeb79dc1d00ab45f3ff97ba89aa9dcf75d0d18aa1322ba7184422236e2d5a2758ce70f460cc670de3eac40df5966c1aca5430887fd2492f732fc17427003b330200b1746288ec8cbaf697d45b88cf46fbc1c2e87af2a4dbc5f27dbbbabc2173475cbaeda5b0f404139ea801bd42b0ba4066d99f025343430a4f0fc4ee556fa8a66f4d15e9a35edd4c9855146e8a290e413062c0c78b67bfb4c676c63e74e398a84f5029bdd6266287f162b0dd91978374deca963d25e56cd5adbf22244ad6bff91be01064b992f94815dc2ac29869127616d2bc4f86b85340a6bc9e6180de21dcae6f028c0abf66b9f8d64fd5b29f0f442ccad9e906571a01bb2431a151ca48a3e1c8e1c02047239a1eace49f018be895b3c0d5f9da91ac4055548102c4c092e6d9440dc0bf82bb5722c16d66fed79e32060ec0b9a533b7d01f1e92b4d557aad9c058e55d30bffebaba340a13055a9d04fec540368964a524f9eb2df7810848d6846bc2c95daad6a18a9717dff68dd5f25ca059843175ea3674522104caeb61ed688a49e27154545390182bd83acce4df2de702ddab2649eb8ccf69c57d040a770e6efa8c77e6d97878ba5fd3dab4380d48758251b580d75eb7cd2fb7ea10f37c771313ec0fded3309a3b75f8462f12552a53b507e01e03a8249cb66b1cdb920c2846832bb4663cd5d86f1f81c3d4405408bea8709ed8e6817afe0e3910b5cb24d18d1c54cc8dbb4a83150b83440afb5bca11b4ea5ad8a230d109c5db972b7ed12d2ad05eb20cf22c43cc20830ffab961438a0a8e9340bba4f6bc6a1f3075d4f90e23e6fc4fc31733810a1f70c7fe25a1672c33402c6a42a865cc2a639ed079887edae240e2cf58a4bbb374d795517e18a70e0df4f504c31ac4ad0545391ee5a462510125eb3e59d5fa8147b771e4b5b51ef0091c2ca0c88315043f2b136ecee591a2498aca37e14083612bf195c3ffcb39f7e9ed3052acccf633751cf44dfc95c8351b3246b9947607b88a7167a5515a551616662f52e9233f5f2acb68efd682a2403c5966bd6b9cfd390a40942b1dc26ee80d0f92731a034c9fad94655c7d90a4327c7e970060d7e42bdc9fd1932aa9ee67cb41393862680aa639555a0304163cda766e7d5320b80cfccc5e45aaa294a3ea795617054c98e9e12ea06230d768d04516154df9f9b47a45921cbe3fba00c4e80cec5369c4d257b3ac703b10a2066a49ed5388500561544a6b2bef87652c4853d4bdd18f0fadf83db539982737575db4cfcc76b15be5dc3114031dd750ecb3230aa658a30f79f38c351d0f1bbe760e044d39db2b5b83b81f184586b072ccaad1d9d3ee6f5cda2bb158adfadd998337fbc0469806f436630e136ba9ca3f593622ba4ca831f008c828bd545cc992b9e49ff988bb83a67a3b6b3764974ccf0469a41de77fafa9f76b67fe88459fa22c30697485f56cec92beac7287489e6ac505268431fe6e5f18a413e2c7b0c510a1bd0253da200d69fda47f9f80856c582e6af2e2568d81fc4554c367e83ad7b6cadb27152dbd53db24080863f275a385e02778b6b5ee337b74b2897fa2d18a648b8ee03cd97a0fb348e76336f17b366b6c181f34472b2b81d66a1a2503576d58935619b286c9c3bb527a19c1c43452887be26843620c325552a247514479f1d15f0f991f596a70d6908312fdfc1c34bd26a342457aa41ed3c14fe283b615ff38f0a78d11bba24614188da088eefe79f6409244f0b64b5b21b8e469534c8a8e6ea1aa3747a58a0106ea8910e02e39127fb1a9eebc25288407bb7e7b974ad3663160a6b32fe71f60f02c589658934b446bdb231a57a4d8a138e3c633c867d4453433fb2059caeb92e566d02f854a6c012065b8d469832d0930a95cce4a076f5ceffb6ea64b4814f81dfa7e5f04fc13579925b2e936a7a1d75727c3b59cc84ef2332912a3f64db64e0b609f8f285136fc3453f359227612dd78beef21b990f47f4da7478e8eb19b4ce38ed236796aadf902fc7dd070c98c155ca534a9ba23f50cba59c0f87d905c06e6d0973563108434f195481c8573c22f422e443083380cbe3b276f9096cdcaa97f280bbb0d723e7b2c81447c4ae24ab2f40d5543d9211536d053f562116668a741feeaf86c7024db7a21c5b4dea049997afa77bf2eef49f8888db5f72897508307bfdb97c01dfa4532dc317f861d577c3b1bddb1435370e5c8a3d7e460efaaccd79bf1d99f7131149e6b55b56c01fbdb9aae8f8d84e113ffba0505b15c2406d4836c149433e2533e6058a08c8ecaf8bdf088617ce7499bb583ca8f276e2c138d6a16d4363de567b9b8385096d4f5bc1566b0748256d816469df156463342847bda1d3d8ea13ffd4daeb79929e51b32979138513a1fb34263c4dd2492fd2d1d673964ae979b30c67aece1d177ad6bc3d87a995917d8359ae8bf7f7684f5008276782a917b21ff6f782b5446a4d8c1f94b80ea4331be64df970f839bf60214a606056f2717070e739eb1b2bb38c41d98bef9e4453b3ce661f53a8abae40e4911202afe0d75bb4a24071e2bcffa71ccb6244456a15e4dd61d3336da69423a29646c94c9bb669f42cc67265be8c79bab4bcc84bc04442629ff9fb648a29c5bf70302c624bf70bbbef493b063f3c2d785a80e9002e7abde0648859f060bcf73ad2be8ea491fba10338e0791a6e4e7cb46ce4b7030499c9d112a9becb459aa61bf87a17c37dff9ccc3da37ac55c6bfca614bb52537eb8896119bec491c5ee471fa1450910f985536320bdc8976c75a3a9f04748ffd194b60ea22f9a4ff84c8c464bacf381a2982680f31ce3cb2d898fb08ddfb34674b4b0c167ebc1f73e2d555730eddda5320bc9c6b5de1938c530bc08f2902ab3918e13afd1a2ef772ab39c921247f8f9119a84bc01b538b82a64057d078544e6f2f90aec8095f2e8ebc65c83c76354c5012aed18c5249b57a57b42585db597aea0c9588b5789dba1cbdf92e03528dca6fb471b54a047ac17bfc813da5917efc3ee3ed5f05b67d20655b1b592808b0cd6b99a8c9d94c7b61d08692edcb2a6603c8fb620d811956aa698b45d77613a6e7620ae90dce26c906416ac6ab5d9b22500cc564dbe0c2943cb20722e3d135cf2139cb1f6aea50fc45e9a9ecaf69b804d8f28c809fd2e88ea6189e35874e2d6f8b63345731c7a3db32f59659be8079217fad9c7f5b7f55cec092f90cda7f84b81872f6ed8a09642d74b99dc8f0880b9f152b8d3f70decf21bfb71f5138ddf663675ad0b31101770610c9e959a48cf99f19e8a8f1dee6a9dad201079c41da47f07ee0ea51901d4034b375329427c188f61f8f81d013b02361cd50715ac8cc8be1c8a10114a3fb532a4f76558217c7c24b720faaf05817403f057c5f0aca4ec5bb7d09b39f38840cd5a9f05fcce80f4c4d066fcae77ee70d8255cb13c1bb5138be2fbf2e9aa5dae840b1923126f122429862eca730130d6ddc11a9dec5bdaf6062470f7c8023cf7372f82f74dea88cdfc5d209e5aa26b26fef0350b81d9ada52a24df8ad9cb32dd979358bff697c559a9ea0d400d1695c638f8f8c9ff7194622f6595fa6684235b602248651c36e2635a9ef04fb8cfe26f6ad49d29e0fc304d89daead81c4727bba5998871259f03d52866081a5319d34fa1c059592aebd5f5c32b9426b11000fb5e58dab9903a41ed57c58ca2cf6680ed95fa8964a8808359e624a404c1d3c7092b7ee205b31e9f2cf371ae0833c11bd2a4b9dfbaf1ea33b4751dd8bb8f6b1736acbc2acbcb7db43a3142aad9a616741e43b63655628095e45999d191e9b73d131c2fdad80394697aab2a93c54b6501e77a35c6f8b5f2943b00d07165e5c7b18882f570e2b1b6b4f2d5ca02afddc86d94c93d8534bce07b13cad316cb1af84732dd1c089e3a5e8c441556b495bba1ecd8483e2c0d1d6e090fb8100aabe0d9f8f256ad0fa524a55b46872021ec3814904caf3b52ca93595a3f656e3bb2365774e233b96f2be4d797b09b1903a2d20975a0a617136bd9aa71dacddea94d8d7f941102d119bee502e3781dbe056c2c69156de757787b8748328d6edef4fb7b600cc3b4e19455f3b1113d5b48ed880bcfc0c92526f0d71940fe0553692eb93943d89c43a15865453ab9dda603a857d96dc5b4e3ccdca48fd92233321f515fe2a7ea77698b096f97de9915465281fe9314c9732fe136e074905d2787254aa50f8b2a448c719b2f1a227eb8f221db107b673bc588dabb718f56a300bab6653ca356093aff584382033de53fe431cfb54309692f6839dd34a9ef7208371149ae30095060d361614e6c2f923285e6ea7dbd21b0d6b3614aec010fab517b0827e9fe650bc77c2222a0a51c17469c860c8664a18e63e268c4f105928cb1e57aa3dd7e14d70d440ed71a039f042bc4cb2ea6641335cd0a0b9b0930796512dda3a86bf04fc485903fcc94b269ab8d2c6f1eadcb6ddf7798520b754223fe9b084620f9cf338b6652bd9826762d16166b6b7371c31c938a5cacfa73511b307cf94a2a5977ea69241dce867cded1c679f8cec210c673958071f2efb1e01b388f49ea6753d26a2df4e211e6ea0f03bd4099352d7e662b5ddefe5c2c8d094de6e3d6caed5a8b92add881a39686ff4390d45355801b4317744cf125bda60299124ec9c5c3b97c802c755f3311d0c9136a1d32cad6951341e0da969a5a1731005aa302f74cc0457eaa33cc34440ca2b5f2712b7db7f5a25c09d504f166ef91102fe219a351278ebbe46b8feb06ff5f81e6a2089a005f8f5aed1f4b700be4880c9ebc3bcf771f706d058c7a09a0cfbe9bcffc42ff8fe080809c63b0f2fa6fee0c9900fb581154f530400331078df05cd9d499b40bf902f334d4318d762961c0f807d3e504a900e1572d965b766bef8634834e3afea646c28d48508b964a0db5116f2558edba3d80d3375a620648e362f15893c8276273139323531be2e9002afd0900b9b7ee66c24eb7a17046c171c7c31b8ce77f22c6c8414781a55e582660118", 0x1000, 0x7ff}, {&(0x7f0000002a40)="dc7fa954584abbe68a15bc466ce35f34c6686238661263af1427d7fe6103d867d5c21b96449afc95cd4de07c8277134230e87b5d36345c6ad2780aa5b4bab96f93d48837a1d86501423e9689420e7db4ca55d1fb0eec19a1db352384058dfcbb070acbe78042a4f14a3264d24312133c8fdc4e5a1cf59ed3af47ad97e559c481895e393af8c05533596f7ee860683a4327c05f88392e98bca1457d96727da42183054803d00c513ccaf13bb1d1427243791f67f9c68eb5750f1d36a96968712e880582afc67609e8b84679b85ab504adfbc7d8b9b07619c50d9f91131a6af098610b4095f3d4103746c3d39a18", 0xed, 0x8}], 0x8600c, &(0x7f0000002bc0)={[{@check_relaxed}, {@sbsector={'sbsector', 0x3d, 0x80000000}}, {@dmode={'dmode', 0x3d, 0x8}}, {@gid}, {@sbsector}], [{@smackfsroot={'smackfsroot', 0x3d, '@^'}}]})
unlinkat(r6, &(0x7f0000002c80)='./file0\x00', 0x200)

20:11:14 executing program 2:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000002)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
syz_io_uring_complete(0x0)
stat(&(0x7f0000001cc0)='.\x00', 0x0)
setresuid(0xee00, 0x0, 0x0)
setresuid(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet(0x2, 0x2ee708abbf0acb81, 0x7)
r4 = semget$private(0x0, 0x0, 0x0)
semctl$IPC_RMID(r4, 0x0, 0x0)
getresgid(&(0x7f00000010c0), &(0x7f0000001100)=<r5=>0x0, &(0x7f0000001140))
semctl$IPC_SET(r4, 0x0, 0x1, &(0x7f0000001200)={{0x0, 0xee01, r5, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f})
mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x2a028, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@loose}, {@afid={'afid', 0x3d, 0x6}}, {@cachetag={'cachetag', 0x3d, '//\\}\'-^'}}, {@cachetag}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@cachetag={'cachetag', 0x3d, 'trans=fd,'}}, {@dfltuid={'dfltuid', 0x3d, 0xee01}}], [{@func={'func', 0x3d, 'FILE_MMAP'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '.%[]}\'-!]'}}, {@context={'context', 0x3d, 'staff_u'}}]}})
mount$9p_fd(0x0, 0x0, 0x0, 0x205810, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [{@smackfsfloor}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@permit_directio}, {@obj_type={'obj_type', 0x3d, '['}}]}})
inotify_init1(0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='.\x00', 0x2000003)
sendfile(r1, r2, 0x0, 0x100000001)

20:11:14 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:11:14 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:11:14 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:11:14 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)

20:11:14 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:14 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  354.096521] loop6: detected capacity change from 0 to 131072
20:11:14 executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, &(0x7f0000000540)="4fa961a32c46292c4c203b03c6cfcb7f41a36b2033c451524efa095f3259d324fe60cf5baa606c7c29d5626c6a425a3357a6ef9b122793056fe62dc737af44a1070dcbaede3f1a1a803aeec79b506e019ba9a0faad0ffeddee88e9c7f880a2b88dd7ec8a16c3670691b02178a9efe72a78122fdafe8be129a52b1b4d82cc8adf2f88522df22ee2ca034bd40b6be1e2b77c7b9594a599c877", 0x98, 0x0, 0x0, 0x3}])
syz_usb_connect$cdc_ecm(0x4, 0x0, 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:11:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:11:14 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:14 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:11:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:11:14 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:11:15 executing program 6:
ftruncate(0xffffffffffffffff, 0x1000003)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0xe9, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xf, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000))
write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYRESDEC, @ANYRESOCT, @ANYRES64], 0xfdef)

20:11:15 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:15 executing program 7:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000000)='./file1\x00', 0x0)
write$cgroup_int(r0, &(0x7f00000018c0), 0x12)
ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f0000000040)={0x0, 0x10001})
r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x0, 0xc0880)
ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380)
fallocate(r0, 0x3, 0x0, 0x8800000)

20:11:15 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:11:30 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x47e2, 0x0)
r1 = syz_mount_image$iso9660(&(0x7f0000000280), &(0x7f0000000340)='./file0\x00', 0x7, 0x3, &(0x7f0000000600)=[{&(0x7f0000000380)="4a15c213b3b733801b36de4ed359ee621a62fa68dc5a93f475ea0af9f241cfba31620d291448a999b0560bb1972e92f89099c44ee72318de8c13b4e09ede375dd085f0e75dc4bbfa59268939c1864a65d0df9f461bda9690c502ae00cb3ae7854dd0ca953bd8c9d965268a", 0x6b, 0x6}, {&(0x7f0000000400)="f12972b4b21825ab762634d2f2578008cbc7ff1077d329b45befe25176", 0x1d, 0x9}, {&(0x7f0000000440)="68f5c0632b79e9ef2a35c677e46cc4a46cd5cc1d1ac1c255a51e313c318c1153a30f38963824cd36280bf8fd492620950a0e982950f4da4e8dc20153e6336274db6c818d0b53e7f717537932951d304082d86596f5e397e36fef82a1926270f116edd9a044f1300811e93b817901", 0x6e, 0x9}], 0x10840a5, &(0x7f0000000680)={[{@unhide}, {@check_strict}], [{@dont_appraise}, {@obj_role={'obj_role', 0x3d, '/'}}, {@obj_role={'obj_role', 0x3d, 'trusted.overlay.redirect\x00'}}, {@measure}, {@appraise_type}, {@smackfsfloor={'smackfsfloor', 0x3d, '#! '}}, {@euid_lt={'euid<', 0xee00}}, {@fsname={'fsname', 0x3d, 'trusted.overlay.redirect\x00'}}, {@obj_type}, {@pcr={'pcr', 0x3d, 0x2b}}]})
futimesat(r1, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000780)={{0x0, 0xea60}, {0x77359400}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ftruncate(r0, 0x1000003)
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0)
r3 = pidfd_getfd(r0, r0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000b40)={0x53, 0xfffffffffffffffd, 0x8c, 0x1, @scatter={0x1, 0x0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/249, 0xf9}]}, &(0x7f0000000980)="f1aad8bfe5c3b68b100ce3d837597ef88bfe9bffa35878a9ebb8f1d9b532ff9a457fc87d16317a8d75d0ba60e84042640c4be38af6ba052c74f9144925df8653ecdeb6770c22cb961600aa8f92879e9ab2d091b16a3eba39b532d974a1257c46dc183b1ea00ea31279c239a80c2d5a78c7032bdfb175de91c868fae3d9d0a8cf667ac54b6f77b4d8eaaf85ea", &(0x7f0000000a40)=""/174, 0x2, 0x0, 0x1, &(0x7f0000000b00)})
r4 = gettid()
ioprio_get$pid(0x2, r4)
r5 = getpgrp(0x0)
prlimit64(r5, 0x6, &(0x7f0000000100)={0x1, 0x6}, &(0x7f0000000200))
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="7472616e2f0c1ea552e990d7110001666e2c7266646e6f3d6a121915eb9c8ec0368c8ba14b508f5334eae6f89b1f419d5895e01844cc1aecd6e6af420c0100000073e60867f0188bc13d234d7372976f2c6e3b456be1b47523870871ab83b65565a011d176fa9e5f39cb53eccaa57a4c8572", @ANYRES32, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC, @ANYBLOB="2c66736d616769633d30783030303030303030303030305d6666662c736d61636b66737472616e736d7574653d7365637479e60d7218"])
dup2(r0, r2)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x3, 0x0, 0x800000, 0x8})
fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(r5, 0x3, &(0x7f00000007c0)={0x3, 0x8000000}, &(0x7f0000000800))
write$binfmt_script(r2, &(0x7f0000000300)={'#! ', './file0'}, 0xb)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x8, 0x2)

20:11:30 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)

20:11:30 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:11:30 executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, &(0x7f0000000540)="4fa961a32c46292c4c203b03c6cfcb7f41a36b2033c451524efa095f3259d324fe60cf5baa606c7c29d5626c6a425a3357a6ef9b122793056fe62dc737af44a1070dcbaede3f1a1a803aeec79b506e019ba9a0faad0ffeddee88e9c7f880a2b88dd7ec8a16c3670691b02178a9efe72a78122fdafe8be129a52b1b4d82cc8adf2f88522df22ee2ca034bd40b6be1e2b77c7b9594a599c877", 0x98, 0x0, 0x0, 0x3}])
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:11:30 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

20:11:30 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:30 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:11:30 executing program 6:
r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000040))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {0x0}], 0x4)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = fork()
ptrace(0x8, r1)

20:11:30 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))

[  370.551697] loop7: detected capacity change from 0 to 16777216
20:11:44 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:44 executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:11:44 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x47e2, 0x0)
r1 = syz_mount_image$iso9660(&(0x7f0000000280), &(0x7f0000000340)='./file0\x00', 0x7, 0x3, &(0x7f0000000600)=[{&(0x7f0000000380)="4a15c213b3b733801b36de4ed359ee621a62fa68dc5a93f475ea0af9f241cfba31620d291448a999b0560bb1972e92f89099c44ee72318de8c13b4e09ede375dd085f0e75dc4bbfa59268939c1864a65d0df9f461bda9690c502ae00cb3ae7854dd0ca953bd8c9d965268a", 0x6b, 0x6}, {&(0x7f0000000400)="f12972b4b21825ab762634d2f2578008cbc7ff1077d329b45befe25176", 0x1d, 0x9}, {&(0x7f0000000440)="68f5c0632b79e9ef2a35c677e46cc4a46cd5cc1d1ac1c255a51e313c318c1153a30f38963824cd36280bf8fd492620950a0e982950f4da4e8dc20153e6336274db6c818d0b53e7f717537932951d304082d86596f5e397e36fef82a1926270f116edd9a044f1300811e93b817901", 0x6e, 0x9}], 0x10840a5, &(0x7f0000000680)={[{@unhide}, {@check_strict}], [{@dont_appraise}, {@obj_role={'obj_role', 0x3d, '/'}}, {@obj_role={'obj_role', 0x3d, 'trusted.overlay.redirect\x00'}}, {@measure}, {@appraise_type}, {@smackfsfloor={'smackfsfloor', 0x3d, '#! '}}, {@euid_lt={'euid<', 0xee00}}, {@fsname={'fsname', 0x3d, 'trusted.overlay.redirect\x00'}}, {@obj_type}, {@pcr={'pcr', 0x3d, 0x2b}}]})
futimesat(r1, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000780)={{0x0, 0xea60}, {0x77359400}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ftruncate(r0, 0x1000003)
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0)
r3 = pidfd_getfd(r0, r0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000b40)={0x53, 0xfffffffffffffffd, 0x8c, 0x1, @scatter={0x1, 0x0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/249, 0xf9}]}, &(0x7f0000000980)="f1aad8bfe5c3b68b100ce3d837597ef88bfe9bffa35878a9ebb8f1d9b532ff9a457fc87d16317a8d75d0ba60e84042640c4be38af6ba052c74f9144925df8653ecdeb6770c22cb961600aa8f92879e9ab2d091b16a3eba39b532d974a1257c46dc183b1ea00ea31279c239a80c2d5a78c7032bdfb175de91c868fae3d9d0a8cf667ac54b6f77b4d8eaaf85ea", &(0x7f0000000a40)=""/174, 0x2, 0x0, 0x1, &(0x7f0000000b00)})
r4 = gettid()
ioprio_get$pid(0x2, r4)
r5 = getpgrp(0x0)
prlimit64(r5, 0x6, &(0x7f0000000100)={0x1, 0x6}, &(0x7f0000000200))
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="7472616e2f0c1ea552e990d7110001666e2c7266646e6f3d6a121915eb9c8ec0368c8ba14b508f5334eae6f89b1f419d5895e01844cc1aecd6e6af420c0100000073e60867f0188bc13d234d7372976f2c6e3b456be1b47523870871ab83b65565a011d176fa9e5f39cb53eccaa57a4c8572", @ANYRES32, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC, @ANYBLOB="2c66736d616769633d30783030303030303030303030305d6666662c736d61636b66737472616e736d7574653d7365637479e60d7218"])
dup2(r0, r2)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x3, 0x0, 0x800000, 0x8})
fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(r5, 0x3, &(0x7f00000007c0)={0x3, 0x8000000}, &(0x7f0000000800))
write$binfmt_script(r2, &(0x7f0000000300)={'#! ', './file0'}, 0xb)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x8, 0x2)

20:11:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[])
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r0}}, 0x10000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @remote}, 0x1, 0x4, 0x1}}, 0x0, 0x0, 0x0, {0x0, r0}}, 0x78)
chdir(&(0x7f0000000040)='./file0\x00')
lsetxattr$security_ima(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000280), &(0x7f00000002c0)=@md5={0x1, "edb71f223c69885a61c15768f2bde3a8"}, 0x11, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x400, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40406, 0x0, 0x5, 0x0, 0x4, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x181)
pwrite64(r1, &(0x7f00000000c0)="04", 0x1, 0x3ff03)

20:11:44 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)

20:11:44 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:11:44 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)

20:11:44 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, &(0x7f0000000100))

[  384.417319] loop6: detected capacity change from 0 to 33559552
20:11:45 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:11:45 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, &(0x7f0000000100))

20:11:45 executing program 0:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:11:45 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:11:45 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x47e2, 0x0)
r1 = syz_mount_image$iso9660(&(0x7f0000000280), &(0x7f0000000340)='./file0\x00', 0x7, 0x3, &(0x7f0000000600)=[{&(0x7f0000000380)="4a15c213b3b733801b36de4ed359ee621a62fa68dc5a93f475ea0af9f241cfba31620d291448a999b0560bb1972e92f89099c44ee72318de8c13b4e09ede375dd085f0e75dc4bbfa59268939c1864a65d0df9f461bda9690c502ae00cb3ae7854dd0ca953bd8c9d965268a", 0x6b, 0x6}, {&(0x7f0000000400)="f12972b4b21825ab762634d2f2578008cbc7ff1077d329b45befe25176", 0x1d, 0x9}, {&(0x7f0000000440)="68f5c0632b79e9ef2a35c677e46cc4a46cd5cc1d1ac1c255a51e313c318c1153a30f38963824cd36280bf8fd492620950a0e982950f4da4e8dc20153e6336274db6c818d0b53e7f717537932951d304082d86596f5e397e36fef82a1926270f116edd9a044f1300811e93b817901", 0x6e, 0x9}], 0x10840a5, &(0x7f0000000680)={[{@unhide}, {@check_strict}], [{@dont_appraise}, {@obj_role={'obj_role', 0x3d, '/'}}, {@obj_role={'obj_role', 0x3d, 'trusted.overlay.redirect\x00'}}, {@measure}, {@appraise_type}, {@smackfsfloor={'smackfsfloor', 0x3d, '#! '}}, {@euid_lt={'euid<', 0xee00}}, {@fsname={'fsname', 0x3d, 'trusted.overlay.redirect\x00'}}, {@obj_type}, {@pcr={'pcr', 0x3d, 0x2b}}]})
futimesat(r1, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000780)={{0x0, 0xea60}, {0x77359400}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ftruncate(r0, 0x1000003)
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0)
r3 = pidfd_getfd(r0, r0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000b40)={0x53, 0xfffffffffffffffd, 0x8c, 0x1, @scatter={0x1, 0x0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/249, 0xf9}]}, &(0x7f0000000980)="f1aad8bfe5c3b68b100ce3d837597ef88bfe9bffa35878a9ebb8f1d9b532ff9a457fc87d16317a8d75d0ba60e84042640c4be38af6ba052c74f9144925df8653ecdeb6770c22cb961600aa8f92879e9ab2d091b16a3eba39b532d974a1257c46dc183b1ea00ea31279c239a80c2d5a78c7032bdfb175de91c868fae3d9d0a8cf667ac54b6f77b4d8eaaf85ea", &(0x7f0000000a40)=""/174, 0x2, 0x0, 0x1, &(0x7f0000000b00)})
r4 = gettid()
ioprio_get$pid(0x2, r4)
r5 = getpgrp(0x0)
prlimit64(r5, 0x6, &(0x7f0000000100)={0x1, 0x6}, &(0x7f0000000200))
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="7472616e2f0c1ea552e990d7110001666e2c7266646e6f3d6a121915eb9c8ec0368c8ba14b508f5334eae6f89b1f419d5895e01844cc1aecd6e6af420c0100000073e60867f0188bc13d234d7372976f2c6e3b456be1b47523870871ab83b65565a011d176fa9e5f39cb53eccaa57a4c8572", @ANYRES32, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC, @ANYBLOB="2c66736d616769633d30783030303030303030303030305d6666662c736d61636b66737472616e736d7574653d7365637479e60d7218"])
dup2(r0, r2)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x3, 0x0, 0x800000, 0x8})
fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(r5, 0x3, &(0x7f00000007c0)={0x3, 0x8000000}, &(0x7f0000000800))
write$binfmt_script(r2, &(0x7f0000000300)={'#! ', './file0'}, 0xb)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x8, 0x2)

20:11:45 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})

20:11:45 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, &(0x7f0000000100))

20:11:45 executing program 0:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:11:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[])
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r0}}, 0x10000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @remote}, 0x1, 0x4, 0x1}}, 0x0, 0x0, 0x0, {0x0, r0}}, 0x78)
chdir(&(0x7f0000000040)='./file0\x00')
lsetxattr$security_ima(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000280), &(0x7f00000002c0)=@md5={0x1, "edb71f223c69885a61c15768f2bde3a8"}, 0x11, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x400, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40406, 0x0, 0x5, 0x0, 0x4, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x181)
pwrite64(r1, &(0x7f00000000c0)="04", 0x1, 0x3ff03)

[  384.939891] loop6: detected capacity change from 0 to 33559552
20:11:59 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:59 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:11:59 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), 0x0)

20:11:59 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

20:11:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000000c0)=ANY=[])
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r0}}, 0x10000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @remote}, 0x1, 0x4, 0x1}}, 0x0, 0x0, 0x0, {0x0, r0}}, 0x78)
chdir(&(0x7f0000000040)='./file0\x00')
lsetxattr$security_ima(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000280), &(0x7f00000002c0)=@md5={0x1, "edb71f223c69885a61c15768f2bde3a8"}, 0x11, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x400, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40406, 0x0, 0x5, 0x0, 0x4, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x181)
pwrite64(r1, &(0x7f00000000c0)="04", 0x1, 0x3ff03)

20:11:59 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})

20:11:59 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x47e2, 0x0)
r1 = syz_mount_image$iso9660(&(0x7f0000000280), &(0x7f0000000340)='./file0\x00', 0x7, 0x3, &(0x7f0000000600)=[{&(0x7f0000000380)="4a15c213b3b733801b36de4ed359ee621a62fa68dc5a93f475ea0af9f241cfba31620d291448a999b0560bb1972e92f89099c44ee72318de8c13b4e09ede375dd085f0e75dc4bbfa59268939c1864a65d0df9f461bda9690c502ae00cb3ae7854dd0ca953bd8c9d965268a", 0x6b, 0x6}, {&(0x7f0000000400)="f12972b4b21825ab762634d2f2578008cbc7ff1077d329b45befe25176", 0x1d, 0x9}, {&(0x7f0000000440)="68f5c0632b79e9ef2a35c677e46cc4a46cd5cc1d1ac1c255a51e313c318c1153a30f38963824cd36280bf8fd492620950a0e982950f4da4e8dc20153e6336274db6c818d0b53e7f717537932951d304082d86596f5e397e36fef82a1926270f116edd9a044f1300811e93b817901", 0x6e, 0x9}], 0x10840a5, &(0x7f0000000680)={[{@unhide}, {@check_strict}], [{@dont_appraise}, {@obj_role={'obj_role', 0x3d, '/'}}, {@obj_role={'obj_role', 0x3d, 'trusted.overlay.redirect\x00'}}, {@measure}, {@appraise_type}, {@smackfsfloor={'smackfsfloor', 0x3d, '#! '}}, {@euid_lt={'euid<', 0xee00}}, {@fsname={'fsname', 0x3d, 'trusted.overlay.redirect\x00'}}, {@obj_type}, {@pcr={'pcr', 0x3d, 0x2b}}]})
futimesat(r1, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000780)={{0x0, 0xea60}, {0x77359400}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ftruncate(r0, 0x1000003)
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0)
r3 = pidfd_getfd(r0, r0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000b40)={0x53, 0xfffffffffffffffd, 0x8c, 0x1, @scatter={0x1, 0x0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/249, 0xf9}]}, &(0x7f0000000980)="f1aad8bfe5c3b68b100ce3d837597ef88bfe9bffa35878a9ebb8f1d9b532ff9a457fc87d16317a8d75d0ba60e84042640c4be38af6ba052c74f9144925df8653ecdeb6770c22cb961600aa8f92879e9ab2d091b16a3eba39b532d974a1257c46dc183b1ea00ea31279c239a80c2d5a78c7032bdfb175de91c868fae3d9d0a8cf667ac54b6f77b4d8eaaf85ea", &(0x7f0000000a40)=""/174, 0x2, 0x0, 0x1, &(0x7f0000000b00)})
r4 = gettid()
ioprio_get$pid(0x2, r4)
r5 = getpgrp(0x0)
prlimit64(r5, 0x6, &(0x7f0000000100)={0x1, 0x6}, &(0x7f0000000200))
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="7472616e2f0c1ea552e990d7110001666e2c7266646e6f3d6a121915eb9c8ec0368c8ba14b508f5334eae6f89b1f419d5895e01844cc1aecd6e6af420c0100000073e60867f0188bc13d234d7372976f2c6e3b456be1b47523870871ab83b65565a011d176fa9e5f39cb53eccaa57a4c8572", @ANYRES32, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC, @ANYBLOB="2c66736d616769633d30783030303030303030303030305d6666662c736d61636b66737472616e736d7574653d7365637479e60d7218"])
dup2(r0, r2)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x3, 0x0, 0x800000, 0x8})
fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(r5, 0x3, &(0x7f00000007c0)={0x3, 0x8000000}, &(0x7f0000000800))
write$binfmt_script(r2, &(0x7f0000000300)={'#! ', './file0'}, 0xb)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x8, 0x2)

20:11:59 executing program 0:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

[  398.833896] loop6: detected capacity change from 0 to 33559552
20:11:59 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:11:59 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), 0x0)

20:11:59 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:11:59 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})

20:12:13 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:12:13 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:13 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:13 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), 0x0)

20:12:13 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

20:12:13 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})

20:12:13 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})

20:12:13 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x47e2, 0x0)
r1 = syz_mount_image$iso9660(&(0x7f0000000280), &(0x7f0000000340)='./file0\x00', 0x7, 0x3, &(0x7f0000000600)=[{&(0x7f0000000380)="4a15c213b3b733801b36de4ed359ee621a62fa68dc5a93f475ea0af9f241cfba31620d291448a999b0560bb1972e92f89099c44ee72318de8c13b4e09ede375dd085f0e75dc4bbfa59268939c1864a65d0df9f461bda9690c502ae00cb3ae7854dd0ca953bd8c9d965268a", 0x6b, 0x6}, {&(0x7f0000000400)="f12972b4b21825ab762634d2f2578008cbc7ff1077d329b45befe25176", 0x1d, 0x9}, {&(0x7f0000000440)="68f5c0632b79e9ef2a35c677e46cc4a46cd5cc1d1ac1c255a51e313c318c1153a30f38963824cd36280bf8fd492620950a0e982950f4da4e8dc20153e6336274db6c818d0b53e7f717537932951d304082d86596f5e397e36fef82a1926270f116edd9a044f1300811e93b817901", 0x6e, 0x9}], 0x10840a5, &(0x7f0000000680)={[{@unhide}, {@check_strict}], [{@dont_appraise}, {@obj_role={'obj_role', 0x3d, '/'}}, {@obj_role={'obj_role', 0x3d, 'trusted.overlay.redirect\x00'}}, {@measure}, {@appraise_type}, {@smackfsfloor={'smackfsfloor', 0x3d, '#! '}}, {@euid_lt={'euid<', 0xee00}}, {@fsname={'fsname', 0x3d, 'trusted.overlay.redirect\x00'}}, {@obj_type}, {@pcr={'pcr', 0x3d, 0x2b}}]})
futimesat(r1, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000780)={{0x0, 0xea60}, {0x77359400}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ftruncate(r0, 0x1000003)
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0)
r3 = pidfd_getfd(r0, r0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000b40)={0x53, 0xfffffffffffffffd, 0x8c, 0x1, @scatter={0x1, 0x0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/249, 0xf9}]}, &(0x7f0000000980)="f1aad8bfe5c3b68b100ce3d837597ef88bfe9bffa35878a9ebb8f1d9b532ff9a457fc87d16317a8d75d0ba60e84042640c4be38af6ba052c74f9144925df8653ecdeb6770c22cb961600aa8f92879e9ab2d091b16a3eba39b532d974a1257c46dc183b1ea00ea31279c239a80c2d5a78c7032bdfb175de91c868fae3d9d0a8cf667ac54b6f77b4d8eaaf85ea", &(0x7f0000000a40)=""/174, 0x2, 0x0, 0x1, &(0x7f0000000b00)})
r4 = gettid()
ioprio_get$pid(0x2, r4)
r5 = getpgrp(0x0)
prlimit64(r5, 0x6, &(0x7f0000000100)={0x1, 0x6}, &(0x7f0000000200))
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="7472616e2f0c1ea552e990d7110001666e2c7266646e6f3d6a121915eb9c8ec0368c8ba14b508f5334eae6f89b1f419d5895e01844cc1aecd6e6af420c0100000073e60867f0188bc13d234d7372976f2c6e3b456be1b47523870871ab83b65565a011d176fa9e5f39cb53eccaa57a4c8572", @ANYRES32, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC, @ANYBLOB="2c66736d616769633d30783030303030303030303030305d6666662c736d61636b66737472616e736d7574653d7365637479e60d7218"])
dup2(r0, r2)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x3, 0x0, 0x800000, 0x8})
fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(r5, 0x3, &(0x7f00000007c0)={0x3, 0x8000000}, &(0x7f0000000800))
write$binfmt_script(r2, &(0x7f0000000300)={'#! ', './file0'}, 0xb)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x8, 0x2)

20:12:13 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:12:13 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000))

20:12:13 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:13 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000))

20:12:13 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})

20:12:13 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:13 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000))

20:12:13 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:26 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

20:12:26 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})

20:12:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:26 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})

20:12:26 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:26 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:26 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})

20:12:26 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:26 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:26 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})

20:12:26 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:12:26 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)

20:12:26 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:26 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:26 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})

20:12:26 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4}) (fail_nth: 1)

20:12:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:26 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:26 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  426.405452] FAULT_INJECTION: forcing a failure.
[  426.405452] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  426.407920] CPU: 1 PID: 5170 Comm: syz-executor.6 Not tainted 5.10.234 #1
[  426.409300] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  426.410991] Call Trace:
[  426.411541]  dump_stack+0x107/0x167
[  426.412295]  should_fail.cold+0x5/0xa
[  426.413083]  _copy_from_user+0x2e/0x1b0
[  426.413892]  vt_ioctl+0x21c2/0x2c90
[  426.414640]  ? vt_waitactive+0x3a0/0x3a0
[  426.415469]  ? __lock_acquire+0xbb1/0x5b00
[  426.416348]  ? find_held_lock+0x2c/0x110
[  426.417185]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  426.418271]  ? __sanitizer_cov_trace_switch+0x45/0x80
[  426.419332]  ? vt_waitactive+0x3a0/0x3a0
[  426.420164]  tty_ioctl+0x862/0x18b0
[  426.420917]  ? tty_fasync+0x390/0x390
[  426.421703]  ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410
[  426.422871]  ? __sanitizer_cov_trace_switch+0x45/0x80
[  426.423952]  ? do_vfs_ioctl+0x283/0x10d0
[  426.424774]  ? selinux_bprm_creds_for_exec+0xb60/0xb60
[  426.425823]  ? generic_block_fiemap+0x60/0x60
[  426.426721]  ? lock_downgrade+0x6d0/0x6d0
[  426.427561]  ? __mutex_unlock_slowpath+0xe1/0x600
[  426.428535]  ? wait_for_completion_io+0x270/0x270
[  426.429532]  ? selinux_file_ioctl+0xb6/0x270
[  426.430431]  ? tty_fasync+0x390/0x390
[  426.431203]  __x64_sys_ioctl+0x19a/0x210
[  426.432039]  do_syscall_64+0x33/0x40
[  426.432794]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  426.433838] RIP: 0033:0x7f9a6762cb19
[  426.434591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  426.438294] RSP: 002b:00007f9a64ba2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  426.439834] RAX: ffffffffffffffda RBX: 00007f9a6773ff60 RCX: 00007f9a6762cb19
[  426.441265] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000003
[  426.442713] RBP: 00007f9a64ba21d0 R08: 0000000000000000 R09: 0000000000000000
[  426.444156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.445585] R13: 00007ffff55a4f1f R14: 00007f9a64ba2300 R15: 0000000000022000
20:12:27 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:27 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r6}}, 0x58)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x3f, 0x8, 0x1, 0xf4, 0x0, 0x81, 0x20002, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x3, 0xfffffffeffffffff}, 0x40000, 0x9, 0x0, 0xf56bd5ed1a65c1be, 0x7c, 0x9, 0xbe9, 0x0, 0x400, 0x0, 0x2}, 0x0, 0xe, r1, 0x8)

20:12:27 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 1)

[  426.619661] FAULT_INJECTION: forcing a failure.
[  426.619661] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.621913] CPU: 1 PID: 5181 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  426.623182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  426.624714] Call Trace:
[  426.625204]  dump_stack+0x107/0x167
[  426.625873]  should_fail.cold+0x5/0xa
[  426.626586]  _copy_from_user+0x2e/0x1b0
[  426.627322]  io_uring_setup+0x9b/0x2980
[  426.628079]  ? __mutex_unlock_slowpath+0xe1/0x600
[  426.628979]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  426.629917]  ? wait_for_completion_io+0x270/0x270
[  426.630815]  ? rcu_read_lock_any_held+0x75/0xa0
[  426.631686]  ? vfs_write+0x354/0xb10
[  426.632367]  ? fput_many+0x2f/0x1a0
[  426.633039]  ? ksys_write+0x1a9/0x260
[  426.633749]  ? __ia32_sys_read+0xb0/0xb0
[  426.634500]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  426.635465]  ? syscall_enter_from_user_mode+0x1d/0x50
[  426.636430]  do_syscall_64+0x33/0x40
[  426.637122]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  426.638072] RIP: 0033:0x7f7e6bc66b19
[  426.638760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  426.642142] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  426.643536] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  426.644871] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  426.646198] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  426.647501] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  426.648823] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:12:27 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:27 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4}) (fail_nth: 2)

20:12:27 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  426.692622] FAULT_INJECTION: forcing a failure.
[  426.692622] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.694939] CPU: 1 PID: 5183 Comm: syz-executor.6 Not tainted 5.10.234 #1
[  426.696166] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  426.697646] Call Trace:
[  426.698112]  dump_stack+0x107/0x167
[  426.698763]  should_fail.cold+0x5/0xa
[  426.699444]  _copy_to_user+0x2e/0x180
[  426.700132]  simple_read_from_buffer+0xcc/0x160
[  426.700949]  proc_fail_nth_read+0x198/0x230
[  426.701706]  ? proc_sessionid_read+0x230/0x230
[  426.702505]  ? security_file_permission+0xb1/0xe0
[  426.703366]  ? proc_sessionid_read+0x230/0x230
[  426.704187]  vfs_read+0x228/0x620
[  426.704803]  ksys_read+0x12d/0x260
[  426.705429]  ? vfs_write+0xb10/0xb10
[  426.706090]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  426.707014]  ? syscall_enter_from_user_mode+0x1d/0x50
[  426.707926]  do_syscall_64+0x33/0x40
[  426.708579]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  426.709480] RIP: 0033:0x7f9a675df69c
[  426.710132] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  426.713403] RSP: 002b:00007f9a64ba2170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  426.714741] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9a675df69c
[  426.716013] RDX: 000000000000000f RSI: 00007f9a64ba21e0 RDI: 0000000000000004
[  426.717290] RBP: 00007f9a64ba21d0 R08: 0000000000000000 R09: 0000000000000000
[  426.718552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.719798] R13: 00007ffff55a4f1f R14: 00007f9a64ba2300 R15: 0000000000022000
20:12:27 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r1, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r3, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(0x0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:27 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 2)

[  426.846728] FAULT_INJECTION: forcing a failure.
[  426.846728] name failslab, interval 1, probability 0, space 0, times 1
[  426.848605] CPU: 1 PID: 5193 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  426.849721] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  426.851076] Call Trace:
[  426.851506]  dump_stack+0x107/0x167
[  426.852100]  should_fail.cold+0x5/0xa
[  426.852716]  ? io_uring_setup+0x258/0x2980
[  426.853398]  should_failslab+0x5/0x20
[  426.854009]  kmem_cache_alloc_trace+0x55/0x320
[  426.854747]  io_uring_setup+0x258/0x2980
[  426.855405]  ? __mutex_unlock_slowpath+0xe1/0x600
[  426.856191]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  426.857013]  ? wait_for_completion_io+0x270/0x270
[  426.857821]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  426.858686]  ? syscall_enter_from_user_mode+0x1d/0x50
[  426.859535]  do_syscall_64+0x33/0x40
[  426.860157]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  426.860989] RIP: 0033:0x7f7e6bc66b19
[  426.861585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  426.864550] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  426.865762] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  426.866899] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  426.868038] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  426.869172] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  426.870325] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:12:41 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:41 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)

20:12:41 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:41 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r1, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r3, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(0x0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:41 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, 0x0], 0x2, {r5}}, 0x58)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:41 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:12:41 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:41 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 3)

[  441.134933] FAULT_INJECTION: forcing a failure.
[  441.134933] name failslab, interval 1, probability 0, space 0, times 0
[  441.137387] CPU: 0 PID: 5210 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  441.138812] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  441.140540] Call Trace:
[  441.141093]  dump_stack+0x107/0x167
[  441.141891]  should_fail.cold+0x5/0xa
[  441.142700]  ? create_object.isra.0+0x3a/0xa20
[  441.142720]  should_failslab+0x5/0x20
[  441.142736]  kmem_cache_alloc+0x5b/0x310
[  441.142757]  create_object.isra.0+0x3a/0xa20
[  441.142771]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  441.142793]  kmem_cache_alloc_trace+0x151/0x320
[  441.142815]  io_uring_setup+0x258/0x2980
[  441.142836]  ? __mutex_unlock_slowpath+0xe1/0x600
[  441.142855]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  441.142872]  ? wait_for_completion_io+0x270/0x270
[  441.142909]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  441.142925]  ? syscall_enter_from_user_mode+0x1d/0x50
[  441.142944]  do_syscall_64+0x33/0x40
[  441.142960]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  441.142971] RIP: 0033:0x7f7e6bc66b19
[  441.142986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  441.142995] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  441.143012] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  441.143022] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  441.143031] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  441.143040] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  441.143049] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:12:41 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89)
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r1, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r3, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(0x0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:12:41 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 4)

20:12:41 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x9, 0x100)
fspick(r1, &(0x7f0000000140)='./file0\x00', 0x0)
io_submit(0x0, 0x0, &(0x7f0000000100))

20:12:41 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  441.405464] FAULT_INJECTION: forcing a failure.
[  441.405464] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  441.408098] CPU: 1 PID: 5226 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  441.409525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  441.411247] Call Trace:
[  441.411814]  dump_stack+0x107/0x167
[  441.412573]  should_fail.cold+0x5/0xa
[  441.413373]  __alloc_pages_nodemask+0x182/0x600
[  441.414351]  ? lock_release+0x680/0x680
[  441.415179]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[  441.416446]  ? lock_downgrade+0x6d0/0x6d0
[  441.417319]  alloc_pages_current+0x187/0x280
[  441.418252]  kmalloc_order+0x35/0x160
[  441.419053]  kmalloc_order_trace+0x14/0xa0
[  441.419966]  io_uring_setup+0x33c/0x2980
[  441.420832]  ? __mutex_unlock_slowpath+0xe1/0x600
[  441.421846]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  441.422902]  ? wait_for_completion_io+0x270/0x270
[  441.423945]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  441.425040]  ? syscall_enter_from_user_mode+0x1d/0x50
[  441.426131]  do_syscall_64+0x33/0x40
[  441.426923]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  441.428018] RIP: 0033:0x7f7e6bc66b19
[  441.428804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  441.432668] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  441.434264] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  441.435750] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  441.437257] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  441.438747] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  441.440256] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  454.128256] FAULT_INJECTION: forcing a failure.
[  454.128256] name failslab, interval 1, probability 0, space 0, times 0
[  454.131095] CPU: 0 PID: 5241 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  454.132605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  454.134359] Call Trace:
[  454.134938]  dump_stack+0x107/0x167
[  454.135723]  should_fail.cold+0x5/0xa
[  454.136557]  ? create_object.isra.0+0x3a/0xa20
[  454.137543]  should_failslab+0x5/0x20
[  454.138352]  kmem_cache_alloc+0x5b/0x310
[  454.139213]  create_object.isra.0+0x3a/0xa20
[  454.140139]  ? kasan_unpoison_shadow+0x33/0x50
[  454.141101]  kmalloc_order+0xfe/0x160
[  454.141905]  kmalloc_order_trace+0x14/0xa0
[  454.142802]  io_uring_setup+0x33c/0x2980
[  454.143665]  ? __mutex_unlock_slowpath+0xe1/0x600
[  454.144696]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  454.145760]  ? wait_for_completion_io+0x270/0x270
[  454.146800]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  454.147896]  ? syscall_enter_from_user_mode+0x1d/0x50
[  454.148993]  do_syscall_64+0x33/0x40
[  454.149779]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  454.150854] RIP: 0033:0x7f7e6bc66b19
[  454.151637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  454.155479] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  454.157084] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  454.158579] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  454.160081] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  454.161572] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  454.163066] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:12:54 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:54 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:54 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 5)

20:12:54 executing program 6:
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x87}}, './file0/file0\x00'})
openat(r0, &(0x7f00000000c0)='./file0\x00', 0x10d000, 0x20)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
r4 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xfc, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r3, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x200000e, 0x80010, r3, 0x8000000)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x200000a, 0x11, r2, 0xc6e4d000)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000000)={0x0, 0x1000, 0x0, 0x4})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r5=>0x0})
capset(&(0x7f0000000180)={0x20080522, r5}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x80)
fcntl$getflags(r7, 0x408)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r5], 0x2, {r6}}, 0x58)
dup2(r6, r2)

20:12:54 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:54 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:12:54 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:12:54 executing program 4:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:07 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 6)

20:13:07 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:13:07 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  466.710410] FAULT_INJECTION: forcing a failure.
[  466.710410] name failslab, interval 1, probability 0, space 0, times 0
[  466.712847] CPU: 1 PID: 5269 Comm: syz-executor.7 Not tainted 5.10.234 #1
20:13:07 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:07 executing program 4:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:07 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {0x7909bf177f83a035}}, './file0\x00'})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000900)={'icmp\x00'}, &(0x7f0000000940)=0x1e)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f0000000080))
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0xfffd, 0x0, 0x4, 0x0, 0x8})

20:13:07 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:07 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  466.714263] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  466.714269] Call Trace:
[  466.714292]  dump_stack+0x107/0x167
[  466.714310]  should_fail.cold+0x5/0xa
[  466.714330]  ? io_uring_setup+0x40b/0x2980
[  466.714350]  should_failslab+0x5/0x20
[  466.714367]  kmem_cache_alloc_trace+0x55/0x320
[  466.714389]  io_uring_setup+0x40b/0x2980
[  466.714411]  ? __mutex_unlock_slowpath+0xe1/0x600
[  466.714430]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  466.714447]  ? wait_for_completion_io+0x270/0x270
[  466.714484]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  466.714500]  ? syscall_enter_from_user_mode+0x1d/0x50
[  466.714519]  do_syscall_64+0x33/0x40
[  466.714535]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  466.714546] RIP: 0033:0x7f7e6bc66b19
[  466.714562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  466.714570] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  466.714589] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  466.714598] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  466.714608] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  466.714617] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
20:13:07 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 7)

[  466.714626] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:07 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:13:07 executing program 4:
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:07 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r2=>0x0})
capset(&(0x7f0000000180)={0x20080522, r2}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r2], 0x2, {r3}}, 0x58)
ioctl$TIOCSPGRP(r1, 0x5410, &(0x7f0000000080)=r2)

20:13:07 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  466.923765] FAULT_INJECTION: forcing a failure.
[  466.923765] name failslab, interval 1, probability 0, space 0, times 0
[  466.926213] CPU: 1 PID: 5287 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  466.927658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  466.929380] Call Trace:
[  466.929936]  dump_stack+0x107/0x167
[  466.930700]  should_fail.cold+0x5/0xa
[  466.931493]  ? create_object.isra.0+0x3a/0xa20
[  466.932453]  should_failslab+0x5/0x20
[  466.933244]  kmem_cache_alloc+0x5b/0x310
[  466.934099]  create_object.isra.0+0x3a/0xa20
[  466.935009]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  466.936078]  kmem_cache_alloc_trace+0x151/0x320
[  466.937059]  io_uring_setup+0x40b/0x2980
[  466.937917]  ? __mutex_unlock_slowpath+0xe1/0x600
[  466.938927]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  466.939985]  ? wait_for_completion_io+0x270/0x270
[  466.941022]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  466.942113]  ? syscall_enter_from_user_mode+0x1d/0x50
[  466.943189]  do_syscall_64+0x33/0x40
[  466.943965]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  466.945040] RIP: 0033:0x7f7e6bc66b19
[  466.945817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  466.949706] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  466.949728] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  466.949746] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  466.953785] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  466.953795] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  466.953805] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:07 executing program 4:
r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:07 executing program 5:
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c3286df741d14c3e140000000000800000000000000000"], 0x14}}, 0x0)
fsetxattr$trusted_overlay_nlink(r1, 0x0, 0x0, 0xfffffffffffffd69, 0x0)
syz_io_uring_setup(0x7781, &(0x7f0000000400)={0x0, 0x69ec, 0x10, 0x0, 0x3aa}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000004c0))
ioctl$HIDIOCSUSAGE(r0, 0x4018480c, &(0x7f0000000000)={0x3, 0x200, 0x8, 0x0, 0x2, 0xff})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x80202, 0x100)
socket$netlink(0x10, 0x3, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
unshare(0x64040a00)

20:13:07 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:07 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:07 executing program 4:
r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:07 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 8)

20:13:07 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  467.152015] FAULT_INJECTION: forcing a failure.
[  467.152015] name failslab, interval 1, probability 0, space 0, times 0
[  467.153466] CPU: 0 PID: 5309 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  467.154453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  467.155439] Call Trace:
[  467.155761]  dump_stack+0x107/0x167
[  467.156220]  should_fail.cold+0x5/0xa
[  467.156691]  ? create_object.isra.0+0x3a/0xa20
[  467.157230]  should_failslab+0x5/0x20
[  467.157685]  kmem_cache_alloc+0x5b/0x310
[  467.158177]  create_object.isra.0+0x3a/0xa20
[  467.158726]  kmemleak_alloc_percpu+0xa0/0x100
[  467.159265]  pcpu_alloc+0x4e2/0x1240
[  467.159720]  ? io_tctx_exit_cb+0xf0/0xf0
[  467.160224]  percpu_ref_init+0x31/0x3d0
[  467.160708]  io_uring_setup+0x47a/0x2980
[  467.161200]  ? __mutex_unlock_slowpath+0xe1/0x600
[  467.161773]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  467.162372]  ? wait_for_completion_io+0x270/0x270
[  467.162977]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  467.163620]  ? syscall_enter_from_user_mode+0x1d/0x50
[  467.164269]  do_syscall_64+0x33/0x40
[  467.164732]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  467.165355] RIP: 0033:0x7f7e6bc66b19
[  467.165792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  467.167956] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  467.168868] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  467.169712] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  467.170568] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  467.171422] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  467.172309] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:07 executing program 6:
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0xc1c0}}, './file0\x00'})
sendmsg$nl_generic(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f00000000c0)={0x24c, 0x3a, 0x1, 0x70bd2a, 0x25dfdbfc, {0xa}, [@generic="77996d2ae3e33b548c99e59e22dd47644ea69b6914d9fb49fc777224b5e289e82e40405687350bef9ae5bfb458fe88990f4fa89c7b39596f43158d0d576ca41f8430ec27f9bb99a4df659f6a8fe5902dabd4014df5e41b61c0496c882345ed4f63d31e3433dccc0e5b74753949370f1fb63c80cdc4935372b077915281f0669b5ba9275f916a279a9145b1c3dc5b3a", @nested={0x10, 0x45, 0x0, 0x1, [@typed={0xc, 0x3a, 0x0, 0x0, @u64=0x41}]}, @typed={0x8, 0x3b, 0x0, 0x0, @u32=0x6}, @generic="8803789d64eaecf3e9e457be28ef22bfab57606a11e434df074c126f71271609711341b95b4b2c2f358ae7144f7c5e692db34a6ff44e05329e612ebe87569195b252bc393461e61739ea6cbc5de98057fe599e5751b99b688d6496952b23ab49e6817ea36c7758a79e2f61ac055956ff1258d04c740fea0cdb184c59b2c4189bffe05ac969300ca21b49a8235f04b859865bc1a6983edf1f2c5970d26f87350e2f6f77a80eaf2b693e3b3489eb", @typed={0x8, 0x47, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0xc, 0x82, 0x0, 0x0, @u64=0xffffffffffffffff}, @typed={0xc, 0x90, 0x0, 0x0, @u64=0x3}, @nested={0x68, 0x1c, 0x0, 0x1, [@typed={0x5, 0x64, 0x0, 0x0, @str='\x00'}, @generic="836f558cdfb663ca6e4a4441fd05a5a9d0556a0c840f61596b3e1ef2235a6c5c294e3d596877db1b7303c5730c1ff71b3b729efaac4786", @generic='J', @typed={0x8, 0x52, 0x0, 0x0, @uid}, @typed={0x4, 0x35}, @typed={0xc, 0x84, 0x0, 0x0, @u64=0x1ff}, @typed={0xc, 0x8c, 0x0, 0x0, @u64=0x1}]}, @nested={0x5a, 0x8b, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64=0x2}, @typed={0x8, 0x8a, 0x0, 0x0, @u32=0x9d6}, @generic="09a0d42015229f22086ac0a486214f1e20c41db72be1d35a4ddd76cc10b8d89dd8916d2a24265cf20af83d2278fb8ff2e96b0ce7e0d82eb12da19b4b8d5629705ff4"]}]}, 0x24c}, 0x1, 0x0, 0x0, 0x4015}, 0x24000080)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32], 0x38}}], 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r3=>0x0})
sendmmsg$inet(r1, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r3], 0x38}}], 0x1, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r6=>0x0})
sendmmsg$inet(r4, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r6], 0x38}}], 0x1, 0x0)
getpeername$packet(r0, &(0x7f0000000540)={0x11, 0x0, <r7=>0x0}, &(0x7f0000000580)=0x14)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r10=>0x0})
sendmmsg$inet(r8, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0xffe7}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000", @ANYRES32=r10], 0x38}}], 0x1, 0x0)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f00000005c0)={0x12c, 0x0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r11 = syz_open_dev$tty20(0xc, 0x4, 0x0)
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, 0x0, 0x10, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x7}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x7}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008010}, 0x8041)
ioctl$VT_RESIZEX(r11, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:13:07 executing program 4:
r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:07 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 9)

[  467.338221] FAULT_INJECTION: forcing a failure.
[  467.338221] name failslab, interval 1, probability 0, space 0, times 0
[  467.340648] CPU: 1 PID: 5322 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  467.342087] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
20:13:07 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  467.342093] Call Trace:
[  467.342116]  dump_stack+0x107/0x167
[  467.342135]  should_fail.cold+0x5/0xa
[  467.342155]  ? create_object.isra.0+0x3a/0xa20
[  467.342175]  should_failslab+0x5/0x20
[  467.342193]  kmem_cache_alloc+0x5b/0x310
[  467.342216]  create_object.isra.0+0x3a/0xa20
20:13:07 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:07 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  467.342240]  kmemleak_alloc_percpu+0xa0/0x100
[  467.342262]  pcpu_alloc+0x4e2/0x1240
[  467.342290]  ? io_tctx_exit_cb+0xf0/0xf0
[  467.342308]  percpu_ref_init+0x31/0x3d0
[  467.342329]  io_uring_setup+0x47a/0x2980
[  467.342351]  ? __mutex_unlock_slowpath+0xe1/0x600
[  467.342371]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  467.342388]  ? wait_for_completion_io+0x270/0x270
[  467.342427]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  467.342445]  ? syscall_enter_from_user_mode+0x1d/0x50
[  467.342464]  do_syscall_64+0x33/0x40
[  467.342482]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  467.342493] RIP: 0033:0x7f7e6bc66b19
[  467.342510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
20:13:07 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  467.342519] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  467.342539] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  467.342549] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  467.342559] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  467.342568] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  467.342578] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:21 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:13:21 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:21 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:21 executing program 6:
io_setup(0x1, &(0x7f0000000280)=<r0=>0x0)
r1 = eventfd(0x0)
io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
io_cancel(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
io_submit(r0, 0x0, &(0x7f0000000040))
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8, 0x0, 0x80})

20:13:21 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:21 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 10)

20:13:21 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:21 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  481.228718] FAULT_INJECTION: forcing a failure.
[  481.228718] name failslab, interval 1, probability 0, space 0, times 0
[  481.231126] CPU: 1 PID: 5347 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  481.232566] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  481.234308] Call Trace:
[  481.234865]  dump_stack+0x107/0x167
[  481.235631]  should_fail.cold+0x5/0xa
[  481.236438]  ? percpu_ref_init+0xd8/0x3d0
[  481.237311]  should_failslab+0x5/0x20
[  481.238107]  kmem_cache_alloc_trace+0x55/0x320
[  481.239061]  ? io_tctx_exit_cb+0xf0/0xf0
[  481.239912]  percpu_ref_init+0xd8/0x3d0
[  481.240761]  io_uring_setup+0x47a/0x2980
[  481.241616]  ? __mutex_unlock_slowpath+0xe1/0x600
[  481.242624]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  481.243682]  ? wait_for_completion_io+0x270/0x270
[  481.244718]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  481.245811]  ? syscall_enter_from_user_mode+0x1d/0x50
[  481.246887]  do_syscall_64+0x33/0x40
[  481.247662]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  481.248738] RIP: 0033:0x7f7e6bc66b19
[  481.249513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  481.253383] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  481.254983] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  481.256482] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  481.257970] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  481.259459] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  481.260954] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:21 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000540)={0xa, 0x4e20, 0x0, @dev, 0xfffffffe}, 0x1c)
r1 = syz_io_uring_complete(0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022dbd7000ffdbdf25370000000c009900020000006500000008005700060000000800570000020000"], 0x30}, 0x1, 0x0, 0x0, 0x11}, 0x4000080)
openat$zero(0xffffffffffffff9c, 0x0, 0x244000, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4ea0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x40000, 0x0)
accept4$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000240)=0x1c, 0x800)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1000}, 0x4)
socket$inet6_udplite(0xa, 0x2, 0x88)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004d00), 0x2f, 0x0)

20:13:21 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 11)

20:13:21 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:21 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:13:22 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:13:22 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x89)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  481.488083] FAULT_INJECTION: forcing a failure.
[  481.488083] name failslab, interval 1, probability 0, space 0, times 0
[  481.490596] CPU: 1 PID: 5362 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  481.492051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  481.493837] Call Trace:
[  481.494401]  dump_stack+0x107/0x167
[  481.495192]  should_fail.cold+0x5/0xa
[  481.496002]  ? create_object.isra.0+0x3a/0xa20
[  481.496982]  should_failslab+0x5/0x20
[  481.497793]  kmem_cache_alloc+0x5b/0x310
[  481.498663]  create_object.isra.0+0x3a/0xa20
[  481.499585]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  481.500659]  kmem_cache_alloc_trace+0x151/0x320
[  481.501630]  ? io_tctx_exit_cb+0xf0/0xf0
[  481.502480]  percpu_ref_init+0xd8/0x3d0
[  481.503310]  io_uring_setup+0x47a/0x2980
[  481.504169]  ? __mutex_unlock_slowpath+0xe1/0x600
[  481.505185]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  481.506252]  ? wait_for_completion_io+0x270/0x270
[  481.507276]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  481.508376]  ? syscall_enter_from_user_mode+0x1d/0x50
[  481.509456]  do_syscall_64+0x33/0x40
[  481.510228]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  481.511291] RIP: 0033:0x7f7e6bc66b19
[  481.512070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  481.515983] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  481.517578] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  481.519060] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  481.520557] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  481.522041] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  481.523533] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:22 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:22 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:22 executing program 6:
write(0xffffffffffffffff, &(0x7f0000000040)="85c7e2f35cd9821f13b43cc826af", 0xe)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:13:35 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:13:35 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:35 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:13:35 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:35 executing program 6:
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x3, 0x6, 0x401, 0x0, 0x0, {0xc, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x20040081)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:13:35 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:13:35 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 12)

[  495.242017] FAULT_INJECTION: forcing a failure.
[  495.242017] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  495.242050] CPU: 1 PID: 5397 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  495.246176] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  495.247921] Call Trace:
[  495.248492]  dump_stack+0x107/0x167
[  495.249261]  should_fail.cold+0x5/0xa
[  495.250068]  __alloc_pages_nodemask+0x182/0x600
[  495.251047]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[  495.252318]  ? cap_capable+0x1cd/0x230
[  495.253153]  alloc_pages_current+0x187/0x280
[  495.254079]  __get_free_pages+0xc/0xa0
[  495.254892]  io_uring_setup+0xe27/0x2980
[  495.255761]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  495.256829]  ? wait_for_completion_io+0x270/0x270
[  495.257864]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  495.258964]  ? syscall_enter_from_user_mode+0x1d/0x50
[  495.260040]  do_syscall_64+0x33/0x40
[  495.260829]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  495.261904] RIP: 0033:0x7f7e6bc66b19
[  495.262679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  495.266527] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  495.268117] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  495.269623] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  495.271117] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  495.272618] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  495.274108] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:35 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x40}}, './file0\x00'})

20:13:35 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:13:51 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:51 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:51 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:13:51 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:13:51 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 13)

20:13:51 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:13:51 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000004c0)={0x40, 0x0, 0x0, 0x2})
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000500)={0x3, 0x3, 0x7})
ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000440)={0x8f, 0x1e, &(0x7f0000000040)="b51e140040035916589ce6c1b79080f900c95df395738109a108db234d465a40ecda9b2762cf66e782cf0c23f197a90ae87369a78a66139fffbf4328fe951a420352e0c2a1eecb8c5474c2b0a479fff50598f89911e211a59bb2447a48b557e13742517a9abb21118baf4ae52d548134262163e0ffc76605a7e021ab8c19b8c59e4e77923c539308085a18a5f7c28ebcc3a45834f219d7f0291f6e1515fac9497351cbf47ad0c1e206241af217033c04e63b63626269470e8e6456cfdadc4ef3e1969b3946fe5762dce24ce22c6604f7cdfe72b081ecbdc526df8bde01c7d1eb028bcac4d0d3553d502a2ccbec3440efd6e104525a88ea9afb41e236d639808fc341d6504220a53a699ae9571e7c7625587a44c205c8eeb509d74aa3157bb34f8852b0e516247caa0d1b589b3dc64a7fead85e1e947bdc2d81c0851cd933c56375afdca328055f280c617e528daa6ed8e2d4954c7103962232e2672b12ba4a3a9adae9656ff457737fee2525e5dd064bb24f61fdc14e2818429d8b30b807fc01dd13b1d50f9bddb1f139a9092ea0e6c5f8d6e6cb8a2c66100e40d5c1b15894403f430d481cf580ac4c01bf67c02ea10220efe6d3fdea2b696163dbdae9b2a905d0b541b3de05119f1ea866d8b9606b4a68f995a26bb1c6d5f09688e32b95e93a7decab82563f2cb97fc7a211d561f108dc75aefb99c2fb663d87a6241c6c1b647051931acb7a3bf435ec3c67c7ab14e3fdd44edf41bfcb9d9ae309720933e43ead18f03efc04aa7e39d2b9eec1e2d784855f3390cb89b88e14c7b695c08f0baa16eb3f1374430535ab446d359f2c06861d1e69fa5c98ab365f7adf5cf2f0d824f7f7d5d64fca19eebf19a41fbb92b44a03f8ce7ed9f0fdf97b5a12726c3f1ef2254e76c3cd2835abe84fc17cc76111e47446bb3c3b223add713561a79e48e2ea17d89987b955b8ba84d1f17a3ab14d99d937dd1f2a2d9a1b5f907c071d1710d945716a808f1efbb618ab48082e6ae7d0263396417b450bb87f3f53f3f271250999e08cd2f6ffb9cf30093b80a6b952addfd5209e9c2e2f56d9eddcb70c9fab6459a86a28cb5ba5018a5779be27597101a0d3b4f5831288c9588bbc1743169ff579990d94dd9921a87fe7c635d80d2bb13d20c8722bb9c9d15ec4b1bab693ceda104f24046421c609b84192a2ca007fe18b1b3d9a9b5edd00778d7b446f20bccac8f46eab1b01d315d149d2fdd96816319e3cbada9f3e8023c60abcba9a6fe23c9db4dee5a2559b0b15d4f55039b6bf08cb836c0b3ea955b76b6e6c9bb08cc5879451e9e3419b4b463ef087ee520d21c5bfad240a8a4f78eb9decfc033585ebe874c29d4d1382a1190a84b561e52362c228a76f2ccfb8363e53a4dc010f2b6cc4e3d708a5dc58f6fdf129498293d8361de07fab16fe5c0fc81005caedd83bf991"})
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000480), 0xa4482, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)

20:13:51 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

[  510.625026] FAULT_INJECTION: forcing a failure.
[  510.625026] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  510.627628] CPU: 0 PID: 5429 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  510.629108] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  510.630845] Call Trace:
[  510.631410]  dump_stack+0x107/0x167
[  510.632159]  should_fail.cold+0x5/0xa
[  510.632950]  __alloc_pages_nodemask+0x182/0x600
[  510.633905]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[  510.635146]  ? perf_trace_kmem_alloc+0xc9/0x100
[  510.636121]  ? cap_capable+0x1cd/0x230
[  510.637022]  alloc_pages_current+0x187/0x280
[  510.637945]  __get_free_pages+0xc/0xa0
[  510.638740]  io_uring_setup+0xf9a/0x2980
[  510.639603]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  510.640662]  ? wait_for_completion_io+0x270/0x270
[  510.641681]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  510.642767]  ? syscall_enter_from_user_mode+0x1d/0x50
[  510.643884]  do_syscall_64+0x33/0x40
[  510.644733]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  510.645810] RIP: 0033:0x7f7e6bc66b19
[  510.646571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  510.650679] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  510.652253] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  510.653762] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  510.655259] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  510.656731] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  510.658225] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:13:51 executing program 5:
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:14:05 executing program 5:
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:14:05 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r0, 0x0)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x4, 0x4)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000140)={0x0, 0x8, 0xfffc, 0x4, 0x0, 0x7})

20:14:05 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:05 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:05 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 14)

20:14:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:05 executing program 0:
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c010000000100000000000000000000000000000c00188008000140000000002400170000000000000000000000000000000000000000000000000000000000000000000c001080080002400000000028000180140001800800010000000000080002000000000006000340000000000600034000000000780001802c00018014000300ff01000000000000000000000000000114000400ff020000000000000000000000000001060003400000000006000340000000000600e940000000001400018008000100ac1414aa0800020000000000060003400000000006000340000000000c00028005000100000000001c00164000000000000000000000000000000000000000000000000010001628000000000000000000000000100006800c000380060001"], 0x12c}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="b400000032000107000000f2ff0000000b0000000a0000003a2329252d000008930001"], 0xb4}}, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r1=>0x0})
capset(&(0x7f0000000180)={0x20080522, r1}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r1], 0x2, {r2}}, 0x58)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r3, r4, 0x0, 0x6)
sendfile(r2, r3, 0x0, 0x80000000)

20:14:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  524.759556] netlink: 136 bytes leftover after parsing attributes in process `syz-executor.0'.
[  524.761540] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.0'.
[  524.764254] tc_dump_action: action bad kind
[  524.774711] FAULT_INJECTION: forcing a failure.
[  524.774711] name failslab, interval 1, probability 0, space 0, times 0
[  524.777067] CPU: 1 PID: 5458 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  524.778527] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  524.780299] Call Trace:
[  524.780874]  dump_stack+0x107/0x167
[  524.781652]  should_fail.cold+0x5/0xa
[  524.782465]  ? io_rsrc_node_switch_start.part.0+0x43/0x250
[  524.783654]  ? io_rsrc_node_switch_start.part.0+0x43/0x250
[  524.784857]  should_failslab+0x5/0x20
[  524.785672]  kmem_cache_alloc_trace+0x55/0x320
[  524.786652]  io_rsrc_node_switch_start.part.0+0x43/0x250
[  524.787810]  io_uring_setup+0x14f6/0x2980
[  524.788703]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  524.789799]  ? wait_for_completion_io+0x270/0x270
[  524.790850]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  524.791971]  ? syscall_enter_from_user_mode+0x1d/0x50
[  524.793087]  do_syscall_64+0x33/0x40
[  524.793882]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  524.794979] RIP: 0033:0x7f7e6bc66b19
[  524.795773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  524.799728] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  524.801366] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  524.802893] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  524.804421] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  524.805955] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
20:14:05 executing program 6:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r0, r1, 0x0, 0x6)
sendmsg(r1, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@proc={0x10, 0x0, 0x25dfdbfb}, 0x80, &(0x7f0000000100)=[{&(0x7f00000000c0)="098194189518c74993274e0f737d6eef4151b22df8cd9015d8fc9c080f855af72b8b9885588bed1e995d8f5d11cac5ff9a4a", 0x32}], 0x1}, 0x40)
dup(r0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

[  524.807480] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  524.822190] netlink: 136 bytes leftover after parsing attributes in process `syz-executor.0'.
[  524.824103] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.0'.
[  524.825992] tc_dump_action: action bad kind
20:14:05 executing program 5:
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:14:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:05 executing program 0:
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='fdinfo/3\x00')
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
pread64(r0, &(0x7f0000000040)=""/55, 0x37, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, &(0x7f0000000080)={0x8000000000000, 0x8, [0x8001, 0x3f, 0x2, 0xc7], &(0x7f0000000000)=[0x0]})

20:14:05 executing program 3:
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:05 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 15)

20:14:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:14:05 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:05 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

[  525.053109] FAULT_INJECTION: forcing a failure.
[  525.053109] name failslab, interval 1, probability 0, space 0, times 0
[  525.055502] CPU: 1 PID: 5477 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  525.056946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  525.058672] Call Trace:
[  525.059226]  dump_stack+0x107/0x167
[  525.059987]  should_fail.cold+0x5/0xa
[  525.060784]  ? create_object.isra.0+0x3a/0xa20
[  525.061737]  should_failslab+0x5/0x20
[  525.062526]  kmem_cache_alloc+0x5b/0x310
[  525.063366]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[  525.064615]  create_object.isra.0+0x3a/0xa20
[  525.065541]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  525.066599]  kmem_cache_alloc_trace+0x151/0x320
[  525.067576]  io_rsrc_node_switch_start.part.0+0x43/0x250
[  525.068700]  io_uring_setup+0x14f6/0x2980
[  525.069588]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  525.070641]  ? wait_for_completion_io+0x270/0x270
20:14:05 executing program 6:
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000040)=0x20)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r4, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0xff, 0x8, 0xc0, 0x97, 0x0, 0x1ff, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_config_ext={0x7, 0x6}, 0x108e0, 0x649, 0x84, 0x5, 0x40, 0x3, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r4, 0x0)
socket(0x8, 0x6, 0x3)
r5 = syz_io_uring_complete(0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r6=>0x0})
capset(&(0x7f0000000180)={0x20080522, r6}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
sendfile(r7, r5, 0x0, 0x9)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

[  525.071667]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  525.072959]  ? syscall_enter_from_user_mode+0x1d/0x50
[  525.074056]  do_syscall_64+0x33/0x40
[  525.074834]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  525.075897] RIP: 0033:0x7f7e6bc66b19
[  525.076669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  525.080507] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  525.082101] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  525.083588] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  525.085074] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  525.086554] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  525.088042] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:14:05 executing program 3:
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r0, {0x9}}, './file0\x00'})
sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8c574ce60619a140}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x88, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x211966ea}, @IPVS_CMD_ATTR_SERVICE={0x68, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1f}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x65}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x16, 0x20}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x3}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x4840}, 0x85)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x34, r2, 0x5, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_IE={0x5, 0x3, "f4"}]}]}, 0x34}}, 0x0)
sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000680)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40080000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0x2cc, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfed5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7d}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xffffffe1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x95}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1f}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x85, 0x3, "09d47360957b2702a0ceba3f165e4d032c1f3599255daef84d95e31f7c05f8216a57132644546ef0e4a1f7480ef6eebb82ada21f5234a6c4c260926fbecbdb24aa1c392c65d264bd6ec2ede556cf4bd38eec042a0cedea1645ceb6a073595f1c68d23432096e073409c5b5799dfc7ccfb51cadd15f455f0177ac7ba9b25db6e3e9"}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x130, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcc49}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffc01}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x84}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x933}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x730000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x38}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2b00000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xefba}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6d07}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x30f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffe01}]}, @TIPC_NLA_SOCK={0x28, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

20:14:05 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:14:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:14:05 executing program 3:
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  539.045988] FAULT_INJECTION: forcing a failure.
[  539.045988] name failslab, interval 1, probability 0, space 0, times 0
[  539.048456] CPU: 1 PID: 5516 Comm: syz-executor.7 Not tainted 5.10.234 #1
20:14:19 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x9, 0x5, 0x4, 0x5})

20:14:19 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:19 executing program 0:
unshare(0x28020600)
semget$private(0x0, 0x4, 0x100)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7f}, 0x13504, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="030000000008000000000076de76c4e4f082c1048dcc22006b31f3c8f0cb3949f8e9ccfd62c5cd5a3d35294729dea673951fd9f47eef68869bd87eb9f92a2e3dbfd87e33bfa61489c7740f139df0e8ab708cb3c4ff274f3a3934ef8e4ccc48"])
unshare(0x48020200)

20:14:19 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3000001, 0x1f013, r1, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x11010, 0x5, 0xfffffffb, 0x0, 0x0, 0x64}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r5 = perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x50, 0x7, 0x8, 0x5, 0x0, 0x0, 0x94208, 0xd, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp, 0x400, 0x5, 0x0, 0x5, 0x0, 0x49c0, 0x2f8, 0x0, 0x0, 0x0, 0x77e}, 0x0, 0x4, r4, 0xa)
dup(r5)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200000001e00210e000000000000000007000000020000003ae08c9cf10000009113b3767e1a80328c4d9176dad5c6074b1d4963833fd5f5570c0452ec7752bc52fe19f69593a651ca86d1c73df56def9bfcab76b9f8c6ade36a2d09196884e4ee41f5ffcaa080970eb4b549653aa6b0ac229daa10c92b3abea1e9a574da5cd4ecf854ef9cc449a6dc0bccbd09a62dee17d22e2fdaa126955633967d6a04c40871040aa05829d97a2e00"/183], 0x20}}, 0x0)
fcntl$getown(r6, 0x9)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8000, &(0x7f0000000040)=0xe5, 0x200, 0x8)
readv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)

20:14:19 executing program 3:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:19 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x10, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:14:19 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:19 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 16)

[  539.049884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  539.052267] Call Trace:
[  539.052819]  dump_stack+0x107/0x167
[  539.053588]  should_fail.cold+0x5/0xa
[  539.054375]  ? create_object.isra.0+0x3a/0xa20
[  539.055325]  should_failslab+0x5/0x20
[  539.056114]  kmem_cache_alloc+0x5b/0x310
[  539.057013]  create_object.isra.0+0x3a/0xa20
[  539.057961]  kmemleak_alloc_percpu+0xa0/0x100
[  539.058891]  pcpu_alloc+0x4e2/0x1240
[  539.059674]  ? io_async_queue_proc+0x80/0x80
[  539.060580]  percpu_ref_init+0x31/0x3d0
[  539.061419]  io_rsrc_node_switch_start.part.0+0x6a/0x250
[  539.062552]  io_uring_setup+0x14f6/0x2980
[  539.062579]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  539.062596]  ? wait_for_completion_io+0x270/0x270
[  539.062638]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  539.062655]  ? syscall_enter_from_user_mode+0x1d/0x50
[  539.062675]  do_syscall_64+0x33/0x40
[  539.062692]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  539.062703] RIP: 0033:0x7f7e6bc66b19
[  539.062719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  539.062728] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  539.062747] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  539.062757] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
20:14:19 executing program 3:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  539.062766] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  539.062776] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  539.062785] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:14:37 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:37 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x10, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:14:37 executing program 0:
unshare(0x28020600)
semget$private(0x0, 0x4, 0x100)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7f}, 0x13504, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="030000000008000000000076de76c4e4f082c1048dcc22006b31f3c8f0cb3949f8e9ccfd62c5cd5a3d35294729dea673951fd9f47eef68869bd87eb9f92a2e3dbfd87e33bfa61489c7740f139df0e8ab708cb3c4ff274f3a3934ef8e4ccc48"])
unshare(0x48020200)

20:14:37 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:37 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 17)

20:14:37 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:14:37 executing program 3:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:37 executing program 6:
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

[  556.918221] FAULT_INJECTION: forcing a failure.
[  556.918221] name failslab, interval 1, probability 0, space 0, times 0
[  556.920159] CPU: 0 PID: 5550 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  556.921292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  556.922657] Call Trace:
[  556.923081]  dump_stack+0x107/0x167
[  556.923679]  should_fail.cold+0x5/0xa
[  556.924298]  ? create_object.isra.0+0x3a/0xa20
[  556.925045]  should_failslab+0x5/0x20
[  556.925674]  kmem_cache_alloc+0x5b/0x310
[  556.926342]  create_object.isra.0+0x3a/0xa20
[  556.927087]  kmemleak_alloc_percpu+0xa0/0x100
[  556.927820]  pcpu_alloc+0x4e2/0x1240
[  556.928435]  ? io_async_queue_proc+0x80/0x80
[  556.929164]  percpu_ref_init+0x31/0x3d0
[  556.929807]  io_rsrc_node_switch_start.part.0+0x6a/0x250
[  556.930691]  io_uring_setup+0x14f6/0x2980
[  556.931365]  ? setup_APIC_eilvt+0x2f0/0x2f0
[  556.932058]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  556.932892]  ? tick_program_event+0xa8/0x140
[  556.933636]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  556.934480]  ? syscall_enter_from_user_mode+0x1d/0x50
[  556.935322]  do_syscall_64+0x33/0x40
[  556.935920]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  556.936787] RIP: 0033:0x7f7e6bc66b19
[  556.937432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  556.940452] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  556.941704] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  556.942872] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  556.944027] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  556.945205] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  556.946370] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:14:37 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4})

20:14:37 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:14:37 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:37 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x10, r0, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:14:37 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:37 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
ioctl$KDDELIO(r0, 0x4b35, 0x3ff)

20:14:37 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:14:37 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  571.174357] FAULT_INJECTION: forcing a failure.
[  571.174357] name failslab, interval 1, probability 0, space 0, times 0
[  571.175983] CPU: 1 PID: 5584 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  571.176879] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  571.177969] Call Trace:
[  571.178321]  dump_stack+0x107/0x167
[  571.178803]  should_fail.cold+0x5/0xa
[  571.179307]  ? percpu_ref_init+0xd8/0x3d0
[  571.179854]  should_failslab+0x5/0x20
[  571.180355]  kmem_cache_alloc_trace+0x55/0x320
20:14:51 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:51 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000040)={0xfffd, 0x0, 0x1f})
r1 = syz_io_uring_complete(0x0)
ioctl$EXT4_IOC_GETSTATE(r1, 0x40046629, &(0x7f0000000080))
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:14:51 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:51 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 18)

20:14:51 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:14:51 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:14:51 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:14:51 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  571.181107]  ? io_async_queue_proc+0x80/0x80
[  571.181879]  percpu_ref_init+0xd8/0x3d0
[  571.182467]  io_rsrc_node_switch_start.part.0+0x6a/0x250
[  571.183181]  io_uring_setup+0x14f6/0x2980
[  571.183734]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  571.184390]  ? wait_for_completion_io+0x270/0x270
[  571.184997]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  571.185652]  ? syscall_enter_from_user_mode+0x1d/0x50
[  571.186278]  do_syscall_64+0x33/0x40
[  571.186736]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  571.187361] RIP: 0033:0x7f7e6bc66b19
[  571.187823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  571.190283] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  571.191218] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  571.192083] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  571.192956] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  571.193837] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  571.194709] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:14:51 executing program 6:
r0 = socket(0x11, 0x2, 0x9)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001540), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000000)={0x1c, r2, 0x301, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x90, r2, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x3b8, 0x8}}}}, [@NL80211_ATTR_QOS_MAP={0x26, 0xc7, {[{0x3, 0x6}, {0x8, 0x6}, {0x1, 0x7}, {0x9, 0x7}, {0x3f, 0x6}, {0x9, 0x3}, {0x5, 0x5}, {0x9, 0x1}, {0x3, 0x6}, {0x8, 0x1}, {0x9, 0x2}, {0x6, 0x2}, {0x0, 0x1}], "2952b2cb2ba4c95d"}}, @NL80211_ATTR_QOS_MAP={0x1c, 0xc7, {[{0x7, 0x5}, {0x0, 0x4}, {0x20, 0x6}, {0x5, 0x5}, {0x6, 0x1}, {0xbd, 0x1}, {0x9, 0x1}, {}], "9d175fa0bfe22058"}}, @NL80211_ATTR_QOS_MAP={0x2c, 0xc7, {[{0x0, 0x7}, {0x80, 0x6}, {0x5, 0x2}, {0x6}, {0x7, 0x6}, {0x9, 0x6}, {0x20}, {0x5, 0x6}, {0xf9, 0x2}, {0x24, 0x4}, {0x4}, {0xa3}, {0x6, 0x4}, {0x33, 0x5}, {0x7}, {0x9, 0x6}], "49c2afa2d95d18c8"}}]}, 0x90}, 0x1, 0x0, 0x0, 0x810}, 0x40)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r3, 0x0, 0x6)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x62000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x3c, 0x0, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@GTPA_NET_NS_FD={0x8}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010102}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_NET_NS_FD={0x8, 0x7, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4894}, 0x20028010)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r5, r6, 0x0, 0x6)
setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f00000000c0)=0x3, 0x4)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x3}, ["", "", ""]}, 0x14}}, 0x80)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000000)={0x8000, 0x0, 0x0, 0x84, 0x0, 0x4000})

20:14:51 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:14:51 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x5})

20:14:51 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:14:51 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 19)

20:14:51 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xc)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x2, 0x1000})

20:14:51 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x5})

[  571.432903] FAULT_INJECTION: forcing a failure.
[  571.432903] name failslab, interval 1, probability 0, space 0, times 0
[  571.435602] CPU: 1 PID: 5610 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  571.437207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  571.439162] Call Trace:
[  571.439779]  dump_stack+0x107/0x167
[  571.440619]  should_fail.cold+0x5/0xa
[  571.441506]  ? create_object.isra.0+0x3a/0xa20
[  571.442579]  should_failslab+0x5/0x20
[  571.442599]  kmem_cache_alloc+0x5b/0x310
[  571.442623]  create_object.isra.0+0x3a/0xa20
[  571.442639]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  571.442663]  kmem_cache_alloc_trace+0x151/0x320
[  571.442685]  ? io_async_queue_proc+0x80/0x80
[  571.442703]  percpu_ref_init+0xd8/0x3d0
[  571.442726]  io_rsrc_node_switch_start.part.0+0x6a/0x250
[  571.442746]  io_uring_setup+0x14f6/0x2980
[  571.442773]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  571.442793]  ? wait_for_completion_io+0x270/0x270
[  571.442835]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  571.442854]  ? syscall_enter_from_user_mode+0x1d/0x50
[  571.442874]  do_syscall_64+0x33/0x40
[  571.442892]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  571.442905] RIP: 0033:0x7f7e6bc66b19
[  571.442922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  571.442943] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  571.464190] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  571.464201] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  571.464212] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  571.464222] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  571.464232] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:14:52 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r0)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x5})

20:15:05 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:05 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 20)

20:15:05 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:05 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:05 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000080)=ANY=[@ANYBLOB="0100c10a0600000005000000", @ANYRES32=<r2=>r0, @ANYBLOB="d20e0000000000002e2f66696c653000"])
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r2)
connect$inet(r1, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r3, 0x0, 0x6)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0xff})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x41)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x3, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000002c0)=<r7=>0x0, &(0x7f0000000180)=<r8=>0x0)
syz_io_uring_submit(r7, r8, 0x0, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r8, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r9}}, 0x7ff)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x2, 0x0, r1, 0x0, &(0x7f00000000c0)="5c5a7b3c4461513aa1c8f9bad95a44aacefed65fbce3fd1317895b738fcfb016d364b0f1fc", 0x25, 0x2, 0x0, {0x0, r9}}, 0x4)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r10}}, 0x7ff)
syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_FALLOCATE={0x11, 0x5, 0x0, @fd_index, 0x81, 0x0, 0x100, 0x0, 0x0, {0x0, r10}}, 0xff)

20:15:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x0, 0x5})

[  585.251798] FAULT_INJECTION: forcing a failure.
[  585.251798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  585.253131] CPU: 1 PID: 5640 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  585.253927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  585.254841] Call Trace:
[  585.255151]  dump_stack+0x107/0x167
[  585.255572]  should_fail.cold+0x5/0xa
[  585.256018]  _copy_to_user+0x2e/0x180
[  585.256462]  io_uring_setup+0x11b5/0x2980
[  585.256948]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  585.257547]  ? wait_for_completion_io+0x270/0x270
[  585.258106]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  585.258719]  ? syscall_enter_from_user_mode+0x1d/0x50
[  585.259297]  do_syscall_64+0x33/0x40
[  585.259730]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  585.260300] RIP: 0033:0x7f7e6bc66b19
[  585.260732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  585.262783] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  585.263623] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  585.264414] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  585.265202] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  585.265990] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  585.266770] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:15:05 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x0, 0x5})

20:15:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x0, 0x5})

20:15:05 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 21)

20:15:05 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4})

20:15:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:05 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4})
r1 = timerfd_create(0x1, 0x80800)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000040)={r2, 0xb78, 0xac7, 0x7})

[  585.426707] FAULT_INJECTION: forcing a failure.
[  585.426707] name failslab, interval 1, probability 0, space 0, times 0
[  585.428582] CPU: 0 PID: 5658 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  585.429634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  585.430911] Call Trace:
[  585.431324]  dump_stack+0x107/0x167
[  585.431886]  should_fail.cold+0x5/0xa
[  585.432484]  ? __d_alloc+0x2a/0x990
[  585.433051]  should_failslab+0x5/0x20
[  585.433656]  kmem_cache_alloc+0x5b/0x310
[  585.434293]  __d_alloc+0x2a/0x990
[  585.434833]  ? find_held_lock+0x2c/0x110
[  585.435480]  d_alloc_pseudo+0x19/0x70
[  585.436068]  alloc_file_pseudo+0xce/0x250
[  585.436713]  ? alloc_file+0x5a0/0x5a0
[  585.437320]  anon_inode_getfile+0xc8/0x1f0
[  585.437979]  io_uring_setup+0x138b/0x2980
[  585.438624]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  585.439413]  ? wait_for_completion_io+0x270/0x270
[  585.439445]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  585.439458]  ? syscall_enter_from_user_mode+0x1d/0x50
[  585.439473]  do_syscall_64+0x33/0x40
[  585.439486]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  585.439495] RIP: 0033:0x7f7e6bc66b19
[  585.439507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  585.439514] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  585.439529] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  585.439536] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  585.439543] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  585.439551] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  585.439558] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:15:19 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:19 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4})

20:15:19 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x8)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x6)
ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f0000000140)={0x6, 0x4, 0xccf})
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x4, 0x100, 0x45, 0x4})
fcntl$getownex(r1, 0x10, &(0x7f0000000180))
pidfd_send_signal(r1, 0x25, &(0x7f0000000200)={0x21, 0x7, 0xce4b}, 0x0)

20:15:19 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 22)

20:15:19 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:19 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:19 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:19 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  599.172634] FAULT_INJECTION: forcing a failure.
[  599.172634] name failslab, interval 1, probability 0, space 0, times 0
[  599.175031] CPU: 0 PID: 5682 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  599.176437] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  599.178157] Call Trace:
[  599.178708]  dump_stack+0x107/0x167
[  599.179460]  should_fail.cold+0x5/0xa
[  599.180261]  ? create_object.isra.0+0x3a/0xa20
[  599.181214]  should_failslab+0x5/0x20
[  599.182025]  kmem_cache_alloc+0x5b/0x310
[  599.182877]  create_object.isra.0+0x3a/0xa20
[  599.183799]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  599.184854]  kmem_cache_alloc+0x159/0x310
[  599.185734]  __d_alloc+0x2a/0x990
[  599.186456]  ? find_held_lock+0x2c/0x110
[  599.187317]  d_alloc_pseudo+0x19/0x70
[  599.188117]  alloc_file_pseudo+0xce/0x250
20:15:19 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4})

[  599.188986]  ? alloc_file+0x5a0/0x5a0
[  599.189931]  anon_inode_getfile+0xc8/0x1f0
[  599.190820]  io_uring_setup+0x138b/0x2980
[  599.191700]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  599.192765]  ? wait_for_completion_io+0x270/0x270
[  599.193803]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  599.194901]  ? syscall_enter_from_user_mode+0x1d/0x50
[  599.195967]  do_syscall_64+0x33/0x40
[  599.196738]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  599.197806] RIP: 0033:0x7f7e6bc66b19
[  599.198575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  599.202387] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  599.203963] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  599.205435] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  599.206914] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
20:15:19 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socketpair(0x6, 0x3, 0x7, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000200))
write$binfmt_elf64(r1, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x9, 0x2, 0x2, 0x401, 0x3, 0x3, 0x4, 0x327, 0x40, 0x35e, 0x3, 0x0, 0x38, 0x2, 0x6, 0x80}, [{0x70000000, 0x2, 0x4, 0xe2f1, 0x8, 0xc1b, 0xb3d4, 0x9}, {0x60000000, 0x1ff, 0x8, 0x8001, 0xfffffffffffff801, 0x1, 0x8}], "2b3a1913a005354ce00316ae83d1ff22bc2b28c93abc8ca581e75b56005a93daf360135b9afb6d67f9bac2705a4b9257ed21f14d74702ed397bddbe10103ae6ea04dc5e803b8d88fe6d10319490e0dc7b30debcf9bef7773c83b065a67589aa6d4a6ede3754db3468bb8e6385800582cc0615a2225186c7f38d57893bb7e60e9faccf9a473bbf588c7cf94124df124a73cb593ea5da221684a68d8f0330984798a683783912883a1468b53300d3d898f4521128fe1fc035f8b9342bd8e1c9018128f6935"}, 0x174)

[  599.208386] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  599.209917] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:15:19 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:19 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:19 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4})

20:15:19 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:19 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x9)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x103, 0xfffc, 0x0, 0x4})

20:15:19 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:20 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:20 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:20 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:20 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:20 executing program 6:
setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000040)={0x9}, 0x4)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x1, 0x5, 0x2}]}, 0x10)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000080))
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:15:20 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 23)

[  599.552625] perf: interrupt took too long (6323 > 6282), lowering kernel.perf_event_max_sample_rate to 31000
[  599.568084] FAULT_INJECTION: forcing a failure.
[  599.568084] name failslab, interval 1, probability 0, space 0, times 0
[  599.570547] CPU: 0 PID: 5724 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  599.571964] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  599.573692] Call Trace:
[  599.574250]  dump_stack+0x107/0x167
[  599.575009]  should_fail.cold+0x5/0xa
[  599.575795]  ? __alloc_file+0x21/0x320
[  599.576603]  should_failslab+0x5/0x20
[  599.577394]  kmem_cache_alloc+0x5b/0x310
[  599.578249]  __alloc_file+0x21/0x320
[  599.579018]  alloc_empty_file+0x6d/0x170
[  599.579864]  alloc_file+0x5e/0x5a0
[  599.580600]  alloc_file_pseudo+0x16a/0x250
[  599.581487]  ? alloc_file+0x5a0/0x5a0
[  599.582313]  anon_inode_getfile+0xc8/0x1f0
[  599.583198]  io_uring_setup+0x138b/0x2980
[  599.584062]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  599.585109]  ? wait_for_completion_io+0x270/0x270
[  599.586132]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  599.587212]  ? syscall_enter_from_user_mode+0x1d/0x50
[  599.588283]  do_syscall_64+0x33/0x40
[  599.589050]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  599.590118] RIP: 0033:0x7f7e6bc66b19
[  599.590885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  599.594698] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  599.596267] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  599.597752] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  599.599221] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  599.600692] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  599.602180] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:15:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 24)

20:15:32 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:32 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:32 executing program 6:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
r3 = fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
r4 = syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r5, r6, 0x0, 0x6)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r7, 0x0, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r8, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r7, r8, 0x0, 0x6)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000280)="e4ecbc4fbbd22f414591da4104abd88add13efe029f220773eae0f328293455ef09e0aeffd279d68ee972ac8e3660fc81cfd79a6620bdd47e73c7525f5d86e21021252", 0x43}, {&(0x7f0000000300)="ff76668aa7016065", 0x8}], 0x2, &(0x7f0000000c80)=[@rights={{0x2c, 0x1, 0x1, [r1, 0xffffffffffffffff, r0, 0xffffffffffffffff, r1, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r2, r1, r1, r3, r1, r4]}}, @rights={{0x18, 0x1, 0x1, [r0, r5]}}, @rights={{0x20, 0x1, 0x1, [r2, r1, r7, r2]}}], 0xe8, 0x40805}, 0x8000)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000140)={{0x0, 0x1}, {0x0, 0x3f}, 0x1, 0x2, 0x1})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:15:32 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:32 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:32 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:32 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  611.827722] loop6: detected capacity change from 0 to 135266304
[  611.830494] perf: interrupt took too long (7907 > 7903), lowering kernel.perf_event_max_sample_rate to 25000
[  611.850323] FAULT_INJECTION: forcing a failure.
[  611.850323] name failslab, interval 1, probability 0, space 0, times 0
[  611.851761] CPU: 1 PID: 5751 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  611.852603] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  611.853643] Call Trace:
[  611.853982]  dump_stack+0x107/0x167
[  611.854427]  should_fail.cold+0x5/0xa
[  611.854898]  ? create_object.isra.0+0x3a/0xa20
[  611.855465]  should_failslab+0x5/0x20
[  611.855934]  kmem_cache_alloc+0x5b/0x310
[  611.856420]  create_object.isra.0+0x3a/0xa20
[  611.856984]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  611.857590]  kmem_cache_alloc+0x159/0x310
[  611.858113]  __alloc_file+0x21/0x320
[  611.858571]  alloc_empty_file+0x6d/0x170
[  611.859069]  alloc_file+0x5e/0x5a0
[  611.859503]  alloc_file_pseudo+0x16a/0x250
[  611.860022]  ? alloc_file+0x5a0/0x5a0
[  611.860499]  anon_inode_getfile+0xc8/0x1f0
[  611.861053]  io_uring_setup+0x138b/0x2980
[  611.861568]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  611.862199]  ? wait_for_completion_io+0x270/0x270
[  611.862809]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  611.863450]  ? syscall_enter_from_user_mode+0x1d/0x50
[  611.864086]  do_syscall_64+0x33/0x40
[  611.864546]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  611.865195] RIP: 0033:0x7f7e6bc66b19
[  611.865643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  611.867940] RSP: 002b:00007f7e691bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  611.868857] RAX: ffffffffffffffda RBX: 00007f7e6bd7a020 RCX: 00007f7e6bc66b19
[  611.869730] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  611.870618] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  611.871510] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  611.872360] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  611.907002] loop6: detected capacity change from 0 to 135266304
20:15:32 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:32 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:46 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:46 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:46 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
r3 = fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
r4 = syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r5, r6, 0x0, 0x6)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r7, 0x0, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r8, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r7, r8, 0x0, 0x6)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000280)="e4ecbc4fbbd22f414591da4104abd88add13efe029f220773eae0f328293455ef09e0aeffd279d68ee972ac8e3660fc81cfd79a6620bdd47e73c7525f5d86e21021252", 0x43}, {&(0x7f0000000300)="ff76668aa7016065", 0x8}], 0x2, &(0x7f0000000c80)=[@rights={{0x2c, 0x1, 0x1, [r1, 0xffffffffffffffff, r0, 0xffffffffffffffff, r1, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r2, r1, r1, r3, r1, r4]}}, @rights={{0x18, 0x1, 0x1, [r0, r5]}}, @rights={{0x20, 0x1, 0x1, [r2, r1, r7, r2]}}], 0xe8, 0x40805}, 0x8000)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000140)={{0x0, 0x1}, {0x0, 0x3f}, 0x1, 0x2, 0x1})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:15:46 executing program 6:
prctl$PR_GET_SECCOMP(0x15)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
prctl$PR_GET_SECCOMP(0x15)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x50000, 0x0)
r2 = getuid()
mount$cgroup2(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000002c0)={[{@subsystem='rlimit'}], [{@euid_eq={'euid', 0x3d, r2}}]})
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x800010, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=virtio,dfltuid=', @ANYRESHEX=r2, @ANYBLOB=',dfltgid=', @ANYRESHEX, @ANYBLOB="2c706f73697861636c2c6e6f6465766d61702c6163636573733d636c69656e742c63616368653d91e274e184a6d6d909f6e5c4d56cb3506f6f73652c636f6e746578743d726f6f742c646f6e74643c000000000000000000000000000000bac232ec2da440d4fda1504737060d7075494ca1d56485a9faa4d21ebffea5d5c762879d82cccca9e2a03c0dd5", @ANYRESDEC=0xee00, @ANYBLOB=',\x00'])
newfstatat(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x800)
syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000100)='./file0\x00', 0x1000, 0x6, &(0x7f0000000440)=[{&(0x7f0000000140)="39d86aff0238f258c9a31d200c61005a3243336c7aec1c90abcb10d5f73a3f94c1de5e8a19ce5d850c20b557e2cfb7684c231439d5a8fbd7a778750eb0dfa37261d60e54d5746a5bcb6c67aaaf5618b1689d632cf7a4ab1784019a8292f4318fc9959766cecb8426775053013cadd4f7c49fa1613ee7ef8ab8c23543f8643572aab81d7f7037e41e310a9f6d2f1b3c88a0e33e53454b1b2c8d8768b4d0ef71943f5657c467863e2a0d6f2cf7adee3e092aba1f88e5f97e4fac4a430f938e5f70d26c4fdbbf76cf882419", 0xca, 0xd4a}, {&(0x7f0000000240)="a2d0ed4a12ebd2bcca45da0c54c1c558ee0df5c4bb188cc8d8a57989d5d0ae047c3c7625cab0", 0x26, 0x9}, {&(0x7f0000000280)="85b8e3c07cb68399672eb0f3fa9039b57b43cfa81a6a34b99ce99f333321fba96bebcba0960f97ece87fbe8c4f24ba8cddd5e8dc2e8a3ab1dd21c78eac8e131803a16617c2d1414bbd6a412ae729812736742c8d39da9f61b0548e47c4aa4c75135cc79db7f6e4f21a5ae32b58931fb714d436e193807acff929d15c7c069f0654c354f83ecaf194bc444d7c83c468fe2b7fa69d964dbd9c37e959432f3e04ed8f076e5344adfe550e9ae5a7e21147ace2ef5ddb835d56afc3e1b5746dd5d6b8d943811f7771bc5f55fec0d150f8c88ed3a800137a836b3a19dd05", 0xdb, 0xff}, {&(0x7f0000000380)="416f3ac27ca46b321dc5fd895e9894c6e1488100dca355dd230fabd97a8bd3fd8f1a5b83d21de2ed60955c61efeb7843e735d3487a", 0x35, 0x3}, {&(0x7f00000003c0)="5827fae08dd1c85656ebb2372db1b5e52bda269b2cac6b1d8b6ee75f5c3fa84ed86f108c2b349c1fa2654517", 0x2c, 0x4}, {&(0x7f0000000400)="8d3e4440c32787450b63bf94812a6f678556dcf8c06d1255e87a07ddb9f0ff7857488306b9e9559a78ed36f2", 0x2c, 0x4}], 0x4, &(0x7f00000005c0)={[{@sb={'sb', 0x3d, 0x1ff}}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@nodiscard}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@nojournal_checksum}, {@dioread_nolock}], [{@euid_lt={'euid<', r2}}, {@uid_eq}, {@fowner_gt={'fowner>', r3}}]})
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000080)={0x3, 0x1000, 0x5})
mount$9p_virtio(&(0x7f0000000800), &(0x7f0000000840)='./file0\x00', &(0x7f0000000880), 0x20, &(0x7f00000008c0)={'trans=virtio,', {[{@noextend}, {@access_client}, {@loose}, {@aname={'aname', 0x3d, ':$+'}}, {@cache_fscache}, {@nodevmap}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}, {@appraise}, {@obj_user={'obj_user', 0x3d, '+r,&'}}, {@subj_role={'subj_role', 0x3d, 'dioread_nolock'}}, {@seclabel}, {@obj_type}, {@context={'context', 0x3d, 'staff_u'}}]}})
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000007c0)={0x7, 0x101, 0x19})
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

20:15:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:46 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:46 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:46 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 25)

[  626.109428] FAULT_INJECTION: forcing a failure.
[  626.109428] name failslab, interval 1, probability 0, space 0, times 0
[  626.112104] CPU: 1 PID: 5774 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  626.113691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  626.115621] Call Trace:
[  626.116235]  dump_stack+0x107/0x167
[  626.117081]  should_fail.cold+0x5/0xa
[  626.117970]  ? security_file_alloc+0x34/0x170
[  626.119015]  should_failslab+0x5/0x20
[  626.119899]  kmem_cache_alloc+0x5b/0x310
[  626.120843]  security_file_alloc+0x34/0x170
[  626.121845]  __alloc_file+0xb7/0x320
[  626.122724]  alloc_empty_file+0x6d/0x170
[  626.123667]  alloc_file+0x5e/0x5a0
[  626.124515]  alloc_file_pseudo+0x16a/0x250
[  626.125520]  ? alloc_file+0x5a0/0x5a0
[  626.126449]  anon_inode_getfile+0xc8/0x1f0
[  626.127458]  io_uring_setup+0x138b/0x2980
[  626.128451]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  626.129658]  ? wait_for_completion_io+0x270/0x270
[  626.130840]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  626.132085]  ? syscall_enter_from_user_mode+0x1d/0x50
[  626.133314]  do_syscall_64+0x33/0x40
[  626.134213]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  626.135433] RIP: 0033:0x7f7e6bc66b19
[  626.136317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  626.140714] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  626.142538] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  626.144234] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  626.145965] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  626.147639] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  626.149311] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  626.193070] loop5: detected capacity change from 0 to 135266304
[  626.211939] loop6: detected capacity change from 0 to 6656
20:15:46 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:46 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  626.238119] EXT4-fs (loop6): unable to read superblock
20:15:46 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 26)

20:15:46 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  626.294960] 9pnet_virtio: no channels available for device syz
[  626.304429] loop6: detected capacity change from 0 to 6656
20:15:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  626.318249] EXT4-fs (loop6): unable to read superblock
[  626.362148] FAULT_INJECTION: forcing a failure.
[  626.362148] name failslab, interval 1, probability 0, space 0, times 0
[  626.364099] CPU: 0 PID: 5798 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  626.365225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  626.366605] Call Trace:
[  626.367045]  dump_stack+0x107/0x167
[  626.367651]  should_fail.cold+0x5/0xa
[  626.368280]  ? create_object.isra.0+0x3a/0xa20
[  626.369038]  should_failslab+0x5/0x20
[  626.369672]  kmem_cache_alloc+0x5b/0x310
[  626.370348]  ? percpu_ref_put_many.constprop.0+0x4e/0x110
[  626.371258]  create_object.isra.0+0x3a/0xa20
[  626.371981]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  626.372826]  kmem_cache_alloc+0x159/0x310
[  626.373509]  security_file_alloc+0x34/0x170
[  626.374232]  __alloc_file+0xb7/0x320
[  626.374843]  alloc_empty_file+0x6d/0x170
[  626.375502]  alloc_file+0x5e/0x5a0
[  626.376075]  alloc_file_pseudo+0x16a/0x250
[  626.376771]  ? alloc_file+0x5a0/0x5a0
[  626.377405]  anon_inode_getfile+0xc8/0x1f0
[  626.378104]  io_uring_setup+0x138b/0x2980
[  626.378783]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  626.379611]  ? wait_for_completion_io+0x270/0x270
[  626.380411]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  626.381255]  ? syscall_enter_from_user_mode+0x1d/0x50
[  626.382100]  do_syscall_64+0x33/0x40
20:15:46 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  626.382703]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  626.383714] RIP: 0033:0x7f7e6bc66b19
[  626.384318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  626.387315] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  626.388553] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  626.389706] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  626.390861] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  626.392001] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  626.393132] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:15:46 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:46 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
r3 = fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
r4 = syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r5, r6, 0x0, 0x6)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r7, 0x0, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r8, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r7, r8, 0x0, 0x6)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000280)="e4ecbc4fbbd22f414591da4104abd88add13efe029f220773eae0f328293455ef09e0aeffd279d68ee972ac8e3660fc81cfd79a6620bdd47e73c7525f5d86e21021252", 0x43}, {&(0x7f0000000300)="ff76668aa7016065", 0x8}], 0x2, &(0x7f0000000c80)=[@rights={{0x2c, 0x1, 0x1, [r1, 0xffffffffffffffff, r0, 0xffffffffffffffff, r1, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r2, r1, r1, r3, r1, r4]}}, @rights={{0x18, 0x1, 0x1, [r0, r5]}}, @rights={{0x20, 0x1, 0x1, [r2, r1, r7, r2]}}], 0xe8, 0x40805}, 0x8000)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000140)={{0x0, 0x1}, {0x0, 0x3f}, 0x1, 0x2, 0x1})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:15:46 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:46 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:15:46 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r1=>0x0})
capset(&(0x7f0000000180)={0x20080522, r1}, &(0x7f00000002c0)={0x40, 0x2, 0x9, 0x6, 0xffffffff, 0x40})
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000001c0)={0x620, 0x6, 0xfffffff9, 0x6, 0x80, "9ab2cf41bce87d29059932b6823369eaf45a0b", 0x2, 0xffffffff})
ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000040))
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0xef8, 0x101000)
ioctl$INCFS_IOC_PERMIT_FILL(r2, 0x40046721, &(0x7f00000000c0)={r0})
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r1], 0x2, {r3}}, 0x58)
sync_file_range(r3, 0x100dd83c, 0x401, 0x2)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

[  626.437254] loop5: detected capacity change from 0 to 135266304
20:15:47 executing program 0:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100))
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:15:47 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:15:47 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
r3 = fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
r4 = syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r5, r6, 0x0, 0x6)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r7, 0x0, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r8, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r7, r8, 0x0, 0x6)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000280)="e4ecbc4fbbd22f414591da4104abd88add13efe029f220773eae0f328293455ef09e0aeffd279d68ee972ac8e3660fc81cfd79a6620bdd47e73c7525f5d86e21021252", 0x43}, {&(0x7f0000000300)="ff76668aa7016065", 0x8}], 0x2, &(0x7f0000000c80)=[@rights={{0x2c, 0x1, 0x1, [r1, 0xffffffffffffffff, r0, 0xffffffffffffffff, r1, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r2, r1, r1, r3, r1, r4]}}, @rights={{0x18, 0x1, 0x1, [r0, r5]}}, @rights={{0x20, 0x1, 0x1, [r2, r1, r7, r2]}}], 0xe8, 0x40805}, 0x8000)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000140)={{0x0, 0x1}, {0x0, 0x3f}, 0x1, 0x2, 0x1})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:15:47 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 27)

[  626.584344] FAULT_INJECTION: forcing a failure.
[  626.584344] name failslab, interval 1, probability 0, space 0, times 0
[  626.586010] CPU: 0 PID: 5820 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  626.586947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  626.588075] Call Trace:
[  626.588442]  dump_stack+0x107/0x167
[  626.588948]  should_fail.cold+0x5/0xa
[  626.589483]  ? io_uring_alloc_task_context+0x99/0x6a0
[  626.590220]  should_failslab+0x5/0x20
[  626.590740]  kmem_cache_alloc_trace+0x55/0x320
[  626.591369]  io_uring_alloc_task_context+0x99/0x6a0
[  626.592059]  ? io_import_iovec+0x1120/0x1120
[  626.592658]  ? lock_downgrade+0x6d0/0x6d0
[  626.593220]  ? do_raw_spin_lock+0x121/0x260
[  626.593805]  ? rwlock_bug.part.0+0x90/0x90
[  626.594389]  __io_uring_add_tctx_node+0x2c6/0x520
[  626.595041]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  626.595748]  ? alloc_fd+0x2e7/0x670
[  626.596245]  io_uring_setup+0x1fbb/0x2980
[  626.596814]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  626.597499]  ? wait_for_completion_io+0x270/0x270
[  626.598179]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  626.598895]  ? syscall_enter_from_user_mode+0x1d/0x50
[  626.599607]  do_syscall_64+0x33/0x40
[  626.600123]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  626.600821] RIP: 0033:0x7f7e6bc66b19
[  626.601333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  626.601340] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  626.601353] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  626.601359] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  626.601366] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  626.601373] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  626.601379] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  626.645237] loop5: detected capacity change from 0 to 135266304
20:16:01 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
r3 = fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
r4 = syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r5, r6, 0x0, 0x6)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r7, 0x0, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r8, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r7, r8, 0x0, 0x6)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000280)="e4ecbc4fbbd22f414591da4104abd88add13efe029f220773eae0f328293455ef09e0aeffd279d68ee972ac8e3660fc81cfd79a6620bdd47e73c7525f5d86e21021252", 0x43}, {&(0x7f0000000300)="ff76668aa7016065", 0x8}], 0x2, &(0x7f0000000c80)=[@rights={{0x2c, 0x1, 0x1, [r1, 0xffffffffffffffff, r0, 0xffffffffffffffff, r1, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r2, r1, r1, r3, r1, r4]}}, @rights={{0x18, 0x1, 0x1, [r0, r5]}}, @rights={{0x20, 0x1, 0x1, [r2, r1, r7, r2]}}], 0xe8, 0x40805}, 0x8000)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:16:01 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:01 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 28)

20:16:01 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  640.491987] FAULT_INJECTION: forcing a failure.
[  640.491987] name failslab, interval 1, probability 0, space 0, times 0
[  640.493532] CPU: 0 PID: 5834 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  640.494413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  640.495487] Call Trace:
[  640.495846]  dump_stack+0x107/0x167
[  640.496334]  should_fail.cold+0x5/0xa
[  640.496848]  ? create_object.isra.0+0x3a/0xa20
[  640.497448]  should_failslab+0x5/0x20
[  640.497924]  kmem_cache_alloc+0x5b/0x310
[  640.498443]  create_object.isra.0+0x3a/0xa20
[  640.498993]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  640.499630]  kmem_cache_alloc_trace+0x151/0x320
[  640.500228]  io_uring_alloc_task_context+0x99/0x6a0
[  640.500852]  ? io_import_iovec+0x1120/0x1120
[  640.501404]  ? lock_downgrade+0x6d0/0x6d0
[  640.501928]  ? do_raw_spin_lock+0x121/0x260
[  640.502475]  ? rwlock_bug.part.0+0x90/0x90
[  640.503007]  __io_uring_add_tctx_node+0x2c6/0x520
[  640.503609]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  640.504287]  ? alloc_fd+0x2e7/0x670
[  640.504761]  io_uring_setup+0x1fbb/0x2980
[  640.505293]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  640.505938]  ? wait_for_completion_io+0x270/0x270
[  640.506568]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  640.507241]  ? syscall_enter_from_user_mode+0x1d/0x50
[  640.507902]  do_syscall_64+0x33/0x40
[  640.508376]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  640.509041] RIP: 0033:0x7f7e6bc66b19
[  640.509509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  640.511848] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  640.512804] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  640.513722] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  640.514619] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  640.515535] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  640.515541] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  640.533109] FAULT_INJECTION: forcing a failure.
[  640.533109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  640.535594] CPU: 1 PID: 5847 Comm: syz-executor.0 Not tainted 5.10.234 #1
[  640.537003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  640.538735] Call Trace:
[  640.539299]  dump_stack+0x107/0x167
[  640.540061]  should_fail.cold+0x5/0xa
[  640.540865]  _copy_from_user+0x2e/0x1b0
[  640.541699]  vt_ioctl+0x21c2/0x2c90
20:16:01 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:16:01 executing program 6:
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001440)={&(0x7f00000013c0)={0x64, 0x0, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x3f}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x80000001}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x80000001}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x2c03d484}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}]}, 0x64}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000001280))
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000012c0)={0xe39, 0x5, 0xfff})
r1 = openat2(0xffffffffffffff9c, &(0x7f0000001300)='./file0\x00', &(0x7f0000001340)={0x4a8802, 0x18, 0xe}, 0x18)
ioctl$KDMKTONE(r1, 0x4b30, 0x4)
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000011c0)=[{{&(0x7f0000000040)=@abs, 0x6e, &(0x7f00000010c0)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1, &(0x7f00000014c0)=[@cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xec}}], 0x1, 0x0, &(0x7f0000001200)={0x77359400})
ioctl$VT_RESIZE(r2, 0x5609, &(0x7f0000001240)={0x4, 0x1, 0x1})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:16:01 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:16:01 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5}) (fail_nth: 1)

[  640.542467]  ? vt_waitactive+0x3a0/0x3a0
[  640.543543]  ? __lock_acquire+0xbb1/0x5b00
[  640.544433]  ? find_held_lock+0x2c/0x110
[  640.545267]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  640.546363]  ? __sanitizer_cov_trace_switch+0x45/0x80
[  640.547424]  ? vt_waitactive+0x3a0/0x3a0
[  640.548263]  tty_ioctl+0x862/0x18b0
[  640.549015]  ? tty_fasync+0x390/0x390
[  640.549806]  ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410
[  640.551013]  ? __sanitizer_cov_trace_switch+0x45/0x80
[  640.552084]  ? do_vfs_ioctl+0x283/0x10d0
[  640.552924]  ? selinux_bprm_creds_for_exec+0xb60/0xb60
[  640.554008]  ? generic_block_fiemap+0x60/0x60
[  640.554951]  ? lock_downgrade+0x6d0/0x6d0
[  640.555817]  ? __mutex_unlock_slowpath+0xe1/0x600
[  640.556819]  ? wait_for_completion_io+0x270/0x270
[  640.557824]  ? selinux_file_ioctl+0xb6/0x270
[  640.558744]  ? tty_fasync+0x390/0x390
[  640.559542]  __x64_sys_ioctl+0x19a/0x210
[  640.560382]  do_syscall_64+0x33/0x40
[  640.561159]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  640.562227] RIP: 0033:0x7f4c9cb01b19
[  640.562998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  640.566781] RSP: 002b:00007f4c9a077188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  640.568357] RAX: ffffffffffffffda RBX: 00007f4c9cc14f60 RCX: 00007f4c9cb01b19
[  640.569837] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000003
[  640.571315] RBP: 00007f4c9a0771d0 R08: 0000000000000000 R09: 0000000000000000
[  640.572792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.574296] R13: 00007ffe6980f77f R14: 00007f4c9a077300 R15: 0000000000022000
20:16:01 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  640.580872] loop5: detected capacity change from 0 to 135266304
20:16:01 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:01 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='debugfs\x00', 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0xc020, &(0x7f0000000000)={[{@fat=@gid}]})
chown(&(0x7f0000000440)='./file0/file0\x00', 0xffffffffffffffff, 0xee00)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0xfffffffffffffff8, 0x5, &(0x7f0000000380)=[{&(0x7f0000000280)="647bb73e1c3878fd99a5301a8beb3830654bba7c9abe36bb09a1b31784449d923a774e536d23715738d0c716375403db0f6d11b3df7665763de0ae67260c9656fb4832e56b184e4ac7d6c03d14c8bbf4190d120ef62dba176e9f3da8c883bc518e7935a7af5766a19658f874c3678a6b64fc3f618bc91d54a10bdb0817d3e8b54d067abef826cdb75a9f9d68ebd3de268d069e26cc705af0b8ccfc5f2b0135e9fefc9d8e4e94c95ecada5306647acc4e7d594c606f5e2e346182682313e97061de508d381bdd6b792e9fe8369974913a2e20ccdcd92626d47fd731b89848ea29", 0xe0, 0x3}, {&(0x7f00000000c0)="fee0a8a407efd5dfb38b27980dfd80eaead823edfb80df27252fc80036b557ebc0a35f8f78c906acba5a2533556aa171617c6d195560269bf9", 0x39, 0x401}, {&(0x7f00000007c0)="28508f5c4227d6f1308271ab70ad0ee8026bafb651a6acdf22d438feddbbf028d84cc32a112ec819a0c88a4aacce4472540a781b39d90f18357801c60a2a29509181c16d8b1564130dd2a3b02b456e5bcd0ffcf4fce58ac179951a08b146a34d4c3e7b639098475b0d4eb7cb462daf1fc72582a1b2a2fbfa0c3c9bca70fbed897717c743ba94d4ff44bf9c4476f59a5bd9e039541ebf3cc71e5cf950ffa26001acb5e0d65c4e0931a6855a633c4984e51f2f141ba054bac994985f0abb355be679f057194f85ddf7016a09b15e24f8e0a71369c366b44534f440a6b5a885e2d9f48f9ed9ea7a336d8906cb8f1a76579576fd8bd7120160070656d70d88feff5b2e76d5b6efe2f1584f944c725f3ef3bc96e3bb841b7343d41c1c15017f9086c206bbfa05bb8a4a35b349da7fb4d90edfdc65dcd3aaf19243d0dfe4c2c2a968eaa26e956454693e5ad2b213c0fdc634ca04a805060b1d50db62613fc722837e3e22e44651f7d7f5f7d22d75906d288384fcb46488fae6938f8ef2bad01a90f485e0053a4a5da6bb080d1a33c88487698cc61fdf4b000b234e35ec6ef3aa178cf2544ea3a0de8a2338077fe7c26e53446bdcb5ccb3be119c10ac657d8130f4a32483871be7fac6e1c067bb65cf64abed27e2d91b594f3884d99490b89d7bbdeed233ae77e38fb4319e8155af05e3dde7644218a3874a4b5883fbc122a8fb93a4f77eac9600694c2f80d3e32ffe345c7ed78ce70e1ea1195217fa004becab5d1e9c619ed39164cefe6b6d2a1a95eb6a68a9b0023bda2ce1b91236eafe326a757d6e6f552fe380654cb776254a85332326d603f8cfbbff4dc4048436190a3ecbd65d1a9305472de10e805ed30cb075306c81a9d19b98f8a4b718cc0b2b524c5e515cd0c0de76b6c2ff3457183d669f5f03498f582073236cbff0810fe13df3aed8fb0d888d6b61641f3120d99d9a3918735a025142a086684c9dce2188990912a190a958185c4c056da95e6431c3aee0146b4a0529cd89f5c1eefd0285d5cb5135653eaa1dd6ee2338c89931d42e931519c8b26c0296a3cb7c50fb7aa6aea743df941a23eeffd6537dff0955255ff28079c32692c737542416c31933edeb338f42f7c8e4015ea47e10538203b2a910a43ec6afca613945a902f3ab13dfc21bcd445d394edb26545f4e4319027a18a8c20bf36bfa2d42e4e06c530e4e33d284337f544cd8aebe9ef0a61499d1a9784831876c40d61820bb71b62b9c73d58c40fbf3733ca4d7562243d96b61a78ae02c5b3e2ec2ad9489674806d0143cdaff100749a5b825bd75dd62c792a394cfde032878dca4138e9988b14082925fa1bf1eb857953e49a33a787b601fca43b2f6c28d969e440ee01343df95fc9c18344b54a366f4708550877445fdcf0930cb0a5d35defb851ef51ee212726eb508257e461f076d17560de121c60483d0e33d1402ecafbb49e7d7ac117263296486d6565395a5fc4b427ac2fe36e47d7f7e03529721b625d1e33e50962858a5e43aa12d66ff76717427aef1ee774884485b18c3a003328675ddd52672ade349053cab75ac4db989a002fb968e14613f363e4c672f020b0b3b5bf74fd7f008a015e4bd55d667cde80a14677cefbadc2355b709c1f6a9a5a375787e0337dc5510565fd9f555a9c9ad83f19014eeb3007cf55ec10e2336dd4c9e88e0bcc3a2674cc8bc9f0da9da859270a95bbc7a97329e569f1016ef8b390167d9e19cde30932c2bf695fe5413ea675e238496d54314ec15d97fd4ab57edf64d90f973f433357edeea6ebfb83630ec83128956820143924752a35f97b97909bf59f7934a6d64d2a4587d4726a47c5913624423b27f1cc28e954a85366700ef02741003b7bf24e2800454cea4cc87f4cfefba2c74cff1f2d7b86935427fc828de77bd51bd6ac743feee09c0077f984da963ddac7aefacec9e2a9b9df62511e01c683a4fbaa4d87a73242980f772fad3ef3dba9bcee8448aa4c78dcef9142d7cb36c4dad26f1ad8837347a258f3a06def1519ed363861f6e12d07782b7609d35a8b03375f55b070ecb29314641a28b2a254c467fad69b7001d7135e73f3146c66988ca162e31c2cf122b2b5012e3fe76a53e3003dfb89bf5d3b5d7c2599341ac15f3acecdedb132828f0d990dbf4fda61b0a06d6d6bbc5d813aec972e73112d4ff12ab1108c384d6f2e811c117ee4fb85262936f0eaa8d2f16574e3fd5bd42c168f4768703477cb9dbc3e19e289c5c707452fb8448b58f2e134c0fb10382c80c13c40d9c3fe63da6fafd37b0544aeddf7feb58df18c1ee98273c030cacb63be2348110ee1fde1910737580ef329b225d23962a38859f2257f97677c0a2ad97ccb72e8d51c3278e28c546f5f4cd6f86a2a4615d3c246e76f5e350f81a29c2c17cbbc777108046cf24aabd4624d071ea3d38a346c289569a3e4d189160484caec7861c9c1e70b60acce4dbc60b4e0d1951dad005b9d00a5518861bed22f9b78673ee244168e034c8f254acab2d6b2340c49ea5079aa0de580987eafefdc7b9419b2efcc7c9793d088e95b2bb734c6cc4827d5bce26a83a61da7502ff014c51efb79234ff72a0a2d6b825ab55a352bf24a1e4ec8a4bca173491935a978cf61692a9016dc6efb87e336d18810bc8e8346f4b1e9c1b909e827985f99d5cce6ace54ac38767fa24d7c9492f0a4832ab0290f4f4579a4c36e3ba0a7a6bdfab757338b24d1339ae1f8aa81a25b4d441b8c29a266bb715a0120b41965e12e7b38739598641961b21aa7ecb174e4ed11ff99c10f6be09873f1002c336e4f465a3c49e25107a572f3016761d10d62769888d243209e0440b86b07b441af9472a9bf207c8accbd287e2bab7e938c4d00417c5d009677c58df7a5eeffa3dac2cc2f628d0859e874d21bfcf6a7ed2432b93040a052e366e8747b7433303e2600ca9afaa492322d0b4871fc576b097306a15311e44bc795f5c238de2a3c98aa6efd6daf36936b399490d96827de405d816dea7281f4bcaeb408449dab7e57471be2f3f3f9fa086e5ecaad245322596b6d0a5e74bdb987a70fcce68d4ddaacaaea3fe358e7f2ea7743bb00a80aeaf57b6a875c2354b3a3ff77ccb8e39687d895ef6bff489e5435b52bc90d9ae75e5b136218dfd082617517507141cadc9585d8b1e7f9beb5d4a444ecf08792d0193da6e3cf358cd86b3f749ecfab78a189b8ca84d9373b356a0fd7cc92917b9295dd06f58a66772fa61e2e2e1a64a399217376dd451a6a3e1f7c513e3c9d78ebbe234d9709f1ffd47845918cbb94a45390e53a3cc31a798d4e1a69838593eb2b3dfd2201c7d5e908bee30cfe10014207ac83908ff3c44dc86abeb6b9372a1813f22eed57192ad9d2775809df9c2b794780e7c8477f6ab12bc290eaaa7bd1bedab30cecfad7553f5fbd7c86c92df1565eb4fdcf6e6d0cabc6ad7019db0e3e86302393d2563fe335170c94cf64cd07cbc03e7b88d602135339e75da56d3dbc7061caf5f117fa33e77d0da054514759ab1c60e354b0bfe7499ed70dae8ecf148e477028757c3411a9e7c523e9bd91b4f6ce70c1e363de878dc0639010a839b0a323232c1418c8f5c464d8d0ca482793b230abfbbf3570c2da0dc70b3890e0350b904b965863ee44b32c4d8a5deab22e9da51e2c7294f2453ae12580eb047fbdfc05259e47b1d44becbcadec1faa3bf09aa06ced9294ab86f666928ba1347c3bacc09a39d090d06f214d5ee28443b1dc1917b6ccf1ba867cb8e22b60ccdbfa98212034a4198178bf0a040f28785f25ef04ef19da0cb794d2f9d292eb87ce3b2948c268280370c17ef1f68d4266db13ec68c3c8ce01cfc4ee19c9834629603d362ea9009cfcf5c1749447f59511adb2da68efb91110d30aee2de1857cff1fff6baccd76cc515f0f33a503257e1d7a745d6169f31b12b5608df99cd23d66a4be39bee0c3ec2c6bc002db41636307dd601c472afbb81b80171194199a8efc9355c17b108cbf5ed81440453b82df5caad1ab11a11523473f5dacfa88d091774e7245ffb7e2c51042ca7f1ea6209a1fbaaff85e85beef2221e8108157cb84b9b13bb783307e73e21dfa22b69c84c0b9bb991fd5ce34111616ab3aae40cab021c1e129c8d73b0464faab85503027bdec88709fecb2066fe0dc9bf24d581e79acfef2111a42ed3bdcd48d7edab8b69fe998d07d31f545f8b7f6340e475bb544fc9d062b005bf1b6251bf99dc191218c25c58cb77daf91c8e37c6073a057d7e03f8c7f70b51bfba50ce8294a4deb5e0c462c1056ca61ca453abe6bbaf952733e592bb9fb8e85fcc571519895a50531a2a233ab8afafd5c4cc32e7e133bc29e09d0459ad17d1120eccf16b4fe8ea2baefe043ed00dedcf3e06f1dc05ddf1c49306d2bbe60f282c98aa07c510694c0abb94f090269147078c628eeca573f81363142586b521b82b2d307eb17ad745a2796cce044ede82f2b3da853e0d52f7da8bd509af1a5af20648c75055a5f67fbcb279bd4f07fcfe603ae985740e56776b112c16c466ca511514e20b52888aefa453e23e7ee8cb1872f7fd0875b83e46c4357d465d47c3ecc2f16898766565ca63e3987ad7a1f43b627e370ab98b17fecf1ee68205eaed7b253aa4a5c3c6a78b080503f647c8360cff6085da1ba231de0d6e6da815659183289ceb6fc3d5cb18795da1a6d1822be5753fe943540b15e284b5a02e069da33fa99594285a3135a3157b0b7832002c0372330c0da04e1e0141eb90ee0ae9ace54a844407f516560059b66abe1891fc9e69ddb4000094aa367fd115e0d43c04ad75ca431e9f1a599a3e43d0fa374b27d163ace531ffdacc60fe8232a22a1bffd74ee8a15bd942510b25c046722450246c544abccd2b254e7378d43750e19ef36b1ac14f163d65e8b8811d0cd7064a5f26301746f09c5a9df7a7ffeef5f9e72bc30fa129dcbaa111f692cfd136d85a94a72de452c34c21497275760fa68d742f67eba8cdd1b31e8e2a7a9dd76d8bf4b61dd213487e54e89c397292c4e317597c64d0ad2ddea1f94dbd37fbf7fabff874e5e2b40c5eb0a85b866cb91782098187db00d781a8ed302437fb4711f8f97e789c5c37dd6a2f8446b3211963d36f4d61ebcdd2f19e92552cc3f2064e51f3679fb9999e303ab3a4bb7d444f49165dd17a5c6ac0e2dd896ae4fd409a0450a973dbea62420d3b0fc2c6838acb583a974f2c49d030ae5071d8c4e80ffc86717237f9bf1555ea8d51b734259e2ca2f258238850f50e4271ed9461492f1dc4c77772d5faf78d402bbbb15dfc2b9542838c38027a436096087b63a0307114cde334c86a1e86da2667da0d98fc8267d97041235c9aeff534b87932910634ef334eae8a629fa2c53e31d01985f93ba6b4abd44655cb22b41e9af6dfd8409d54c143dbe271ef6cddb59386d03001f2a532553273d547e75b4c82b41662cf7a0533ff240dbcea5947d24b23f53ef346d1d917e3d6e99dd6f0dda120d70f4eb8250fbb9ba54a514c53ad0d30c4233a325fbe63b784fab856750df4108ebd34daf5e62a9879c6ef9c541446e8af4d69b2f0c80afe5cb38580066a576c4575ec0e86339a3ab3529e7cec3e4eae8fea06d390ea816b1f2d4443695ddf93b7b79ddbf8eacb9454c1f22ea90e530687cae12a450ea8f38c105bc54aabef46154b9c4ffc8f89dea4097627389285e337c4aec2b3b6e80f34afb8f728360faa3b08beccc8d9fdc0758fa0e5acb25fddc7a609ea6c4014ed91e58d50e1eb6b97b8d21716487db", 0x1000, 0x3}, {&(0x7f00000017c0)="4bae594d780307c4abb3af7a5718096aa703498d6d2d1c3dc1abfc72af32c4a2e98a40d98e83579abc1734375a89317199559a21fb9912e4f551c99e4cba11f6f3289cd0071d17d082715080a1b0e6a224f067e715b262a4a6e5c3c7add7c62c3be9c6c1529fde277ffbc1044d7c71dfcf1770cd748b0c4f9b17966f90fcd6d7099eba2f896f56259a2d79c9f20617e7ad093cb53dc1d21f2ddf8fad8b6e2739411745f350bdd250f389d0eb12cb3018687bdfb851b8b3ea5a81cdf7682adc275aba20c98c657983726c8fafde9a6c589146ea81fd49b5925292008f3c50ed1a597b6ee50a6eb6fcb321158c684bf282e9fe43f00d527bf33c797b38ced1aa11d971cf5b4fdac58cc09e2f8adb0067872301e95c54894fe6f8f83a5063c5bb6fe747ddd85593aab442d4e0c621ae850f297cb3513cdc778b84a4be5e3287dc158f9aeefab5b5045ca23ab7265178fcfba5612621d9dc692c0d40996f776f8b40da92f36807400687f8ce221745228c8e587c50f2b8f2f21e19c0d790aae1f996910f6b5f01e1a89ecdd9862f4cff0ab0ea160eae1a0bc052df54821edeb740e8bbb94b6f5863bdb85aa62e3b32f3be067a49031940ff1c34fa7a263fe4d80c7586f370b65380c433993f4c05506991829e1f117e8975c9b3261da2b896ac5e514279448bee37575ea80384d5d372e5cb1494f7e7c3c9fc62b5f96e34ae53dbd8b3527bf203b1a26583753b81f5227b68053ac6891f4fa3bd29abdfc6ec4e8a90e5567e33497fc4be67eb4335e0d5491b6a8af869c422214a91492ddbd47c7aab0c05f714efe3a179d95ec3163340a593cf0b270f6b193ddf0b04718084781447a9ffae9e24e1a115dfbdbbf18880d93244231f6195247ec833f441d2490ac475199856de76108daf354ef73119db5392ec2c3166f913c69eef9677d3ea5ef6fdd986e716cc32dc43c430d524cfc45a65d822a16122bb08649d1d6ddc12f920f9f0410b56b81e279b2fbc7f73bb56b7dc8df7c0e44260cf604b30afdd0126409a20584e9beee09b64e0a0e794bfae940c5b7f2f814dc056853d37b01043fbab26e35a8748a4951af0ec85e481ffdf6b4454920bccaab69cfce7506da4abd24ad622260452ef99d2152ab95abd6159a61bd6d0d87c7cfe111650677b7f85cef0a297d87002d87a1ed56ca6d69526c7fe64a950f605666bd6def2559791e8de527f059e6676ea31a6fd7e3b8f4c80eb003749935b022874c8990d190e1fb643f0c17a21fc75f440d8c09c13ba6280cf19eef2ccea92bbed9c1153f3ad2ab8f6f0e22cdb27e61cfd7068d8a6bdc94be6599c5e00a7c1f3355fea835d9f4d935b0534f7cc8aa9a129430033c035b3ff9f8879764133c448ab3d415c064d2955b4ec49ecf857c2c6eafe9d39d260fbdc0cd72ab12f0769a7af337ab863bfc64cff964fc5a7ef87e50a79b12b6c73e30401022670e773c748c1ca156a12c4c8590c54f137c4485f4d6eea353c3356bd0d3c54e8f534a58ec7b84cf833cd72f16ac0aae9951a5bc7b3d45cba1ad43c4ff16a9a04368ec033ccd4ddd3cedadb84e8029fb1b62542f9b609d059532dd78cb4634657bacb2886c58eeed0a95e017c9b0a7be68dc8c6a581ec322f85504eeef4ff5f5a4c738bc097168a690ac9ef8fdefa7a25f3eae1d9765d667670170ae16a5e8abfed54ea92005add7c6d49274141602e039b0d9ecca2944b3ea73f4e27ce6d8e4958162d20cd1ff176f474927ebdc414a112cc20aad4d55b729054386705a847d8751d5f50d68d89ee34b0a54a5ad309b0b19845d39c83f2f7ab8e878e8aa6656f7267081243ed6f16cf994885dc25fbf2677b3d2ce66f5cfad1ea86801e11e9e1e8f7a98abf1cce3566eb1057e44ed7754044cf936e621d2d981b61319ffecc0568c49ca88809599af2cae5804a9d917d5fbed665c9e7c4c959b25bda645346f443c1f1ecb05206b7a9c1d2825ffe3a697ebe1d172098a31989031b63d5412552b7664443a39302829700d0d4bde5a2f633bc76633bb5ebf610e05f1656dd5e2476e9ef48444c3b59cb08a8f2bfbddd8f5e54cad5c4a6585cb7fc96a72d42977896f70fc7406a2d5958b55e056bbe2e086b548c2160a5e08e89afd7124dd7b2076efc5fdb9871e7ae663d7ef15df68a74b39d047b4d46f66195f179f131b36f68b159593809fb6e76544bdb1be990da5c3bfc10aa3b86eda2d7044d4824659e72349b4086d823b0b9011e14dc340b5ad5d940b97075beba0807c6e7ed64bc7888a448ae7643a1ddd69057e1ad31364e92ad574c81b301ba850665aee9824dc40165d2861e2693fc2fdc1e7bb5e7b8457db98c213e5b9a8842ebff7edfbfb3e72f9e234ce5d06d90d7e6fbf48623802bba6c122df717004d1d57d450c13f57ead985f3ef42381989b9d1eb654718f68e1549b9e3a65115a68f87a2955d560614975b86da9063b37601bab97931b2a92925405d9c91b3739ab2aaa6a45305cb197a7cf7152338ea0fea58793fb60dc7fda6f14fd6d639fee758c6701fe84fe8b678c89e2f04d62ac263abbc32bb515fb70b754f25fccc543a15b5a372a98877d93373681cddc92dfce21669830b0c3906b03f5445145b3396410d3a851a857ce4d0f3399090feffaceeb9ad1141c16e6d2a20e91b4afa3599886418e66c5496a5c0fab5698f6e22188a1f4feb8b0e7e402b7da2ff6c8e838ecd1a639e9ac6d1992e756217e05b2ad0ef2efc57632d972828746db7bb48ed9b29f2482c9385f086937f09bbb501719a40e73d549a5fd0d549975c59b929fde2e36c2cc6c99b5eead2d73aa694f957cd50505925f45c91709356799efb2807cc0004d61c4e73d7fbe08b84a04024b6f631b37a7b6238a7c24d37f25a51d923e11fcbb78f95936ceb738fe0981a227458b2606f63dea52d7814cc9274f4ab2e867a6042645ffee9d74d0285166666faae92cb14a9de68b7804588ff8a7c83aabb8692ee7cd0e2be4074ac9e30dd8543e2fc7e8b2be31010f0976df7b4ddd6f46041df339f42f530d61e837a22244668abedd34033cffc2ff2e0bd0a5fa5155cc5ef8e6d9710f0adf074c7bd28d7903f3c90ec2f3fd3a521a7736e2fd38d9f1532d8b616eabb1fa61fcc7022e4fa5d26c32c81d4f65dc9d38233ebcb8a6fb6bcf7a1a59627d7e823d23a1c1d7b7f4d262dbf02e8e2ae81e1dca35ff879012f829ab850cf39e5a843c00eb6a35e6e68b8dfb3fbf85c40cf9e9268f3b87cb74172d34d06033cbaba228147412635936a62ddb20a30ffa88b2181352c7386ea30c903e055f5ccbae5bac5d39ba722d7a7222f4133d9731609270e18aa9f16cad901ad58397067aea98131fc3c9e22c267929413ffd1a48998df6532c4827569dc6d9ba86d9d747bccc788b9369dfc8a0899570cfe12eef0a2ac3c4c6ea976ef79817e619146e9bc46d5626549dae829d2123edc581178a349f75d2fc90dd2840a268049ca7249c4508af29aacfebfd18c4b03eb86c758ab298dd140b68b6ddf2ff6af274467404af36e947de8555bf992ce4616f090213555284f50dd1b8a0903dbf44723a182a87f1b0f510676d9d52cff71c9b5a732677cd16c357c6d5ea75b03e2d1fb288ce13055311271af6d7d29dbb2bb8b5b9e9b8b906b18a49ae05f904d4649dfd0f99b0676f45870d2078042fd1954397bea294b564e1b4c39a24bdf732234174f28e7ee0408999d4bdf3b80cf3260d2b4d29f566bce69ee96effbe648b15fcb8f6637f68453f4135d9d98de351ffc17d17c19a944db544baa91a8b98f13b84e6271edda7afa3ed18510dde927134a753a245273c71aeb64d3576cd38d98d1cad5e25a628a6b0acef9eb58c7ec23ffd4f5565ad441215f9161dc95c5ed8de31e250a4ddc00ab55bad8b0b347dbe4826778373c79e64f518848fa715557bed58387a112e3459d160d06f21b483f6be077627528c9268f7e80da0378eb5ed827e09f63520e9b9ddc576168bccd1e2f64a5f28556b4b3891dddfc1e243a207c5851b23286be5dca87361f1a2d85bd0d4831c17e7a7ce31a5351e9d43602ddb669237360926d0c6404beaba80a03be261d2d738ff785806dfb52190320ae541d39640f6f8dc2d7b30f90232a5a5ec3fabc8fca38f25977b97f679a47ce61e21575f2e48c62d46e1877fb6e8238cae8d04692c2787b14e892a5dde74feade967f4dbadce9ced3a5c356898796befe68a098a26e5e7b3ac7bd308d4363c7c56395909c487122215dfa58fd8eece42f1dfa8bf50d16acfa184c19fe30c72935c63c76c951347e12dc4c982b7072cc83943417e7fc2beb0940756623e08afc41c9893653c027c5b2bbc13c7d40ab90c3ee4a5eee384a8ddfdfdc5467c44098b37c4674cce63c79c54930717239f6b1f280376de973e888af0dada8a3c1291d09790530eab469fe968c3421ca2abf003673a66b1155dadd63d941e1721d53030ee6902245b955c04db793deaabf972cfc600fa99402aafa1d2ef057aa7082baa7a50cd98c89653f694ed02a526f1a89cb7a364ff0dc0dd8b8228a65b19eb962acec1ce796baa9667f1c822ff0bd23d0ba10f752028d7c3f39a20eb1ed79837c06afc86b2809a654008dbcd08e2bdb41fde55fac6219621a67fdb246038f36a57342d648ed67faf027f4571e9e0f0db1504910b1b0eea3a7452dc8b16c82dc45591c65feecc9568d76754b435f0e3852e964c85e2ca91bfc07d41b529e59d6717d50d26984f886278e8a34962d1778887397ffaeec0322b660159ab8ba6caa4c08b155bbf48a85cbcd4c23bbae95dc725c745a7c935fdd3325250bb5fbcea3aa5f0e9a860a75a8e87901b59943dada20223e4a3614cb100a73d6d470dbc9e3d14d79b9615bc6886858e8b62676c49d0778b4ee3e9b0b04e22283a1211327a51c6781e459c2516e7ae51d27491159a9bd20d30a495b25b22fe7ec18d449f4ded124d8495b61711a3f17ecb29ed517d3e13f016c583660fc00ccba0d246ad5f93c23125a5191ee7b37897f75adb586c8008e4389680b65e20fd9b99a3406eef9eb47d096cb8e99bc774d088451380240dbaefab4086d4b45915533a5d886c2d6feb57ef565a79dcb3c5a012d19e18a3d058f77dbc7779aa5803fdba433c7f541ad4eb00dc90021823593acadc5292c382de13cc83cb71f768e0c43b2479b39921e3be6abae3dba2590efe66288f5a75e6699aa6d89bf550387c855561d5d83738d9d69b2161c5145d653a44846a9d17ad65285e6a2d4434e3875069059e8a0e1a6817ee4d8f3040a9a6f56a46c4cd327db8f0dedf5af9c2ed25327ff9a67645db7a4b1f65003b0e600e67acbc394e020db323481de5d0b6c386d07445c0e57d27b864cdbf8e19c9f654f9de45f93855fc4b759614b2e9ec6345a13e4274c6fe874edaa2a1f23b5cb612c5be98af229beb4fc3f2399590ad9f61a5bba72cabb7f478b7666dd1114a0461e120334036204d3e3152b577e0ab8323a0c4830a81730b04865c0c92e728acc7597f94342d5a691f65f62beb8a3c8c7625b5e194806729249463bb4060eadec0357861255d48b7b820344d75759b72c640b3900e1cb18dbb76b14f182457d9112fcec8335d50be7259d179f1a3f08a5ebed5d03b3541e8387a741db2d5a0f1c8499c13fefc4123e1bdcfb7838d1382fc07a0c9f3aef7d87ea2a94f76a5785a8d309c04275418580f6efe70a1c14ba59d7bbeba68c78b26e54eb96dca4e674c420242eba20ac5f4b2f758b7604e57fc1e8f1bff8", 0x1000, 0x88}, {&(0x7f0000000140)="9d19ab51825cf681f52d0947f8f48645d6e4b24e4530337ed1fae38c469a850a7449f0e3ccfa8f899e9dbf49f7cf9d3d0d156c002b366e0afc9f27e63e67bc45fa4141b2afbafdb67018bef4d2cdcc2e108263860fcb00313cc0ee628d2af158751b16d0e6ad961c89e1218dfe4fa9004c9f031fa92f0dd42cd241fa7868eb742396112e91241a8a1fd1a85393338b8b27c5bd6cb630b37876835a9733", 0x9d, 0x80}], 0x80001, &(0x7f0000000400)={[{@utf8no}, {@nonumtail}], [{@pcr={'pcr', 0x3d, 0x2b}}, {@obj_type={'obj_type', 0x3d, 'gid'}}]})

20:16:01 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  640.699340] loop6: detected capacity change from 0 to 135266304
[  640.729411] loop6: detected capacity change from 0 to 135266304
20:16:13 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r4, r5, 0x0, 0x6)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:16:13 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:16:13 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000040)={0xfffd})
syz_open_dev$tty20(0xc, 0x4, 0x1)

20:16:13 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:13 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5}) (fail_nth: 2)

20:16:13 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:13 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:16:13 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 29)

[  653.193099] FAULT_INJECTION: forcing a failure.
[  653.193099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  653.195589] CPU: 1 PID: 5873 Comm: syz-executor.0 Not tainted 5.10.234 #1
[  653.196998] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  653.198722] Call Trace:
[  653.199269]  dump_stack+0x107/0x167
[  653.200020]  should_fail.cold+0x5/0xa
[  653.200815]  _copy_to_user+0x2e/0x180
[  653.201612]  simple_read_from_buffer+0xcc/0x160
[  653.202592]  proc_fail_nth_read+0x198/0x230
[  653.203499]  ? proc_sessionid_read+0x230/0x230
[  653.204545]  ? security_file_permission+0xb1/0xe0
[  653.204587]  ? proc_sessionid_read+0x230/0x230
[  653.204604]  vfs_read+0x228/0x620
[  653.204628]  ksys_read+0x12d/0x260
[  653.204645]  ? vfs_write+0xb10/0xb10
[  653.204667]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  653.204685]  ? syscall_enter_from_user_mode+0x1d/0x50
[  653.204704]  do_syscall_64+0x33/0x40
[  653.204721]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  653.204732] RIP: 0033:0x7f4c9cab469c
[  653.204748] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  653.204757] RSP: 002b:00007f4c9a077170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
20:16:13 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  653.204775] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4c9cab469c
[  653.204784] RDX: 000000000000000f RSI: 00007f4c9a0771e0 RDI: 0000000000000004
[  653.204793] RBP: 00007f4c9a0771d0 R08: 0000000000000000 R09: 0000000000000000
20:16:13 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 30)

20:16:13 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  653.204802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
20:16:13 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  653.204812] R13: 00007ffe6980f77f R14: 00007f4c9a077300 R15: 0000000000022000
20:16:13 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  653.220103] FAULT_INJECTION: forcing a failure.
[  653.220103] name failslab, interval 1, probability 0, space 0, times 0
[  653.220123] CPU: 0 PID: 5881 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  653.220133] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  653.220139] Call Trace:
[  653.220164]  dump_stack+0x107/0x167
[  653.220184]  should_fail.cold+0x5/0xa
[  653.220205]  ? create_object.isra.0+0x3a/0xa20
[  653.220225]  should_failslab+0x5/0x20
[  653.220243]  kmem_cache_alloc+0x5b/0x310
[  653.220266]  create_object.isra.0+0x3a/0xa20
[  653.220297]  kmemleak_alloc_percpu+0xa0/0x100
[  653.220319]  pcpu_alloc+0x4e2/0x1240
[  653.220351]  __percpu_counter_init+0x10d/0x2d0
[  653.220373]  io_uring_alloc_task_context+0xcc/0x6a0
[  653.220392]  ? io_import_iovec+0x1120/0x1120
[  653.220411]  ? lock_downgrade+0x6d0/0x6d0
[  653.220426]  ? do_raw_spin_lock+0x121/0x260
[  653.220450]  ? rwlock_bug.part.0+0x90/0x90
20:16:13 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  653.220473]  __io_uring_add_tctx_node+0x2c6/0x520
[  653.220495]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  653.220511]  ? alloc_fd+0x2e7/0x670
[  653.220538]  io_uring_setup+0x1fbb/0x2980
[  653.220563]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  653.220581]  ? wait_for_completion_io+0x270/0x270
[  653.220618]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
20:16:13 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 31)

[  653.220636]  ? syscall_enter_from_user_mode+0x1d/0x50
[  653.220655]  do_syscall_64+0x33/0x40
20:16:13 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  653.220672]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  653.220684] RIP: 0033:0x7f7e6bc66b19
[  653.220701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  653.220710] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  653.220740] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  653.220750] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  653.220760] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  653.220769] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  653.220779] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  653.309280] loop5: detected capacity change from 0 to 135266304
[  653.373678] FAULT_INJECTION: forcing a failure.
[  653.373678] name failslab, interval 1, probability 0, space 0, times 0
[  653.373699] CPU: 0 PID: 5890 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  653.373708] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  653.373714] Call Trace:
[  653.373737]  dump_stack+0x107/0x167
[  653.373757]  should_fail.cold+0x5/0xa
[  653.373778]  ? create_object.isra.0+0x3a/0xa20
[  653.373798]  should_failslab+0x5/0x20
[  653.373815]  kmem_cache_alloc+0x5b/0x310
[  653.373838]  create_object.isra.0+0x3a/0xa20
[  653.373862]  kmemleak_alloc_percpu+0xa0/0x100
[  653.373884]  pcpu_alloc+0x4e2/0x1240
[  653.373916]  __percpu_counter_init+0x10d/0x2d0
[  653.373937]  io_uring_alloc_task_context+0xcc/0x6a0
[  653.373956]  ? io_import_iovec+0x1120/0x1120
[  653.373975]  ? lock_downgrade+0x6d0/0x6d0
[  653.373990]  ? do_raw_spin_lock+0x121/0x260
[  653.374006]  ? rwlock_bug.part.0+0x90/0x90
[  653.374028]  __io_uring_add_tctx_node+0x2c6/0x520
[  653.374046]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  653.374061]  ? alloc_fd+0x2e7/0x670
[  653.374088]  io_uring_setup+0x1fbb/0x2980
[  653.374113]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  653.374130]  ? wait_for_completion_io+0x270/0x270
[  653.374168]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  653.374185]  ? syscall_enter_from_user_mode+0x1d/0x50
[  653.374204]  do_syscall_64+0x33/0x40
[  653.374221]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  653.374233] RIP: 0033:0x7f7e6bc66b19
[  653.374260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  653.374270] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  653.374289] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  653.374299] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  653.374309] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  653.374318] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  653.374328] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  653.510820] FAULT_INJECTION: forcing a failure.
[  653.510820] name failslab, interval 1, probability 0, space 0, times 0
[  653.510919] CPU: 1 PID: 5900 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  653.510929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  653.510935] Call Trace:
[  653.510959]  dump_stack+0x107/0x167
[  653.510979]  should_fail.cold+0x5/0xa
[  653.510999]  ? io_uring_alloc_task_context+0x4a3/0x6a0
[  653.511020]  should_failslab+0x5/0x20
[  653.511038]  kmem_cache_alloc_trace+0x55/0x320
[  653.511062]  io_uring_alloc_task_context+0x4a3/0x6a0
[  653.511081]  ? io_import_iovec+0x1120/0x1120
[  653.511100]  ? lock_downgrade+0x6d0/0x6d0
[  653.511115]  ? do_raw_spin_lock+0x121/0x260
[  653.511131]  ? rwlock_bug.part.0+0x90/0x90
[  653.511154]  __io_uring_add_tctx_node+0x2c6/0x520
[  653.511173]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  653.511188]  ? alloc_fd+0x2e7/0x670
[  653.511216]  io_uring_setup+0x1fbb/0x2980
[  653.511242]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  653.511287]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  653.511312]  ? syscall_enter_from_user_mode+0x1d/0x50
[  653.511335]  do_syscall_64+0x33/0x40
[  653.511355]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  653.511367] RIP: 0033:0x7f7e6bc66b19
[  653.511384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  653.511394] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  653.511414] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  653.511425] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  653.511443] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  653.511454] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  653.511465] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:16:26 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:16:26 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:26 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r4, r5, 0x0, 0x6)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:16:26 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000040), 0x1, 0x280800)
ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000080)="d7cb2d1908c5139fac2d180d24f89077acb7f7272809e65c19240c24f0b039dd72640ae58bcaf36ac15681")
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:16:26 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 32)

20:16:26 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:26 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:16:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:16:26 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x2, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:16:26 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000040))
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000000c0)="9bd06c98f3db61bda092be1523dd336fd900b65626cfe7f52d56d01d77c2cd31bacf190d145c62fd15f43a5466f972881e087ab9faf11fbb8964d6f7b0b2fb8da27ecb46fb05eb07a88fec72e648363203fd")
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x0, 0x40})

[  666.288317] loop5: detected capacity change from 0 to 135266304
[  666.309765] FAULT_INJECTION: forcing a failure.
[  666.309765] name failslab, interval 1, probability 0, space 0, times 0
[  666.312417] CPU: 1 PID: 5925 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  666.313844] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  666.313855] Call Trace:
[  666.315440]  dump_stack+0x107/0x167
[  666.316205]  should_fail.cold+0x5/0xa
[  666.317006]  ? create_object.isra.0+0x3a/0xa20
[  666.317966]  should_failslab+0x5/0x20
[  666.318830]  kmem_cache_alloc+0x5b/0x310
[  666.318854]  create_object.isra.0+0x3a/0xa20
[  666.318869]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  666.318893]  kmem_cache_alloc_trace+0x151/0x320
[  666.318921]  io_uring_alloc_task_context+0x4a3/0x6a0
20:16:26 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  666.318940]  ? io_import_iovec+0x1120/0x1120
[  666.318959]  ? lock_downgrade+0x6d0/0x6d0
20:16:26 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f0000000040)=0x20)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  666.318975]  ? do_raw_spin_lock+0x121/0x260
[  666.318991]  ? rwlock_bug.part.0+0x90/0x90
[  666.319015]  __io_uring_add_tctx_node+0x2c6/0x520
[  666.319033]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  666.319049]  ? alloc_fd+0x2e7/0x670
[  666.319081]  io_uring_setup+0x1fbb/0x2980
[  666.319108]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  666.319127]  ? wait_for_completion_io+0x270/0x270
[  666.319170]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  666.319188]  ? syscall_enter_from_user_mode+0x1d/0x50
[  666.319209]  do_syscall_64+0x33/0x40
[  666.319226]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  666.319238] RIP: 0033:0x7f7e6bc66b19
[  666.319255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  666.319264] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  666.319284] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  666.319294] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  666.319304] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  666.319314] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  666.319324] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:16:26 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  666.429103] loop5: detected capacity change from 0 to 135266304
20:16:39 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:16:39 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b2f, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:16:39 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:16:39 executing program 1:
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:39 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x73, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:16:39 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = syz_open_pts(r0, 0x20001)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x17)

20:16:39 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:16:39 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 33)

20:16:39 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b30, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  679.339085] loop5: detected capacity change from 0 to 135266304
20:16:39 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  679.371381] FAULT_INJECTION: forcing a failure.
[  679.371381] name failslab, interval 1, probability 0, space 0, times 0
[  679.373976] CPU: 0 PID: 5962 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  679.375510] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  679.375516] Call Trace:
[  679.375541]  dump_stack+0x107/0x167
[  679.375561]  should_fail.cold+0x5/0xa
20:16:39 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, 0x0, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  679.375582]  ? io_wq_create+0xeb/0xc00
[  679.375604]  should_failslab+0x5/0x20
[  679.375620]  __kmalloc+0x72/0x390
[  679.375645]  io_wq_create+0xeb/0xc00
[  679.375671]  io_uring_alloc_task_context+0x1f1/0x6a0
[  679.375690]  ? io_import_iovec+0x1120/0x1120
[  679.375708]  ? io_apoll_task_func+0x2d0/0x2d0
[  679.375723]  ? __io_req_find_next+0x300/0x300
[  679.375738]  ? do_raw_spin_lock+0x121/0x260
[  679.375754]  ? rwlock_bug.part.0+0x90/0x90
[  679.375777]  __io_uring_add_tctx_node+0x2c6/0x520
[  679.375795]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  679.375810]  ? alloc_fd+0x2e7/0x670
[  679.375838]  io_uring_setup+0x1fbb/0x2980
[  679.375863]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  679.375882]  ? wait_for_completion_io+0x270/0x270
[  679.375921]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  679.375938]  ? syscall_enter_from_user_mode+0x1d/0x50
[  679.375958]  do_syscall_64+0x33/0x40
[  679.375975]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  679.375987] RIP: 0033:0x7f7e6bc66b19
[  679.376004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
20:16:39 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:16:39 executing program 1:
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  679.376013] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  679.376032] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  679.376042] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  679.376052] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  679.376062] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
20:16:40 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  679.376072] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:16:40 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 34)

[  679.486729] loop5: detected capacity change from 0 to 135266304
20:16:40 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  679.522061] FAULT_INJECTION: forcing a failure.
[  679.522061] name failslab, interval 1, probability 0, space 0, times 0
[  679.524721] CPU: 0 PID: 5981 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  679.526281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  679.528175] Call Trace:
[  679.528765]  dump_stack+0x107/0x167
[  679.529526]  should_fail.cold+0x5/0xa
[  679.530398]  ? io_wq_create+0xeb/0xc00
[  679.531300]  should_failslab+0x5/0x20
[  679.532178]  __kmalloc+0x72/0x390
[  679.532988]  io_wq_create+0xeb/0xc00
[  679.533852]  io_uring_alloc_task_context+0x1f1/0x6a0
[  679.535039]  ? io_import_iovec+0x1120/0x1120
[  679.536050]  ? io_apoll_task_func+0x2d0/0x2d0
[  679.537082]  ? __io_req_find_next+0x300/0x300
20:16:40 executing program 1:
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  679.538108]  ? do_raw_spin_lock+0x121/0x260
20:16:40 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x3, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r3, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@initdev, @in6=@private0}}, {{@in6=@loopback}, 0x0, @in6=@ipv4={""/10, ""/2, @local}}}, &(0x7f0000000280)=0xe8)
sendfile(r1, r2, 0x0, 0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r4, r5, 0x0, 0x6)
write(r4, &(0x7f0000000080)="4ac33707d8b917874d3862827ed5b5819bb72fd5a510a4c83d65001ba9a2cd32b136e23fba94b977118f51dfc0c86bf390d80855bbdd6adfcc2106d666793e92b17d40a28a0dcfe33b5565694d7d0e6968ca5509e26e7cace1605ca404c8e5c7cd2e31a8f19a730242a8a93ccd9e60523e9accb94e2bea7f23bd43ad36c340af9a4ed8a1adfb58d744d5b0bcbc902c3e25814d3bf2d741be2d7d71c41a46e5b7efee558e8d3e0d01", 0xa8)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x0, 0x4004, 0x7c, 0x4, 0x5, 0xffff})
r6 = syz_open_pts(r0, 0x101500)
ioctl$TCXONC(r0, 0x540a, 0x1)
ioctl$TCSETSW2(r6, 0x402c542c, &(0x7f0000000040)={0x2, 0x7, 0x5, 0x7, 0x5, "fe5c692bfbb94674437693939105df5ea3c1a2", 0xff, 0x8})

[  679.539208]  ? rwlock_bug.part.0+0x90/0x90
20:16:40 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:16:40 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  679.540236]  __io_uring_add_tctx_node+0x2c6/0x520
[  679.541448]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  679.542666]  ? alloc_fd+0x2e7/0x670
[  679.543514]  io_uring_setup+0x1fbb/0x2980
[  679.544478]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  679.545660]  ? wait_for_completion_io+0x270/0x270
[  679.546824]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  679.548005]  ? syscall_enter_from_user_mode+0x1d/0x50
[  679.549152]  do_syscall_64+0x33/0x40
[  679.550023]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  679.551225] RIP: 0033:0x7f7e6bc66b19
[  679.552088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  679.556279] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  679.558076] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  679.559761] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  679.561438] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  679.563107] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  679.564759] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:16:40 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b31, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  679.610975] loop5: detected capacity change from 0 to 135266304
20:17:03 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:17:03 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, 0x0, 0x1)

20:17:03 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b32, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:17:03 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:17:03 executing program 1:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:03 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 35)

20:17:03 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  702.884660] FAULT_INJECTION: forcing a failure.
[  702.884660] name failslab, interval 1, probability 0, space 0, times 0
[  702.887067] CPU: 1 PID: 6008 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  702.888486] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  702.890211] Call Trace:
[  702.890767]  dump_stack+0x107/0x167
[  702.891533]  should_fail.cold+0x5/0xa
[  702.892325]  ? io_wq_create+0x6ef/0xc00
[  702.893151]  should_failslab+0x5/0x20
[  702.893943]  kmem_cache_alloc_node_trace+0x59/0x340
[  702.894999]  io_wq_create+0x6ef/0xc00
[  702.895809]  io_uring_alloc_task_context+0x1f1/0x6a0
[  702.896863]  ? io_import_iovec+0x1120/0x1120
[  702.897790]  ? io_apoll_task_func+0x2d0/0x2d0
[  702.898722]  ? __io_req_find_next+0x300/0x300
[  702.899677]  ? do_raw_spin_lock+0x121/0x260
[  702.900570]  ? rwlock_bug.part.0+0x90/0x90
[  702.901456]  __io_uring_add_tctx_node+0x2c6/0x520
[  702.902462]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  702.903562]  ? alloc_fd+0x2e7/0x670
[  702.904329]  io_uring_setup+0x1fbb/0x2980
[  702.905193]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  702.906257]  ? wait_for_completion_io+0x270/0x270
[  702.907287]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  702.908386]  ? syscall_enter_from_user_mode+0x1d/0x50
[  702.909462]  do_syscall_64+0x33/0x40
[  702.910239]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  702.911307] RIP: 0033:0x7f7e6bc66b19
[  702.912077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  702.915890] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  702.917465] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  702.918955] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  702.920436] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  702.921910] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  702.923393] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:17:03 executing program 1:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:03 executing program 6:
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r0, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000140)={0xdf75, 0x8000, 0x0, 0x81, 0x0, 0x2})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000000000))

20:17:03 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  702.969259] loop5: detected capacity change from 0 to 135266304
20:17:03 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b33, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:17:03 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
sendfile(r0, r2, &(0x7f0000000080)=0x800, 0x7f)
r3 = syz_open_dev$mouse(&(0x7f0000000040), 0x3d, 0x10043)
ioctl$KDSKBLED(r3, 0x4b65, 0x1)

20:17:03 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:17:03 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:17:03 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, 0x0, 0x1)

[  703.132000] loop5: detected capacity change from 0 to 135266304
20:17:18 executing program 1:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:18 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
io_submit(0x0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
io_cancel(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r2, r3, 0x0, 0x6)
r4 = syz_open_dev$vcsu(&(0x7f00000001c0), 0x8, 0x20042)
r5 = socket$inet6(0xa, 0xf, 0x200000)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r6, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r6, 0x0)
r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000400), 0x40080, 0x0)
io_submit(0x0, 0x4, &(0x7f0000000480)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1ff, r1, &(0x7f0000000080)="a7320f472472c241f07c9d64e270333a8ce74ab212dd519e6e7752fa187121dfd05cb3e7ebcf212e523d94f11db4e708c0cf5d3ca9ff15d09c6f4d734fc669bf99d9042b31b0ebd998b8193418d4920753fcf909edac4bc342abf7b743553f5ddd95c33eea03846044f6c13a2a485ed1005eac436b868de642082b9efa0629fa593ca3321a260c4c86e4b0ae66b7efa245c6aec11b9fa5d199d9ef1f360b2aa19b514ada7437023d5b16e6ab823c0234f31b7dbb85a73aa7c038", 0xba, 0x0, 0x0, 0x3, r3}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x9, r0, &(0x7f0000000180)="3cebd6278311e5954fb72bfdba82", 0xe, 0x0, 0x0, 0x1, r4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x7f, r5, &(0x7f0000000240)="a8818197aef23eca2f55b4742be864bb50a25ca2f1d156b1a977f51c451f8439fcf7cd57d052a4d5bd08729589b4162f4a7ae4ddf8aaaa6b4251096acf35a4e580930464831201bdb46c7931613633fd0711abf1e51a4765e64caf64e4736255ef94ed0be3c219ec7e4fe5572ecfa65ab19388809e013d1f384945bd53029119bac132cfcb8aaff867c1ea927e6d96721eaedb365abdf6ac7611033066e7f0c8bc6a369d3c4f837bc5649011e5148214cc26d90cb947fd909cfc71f8c0d8c41ad13a46c0871e570725155eb5fd92ec2d280075b6c21d227ed146bd849a94e11ae76d4951686767ae2d6044719906473f5239", 0xf2, 0x8000, 0x0, 0x2, r6}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0xb2e9, r0, &(0x7f0000000380)="d19d9d47f1336d4a922f2a973298d3b045ca770f6c6fb6b72657ce0b1f0c46740f0e892e5a5d4cfc43a8cb708b28cbb6aa4c0e7fe51454dde98033617845247dc84a6a7ef613f67ab85628837f3a591f114cb86a473e169459", 0x59, 0x7, 0x0, 0x3, r7}])
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x12)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x1ff, 0x4, 0x4})

20:17:18 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b34, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:17:18 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:18 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 36)

20:17:18 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:17:18 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, 0x0, 0x1)

20:17:18 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  717.820013] FAULT_INJECTION: forcing a failure.
[  717.820013] name failslab, interval 1, probability 0, space 0, times 0
[  717.821577] CPU: 0 PID: 6051 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  717.822505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  717.823645] Call Trace:
[  717.823993]  dump_stack+0x107/0x167
[  717.824482]  should_fail.cold+0x5/0xa
[  717.825006]  ? create_object.isra.0+0x3a/0xa20
[  717.825634]  should_failslab+0x5/0x20
[  717.826164]  kmem_cache_alloc+0x5b/0x310
[  717.826730]  ? io_wq_create+0x114/0xc00
[  717.827294]  create_object.isra.0+0x3a/0xa20
[  717.827890]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  717.828598]  kmem_cache_alloc_node_trace+0x16d/0x340
[  717.829292]  io_wq_create+0x6ef/0xc00
[  717.829816]  io_uring_alloc_task_context+0x1f1/0x6a0
[  717.830489]  ? io_import_iovec+0x1120/0x1120
[  717.831107]  ? io_apoll_task_func+0x2d0/0x2d0
[  717.831704]  ? __io_req_find_next+0x300/0x300
[  717.832323]  ? do_raw_spin_lock+0x121/0x260
[  717.832908]  ? rwlock_bug.part.0+0x90/0x90
[  717.833477]  __io_uring_add_tctx_node+0x2c6/0x520
[  717.834126]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  717.834824]  ? alloc_fd+0x2e7/0x670
[  717.835347]  io_uring_setup+0x1fbb/0x2980
[  717.835912]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  717.835925]  ? wait_for_completion_io+0x270/0x270
[  717.835949]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  717.835959]  ? syscall_enter_from_user_mode+0x1d/0x50
20:17:18 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 37)

[  717.835971]  do_syscall_64+0x33/0x40
[  717.835982]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  717.835989] RIP: 0033:0x7f7e6bc66b19
[  717.836000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
20:17:18 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  717.836006] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  717.836018] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  717.836024] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  717.836030] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  717.836036] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  717.836042] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  717.910390] loop5: detected capacity change from 0 to 135266304
20:17:18 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)

[  717.951801] FAULT_INJECTION: forcing a failure.
[  717.951801] name failslab, interval 1, probability 0, space 0, times 0
[  717.954330] CPU: 1 PID: 6070 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  717.955791] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  717.957551] Call Trace:
[  717.958114]  dump_stack+0x107/0x167
[  717.958885]  should_fail.cold+0x5/0xa
[  717.959708]  ? __io_uring_add_tctx_node+0x15c/0x520
20:17:18 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b35, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  717.960759]  should_failslab+0x5/0x20
[  717.961733]  kmem_cache_alloc_trace+0x55/0x320
[  717.962700]  __io_uring_add_tctx_node+0x15c/0x520
[  717.963738]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  717.964817]  ? alloc_fd+0x2e7/0x670
[  717.965584]  io_uring_setup+0x1fbb/0x2980
[  717.966454]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  717.967536]  ? wait_for_completion_io+0x270/0x270
[  717.968561]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  717.969651]  ? syscall_enter_from_user_mode+0x1d/0x50
[  717.970726]  do_syscall_64+0x33/0x40
[  717.971520]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  717.972588] RIP: 0033:0x7f7e6bc66b19
[  717.973364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  717.977210] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  717.978810] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  717.978820] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  717.978829] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  717.978839] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  717.978848] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:17:18 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:17:18 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:18 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:17:18 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 38)

20:17:18 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b36, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  718.075393] loop5: detected capacity change from 0 to 135266304
20:17:18 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r1, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x2)

20:17:18 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:18 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)

[  718.120061] FAULT_INJECTION: forcing a failure.
[  718.120061] name failslab, interval 1, probability 0, space 0, times 0
[  718.121401] CPU: 0 PID: 6087 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  718.122191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  718.123188] Call Trace:
[  718.123496]  dump_stack+0x107/0x167
[  718.123912]  should_fail.cold+0x5/0xa
[  718.124351]  ? create_object.isra.0+0x3a/0xa20
[  718.124877]  should_failslab+0x5/0x20
[  718.125313]  kmem_cache_alloc+0x5b/0x310
[  718.125780]  create_object.isra.0+0x3a/0xa20
[  718.126279]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  718.126861]  kmem_cache_alloc_trace+0x151/0x320
[  718.127415]  __io_uring_add_tctx_node+0x15c/0x520
[  718.127967]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  718.128566]  ? alloc_fd+0x2e7/0x670
[  718.128994]  io_uring_setup+0x1fbb/0x2980
[  718.129009]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  718.129019]  ? wait_for_completion_io+0x270/0x270
[  718.129041]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  718.129051]  ? syscall_enter_from_user_mode+0x1d/0x50
[  718.129061]  do_syscall_64+0x33/0x40
[  718.129070]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  718.129077] RIP: 0033:0x7f7e6bc66b19
[  718.129086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  718.129091] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  718.129101] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
20:17:18 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 39)

[  718.129107] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  718.129112] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  718.129118] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  718.129123] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  718.211876] FAULT_INJECTION: forcing a failure.
[  718.211876] name failslab, interval 1, probability 0, space 0, times 0
[  718.211925] CPU: 0 PID: 6098 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  718.211930] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  718.211934] Call Trace:
[  718.211950]  dump_stack+0x107/0x167
[  718.211961]  should_fail.cold+0x5/0xa
[  718.211981]  ? xas_alloc+0x336/0x440
[  718.218985]  should_failslab+0x5/0x20
[  718.218995]  kmem_cache_alloc+0x5b/0x310
[  718.219031]  ? stack_trace_consume_entry+0x160/0x160
[  718.220852]  xas_alloc+0x336/0x440
[  718.221263]  xas_create+0x34a/0x10d0
[  718.221698]  ? kernel_text_address+0xf2/0x120
[  718.222215]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  718.222818]  xas_store+0x8c/0x1c40
[  718.223244]  __xa_store+0x164/0x2d0
[  718.223662]  ? xa_delete_node+0x280/0x280
[  718.224149]  xa_store+0x31/0x50
[  718.224531]  __io_uring_add_tctx_node+0x1cf/0x520
[  718.225080]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  718.225681]  ? alloc_fd+0x2e7/0x670
[  718.226102]  io_uring_setup+0x1fbb/0x2980
[  718.226584]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  718.227173]  ? wait_for_completion_io+0x270/0x270
[  718.227737]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  718.228345]  ? syscall_enter_from_user_mode+0x1d/0x50
[  718.228941]  do_syscall_64+0x33/0x40
[  718.229366]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  718.229952] RIP: 0033:0x7f7e6bc66b19
[  718.230375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  718.232477] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  718.233349] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  718.234161] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  718.234975] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  718.235798] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  718.236607] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:17:31 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 40)

20:17:31 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:31 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x104, 0x0, 0xfffd})

20:17:31 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:31 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:17:31 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)

20:17:31 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:17:31 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b37, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  731.368999] FAULT_INJECTION: forcing a failure.
[  731.368999] name failslab, interval 1, probability 0, space 0, times 0
[  731.370471] CPU: 1 PID: 6108 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  731.371336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  731.372377] Call Trace:
[  731.372715]  dump_stack+0x107/0x167
[  731.373171]  should_fail.cold+0x5/0xa
[  731.373187]  ? create_object.isra.0+0x3a/0xa20
[  731.373201]  should_failslab+0x5/0x20
[  731.373212]  kmem_cache_alloc+0x5b/0x310
[  731.373224]  ? asm_sysvec_call_function_single+0x12/0x20
[  731.373237]  create_object.isra.0+0x3a/0xa20
20:17:31 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 41)

[  731.373248]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  731.373262]  kmem_cache_alloc+0x159/0x310
[  731.373278]  xas_alloc+0x336/0x440
[  731.373289]  xas_create+0x34a/0x10d0
[  731.373306]  ? kernel_text_address+0xf2/0x120
[  731.373318]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  731.373329]  xas_store+0x8c/0x1c40
[  731.373348]  __xa_store+0x164/0x2d0
20:17:31 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  731.373360]  ? xa_delete_node+0x280/0x280
[  731.373384]  xa_store+0x31/0x50
[  731.373395]  __io_uring_add_tctx_node+0x1cf/0x520
20:17:32 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  731.373405]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  731.373414]  ? alloc_fd+0x2e7/0x670
[  731.373432]  io_uring_setup+0x1fbb/0x2980
[  731.373448]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  731.373458]  ? wait_for_completion_io+0x270/0x270
[  731.373485]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  731.373495]  ? syscall_enter_from_user_mode+0x1d/0x50
[  731.373507]  do_syscall_64+0x33/0x40
[  731.373517]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  731.373524] RIP: 0033:0x7f7e6bc66b19
[  731.373533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  731.373539] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  731.373550] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  731.373555] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  731.373561] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  731.373566] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  731.373572] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  731.450811] loop5: detected capacity change from 0 to 135266304
[  731.464780] FAULT_INJECTION: forcing a failure.
[  731.464780] name failslab, interval 1, probability 0, space 0, times 0
[  731.478795] CPU: 1 PID: 6129 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  731.478800] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  731.478804] Call Trace:
[  731.478820]  dump_stack+0x107/0x167
[  731.478831]  should_fail.cold+0x5/0xa
[  731.478843]  ? xas_alloc+0x336/0x440
[  731.478857]  should_failslab+0x5/0x20
[  731.478870]  kmem_cache_alloc+0x5b/0x310
20:17:32 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  731.478883]  xas_alloc+0x336/0x440
[  731.478894]  xas_create+0x34a/0x10d0
[  731.478910]  ? kernel_text_address+0xf2/0x120
20:17:32 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 42)

[  731.478922]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  731.478933]  xas_store+0x8c/0x1c40
[  731.478952]  __xa_store+0x164/0x2d0
[  731.478963]  ? xa_delete_node+0x280/0x280
20:17:32 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  731.478984]  xa_store+0x31/0x50
[  731.478996]  __io_uring_add_tctx_node+0x1cf/0x520
[  731.479005]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  731.479015]  ? alloc_fd+0x2e7/0x670
[  731.479032]  io_uring_setup+0x1fbb/0x2980
[  731.479047]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  731.479057]  ? wait_for_completion_io+0x270/0x270
[  731.479081]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  731.479091]  ? syscall_enter_from_user_mode+0x1d/0x50
[  731.479103]  do_syscall_64+0x33/0x40
[  731.479112]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  731.479119] RIP: 0033:0x7f7e6bc66b19
[  731.479128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  731.479133] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  731.479144] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  731.479150] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  731.479155] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  731.479173] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  731.479179] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  731.558228] FAULT_INJECTION: forcing a failure.
[  731.558228] name failslab, interval 1, probability 0, space 0, times 0
[  731.558242] CPU: 1 PID: 6136 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  731.558248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  731.558251] Call Trace:
[  731.558267]  dump_stack+0x107/0x167
[  731.558282]  should_fail.cold+0x5/0xa
[  731.558294]  ? create_object.isra.0+0x3a/0xa20
[  731.558306]  should_failslab+0x5/0x20
[  731.558317]  kmem_cache_alloc+0x5b/0x310
[  731.558328]  ? mark_held_locks+0x9e/0xe0
[  731.558339]  create_object.isra.0+0x3a/0xa20
[  731.558348]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  731.558360]  kmem_cache_alloc+0x159/0x310
[  731.558374]  xas_alloc+0x336/0x440
[  731.558385]  xas_create+0x34a/0x10d0
[  731.558400]  ? kernel_text_address+0xf2/0x120
[  731.558410]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  731.558421]  xas_store+0x8c/0x1c40
[  731.558438]  __xa_store+0x164/0x2d0
[  731.558449]  ? xa_delete_node+0x280/0x280
[  731.558471]  xa_store+0x31/0x50
[  731.558483]  __io_uring_add_tctx_node+0x1cf/0x520
[  731.558493]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  731.558501]  ? alloc_fd+0x2e7/0x670
[  731.558517]  io_uring_setup+0x1fbb/0x2980
[  731.558531]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  731.558542]  ? wait_for_completion_io+0x270/0x270
[  731.558564]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  731.558574]  ? syscall_enter_from_user_mode+0x1d/0x50
[  731.558587]  do_syscall_64+0x33/0x40
[  731.558607]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  731.588231] RIP: 0033:0x7f7e6bc66b19
[  731.588241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  731.588246] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  731.588256] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  731.588261] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  731.588267] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  731.588272] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  731.588290] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:17:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:17:32 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b3a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:17:32 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:46 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b3b, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:17:46 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:17:46 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x104, 0x0, 0xfffd})

20:17:46 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:46 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:17:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:17:46 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x40, 0x6, &(0x7f0000000480)=[{&(0x7f00000000c0)="cd00f37367713fb078272ac1f0614460b9ec4ae1aad14bbcb770b398f72d78530d665f560e80aaac6f125ce1d04967a418e37674bd14e3db2149a2044514354e14d25a0b521da128a49df1231c7286adae7da6cd54ae9861529917b404cc6dbabe04b6c6246879824426daee8d26e39a4494135ff34d5e7b788b7f54b26f8ed09c580bced81e9b8d46e53721e58f4d2b7db58edcbb091c65fe8694a3fdb4ad861b01fa3a89de42786b6225b434d3bee0682bdc3754e11a8fe9d22e0fdfc60e9d28753bee763e344e205c3f3690e7042ed14e8e4b94edb687af843dd36bbb0c1dbfc971d1a4", 0xe5, 0x7ec1}, {&(0x7f00000001c0)="e6d281ffd479534a3d2d0c7f29882c869e7e0e0d1ff72b158aef", 0x1a, 0x10001}, {&(0x7f0000000200)="6c1badf60d8e687621a69217834ad16f449e2fa414e980ffe2b9a71cfb15b7d2965985333a163e06a97be4adeb97264fec14b2ffcc46ccfdef7611d2bcbdb41d3785a157e9146884ca5d45dd53dbee36dae5265cecd8a554dab4af98c7c3e6a93790a4d407da3801b2086e52aa003456821e7ddc6fed712e770741456ed35d15f3e1753971abe734145d4c3052daf73e6e1976a3278855b0f247ae4efac64436fa1c6174db56315f749f6d27c6e00aaffdf34be0274a4dd630218a754ded749ecbd1a008dfd73d09326eef9e60", 0xcd, 0x2}, {&(0x7f0000000300)="8ef84ffb6094161669624cf990808f", 0xf, 0x5}, {&(0x7f0000000340)="166cbbb16cb90a70e468969cc180196d73cf467f525c64c433727adce4cd87b8fdcec9576d760ffc2f9886e689114fcc2b5d88731578af7fa337ed894060075d9329da364a011392158c55ac49197eebc85addbf4d140e762c5920cc541f9ee683f69fbdb02885a9c451d0113e2a742ca2", 0x71, 0x8}, {&(0x7f00000003c0)="30e2145c8c3d4b082c03a52e233cb7b83a5043193719d1fc6f126b8e77a914970258feb88f75748b3d8f59402e696811829edd0f9d0b5187e3f9dfd080c4931db1d7f5c1a009b4bfb4680cff7d0a5b6396e4b901301fed9b82086b5af469a24b51c758b3c9a1899fb05a12a5f84277e96c2d4fc40f5eeec1bb1a1b1534dcd262feba0e148cf3f814419d326b5c87826fc2075f2f891a9c5e2ff7d4e78ea30eec8b735168cad160e07b10f8bc", 0xac, 0x6}], 0x840, &(0x7f0000000540)={[{@shortname_lower}, {@nonumtail}, {@fat=@umask}], [{@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@appraise}]})

20:17:46 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 43)

[  746.203663] FAULT_INJECTION: forcing a failure.
[  746.203663] name failslab, interval 1, probability 0, space 0, times 0
[  746.203684] CPU: 0 PID: 6169 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  746.203693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
20:17:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  746.203699] Call Trace:
[  746.203722]  dump_stack+0x107/0x167
[  746.203742]  should_fail.cold+0x5/0xa
[  746.203761]  ? xas_alloc+0x336/0x440
[  746.203783]  should_failslab+0x5/0x20
[  746.203801]  kmem_cache_alloc+0x5b/0x310
[  746.203824]  xas_alloc+0x336/0x440
[  746.203844]  xas_create+0x34a/0x10d0
[  746.203871]  ? kernel_text_address+0xf2/0x120
[  746.203892]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  746.203912]  xas_store+0x8c/0x1c40
[  746.203944]  __xa_store+0x164/0x2d0
[  746.203964]  ? xa_delete_node+0x280/0x280
[  746.204001]  xa_store+0x31/0x50
[  746.204021]  __io_uring_add_tctx_node+0x1cf/0x520
[  746.204040]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  746.204055]  ? alloc_fd+0x2e7/0x670
[  746.204084]  io_uring_setup+0x1fbb/0x2980
[  746.204110]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  746.204130]  ? wait_for_completion_io+0x270/0x270
[  746.204170]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  746.204189]  ? syscall_enter_from_user_mode+0x1d/0x50
20:17:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  746.204209]  do_syscall_64+0x33/0x40
[  746.204227]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  746.204239] RIP: 0033:0x7f7e6bc66b19
[  746.204255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  746.204264] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  746.204291] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  746.204301] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  746.204311] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  746.204321] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  746.204331] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:17:46 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 44)

20:17:46 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  746.242197] loop6: detected capacity change from 0 to 131072
[  746.244966] FAT-fs (loop6): Unrecognized mount option "nnonumtail=1" or missing value
[  746.250647] loop5: detected capacity change from 0 to 135266304
[  746.332621] loop6: detected capacity change from 0 to 131072
[  746.334981] FAT-fs (loop6): Unrecognized mount option "nnonumtail=1" or missing value
20:17:46 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:17:46 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b3c, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:17:46 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)

[  746.389046] FAULT_INJECTION: forcing a failure.
[  746.389046] name failslab, interval 1, probability 0, space 0, times 0
[  746.391363] CPU: 0 PID: 6190 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  746.392697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  746.394328] Call Trace:
[  746.394845]  dump_stack+0x107/0x167
[  746.395568]  should_fail.cold+0x5/0xa
[  746.396317]  ? create_object.isra.0+0x3a/0xa20
[  746.397210]  should_failslab+0x5/0x20
[  746.397954]  kmem_cache_alloc+0x5b/0x310
[  746.398753]  ? mark_held_locks+0x9e/0xe0
[  746.399559]  create_object.isra.0+0x3a/0xa20
[  746.400410]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  746.401456]  kmem_cache_alloc+0x159/0x310
[  746.402488]  xas_alloc+0x336/0x440
[  746.403403]  xas_create+0x34a/0x10d0
[  746.404287]  ? kernel_text_address+0xf2/0x120
[  746.405191]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  746.406238]  xas_store+0x8c/0x1c40
[  746.406956]  __xa_store+0x164/0x2d0
[  746.407747]  ? xa_delete_node+0x280/0x280
[  746.408576]  xa_store+0x31/0x50
[  746.409224]  __io_uring_add_tctx_node+0x1cf/0x520
[  746.410166]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  746.411192]  ? alloc_fd+0x2e7/0x670
[  746.411930]  io_uring_setup+0x1fbb/0x2980
[  746.412748]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  746.413745]  ? wait_for_completion_io+0x270/0x270
[  746.414710]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  746.415735]  ? syscall_enter_from_user_mode+0x1d/0x50
[  746.416749]  do_syscall_64+0x33/0x40
[  746.417480]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  746.418479] RIP: 0033:0x7f7e6bc66b19
[  746.419214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  746.422843] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  746.424405] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  746.425825] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  746.427262] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  746.428769] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  746.430196] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  746.442901] loop5: detected capacity change from 0 to 135266304
20:18:01 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 1)

20:18:01 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 45)

20:18:01 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:01 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0xfffd, 0x9ab, 0xbbf7})
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000480)={0x6, 0xf0})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
r3 = ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
ioctl$KDFONTOP_GET(r2, 0x4b72, &(0x7f0000000440)={0x1, 0x0, 0x3, 0xc, 0x8000, &(0x7f0000000040)})

20:18:01 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:01 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b3d, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:01 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:01 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
syz_mount_image$nfs4(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x6, 0x6, &(0x7f0000000b00)=[{&(0x7f0000000680)="4c599ee0d9e718af00d358b933180fe387698515fb60a34cf96d77fc70de5999c81a27799af64fd57fc5452a74cce3426dafb0ec80fd6c6b7f1b2fa5ce834f4f9b03cafbf114bbf51d7294f3dee261537a16cbc85ba96e515755dad98286ace75f82863d2c64a66d6976284aabc4f93b6bd23b7f854c486d593ed5bb173e19a48c40a38e9fe9bb9922e36e58fc0be057185f520e6cd000da943f57a10091c2da6e6f5769184cd41364b946b0150895adf649c3a5dcb54e04a1e96ab505d815d8e1d692364d", 0xc5, 0x5a}, {&(0x7f0000000780)="9da63dece4dd9e8dfd1b63009f53fd794920e0fe59f4223841b09cf2876c81433f339af09840166c6c9451878c4174643d850dc558a1374cc4c9", 0x3a, 0xf9}, {&(0x7f00000007c0)="78c7874d7f7aaff8d5d7b7108f0a3b2571c2e85b03d3416781aa0deb3807cf7008308cfe50c0c4c66df2255b40579ae37bb51044aaab9d79220e2e42b9df9da4d47af93c320f577d87c0ad79", 0x4c, 0x7}, {&(0x7f0000000840)="01a921b1458f7690b7ac8d9f90d29b49a164603bccaa7951dbd7c370caf5650aba3bedfb6fe8024ad33e83666a45546161cf2ad31ba60514e2b33fd560bc7a12e722a8708fd4167536cfaff1dfb11573d90c62bde65d937c997c15ce3223611746b318ad5589516ef9c03e241cac9cc0ce5a9d33d8e2f2e7f9b9edd081e9d0bc0e3b99c7f7ba175aac52", 0x8a, 0x100}, {&(0x7f0000000900)="d34d197e2d964a660897fc23450379bac6cca94e588bff1b35a9e0113dce04f2a3129d6086f4c803348391840ee6d2488b2395e624cefa2fff99f1fb7fb7ac9f9ecef3f8d510bf272e99e8b8d1374bece066b18f39dbb21b00f93389f3ceb2d2e4cdcee548a32f7e2bf642b453e054e2102ad540f4c5886bd1c5cd0babeaa5f51a1fbc8be76e104655bab84b3540f03ae00012d4ee1ebe1a31207ae2e50727a76d169e8dd0ce238e1e69354146761cc54745b09ae3f64407baec2c85d5bc567300c66aae98fce3b70f7366ee41d88079cb340ea73f4093b880a16ea2e7648e2072eb2a4568ac1265ca65bf3b3ca98af4", 0xf0, 0x4857b433}, {&(0x7f0000000a00)="f83d8d0e152d064f5b17eb6f2d5e1c7cdfb4ea0172558d94c994362bf75d525ba2fffb527e5baf365e5431a0d7fd0b3c165f45cee972aa71fbd2c1926f4120676e239be3edab8bc3e9e49d181a10fdf3e61eb8f95d3c905660791850f3c11f3128ce3da3df3d68f3f3039d193729c552d4c03f927c3fc278abab7de3bacba3beca02d35a04dbe6028d5184d0c3904287b566afbee75d9ccac9762075e0b65eea454a8601b4014ef237302f7658fdacd68a278fb2c4208f25ccd089adc032f2e32e7d79867342cf065d136b3fa04eb09cb6867fdd", 0xd4, 0x1000}], 0x22010, &(0x7f0000000bc0)={[{'\x00'}, {'/{R[$'}, {'client0\x00'}, {'\x00'}, {':.%:.}:+*(--%.$:#'}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '[&**!'}}, {@uid_gt={'uid>', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x32, 0x62, 0x34, 0x37, 0x54, 0x33], 0x2d, [0x30, 0x37, 0x62, 0x63], 0x2d, [0x33, 0x31, 0x36, 0x65], 0x2d, [0x0, 0x62, 0x32, 0x39], 0x2d, [0xfa, 0x37, 0x36, 0x62, 0x31, 0x2d, 0x62, 0x31]}}}, {@dont_appraise}]})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  760.712947] FAULT_INJECTION: forcing a failure.
[  760.712947] name failslab, interval 1, probability 0, space 0, times 0
[  760.714325] CPU: 0 PID: 6206 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  760.715127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  760.716113] Call Trace:
[  760.716430]  dump_stack+0x107/0x167
[  760.716861]  should_fail.cold+0x5/0xa
[  760.717311]  ? xas_alloc+0x336/0x440
[  760.717751]  should_failslab+0x5/0x20
[  760.718202]  kmem_cache_alloc+0x5b/0x310
[  760.718677]  xas_alloc+0x336/0x440
[  760.719092]  xas_create+0x34a/0x10d0
[  760.719546]  ? kernel_text_address+0xf2/0x120
[  760.720071]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  760.720689]  xas_store+0x8c/0x1c40
[  760.721121]  __xa_store+0x164/0x2d0
[  760.721549]  ? xa_delete_node+0x280/0x280
[  760.722049]  xa_store+0x31/0x50
[  760.722438]  __io_uring_add_tctx_node+0x1cf/0x520
[  760.723006]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  760.723629]  ? alloc_fd+0x2e7/0x670
[  760.724067]  io_uring_setup+0x1fbb/0x2980
[  760.724560]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  760.725159]  ? wait_for_completion_io+0x270/0x270
[  760.725742]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  760.726350]  ? syscall_enter_from_user_mode+0x1d/0x50
[  760.726955]  do_syscall_64+0x33/0x40
[  760.727389]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  760.727991] RIP: 0033:0x7f7e6bc66b19
[  760.728427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  760.730560] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  760.731441] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  760.732275] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  760.733098] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  760.733922] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  760.734750] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  760.747382] FAULT_INJECTION: forcing a failure.
[  760.747382] name failslab, interval 1, probability 0, space 0, times 0
[  760.747771] loop5: detected capacity change from 0 to 135266304
[  760.750210] CPU: 1 PID: 6213 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  760.751895] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  760.753623] Call Trace:
[  760.754180]  dump_stack+0x107/0x167
[  760.754950]  should_fail.cold+0x5/0xa
[  760.755751]  ? getname_flags.part.0+0x50/0x4f0
[  760.756702]  should_failslab+0x5/0x20
[  760.757498]  kmem_cache_alloc+0x5b/0x310
[  760.758348]  getname_flags.part.0+0x50/0x4f0
[  760.759266]  user_path_at_empty+0xa1/0x100
[  760.760158]  __do_sys_fspick+0x1a4/0x530
[  760.760999]  ? ksys_write+0x1a9/0x260
[  760.761795]  ? __do_sys_fsconfig+0xc20/0xc20
[  760.762721]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  760.763811]  ? syscall_enter_from_user_mode+0x1d/0x50
[  760.764876]  do_syscall_64+0x33/0x40
[  760.765647]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  760.766702] RIP: 0033:0x7f7a281e7b19
[  760.767466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  760.771286] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  760.772882] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  760.774363] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  760.775843] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  760.777321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  760.778797] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:18:01 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:01 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:18:01 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 2)

20:18:01 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:01 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b40, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  760.871211] FAULT_INJECTION: forcing a failure.
[  760.871211] name failslab, interval 1, probability 0, space 0, times 0
[  760.872550] CPU: 0 PID: 6224 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  760.873321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  760.874253] Call Trace:
[  760.874559]  dump_stack+0x107/0x167
[  760.874972]  should_fail.cold+0x5/0xa
[  760.875405]  ? create_object.isra.0+0x3a/0xa20
[  760.875930]  should_failslab+0x5/0x20
[  760.876364]  kmem_cache_alloc+0x5b/0x310
[  760.876825]  create_object.isra.0+0x3a/0xa20
[  760.877331]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  760.877344]  kmem_cache_alloc+0x159/0x310
[  760.877357]  getname_flags.part.0+0x50/0x4f0
[  760.877369]  user_path_at_empty+0xa1/0x100
[  760.877380]  __do_sys_fspick+0x1a4/0x530
[  760.877390]  ? ksys_write+0x1a9/0x260
[  760.877398]  ? __do_sys_fsconfig+0xc20/0xc20
[  760.877414]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  760.877425]  ? syscall_enter_from_user_mode+0x1d/0x50
[  760.877436]  do_syscall_64+0x33/0x40
[  760.877447]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  760.877453] RIP: 0033:0x7f7a281e7b19
[  760.877463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  760.877468] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  760.877479] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  760.877484] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  760.877490] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  760.877495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  760.877501] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:18:14 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fspick(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:18:14 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000b80)={0x100, 0x7})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
write$binfmt_elf64(r2, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7, 0x7, 0x9, 0xff, 0x2, 0x3e, 0x3, 0x383, 0x40, 0x1f, 0x5, 0x9, 0x38, 0x1, 0xff, 0x9, 0x9}, [{0x60000000, 0xa741, 0x5, 0x3ff, 0x400, 0x8, 0x5, 0x8}], "2d4aa1b26c18cd6b601793ac57bbde59a7a50b08527ba822f4a667313e37b6320439d53dfc99e560985231b5b968a2f31c13a0ac0394857280e087d4a5ae50554476cf5f8d0a78027c5986e163e2458750c5405afb150abe82d7e4be38fecbdf14a0e3bf1b4a3bee10c47c167a8f50e3982b717b2e8968a16abf6877fb9e61ac868fb2a691a1f41a034137b4ec73c60067aed984c831211f1ec1a4012cad43f9af29a8b61db9cabda2e7335b6f6f798450d17a64", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xb2c)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:18:14 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b41, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:14 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:14 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 46)

20:18:14 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:14 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 3)

20:18:14 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:14 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  773.865233] FAULT_INJECTION: forcing a failure.
[  773.865233] name failslab, interval 1, probability 0, space 0, times 0
[  773.865246] CPU: 1 PID: 6247 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  773.865251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
20:18:14 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 47)

[  773.865255] Call Trace:
[  773.865270]  dump_stack+0x107/0x167
[  773.865282]  should_fail.cold+0x5/0xa
[  773.865300]  ? create_object.isra.0+0x3a/0xa20
[  773.865313]  should_failslab+0x5/0x20
[  773.865323]  kmem_cache_alloc+0x5b/0x310
[  773.865335]  ? mark_held_locks+0x9e/0xe0
[  773.865347]  create_object.isra.0+0x3a/0xa20
20:18:14 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  773.865356]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  773.865369]  kmem_cache_alloc+0x159/0x310
[  773.865384]  xas_alloc+0x336/0x440
20:18:14 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  773.865395]  xas_create+0x34a/0x10d0
20:18:14 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  773.865410]  ? kernel_text_address+0xf2/0x120
[  773.865422]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  773.865437]  xas_store+0x8c/0x1c40
[  773.865455]  __xa_store+0x164/0x2d0
[  773.865466]  ? xa_delete_node+0x280/0x280
[  773.865486]  xa_store+0x31/0x50
[  773.865498]  __io_uring_add_tctx_node+0x1cf/0x520
[  773.865509]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  773.865518]  ? alloc_fd+0x2e7/0x670
[  773.865534]  io_uring_setup+0x1fbb/0x2980
[  773.865549]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  773.865560]  ? wait_for_completion_io+0x270/0x270
[  773.865583]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  773.865593]  ? syscall_enter_from_user_mode+0x1d/0x50
[  773.865605]  do_syscall_64+0x33/0x40
[  773.865615]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  773.865622] RIP: 0033:0x7f7e6bc66b19
[  773.865632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  773.865637] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  773.865649] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  773.865654] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  773.865660] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  773.865666] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  773.865671] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  773.900213] FAULT_INJECTION: forcing a failure.
[  773.900213] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  773.900234] CPU: 0 PID: 6251 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  773.900243] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  773.900248] Call Trace:
[  773.900272]  dump_stack+0x107/0x167
[  773.900291]  should_fail.cold+0x5/0xa
[  773.900316]  strncpy_from_user+0x34/0x470
[  773.900339]  getname_flags.part.0+0x95/0x4f0
[  773.900361]  user_path_at_empty+0xa1/0x100
[  773.900380]  __do_sys_fspick+0x1a4/0x530
[  773.900396]  ? ksys_write+0x1a9/0x260
[  773.900412]  ? __do_sys_fsconfig+0xc20/0xc20
[  773.900443]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  773.900462]  ? syscall_enter_from_user_mode+0x1d/0x50
[  773.900481]  do_syscall_64+0x33/0x40
[  773.900499]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  773.900510] RIP: 0033:0x7f7a281e7b19
[  773.900526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  773.900535] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  773.900554] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  773.900564] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  773.900574] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  773.900583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  773.900593] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  773.941630] FAULT_INJECTION: forcing a failure.
[  773.941630] name failslab, interval 1, probability 0, space 0, times 0
[  773.941644] CPU: 1 PID: 6257 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  773.941649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  773.941653] Call Trace:
[  773.941669]  dump_stack+0x107/0x167
[  773.941680]  should_fail.cold+0x5/0xa
[  773.941693]  ? xas_alloc+0x336/0x440
[  773.941706]  should_failslab+0x5/0x20
[  773.941717]  kmem_cache_alloc+0x5b/0x310
[  773.941729]  xas_alloc+0x336/0x440
[  773.941740]  xas_create+0x34a/0x10d0
[  773.941757]  ? kernel_text_address+0xf2/0x120
[  773.941769]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  773.941780]  xas_store+0x8c/0x1c40
[  773.941797]  __xa_store+0x164/0x2d0
[  773.941808]  ? xa_delete_node+0x280/0x280
[  773.941828]  xa_store+0x31/0x50
[  773.941840]  __io_uring_add_tctx_node+0x1cf/0x520
[  773.941850]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  773.941860]  ? alloc_fd+0x2e7/0x670
[  773.941875]  io_uring_setup+0x1fbb/0x2980
[  773.941890]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  773.941901]  ? wait_for_completion_io+0x270/0x270
[  773.941923]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  773.941933]  ? syscall_enter_from_user_mode+0x1d/0x50
[  773.941945]  do_syscall_64+0x33/0x40
[  773.941955]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  773.941962] RIP: 0033:0x7f7e6bc66b19
[  773.941971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  773.941976] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  773.941987] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  773.941993] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  773.941998] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  773.942004] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  773.942009] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  787.513243] FAULT_INJECTION: forcing a failure.
[  787.513243] name failslab, interval 1, probability 0, space 0, times 0
[  787.516050] CPU: 1 PID: 6275 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  787.517487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  787.519230] Call Trace:
[  787.519787]  dump_stack+0x107/0x167
[  787.520788]  should_fail.cold+0x5/0xa
20:18:28 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 4)

20:18:28 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:28 executing program 6:
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r0, r1, 0x0, 0x6)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000080)={0x0, 0x100, 0x4, 0x4})

20:18:28 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b44, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:28 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:28 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:28 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  787.520807]  ? alloc_fs_context+0x57/0x840
20:18:28 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 48)

[  787.520827]  should_failslab+0x5/0x20
[  787.520845]  kmem_cache_alloc_trace+0x55/0x320
[  787.520866]  alloc_fs_context+0x57/0x840
[  787.520888]  __do_sys_fspick+0x268/0x530
[  787.520905]  ? ksys_write+0x1a9/0x260
[  787.520920]  ? __do_sys_fsconfig+0xc20/0xc20
[  787.520943]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  787.520962]  ? syscall_enter_from_user_mode+0x1d/0x50
[  787.520981]  do_syscall_64+0x33/0x40
[  787.520998]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  787.521010] RIP: 0033:0x7f7a281e7b19
[  787.521026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  787.521035] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  787.521054] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  787.521064] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  787.521073] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
20:18:28 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  787.521083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  787.521093] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  787.548926] FAULT_INJECTION: forcing a failure.
[  787.548926] name failslab, interval 1, probability 0, space 0, times 0
[  787.548949] CPU: 1 PID: 6287 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  787.548961] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  787.548968] Call Trace:
[  787.548992]  dump_stack+0x107/0x167
[  787.549018]  should_fail.cold+0x5/0xa
[  787.549042]  ? xas_alloc+0x336/0x440
[  787.549068]  should_failslab+0x5/0x20
[  787.549089]  kmem_cache_alloc+0x5b/0x310
[  787.549119]  xas_alloc+0x336/0x440
[  787.549146]  xas_create+0x34a/0x10d0
[  787.549179]  ? kernel_text_address+0xf2/0x120
[  787.549205]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  787.549232]  xas_store+0x8c/0x1c40
[  787.549281]  __xa_store+0x164/0x2d0
[  787.549308]  ? xa_delete_node+0x280/0x280
[  787.549355]  xa_store+0x31/0x50
[  787.549381]  __io_uring_add_tctx_node+0x1cf/0x520
[  787.549406]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  787.549425]  ? alloc_fd+0x2e7/0x670
[  787.549460]  io_uring_setup+0x1fbb/0x2980
[  787.549486]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  787.549504]  ? wait_for_completion_io+0x270/0x270
[  787.549544]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  787.549562]  ? syscall_enter_from_user_mode+0x1d/0x50
[  787.549582]  do_syscall_64+0x33/0x40
[  787.549599]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  787.549610] RIP: 0033:0x7f7e6bc66b19
[  787.549626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  787.549635] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  787.549654] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  787.549664] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  787.549674] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  787.549691] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  787.602759] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:18:28 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:28 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$KDSETLED(r1, 0x4b32, 0x10000)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:18:28 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 5)

20:18:28 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b45, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:28 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000040)={0x80, 0x0, 0x0, 0x6, 0x3, 0x8})
fgetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', &(0x7f0000000180)=""/209, 0xd1)

20:18:28 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  787.760379] FAULT_INJECTION: forcing a failure.
[  787.760379] name failslab, interval 1, probability 0, space 0, times 0
[  787.762762] CPU: 0 PID: 6298 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  787.764034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  787.765572] Call Trace:
[  787.766061]  dump_stack+0x107/0x167
[  787.766734]  should_fail.cold+0x5/0xa
[  787.767438]  ? create_object.isra.0+0x3a/0xa20
[  787.768296]  should_failslab+0x5/0x20
[  787.769001]  kmem_cache_alloc+0x5b/0x310
[  787.769752]  create_object.isra.0+0x3a/0xa20
[  787.770562]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  787.771492]  kmem_cache_alloc_trace+0x151/0x320
[  787.772356]  alloc_fs_context+0x57/0x840
[  787.773101]  __do_sys_fspick+0x268/0x530
[  787.773842]  ? ksys_write+0x1a9/0x260
[  787.774532]  ? __do_sys_fsconfig+0xc20/0xc20
[  787.775341]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  787.776310]  ? syscall_enter_from_user_mode+0x1d/0x50
[  787.777252]  do_syscall_64+0x33/0x40
[  787.777930]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  787.778865] RIP: 0033:0x7f7a281e7b19
[  787.779552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  787.782934] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  787.782951] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
20:18:28 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  787.782960] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  787.782968] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
20:18:28 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:28 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 49)

[  787.782976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  787.782984] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  787.859152] FAULT_INJECTION: forcing a failure.
[  787.859152] name failslab, interval 1, probability 0, space 0, times 0
[  787.861179] CPU: 0 PID: 6311 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  787.862358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  787.863783] Call Trace:
[  787.864255]  dump_stack+0x107/0x167
[  787.864872]  should_fail.cold+0x5/0xa
[  787.865529]  ? xas_alloc+0x336/0x440
[  787.866174]  should_failslab+0x5/0x20
[  787.866832]  kmem_cache_alloc+0x5b/0x310
[  787.867532]  xas_alloc+0x336/0x440
[  787.868164]  xas_create+0x34a/0x10d0
[  787.868817]  ? kernel_text_address+0xf2/0x120
[  787.869595]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  787.870511]  xas_store+0x8c/0x1c40
[  787.871139]  __xa_store+0x164/0x2d0
[  787.871761]  ? xa_delete_node+0x280/0x280
[  787.872506]  xa_store+0x31/0x50
[  787.873079]  __io_uring_add_tctx_node+0x1cf/0x520
[  787.873913]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  787.874817]  ? alloc_fd+0x2e7/0x670
[  787.875454]  io_uring_setup+0x1fbb/0x2980
[  787.876190]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  787.877068]  ? wait_for_completion_io+0x270/0x270
[  787.877921]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  787.878827]  ? syscall_enter_from_user_mode+0x1d/0x50
[  787.879716]  do_syscall_64+0x33/0x40
[  787.880362]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  787.881240] RIP: 0033:0x7f7e6bc66b19
[  787.881875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  787.885030] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  787.886338] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  787.887555] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  787.888772] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  787.889981] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  787.891193] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:18:43 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 50)

20:18:43 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:43 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:43 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b46, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:43 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x28000000000)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:18:43 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:43 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:18:43 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 6)

[  803.388178] FAULT_INJECTION: forcing a failure.
[  803.388178] name failslab, interval 1, probability 0, space 0, times 0
[  803.389855] CPU: 1 PID: 6333 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  803.389872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  803.392340] Call Trace:
[  803.392678]  dump_stack+0x107/0x167
[  803.393155]  should_fail.cold+0x5/0xa
[  803.393652]  ? cgroup_init_fs_context+0x47/0x3e0
[  803.394281]  should_failslab+0x5/0x20
[  803.394774]  kmem_cache_alloc_trace+0x55/0x320
[  803.395375]  cgroup_init_fs_context+0x47/0x3e0
[  803.395976]  ? css_killed_work_fn+0x610/0x610
[  803.396553]  alloc_fs_context+0x4fd/0x840
[  803.397093]  __do_sys_fspick+0x268/0x530
[  803.397595]  ? ksys_write+0x1a9/0x260
[  803.398091]  ? __do_sys_fsconfig+0xc20/0xc20
[  803.398665]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  803.399374]  ? syscall_enter_from_user_mode+0x1d/0x50
[  803.400071]  do_syscall_64+0x33/0x40
[  803.400574]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  803.401247] RIP: 0033:0x7f7a281e7b19
[  803.401733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  803.404162] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  803.405264] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  803.406191] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  803.407116] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  803.407998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  803.408952] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  803.426198] FAULT_INJECTION: forcing a failure.
[  803.426198] name failslab, interval 1, probability 0, space 0, times 0
[  803.428676] CPU: 0 PID: 6327 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  803.430118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  803.431864] Call Trace:
[  803.432471]  dump_stack+0x107/0x167
[  803.433249]  should_fail.cold+0x5/0xa
[  803.434064]  ? create_object.isra.0+0x3a/0xa20
[  803.435022]  should_failslab+0x5/0x20
[  803.435813]  kmem_cache_alloc+0x5b/0x310
[  803.436690]  ? mark_held_locks+0x9e/0xe0
[  803.437541]  create_object.isra.0+0x3a/0xa20
[  803.438455]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  803.439516]  kmem_cache_alloc+0x159/0x310
[  803.440415]  xas_alloc+0x336/0x440
[  803.441164]  xas_create+0x34a/0x10d0
[  803.441947]  ? kernel_text_address+0xf2/0x120
[  803.442887]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  803.443978]  xas_store+0x8c/0x1c40
[  803.444767]  __xa_store+0x164/0x2d0
[  803.445528]  ? xa_delete_node+0x280/0x280
[  803.446409]  xa_store+0x31/0x50
[  803.447098]  __io_uring_add_tctx_node+0x1cf/0x520
[  803.448148]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  803.449245]  ? alloc_fd+0x2e7/0x670
[  803.450021]  io_uring_setup+0x1fbb/0x2980
[  803.450900]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  803.451971]  ? wait_for_completion_io+0x270/0x270
[  803.453041]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  803.454140]  ? syscall_enter_from_user_mode+0x1d/0x50
[  803.455230]  do_syscall_64+0x33/0x40
[  803.456007]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  803.457109] RIP: 0033:0x7f7e6bc66b19
[  803.457886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  803.461773] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  803.463367] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  803.464877] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  803.466380] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  803.467879] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  803.469406] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:18:58 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 7)

20:18:58 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 51)

20:18:58 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:58 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:18:58 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:58 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b47, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:58 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
io_setup(0x1, &(0x7f0000000280)=<r2=>0x0)
r3 = eventfd(0x0)
io_submit(r2, 0x1, &(0x7f00000004c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}])
io_cancel(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x8, 0x7f, r4, &(0x7f0000000400)="41ee93fd67486ef75abc5c88e2351ae8c3407ed1501dd0affcee394e037d5ba371365c0077f6f4fe0ac21c0f4edcfd989212bef1538828aed24347c7914dbfc6514bcc454c657b49db18b51b9812a2e41c22f4e8e3440463b0e5ba4902f2d64a809591146be6fdda37e337c5143e041a104aed68511e37c3f339feb59e2cf48b10529f2d1bb8954fd70881d343dabd9193b91b3577a06c6d0aecfcc4b125bc3331c27463e3d5adc7e0a504868b4740cb82fad1ab9958026329dca20f9d8390d693a9ba33bdde4fd50af6c514bcabc830", 0xd0, 0x2}])
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r1, 0x0)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0xee6, 0x6f, 0x400, 0x539, 0x0, "81127578ac6101ee4550768cde1f3df9a660c1", 0x3, 0x5})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

[  818.208111] FAULT_INJECTION: forcing a failure.
[  818.208111] name failslab, interval 1, probability 0, space 0, times 0
[  818.210624] CPU: 0 PID: 6355 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  818.212092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  818.213871] Call Trace:
[  818.214458]  dump_stack+0x107/0x167
[  818.215322]  should_fail.cold+0x5/0xa
[  818.216257]  ? create_object.isra.0+0x3a/0xa20
[  818.217243]  should_failslab+0x5/0x20
[  818.218050]  kmem_cache_alloc+0x5b/0x310
[  818.218908]  ? mark_held_locks+0x9e/0xe0
[  818.219759]  create_object.isra.0+0x3a/0xa20
[  818.220694]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  818.221880]  kmem_cache_alloc+0x159/0x310
[  818.222830]  xas_alloc+0x336/0x440
[  818.223597]  xas_create+0x34a/0x10d0
[  818.224400]  ? kernel_text_address+0xf2/0x120
[  818.225350]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  818.226463]  xas_store+0x8c/0x1c40
[  818.227379]  __xa_store+0x164/0x2d0
[  818.228170]  ? xa_delete_node+0x280/0x280
[  818.229094]  xa_store+0x31/0x50
[  818.229795]  __io_uring_add_tctx_node+0x1cf/0x520
[  818.230800]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  818.231987]  ? alloc_fd+0x2e7/0x670
[  818.232908]  io_uring_setup+0x1fbb/0x2980
[  818.233806]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  818.234897]  ? wait_for_completion_io+0x270/0x270
[  818.235938]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  818.237169]  ? syscall_enter_from_user_mode+0x1d/0x50
[  818.238330]  do_syscall_64+0x33/0x40
[  818.239126]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  818.240217] RIP: 0033:0x7f7e6bc66b19
[  818.241020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  818.242837] FAULT_INJECTION: forcing a failure.
[  818.242837] name failslab, interval 1, probability 0, space 0, times 0
[  818.245103] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  818.245123] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  818.245132] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  818.245142] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  818.245152] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  818.245162] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  818.257780] CPU: 1 PID: 6351 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  818.259205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  818.260938] Call Trace:
20:18:58 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  818.261490]  dump_stack+0x107/0x167
[  818.262470]  should_fail.cold+0x5/0xa
[  818.263307]  ? create_object.isra.0+0x3a/0xa20
[  818.264273]  should_failslab+0x5/0x20
[  818.265064]  kmem_cache_alloc+0x5b/0x310
[  818.265902]  ? create_object.isra.0+0x3ad/0xa20
[  818.266866]  create_object.isra.0+0x3a/0xa20
[  818.267779]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  818.268842]  __kmalloc_node+0x1ae/0x420
[  818.269670]  memcg_alloc_page_obj_cgroups+0x73/0x100
[  818.270722]  memcg_slab_post_alloc_hook+0x1f0/0x430
[  818.271763]  ? trace_hardirqs_on+0x5b/0x180
[  818.272666]  kmem_cache_alloc_trace+0x169/0x320
[  818.273633]  alloc_fs_context+0x57/0x840
[  818.274485]  __do_sys_fspick+0x268/0x530
[  818.275328]  ? ksys_write+0x1a9/0x260
[  818.276114]  ? __do_sys_fsconfig+0xc20/0xc20
[  818.277039]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  818.278128]  ? syscall_enter_from_user_mode+0x1d/0x50
[  818.279196]  do_syscall_64+0x33/0x40
[  818.279970]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  818.281038] RIP: 0033:0x7f7a281e7b19
[  818.281805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  818.285619] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  818.287196] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  818.288672] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  818.290149] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  818.291629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  818.293142] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:18:58 executing program 5:
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000040)={0x8000, 0x2, 'client0\x00', 0x2, "44e86b7a659a47e7", "510c9be123d95da701437f4f7a54881201e23c27a5b87af21d9412edc49d6fb3", 0x2, 0x129})
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:18:58 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:58 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b48, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:58 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0x81ff, 0x1, 0xffff, 0xd3d2, 0xa5, "9e930097ff2977f91fd8e2b253d549ee0284f2", 0xfffff801, 0x5})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r1=>0x0})
capset(&(0x7f0000000180)={0x20080522, r1}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/36, 0x24, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r1], 0x2, {r2}}, 0x58)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r2, 0x941c, 0x0)

20:18:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:58 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 52)

20:18:58 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  818.493663] FAULT_INJECTION: forcing a failure.
[  818.493663] name failslab, interval 1, probability 0, space 0, times 0
[  818.496271] CPU: 0 PID: 6374 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  818.497698] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  818.499409] Call Trace:
[  818.500088]  dump_stack+0x107/0x167
[  818.500866]  should_fail.cold+0x5/0xa
[  818.501665]  ? create_object.isra.0+0x3a/0xa20
[  818.502624]  should_failslab+0x5/0x20
[  818.503419]  kmem_cache_alloc+0x5b/0x310
[  818.504512]  ? mark_held_locks+0x9e/0xe0
[  818.505367]  create_object.isra.0+0x3a/0xa20
[  818.506302]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  818.507564]  kmem_cache_alloc+0x159/0x310
[  818.508452]  xas_alloc+0x336/0x440
[  818.509211]  xas_create+0x34a/0x10d0
[  818.509999]  ? kernel_text_address+0xf2/0x120
[  818.510925]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  818.512093]  xas_store+0x8c/0x1c40
[  818.512951]  __xa_store+0x164/0x2d0
[  818.513717]  ? xa_delete_node+0x280/0x280
[  818.514605]  xa_store+0x31/0x50
[  818.515453]  __io_uring_add_tctx_node+0x1cf/0x520
[  818.516486]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  818.517576]  ? alloc_fd+0x2e7/0x670
[  818.518347]  io_uring_setup+0x1fbb/0x2980
[  818.519208]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  818.520457]  ? wait_for_completion_io+0x270/0x270
[  818.521489]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  818.522586]  ? syscall_enter_from_user_mode+0x1d/0x50
[  818.523837]  do_syscall_64+0x33/0x40
[  818.524629]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  818.525693] RIP: 0033:0x7f7e6bc66b19
[  818.526472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  818.530454] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  818.532169] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  818.533659] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  818.535233] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  818.536848] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  818.538456] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:18:59 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:18:59 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b49, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:18:59 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x0, 0x400})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)

20:18:59 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r4, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:18:59 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:18:59 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 8)

[  818.731986] FAULT_INJECTION: forcing a failure.
[  818.731986] name failslab, interval 1, probability 0, space 0, times 0
[  818.734496] CPU: 0 PID: 6389 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  818.736170] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  818.737924] Call Trace:
[  818.738490]  dump_stack+0x107/0x167
[  818.739373]  should_fail.cold+0x5/0xa
[  818.740180]  ? __do_sys_fspick+0x2fb/0x530
[  818.741074]  should_failslab+0x5/0x20
[  818.741863]  kmem_cache_alloc_trace+0x55/0x320
[  818.742940]  __do_sys_fspick+0x2fb/0x530
[  818.743775]  ? ksys_write+0x1a9/0x260
[  818.744566]  ? __do_sys_fsconfig+0xc20/0xc20
[  818.745489]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  818.746737]  ? syscall_enter_from_user_mode+0x1d/0x50
[  818.747799]  do_syscall_64+0x33/0x40
[  818.748579]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  818.749776] RIP: 0033:0x7f7a281e7b19
[  818.750538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  818.754492] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  818.756044] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  818.757628] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  818.759098] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  818.760632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  818.762297] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  832.108847] FAULT_INJECTION: forcing a failure.
[  832.108847] name failslab, interval 1, probability 0, space 0, times 0
[  832.111340] CPU: 0 PID: 6405 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  832.112783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  832.112790] Call Trace:
[  832.112814]  dump_stack+0x107/0x167
[  832.112833]  should_fail.cold+0x5/0xa
[  832.112852]  ? xas_alloc+0x336/0x440
[  832.112874]  should_failslab+0x5/0x20
[  832.112892]  kmem_cache_alloc+0x5b/0x310
20:19:12 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 9)

20:19:12 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:12 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:19:12 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000080)=0x8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x48243, 0x0)
ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f00000002c0)={0x1, 0x7, 0x6, 0x5, 0x9, "79b72c94f59e92ebeecdaaee274946cc7e4e6e", 0x4, 0xffffc93b})
connect$inet(r1, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r3, 0x0, 0x6)
recvmmsg$unix(r2, &(0x7f0000000a00)=[{{&(0x7f0000000400), 0x6e, &(0x7f0000000680)=[{&(0x7f0000000480)=""/105, 0x69}, {&(0x7f0000000500)=""/133, 0x85}, {&(0x7f00000005c0)=""/135, 0x87}], 0x3, &(0x7f00000006c0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc8}}, {{&(0x7f00000007c0), 0x6e, &(0x7f0000000980)=[{&(0x7f0000000840)=""/61, 0x3d}, {&(0x7f0000000880)=""/234, 0xea}], 0x2, &(0x7f00000009c0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}], 0x2, 0x21, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x11, &(0x7f0000000a80)=0xff, 0x4)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xc)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0)
readv(r5, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/197, 0xc5}, {0x0}, {&(0x7f0000000300)=""/198, 0xc6}], 0x3)
perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0xff, 0x8, 0xd0, 0x97, 0x0, 0xe0ab, 0x1008, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000000c0), 0x1}, 0x10840, 0x649, 0x1, 0x5, 0x40, 0xa, 0x7aba, 0x0, 0x7ff, 0x0, 0x761}, 0x0, 0x4, r5, 0x0)
ioctl$VT_RESIZE(r5, 0x5609, &(0x7f00000000c0)={0x800, 0x6, 0x40})
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0xfffd, 0x0, 0x4})

20:19:12 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 53)

20:19:12 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:19:12 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b4a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:19:12 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  832.112914]  xas_alloc+0x336/0x440
[  832.112934]  xas_create+0x34a/0x10d0
[  832.112960]  ? queued_spin_lock_slowpath+0xcc/0x8c0
[  832.112981]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  832.113001]  xas_store+0x8c/0x1c40
[  832.113032]  __xa_store+0x164/0x2d0
[  832.113052]  ? xa_delete_node+0x280/0x280
[  832.113088]  xa_store+0x31/0x50
[  832.113107]  __io_uring_add_tctx_node+0x1cf/0x520
[  832.113126]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  832.113141]  ? alloc_fd+0x2e7/0x670
[  832.113169]  io_uring_setup+0x1fbb/0x2980
[  832.113195]  ? __do_sys_io_uring_enter+0x1890/0x1890
20:19:12 executing program 2:
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:12 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  832.113214]  ? wait_for_completion_io+0x270/0x270
[  832.113253]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  832.113271]  ? syscall_enter_from_user_mode+0x1d/0x50
[  832.113291]  do_syscall_64+0x33/0x40
[  832.113308]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  832.113320] RIP: 0033:0x7f7e6bc66b19
[  832.113336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  832.113346] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  832.113365] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  832.113375] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  832.113385] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  832.113394] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  832.113404] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  832.126803] FAULT_INJECTION: forcing a failure.
[  832.126803] name failslab, interval 1, probability 0, space 0, times 0
[  832.126822] CPU: 0 PID: 6397 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  832.126830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  832.126835] Call Trace:
[  832.126853]  dump_stack+0x107/0x167
[  832.126872]  should_fail.cold+0x5/0xa
[  832.126890]  ? create_object.isra.0+0x3a/0xa20
[  832.126910]  should_failslab+0x5/0x20
[  832.126929]  kmem_cache_alloc+0x5b/0x310
[  832.126947]  ? find_held_lock+0x2c/0x110
[  832.126969]  create_object.isra.0+0x3a/0xa20
[  832.126985]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  832.127011]  kmem_cache_alloc_trace+0x151/0x320
[  832.127037]  cgroup_init_fs_context+0x47/0x3e0
[  832.127054]  ? css_killed_work_fn+0x610/0x610
[  832.127072]  alloc_fs_context+0x4fd/0x840
[  832.127095]  __do_sys_fspick+0x268/0x530
[  832.127111]  ? ksys_write+0x1a9/0x260
[  832.127126]  ? __do_sys_fsconfig+0xc20/0xc20
[  832.127149]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  832.127166]  ? syscall_enter_from_user_mode+0x1d/0x50
[  832.127186]  do_syscall_64+0x33/0x40
[  832.127203]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  832.127214] RIP: 0033:0x7f7a281e7b19
[  832.127236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  832.127245] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  832.127263] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  832.127273] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
20:19:12 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:19:12 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 10)

[  832.127283] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  832.127292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  832.127302] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:19:12 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 54)

20:19:12 executing program 2:
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  832.283901] FAULT_INJECTION: forcing a failure.
[  832.283901] name failslab, interval 1, probability 0, space 0, times 0
[  832.285227] CPU: 1 PID: 6424 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  832.286008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  832.286940] Call Trace:
[  832.287243]  dump_stack+0x107/0x167
[  832.287659]  should_fail.cold+0x5/0xa
[  832.288090]  ? create_object.isra.0+0x3a/0xa20
[  832.288620]  should_failslab+0x5/0x20
[  832.289053]  kmem_cache_alloc+0x5b/0x310
[  832.289514]  ? mark_held_locks+0x9e/0xe0
[  832.289976]  create_object.isra.0+0x3a/0xa20
[  832.290478]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  832.291074]  kmem_cache_alloc+0x159/0x310
[  832.291559]  xas_alloc+0x336/0x440
[  832.291978]  xas_create+0x34a/0x10d0
[  832.292425]  ? kernel_text_address+0xf2/0x120
[  832.292850] FAULT_INJECTION: forcing a failure.
[  832.292850] name failslab, interval 1, probability 0, space 0, times 0
[  832.292949]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  832.292961]  xas_store+0x8c/0x1c40
[  832.292983]  __xa_store+0x164/0x2d0
[  832.296697]  ? xa_delete_node+0x280/0x280
[  832.297184]  xa_store+0x31/0x50
[  832.297564]  __io_uring_add_tctx_node+0x1cf/0x520
[  832.298125]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  832.298729]  ? alloc_fd+0x2e7/0x670
[  832.299155]  io_uring_setup+0x1fbb/0x2980
[  832.299638]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  832.300224]  ? wait_for_completion_io+0x270/0x270
[  832.300795]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  832.301402]  ? syscall_enter_from_user_mode+0x1d/0x50
[  832.302000]  do_syscall_64+0x33/0x40
[  832.302428]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  832.303021] RIP: 0033:0x7f7e6bc66b19
[  832.303453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  832.305561] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  832.306442] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  832.307266] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  832.308085] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  832.308900] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  832.309724] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  832.310750] CPU: 0 PID: 6423 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  832.312180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  832.313929] Call Trace:
[  832.314485]  dump_stack+0x107/0x167
[  832.315242]  should_fail.cold+0x5/0xa
[  832.316035]  ? __d_alloc+0x2a/0x990
[  832.316808]  should_failslab+0x5/0x20
[  832.317601]  kmem_cache_alloc+0x5b/0x310
[  832.318456]  __d_alloc+0x2a/0x990
[  832.319187]  d_alloc_pseudo+0x19/0x70
20:19:12 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  832.319979]  alloc_file_pseudo+0xce/0x250
[  832.320939]  ? rwlock_bug.part.0+0x90/0x90
[  832.321837]  ? alloc_file+0x5a0/0x5a0
[  832.322639]  ? do_raw_spin_unlock+0x4f/0x220
[  832.323558]  ? _raw_spin_unlock+0x1a/0x30
[  832.324428]  ? alloc_fd+0x2e7/0x670
[  832.325196]  anon_inode_getfile+0xc8/0x1f0
[  832.326080]  anon_inode_getfd+0x4c/0xa0
[  832.326912]  __do_sys_fspick+0x424/0x530
[  832.327756]  ? ksys_write+0x1a9/0x260
[  832.328562]  ? __do_sys_fsconfig+0xc20/0xc20
[  832.329492]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  832.330587]  ? syscall_enter_from_user_mode+0x1d/0x50
[  832.331668]  do_syscall_64+0x33/0x40
20:19:12 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b4b, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  832.332459]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  832.332471] RIP: 0033:0x7f7a281e7b19
[  832.332487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
20:19:12 executing program 6:
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r0=>0x0})
capset(&(0x7f0000000180)={0x20080522, r0}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440)=<r2=>0x0, &(0x7f0000000480), {0x3d}, &(0x7f00000000c0)=""/51, 0x33, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r0], 0x2, {r1}}, 0x58)
capset(&(0x7f0000000040)={0x20080522, r0}, &(0x7f0000000080)={0x4d23, 0x9, 0x0, 0xd6, 0x1703, 0xfffffff8})
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r4 = getpgrp(r2)
capget(&(0x7f0000000200)={0x19980330, r4}, &(0x7f0000000240)={0x3f, 0x2, 0x4000, 0x10001, 0x101, 0x378})
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
ioctl$TIOCGISO7816(r3, 0x80285442, &(0x7f00000001c0))

[  832.332496] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  832.332514] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  832.332524] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  832.332533] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  832.332541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  832.332551] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  832.368367] capability: warning: `syz-executor.6' uses 32-bit capabilities (legacy support in use)
20:19:25 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
r1 = inotify_init()
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f0000000080)=0x7)

20:19:25 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:25 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 11)

20:19:25 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 55)

20:19:25 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b4c, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:19:25 executing program 5:
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:19:25 executing program 2:
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  845.149337] FAULT_INJECTION: forcing a failure.
[  845.149337] name failslab, interval 1, probability 0, space 0, times 0
[  845.149534] FAULT_INJECTION: forcing a failure.
[  845.149534] name failslab, interval 1, probability 0, space 0, times 0
[  845.151993] CPU: 0 PID: 6444 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  845.154487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  845.156217] Call Trace:
[  845.156778]  dump_stack+0x107/0x167
[  845.157538]  should_fail.cold+0x5/0xa
[  845.158335]  ? create_object.isra.0+0x3a/0xa20
[  845.159294]  should_failslab+0x5/0x20
[  845.160092]  kmem_cache_alloc+0x5b/0x310
[  845.160954]  create_object.isra.0+0x3a/0xa20
[  845.161866]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  845.162921]  kmem_cache_alloc+0x159/0x310
[  845.163789]  __d_alloc+0x2a/0x990
[  845.164521]  d_alloc_pseudo+0x19/0x70
[  845.165308]  alloc_file_pseudo+0xce/0x250
[  845.166165]  ? rwlock_bug.part.0+0x90/0x90
[  845.167038]  ? alloc_file+0x5a0/0x5a0
[  845.167829]  ? do_raw_spin_unlock+0x4f/0x220
[  845.168746]  ? _raw_spin_unlock+0x1a/0x30
[  845.169607]  ? alloc_fd+0x2e7/0x670
[  845.170363]  anon_inode_getfile+0xc8/0x1f0
[  845.171241]  anon_inode_getfd+0x4c/0xa0
[  845.172068]  __do_sys_fspick+0x424/0x530
[  845.172915]  ? ksys_write+0x1a9/0x260
[  845.173701]  ? __do_sys_fsconfig+0xc20/0xc20
[  845.174620]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  845.175708]  ? syscall_enter_from_user_mode+0x1d/0x50
[  845.176796]  do_syscall_64+0x33/0x40
[  845.177571]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  845.178654] RIP: 0033:0x7f7a281e7b19
[  845.179425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  845.183258] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  845.184844] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  845.186336] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  845.187823] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  845.189309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  845.190787] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  845.192303] CPU: 1 PID: 6457 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  845.193154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  845.194128] Call Trace:
[  845.194446]  dump_stack+0x107/0x167
[  845.194888]  should_fail.cold+0x5/0xa
[  845.194901]  ? xas_alloc+0x336/0x440
[  845.194924]  should_failslab+0x5/0x20
[  845.196581]  kmem_cache_alloc+0x5b/0x310
[  845.196602]  xas_alloc+0x336/0x440
[  845.197856]  xas_create+0x34a/0x10d0
[  845.197874]  ? kernel_text_address+0xf2/0x120
[  845.197897]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  845.199780]  xas_store+0x8c/0x1c40
[  845.199798]  __xa_store+0x164/0x2d0
[  845.199810]  ? xa_delete_node+0x280/0x280
[  845.199839]  xa_store+0x31/0x50
[  845.201857]  __io_uring_add_tctx_node+0x1cf/0x520
[  845.201868]  ? io_uring_alloc_task_context+0x6a0/0x6a0
20:19:25 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 12)

20:19:25 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  845.201879]  ? alloc_fd+0x2e7/0x670
[  845.201896]  io_uring_setup+0x1fbb/0x2980
[  845.201911]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  845.201924]  ? wait_for_completion_io+0x270/0x270
20:19:25 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b4d, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  845.201947]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  845.201958]  ? syscall_enter_from_user_mode+0x1d/0x50
20:19:25 executing program 2:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  845.201970]  do_syscall_64+0x33/0x40
[  845.201981]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
20:19:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:19:25 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

[  845.201989] RIP: 0033:0x7f7e6bc66b19
[  845.201999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  845.202004] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  845.202016] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  845.202022] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  845.202028] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
20:19:25 executing program 2:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  845.202035] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  845.202040] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:19:25 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  845.393171] FAULT_INJECTION: forcing a failure.
[  845.393171] name failslab, interval 1, probability 0, space 0, times 0
[  845.394586] CPU: 1 PID: 6477 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  845.395356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  845.396307] Call Trace:
[  845.396623]  dump_stack+0x107/0x167
[  845.397045]  should_fail.cold+0x5/0xa
[  845.397474]  ? __alloc_file+0x21/0x320
[  845.397918]  should_failslab+0x5/0x20
[  845.398364]  kmem_cache_alloc+0x5b/0x310
[  845.398830]  __alloc_file+0x21/0x320
[  845.399258]  alloc_empty_file+0x6d/0x170
[  845.399720]  alloc_file+0x5e/0x5a0
[  845.400126]  alloc_file_pseudo+0x16a/0x250
[  845.400619]  ? alloc_file+0x5a0/0x5a0
[  845.401059]  ? _raw_spin_unlock+0x1a/0x30
[  845.401534]  ? alloc_fd+0x2e7/0x670
[  845.401950]  anon_inode_getfile+0xc8/0x1f0
[  845.402433]  anon_inode_getfd+0x4c/0xa0
[  845.402886]  __do_sys_fspick+0x424/0x530
[  845.403348]  ? ksys_write+0x1a9/0x260
[  845.403782]  ? __do_sys_fsconfig+0xc20/0xc20
[  845.404286]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  845.404899]  ? syscall_enter_from_user_mode+0x1d/0x50
[  845.405490]  do_syscall_64+0x33/0x40
[  845.405918]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  845.406506] RIP: 0033:0x7f7a281e7b19
[  845.406928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  845.409037] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  845.409908] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  845.410728] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  845.411542] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  845.412358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  845.413179] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:19:25 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$FITHAW(r0, 0xc0045878)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x7ff, 0x6, 0x100000000, 0x800})

20:19:25 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:19:25 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b4e, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:19:25 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 56)

20:19:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  845.483219] FAULT_INJECTION: forcing a failure.
20:19:26 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  845.483219] name failslab, interval 1, probability 0, space 0, times 0
20:19:26 executing program 2:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  845.484857] CPU: 1 PID: 6488 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  845.485803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  845.486742] Call Trace:
[  845.487047]  dump_stack+0x107/0x167
[  845.487465]  should_fail.cold+0x5/0xa
[  845.487898]  ? create_object.isra.0+0x3a/0xa20
[  845.488416]  should_failslab+0x5/0x20
[  845.488860]  kmem_cache_alloc+0x5b/0x310
[  845.489320]  ? mark_held_locks+0x9e/0xe0
[  845.489781]  create_object.isra.0+0x3a/0xa20
[  845.490285]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  845.490866]  kmem_cache_alloc+0x159/0x310
[  845.491350]  xas_alloc+0x336/0x440
[  845.491761]  xas_create+0x34a/0x10d0
[  845.492193]  ? kernel_text_address+0xf2/0x120
[  845.492718]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  845.493317]  xas_store+0x8c/0x1c40
[  845.493732]  __xa_store+0x164/0x2d0
[  845.494150]  ? xa_delete_node+0x280/0x280
[  845.494634]  xa_store+0x31/0x50
[  845.495013]  __io_uring_add_tctx_node+0x1cf/0x520
[  845.495564]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  845.496163]  ? alloc_fd+0x2e7/0x670
[  845.496596]  io_uring_setup+0x1fbb/0x2980
[  845.497076]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  845.497665]  ? wait_for_completion_io+0x270/0x270
[  845.498234]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  845.498833]  ? syscall_enter_from_user_mode+0x1d/0x50
[  845.499425]  do_syscall_64+0x33/0x40
[  845.499855]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  845.500441] RIP: 0033:0x7f7e6bc66b19
[  845.500871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  845.502965] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  845.503835] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  845.504656] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  845.505474] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  845.506294] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  845.507109] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:19:26 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b52, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  845.553422] perf: interrupt took too long (9919 > 9883), lowering kernel.perf_event_max_sample_rate to 20000
[  845.579444] perf: interrupt took too long (12406 > 12398), lowering kernel.perf_event_max_sample_rate to 16000
20:19:39 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:39 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0x38e8, 0x40, 0x5, 0x1, 0x8, "0ca38cd907ae68e11207ef7a69c5b840febaf6", 0x1ff, 0x2f})
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000100)={0x3, 0x5, 0x1})
finit_module(r0, &(0x7f0000000080)='\x00', 0x3)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:19:39 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:19:39 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, 0x0)

20:19:39 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b62, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:19:39 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 57)

20:19:39 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:39 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 13)

[  858.725391] FAULT_INJECTION: forcing a failure.
[  858.725391] name failslab, interval 1, probability 0, space 0, times 0
[  858.727848] CPU: 0 PID: 6511 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  858.729268] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  858.730961] Call Trace:
[  858.731508]  dump_stack+0x107/0x167
[  858.732270]  should_fail.cold+0x5/0xa
[  858.732292]  ? xas_alloc+0x336/0x440
[  858.732314]  should_failslab+0x5/0x20
[  858.732332]  kmem_cache_alloc+0x5b/0x310
[  858.732355]  xas_alloc+0x336/0x440
20:19:39 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b63, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  858.732375]  xas_create+0x34a/0x10d0
[  858.732402]  ? kernel_text_address+0xf2/0x120
[  858.732423]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  858.732443]  xas_store+0x8c/0x1c40
[  858.732478]  __xa_store+0x164/0x2d0
[  858.732498]  ? xa_delete_node+0x280/0x280
[  858.732536]  xa_store+0x31/0x50
[  858.732556]  __io_uring_add_tctx_node+0x1cf/0x520
[  858.732575]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  858.732591]  ? alloc_fd+0x2e7/0x670
[  858.732621]  io_uring_setup+0x1fbb/0x2980
[  858.732648]  ? __do_sys_io_uring_enter+0x1890/0x1890
20:19:39 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:19:39 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 14)

[  858.732684]  ? wait_for_completion_io+0x270/0x270
[  858.732727]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  858.732745]  ? syscall_enter_from_user_mode+0x1d/0x50
[  858.732766]  do_syscall_64+0x33/0x40
[  858.732783]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  858.732795] RIP: 0033:0x7f7e6bc66b19
[  858.732811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
20:19:39 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 58)

20:19:39 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  858.732821] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  858.732840] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  858.732850] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  858.732860] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  858.732870] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  858.732880] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  858.745746] FAULT_INJECTION: forcing a failure.
[  858.745746] name failslab, interval 1, probability 0, space 0, times 0
[  858.745767] CPU: 1 PID: 6515 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  858.745776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  858.745782] Call Trace:
[  858.745806]  dump_stack+0x107/0x167
[  858.745825]  should_fail.cold+0x5/0xa
[  858.745846]  ? create_object.isra.0+0x3a/0xa20
[  858.745867]  should_failslab+0x5/0x20
[  858.745885]  kmem_cache_alloc+0x5b/0x310
[  858.745908]  create_object.isra.0+0x3a/0xa20
[  858.745923]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  858.745946]  kmem_cache_alloc+0x159/0x310
[  858.745967]  __alloc_file+0x21/0x320
[  858.745984]  alloc_empty_file+0x6d/0x170
[  858.746001]  alloc_file+0x5e/0x5a0
[  858.746021]  alloc_file_pseudo+0x16a/0x250
[  858.746036]  ? alloc_file+0x5a0/0x5a0
[  858.746059]  ? _raw_spin_unlock+0x1a/0x30
[  858.746076]  ? alloc_fd+0x2e7/0x670
[  858.746104]  anon_inode_getfile+0xc8/0x1f0
[  858.746124]  anon_inode_getfd+0x4c/0xa0
[  858.746143]  __do_sys_fspick+0x424/0x530
[  858.746159]  ? ksys_write+0x1a9/0x260
[  858.746174]  ? __do_sys_fsconfig+0xc20/0xc20
[  858.746198]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  858.746216]  ? syscall_enter_from_user_mode+0x1d/0x50
[  858.746236]  do_syscall_64+0x33/0x40
[  858.746253]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  858.746265] RIP: 0033:0x7f7a281e7b19
[  858.746282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  858.746291] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  858.746310] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  858.746320] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  858.746330] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  858.746339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  858.746349] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  858.891637] FAULT_INJECTION: forcing a failure.
[  858.891637] name failslab, interval 1, probability 0, space 0, times 0
[  858.891658] CPU: 0 PID: 6527 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  858.891667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  858.891673] Call Trace:
[  858.891697]  dump_stack+0x107/0x167
[  858.891717]  should_fail.cold+0x5/0xa
[  858.891738]  ? create_object.isra.0+0x3a/0xa20
[  858.891759]  should_failslab+0x5/0x20
[  858.891777]  kmem_cache_alloc+0x5b/0x310
[  858.891796]  ? mark_held_locks+0x9e/0xe0
[  858.891818]  create_object.isra.0+0x3a/0xa20
[  858.891832]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  858.891856]  kmem_cache_alloc+0x159/0x310
[  858.891880]  xas_alloc+0x336/0x440
[  858.891900]  xas_create+0x34a/0x10d0
[  858.891926]  ? kernel_text_address+0xf2/0x120
[  858.891945]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  858.891965]  xas_store+0x8c/0x1c40
[  858.891997]  __xa_store+0x164/0x2d0
[  858.892017]  ? xa_delete_node+0x280/0x280
[  858.892053]  xa_store+0x31/0x50
[  858.892073]  __io_uring_add_tctx_node+0x1cf/0x520
[  858.892091]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  858.892107]  ? alloc_fd+0x2e7/0x670
[  858.892135]  io_uring_setup+0x1fbb/0x2980
[  858.892161]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  858.892180]  ? wait_for_completion_io+0x270/0x270
[  858.892220]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  858.892238]  ? syscall_enter_from_user_mode+0x1d/0x50
[  858.892259]  do_syscall_64+0x33/0x40
[  858.892276]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  858.892288] RIP: 0033:0x7f7e6bc66b19
[  858.892305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  858.892314] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  858.892334] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  858.892343] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  858.892353] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  858.892363] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  858.892373] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  858.906019] FAULT_INJECTION: forcing a failure.
[  858.906019] name failslab, interval 1, probability 0, space 0, times 0
[  858.906041] CPU: 1 PID: 6528 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  858.906051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  858.906057] Call Trace:
[  858.906081]  dump_stack+0x107/0x167
[  858.906101]  should_fail.cold+0x5/0xa
[  858.906120]  ? security_file_alloc+0x34/0x170
[  858.906144]  should_failslab+0x5/0x20
[  858.906170]  kmem_cache_alloc+0x5b/0x310
[  858.906203]  security_file_alloc+0x34/0x170
[  858.906230]  __alloc_file+0xb7/0x320
[  858.906255]  alloc_empty_file+0x6d/0x170
[  858.906281]  alloc_file+0x5e/0x5a0
[  858.906310]  alloc_file_pseudo+0x16a/0x250
20:19:39 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  858.906332]  ? alloc_file+0x5a0/0x5a0
[  858.906366]  ? _raw_spin_unlock+0x1a/0x30
[  858.906384]  ? alloc_fd+0x2e7/0x670
[  858.906405]  anon_inode_getfile+0xc8/0x1f0
[  858.906432]  anon_inode_getfd+0x4c/0xa0
[  858.906452]  __do_sys_fspick+0x424/0x530
[  858.906468]  ? ksys_write+0x1a9/0x260
[  858.906483]  ? __do_sys_fsconfig+0xc20/0xc20
[  858.906508]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  858.906526]  ? syscall_enter_from_user_mode+0x1d/0x50
[  858.906545]  do_syscall_64+0x33/0x40
[  858.906562]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  858.906574] RIP: 0033:0x7f7a281e7b19
[  858.906590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  858.906599] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  858.906619] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  858.906629] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  858.906638] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  858.906659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  859.029739] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:19:54 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:54 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b64, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:19:54 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 15)

20:19:54 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:19:54 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 59)

20:19:54 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8, 0x0, 0x2})

20:19:54 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:19:54 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000))

[  873.950036] FAULT_INJECTION: forcing a failure.
[  873.950036] name failslab, interval 1, probability 0, space 0, times 0
[  873.951866] FAULT_INJECTION: forcing a failure.
[  873.951866] name failslab, interval 1, probability 0, space 0, times 0
[  873.952531] CPU: 0 PID: 6554 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  873.956103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  873.956109] Call Trace:
[  873.956134]  dump_stack+0x107/0x167
[  873.956154]  should_fail.cold+0x5/0xa
[  873.956174]  ? xas_alloc+0x336/0x440
[  873.956196]  should_failslab+0x5/0x20
[  873.956214]  kmem_cache_alloc+0x5b/0x310
[  873.956237]  xas_alloc+0x336/0x440
[  873.956259]  xas_create+0x34a/0x10d0
[  873.956286]  ? kernel_text_address+0xf2/0x120
[  873.956307]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  873.956327]  xas_store+0x8c/0x1c40
[  873.956361]  __xa_store+0x164/0x2d0
[  873.956381]  ? xa_delete_node+0x280/0x280
[  873.956423]  xa_store+0x31/0x50
[  873.956443]  __io_uring_add_tctx_node+0x1cf/0x520
[  873.956462]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  873.956478]  ? alloc_fd+0x2e7/0x670
[  873.956509]  io_uring_setup+0x1fbb/0x2980
[  873.956536]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  873.956556]  ? wait_for_completion_io+0x270/0x270
[  873.956596]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  873.956614]  ? syscall_enter_from_user_mode+0x1d/0x50
[  873.956634]  do_syscall_64+0x33/0x40
[  873.956652]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  873.956664] RIP: 0033:0x7f7e6bc66b19
[  873.956681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  873.956690] RSP: 002b:00007f7e691dc108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  873.956709] RAX: ffffffffffffffda RBX: 00007f7e6bd79f60 RCX: 00007f7e6bc66b19
[  873.956719] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  873.956729] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  873.956739] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  873.956749] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  873.956786] CPU: 1 PID: 6545 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  873.956796] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  873.956801] Call Trace:
[  873.956820]  dump_stack+0x107/0x167
[  873.956839]  should_fail.cold+0x5/0xa
[  873.956875]  ? create_object.isra.0+0x3a/0xa20
[  873.956895]  should_failslab+0x5/0x20
[  873.956915]  kmem_cache_alloc+0x5b/0x310
[  873.956938]  create_object.isra.0+0x3a/0xa20
[  873.956952]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  873.956975]  kmem_cache_alloc+0x159/0x310
[  873.956996]  __alloc_file+0x21/0x320
[  873.957012]  alloc_empty_file+0x6d/0x170
[  873.957029]  alloc_file+0x5e/0x5a0
[  873.957049]  alloc_file_pseudo+0x16a/0x250
[  873.957064]  ? alloc_file+0x5a0/0x5a0
[  873.957086]  ? _raw_spin_unlock+0x1a/0x30
[  873.957101]  ? alloc_fd+0x2e7/0x670
[  873.957122]  anon_inode_getfile+0xc8/0x1f0
[  873.957142]  anon_inode_getfd+0x4c/0xa0
[  873.957161]  __do_sys_fspick+0x424/0x530
[  873.957177]  ? ksys_write+0x1a9/0x260
[  873.957192]  ? __do_sys_fsconfig+0xc20/0xc20
[  873.957214]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  873.957231]  ? syscall_enter_from_user_mode+0x1d/0x50
[  873.957250]  do_syscall_64+0x33/0x40
[  873.957277]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  873.957293] RIP: 0033:0x7f7a281e7b19
[  873.957312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  873.957327] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  873.957354] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  873.957369] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  873.957383] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  873.957397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  873.957412] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:20:11 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
ioctl$FIONCLEX(r0, 0x5450)

20:20:11 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:11 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000))

20:20:11 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 16)

20:20:11 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 60)

20:20:11 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:20:11 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:11 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b65, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  891.205341] FAULT_INJECTION: forcing a failure.
[  891.205341] name failslab, interval 1, probability 0, space 0, times 0
[  891.207974] CPU: 1 PID: 6573 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  891.209410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  891.211152] Call Trace:
[  891.211175]  dump_stack+0x107/0x167
[  891.211194]  should_fail.cold+0x5/0xa
[  891.211213]  ? create_object.isra.0+0x3a/0xa20
[  891.211233]  should_failslab+0x5/0x20
[  891.211249]  kmem_cache_alloc+0x5b/0x310
[  891.211267]  ? percpu_ref_put_many.constprop.0+0x4e/0x110
[  891.211287]  create_object.isra.0+0x3a/0xa20
[  891.211301]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  891.211322]  kmem_cache_alloc+0x159/0x310
[  891.211343]  security_file_alloc+0x34/0x170
[  891.211360]  __alloc_file+0xb7/0x320
[  891.211376]  alloc_empty_file+0x6d/0x170
[  891.211392]  alloc_file+0x5e/0x5a0
[  891.211411]  alloc_file_pseudo+0x16a/0x250
[  891.211426]  ? alloc_file+0x5a0/0x5a0
[  891.211447]  ? _raw_spin_unlock+0x1a/0x30
[  891.211463]  ? alloc_fd+0x2e7/0x670
[  891.211483]  anon_inode_getfile+0xc8/0x1f0
[  891.211508]  anon_inode_getfd+0x4c/0xa0
[  891.228206]  __do_sys_fspick+0x424/0x530
[  891.229065]  ? ksys_write+0x1a9/0x260
[  891.229858]  ? __do_sys_fsconfig+0xc20/0xc20
[  891.230779]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  891.231871]  ? syscall_enter_from_user_mode+0x1d/0x50
[  891.232947]  do_syscall_64+0x33/0x40
[  891.233734]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  891.234804] RIP: 0033:0x7f7a281e7b19
[  891.235577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  891.239421] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  891.241012] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  891.242513] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  891.243999] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  891.245497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  891.246983] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:20:11 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000080)=0x1c)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000015c0)={0x0, 0x4, 0x6, 0x79})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000001580)=@IORING_OP_RECVMSG={0xa, 0x5, 0x0, r1, 0x0, &(0x7f0000001540)={&(0x7f00000000c0)=@l2, 0x80, &(0x7f00000013c0)=[{&(0x7f0000000140)=""/107, 0x6b}, {&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/27, 0x1b}, {&(0x7f0000001200)=""/251, 0xfb}, {&(0x7f0000001300)=""/182, 0xb6}], 0x5, &(0x7f0000001440)=""/242, 0xf2}, 0x0, 0x40000041, 0x1, {0x3}}, 0x80)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x1ff})

20:20:11 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:11 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b66, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  891.313256] FAULT_INJECTION: forcing a failure.
[  891.313256] name failslab, interval 1, probability 0, space 0, times 0
[  891.315751] CPU: 0 PID: 6588 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  891.317191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  891.318921] Call Trace:
[  891.319475]  dump_stack+0x107/0x167
[  891.320236]  should_fail.cold+0x5/0xa
[  891.321040]  ? create_object.isra.0+0x3a/0xa20
[  891.322007]  should_failslab+0x5/0x20
[  891.322801]  kmem_cache_alloc+0x5b/0x310
[  891.323655]  ? mark_held_locks+0x9e/0xe0
[  891.324509]  create_object.isra.0+0x3a/0xa20
[  891.325435]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  891.326503]  kmem_cache_alloc+0x159/0x310
[  891.327378]  xas_alloc+0x336/0x440
[  891.328125]  xas_create+0x34a/0x10d0
[  891.328913]  ? kernel_text_address+0xf2/0x120
[  891.329867]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  891.330963]  xas_store+0x8c/0x1c40
[  891.331722]  __xa_store+0x164/0x2d0
[  891.332485]  ? xa_delete_node+0x280/0x280
[  891.333370]  ? trace_hardirqs_on+0x5b/0x180
[  891.334282]  xa_store+0x31/0x50
[  891.334977]  __io_uring_add_tctx_node+0x1cf/0x520
[  891.335982]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[  891.337086]  ? alloc_fd+0x2e7/0x670
[  891.337872]  io_uring_setup+0x1fbb/0x2980
[  891.338748]  ? __do_sys_io_uring_enter+0x1890/0x1890
[  891.339806]  ? wait_for_completion_io+0x270/0x270
[  891.340832]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  891.341933]  ? syscall_enter_from_user_mode+0x1d/0x50
[  891.343011]  do_syscall_64+0x33/0x40
[  891.343788]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  891.344856] RIP: 0033:0x7f7e6bc66b19
[  891.345637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  891.349492] RSP: 002b:00007f7e691bb108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  891.351087] RAX: ffffffffffffffda RBX: 00007f7e6bd7a020 RCX: 00007f7e6bc66b19
[  891.352580] RDX: 0000000020ffc000 RSI: 0000000020000240 RDI: 00000000000052dd
[  891.354074] RBP: 0000000020000240 R08: 0000000020000100 R09: 0000000020000100
[  891.355567] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100
[  891.357075] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:20:11 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000))

20:20:11 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:11 executing program 6:
syz_open_dev$tty20(0xc, 0x4, 0x0)

20:20:25 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 61)

20:20:25 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:25 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b67, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:20:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:20:25 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:25 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000))

20:20:25 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 17)

20:20:25 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x1ff, 0x3})
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x90900, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff4000/0x9000)=nil, 0x9000, 0x4, 0x110, r1, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000840)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/78, 0x4e}, {&(0x7f00000002c0)=""/146, 0x92}, {&(0x7f0000000380)=""/201, 0xc9}, {&(0x7f0000000480)=""/65, 0x41}, {&(0x7f00000000c0)=""/20, 0x14}, {&(0x7f0000000500)=""/137, 0x89}, {&(0x7f00000005c0)=""/164, 0xa4}, {&(0x7f0000000680)=""/10, 0xa}], 0x8, &(0x7f0000000740)=""/179, 0xb3}, 0x0, 0x12003, 0x1, {0x1}}, 0xfffffffa)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001540), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000000)={0x1c, r4, 0x301, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r5, r6, 0x0, 0x6)
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="020025bd7000fedbdf252000000008000300", @ANYRES32=0x0, @ANYRESOCT=r6], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x1)

[  904.588097] FAULT_INJECTION: forcing a failure.
[  904.588097] name failslab, interval 1, probability 0, space 0, times 0
[  904.590862] CPU: 1 PID: 6616 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  904.590897] FAULT_INJECTION: forcing a failure.
[  904.590897] name failslab, interval 1, probability 0, space 0, times 0
[  904.592335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  904.592373] Call Trace:
[  904.592398]  dump_stack+0x107/0x167
[  904.592428]  should_fail.cold+0x5/0xa
[  904.598647]  ? vm_area_dup+0x78/0x290
[  904.599469]  should_failslab+0x5/0x20
[  904.600288]  kmem_cache_alloc+0x5b/0x310
[  904.601176]  vm_area_dup+0x78/0x290
[  904.601979]  ? lock_release+0x680/0x680
[  904.602837]  ? mark_lock+0xf5/0x2df0
[  904.603643]  ? lock_chain_count+0x20/0x20
[  904.604528]  ? mark_lock+0xf5/0x2df0
[  904.605359]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  904.606479]  ? lock_chain_count+0x20/0x20
[  904.607372]  ? mark_lock+0xf5/0x2df0
[  904.608171]  ? vm_area_alloc+0x110/0x110
[  904.609031]  ? __lock_acquire+0x1657/0x5b00
[  904.610177]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  904.611555]  ? vmacache_find+0x55/0x2a0
[  904.612473]  __split_vma+0xa8/0x4e0
[  904.613268]  __do_munmap+0x365/0x1260
[  904.614074]  ? arch_get_unmapped_area+0x450/0x450
[  904.615108]  ? lock_release+0x680/0x680
[  904.615971]  mmap_region+0x7c8/0x1500
[  904.616805]  do_mmap+0xcdb/0x11e0
[  904.617571]  vm_mmap_pgoff+0x198/0x1f0
[  904.618421]  ? randomize_page+0xb0/0xb0
[  904.619301]  ksys_mmap_pgoff+0x41c/0x560
[  904.620173]  ? find_mergeable_anon_vma+0x250/0x250
[  904.621245]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  904.622369]  ? syscall_enter_from_user_mode+0x1d/0x50
[  904.623483]  do_syscall_64+0x33/0x40
[  904.624283]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  904.625394] RIP: 0033:0x7f7e6bc66b62
[  904.626192] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[  904.630108] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  904.631721] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  904.633246] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
[  904.634761] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  904.636296] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
[  904.637841] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  904.639516] CPU: 0 PID: 6619 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  904.640950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  904.642690] Call Trace:
[  904.643244]  dump_stack+0x107/0x167
[  904.644007]  should_fail.cold+0x5/0xa
[  904.644807]  ? create_object.isra.0+0x3a/0xa20
[  904.645773]  should_failslab+0x5/0x20
[  904.646567]  kmem_cache_alloc+0x5b/0x310
[  904.647418]  ? percpu_ref_put_many.constprop.0+0x4e/0x110
[  904.648580]  create_object.isra.0+0x3a/0xa20
[  904.649505]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  904.650571]  kmem_cache_alloc+0x159/0x310
[  904.651442]  security_file_alloc+0x34/0x170
[  904.652334]  __alloc_file+0xb7/0x320
[  904.653100]  alloc_empty_file+0x6d/0x170
[  904.653945]  alloc_file+0x5e/0x5a0
[  904.654685]  alloc_file_pseudo+0x16a/0x250
[  904.655549]  ? alloc_file+0x5a0/0x5a0
[  904.656345]  ? _raw_spin_unlock+0x1a/0x30
[  904.657229]  ? alloc_fd+0x2e7/0x670
[  904.657991]  anon_inode_getfile+0xc8/0x1f0
[  904.658868]  anon_inode_getfd+0x4c/0xa0
[  904.659697]  __do_sys_fspick+0x424/0x530
[  904.660540]  ? ksys_write+0x1a9/0x260
[  904.661339]  ? __do_sys_fsconfig+0xc20/0xc20
[  904.662263]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  904.663344]  ? syscall_enter_from_user_mode+0x1d/0x50
[  904.664400]  do_syscall_64+0x33/0x40
[  904.665177]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  904.666249] RIP: 0033:0x7f7a281e7b19
[  904.667013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  904.670861] RSP: 002b:00007f7a2575d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  904.672448] RAX: ffffffffffffffda RBX: 00007f7a282faf60 RCX: 00007f7a281e7b19
[  904.673943] RDX: 0000000000000001 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  904.675428] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  904.676912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  904.678409] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
20:20:25 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b68, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:20:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:20:25 executing program 5:
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r0=>0x0})
capset(&(0x7f0000000180)={0x20080522, r0}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
clone3(&(0x7f00000005c0)={0x180, &(0x7f0000000400), &(0x7f0000000440)=<r2=>0x0, &(0x7f0000000480), {0x3d}, &(0x7f00000000c0)=""/51, 0x33, &(0x7f0000000500)=""/35, &(0x7f0000000540)=[0x0, r0], 0x2, {r1}}, 0x58)
capset(&(0x7f0000000040)={0x20080522, r0}, &(0x7f0000000080)={0x4d23, 0x9, 0x0, 0xd6, 0x1703, 0xfffffff8})
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r4 = getpgrp(r2)
capget(&(0x7f0000000200)={0x19980330, r4}, &(0x7f0000000240)={0x3f, 0x2, 0x4000, 0x10001, 0x101, 0x378})
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
ioctl$TIOCGISO7816(r3, 0x80285442, &(0x7f00000001c0))

20:20:25 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:25 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:25 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 62)

20:20:25 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r1, r2, 0x0, 0x6)
sendfile(r1, r0, 0x0, 0x3ff)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r3, r4, 0x0, 0x6)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x2})

20:20:25 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x28000000000)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

20:20:25 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b69, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  904.950210] FAULT_INJECTION: forcing a failure.
[  904.950210] name failslab, interval 1, probability 0, space 0, times 0
[  904.952603] CPU: 1 PID: 6641 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  904.954040] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  904.955774] Call Trace:
[  904.956329]  dump_stack+0x107/0x167
[  904.957091]  should_fail.cold+0x5/0xa
[  904.957899]  ? create_object.isra.0+0x3a/0xa20
[  904.958864]  should_failslab+0x5/0x20
[  904.959662]  kmem_cache_alloc+0x5b/0x310
[  904.960516]  create_object.isra.0+0x3a/0xa20
[  904.961441]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  904.962513]  kmem_cache_alloc+0x159/0x310
[  904.963385]  vm_area_dup+0x78/0x290
[  904.964154]  ? lock_release+0x680/0x680
[  904.964994]  ? mark_lock+0xf5/0x2df0
[  904.965788]  ? lock_chain_count+0x20/0x20
[  904.966655]  ? mark_lock+0xf5/0x2df0
[  904.967438]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  904.968538]  ? lock_chain_count+0x20/0x20
[  904.969418]  ? mark_lock+0xf5/0x2df0
[  904.970198]  ? vm_area_alloc+0x110/0x110
[  904.971056]  ? __lock_acquire+0x1657/0x5b00
[  904.971977]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  904.973072]  ? vmacache_find+0x55/0x2a0
[  904.973911]  __split_vma+0xa8/0x4e0
[  904.974681]  __do_munmap+0x365/0x1260
[  904.975481]  ? arch_get_unmapped_area+0x450/0x450
[  904.976491]  ? lock_release+0x680/0x680
[  904.977335]  mmap_region+0x7c8/0x1500
[  904.978151]  do_mmap+0xcdb/0x11e0
[  904.978885]  vm_mmap_pgoff+0x198/0x1f0
[  904.979705]  ? randomize_page+0xb0/0xb0
[  904.980550]  ksys_mmap_pgoff+0x41c/0x560
[  904.981410]  ? find_mergeable_anon_vma+0x250/0x250
[  904.982440]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  904.983528]  ? syscall_enter_from_user_mode+0x1d/0x50
[  904.984615]  do_syscall_64+0x33/0x40
[  904.985401]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  904.986471] RIP: 0033:0x7f7e6bc66b62
[  904.987243] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[  904.991109] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  904.992703] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  904.994205] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
[  904.995695] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  904.997191] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
[  904.998694] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:20:40 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 63)

20:20:40 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  920.019868] FAULT_INJECTION: forcing a failure.
[  920.019868] name failslab, interval 1, probability 0, space 0, times 0
[  920.021508] CPU: 1 PID: 6651 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  920.022467] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  920.023627] Call Trace:
[  920.024014]  dump_stack+0x107/0x167
[  920.024535]  should_fail.cold+0x5/0xa
[  920.025078]  ? anon_vma_clone+0xdc/0x590
[  920.025650]  should_failslab+0x5/0x20
[  920.026182]  kmem_cache_alloc+0x5b/0x310
[  920.026751]  anon_vma_clone+0xdc/0x590
[  920.027296]  __split_vma+0x17c/0x4e0
[  920.027817]  __do_munmap+0x365/0x1260
[  920.028358]  ? arch_get_unmapped_area+0x450/0x450
[  920.029044]  ? lock_release+0x680/0x680
[  920.029618]  mmap_region+0x7c8/0x1500
[  920.030162]  do_mmap+0xcdb/0x11e0
[  920.030648]  vm_mmap_pgoff+0x198/0x1f0
[  920.031190]  ? randomize_page+0xb0/0xb0
[  920.031754]  ksys_mmap_pgoff+0x41c/0x560
[  920.032317]  ? find_mergeable_anon_vma+0x250/0x250
[  920.033125]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  920.033138]  ? syscall_enter_from_user_mode+0x1d/0x50
[  920.033152]  do_syscall_64+0x33/0x40
[  920.033164]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
20:20:40 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x4000, 0x4, 0x4})

20:20:40 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b6a, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:20:40 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:20:40 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:40 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:40 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1) (fail_nth: 18)

[  920.033172] RIP: 0033:0x7f7e6bc66b62
[  920.033183] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
20:20:40 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  920.033189] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  920.033202] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  920.033208] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
[  920.033215] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  920.033221] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
20:20:40 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b70, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  920.033228] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:20:40 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  920.059718] FAULT_INJECTION: forcing a failure.
[  920.059718] name fail_usercopy, interval 1, probability 0, space 0, times 0
20:20:40 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  920.059749] CPU: 1 PID: 6663 Comm: syz-executor.3 Not tainted 5.10.234 #1
[  920.059755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
20:20:40 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b3d, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  920.059759] Call Trace:
[  920.059772]  dump_stack+0x107/0x167
20:20:40 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  920.059786]  should_fail.cold+0x5/0xa
[  920.059806]  _copy_to_user+0x2e/0x180
[  920.059824]  simple_read_from_buffer+0xcc/0x160
20:20:40 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 64)

[  920.059842]  proc_fail_nth_read+0x198/0x230
[  920.059858]  ? proc_sessionid_read+0x230/0x230
[  920.059871]  ? security_file_permission+0xb1/0xe0
[  920.059889]  ? proc_sessionid_read+0x230/0x230
[  920.059903]  vfs_read+0x228/0x620
[  920.059922]  ksys_read+0x12d/0x260
[  920.059937]  ? vfs_write+0xb10/0xb10
[  920.059953]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  920.059966]  ? syscall_enter_from_user_mode+0x1d/0x50
[  920.059982]  do_syscall_64+0x33/0x40
[  920.059995]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  920.060003] RIP: 0033:0x7f7a2819a69c
[  920.060014] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  920.060021] RSP: 002b:00007f7a2575d170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
20:20:40 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

[  920.060034] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f7a2819a69c
[  920.060041] RDX: 000000000000000f RSI: 00007f7a2575d1e0 RDI: 0000000000000004
20:20:40 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  920.060048] RBP: 00007f7a2575d1d0 R08: 0000000000000000 R09: 0000000000000000
[  920.060055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  920.060062] R13: 00007ffedec6c0bf R14: 00007f7a2575d300 R15: 0000000000022000
[  920.209850] FAULT_INJECTION: forcing a failure.
[  920.209850] name failslab, interval 1, probability 0, space 0, times 0
[  920.209865] CPU: 1 PID: 6677 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  920.209871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  920.209875] Call Trace:
[  920.209891]  dump_stack+0x107/0x167
[  920.209904]  should_fail.cold+0x5/0xa
[  920.209919]  ? memcg_alloc_page_obj_cgroups+0x73/0x100
[  920.209933]  should_failslab+0x5/0x20
[  920.209945]  __kmalloc_node+0x76/0x420
[  920.209961]  memcg_alloc_page_obj_cgroups+0x73/0x100
[  920.209974]  memcg_slab_post_alloc_hook+0x1f0/0x430
[  920.209986]  ? trace_hardirqs_on+0x5b/0x180
[  920.210000]  kmem_cache_alloc+0x171/0x310
[  920.210016]  vm_area_dup+0x78/0x290
[  920.210030]  ? lock_release+0x680/0x680
[  920.210043]  ? mark_lock+0xf5/0x2df0
[  920.210059]  ? lock_chain_count+0x20/0x20
[  920.210070]  ? mark_lock+0xf5/0x2df0
[  920.210091]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  920.210104]  ? lock_chain_count+0x20/0x20
[  920.210120]  ? mark_lock+0xf5/0x2df0
[  920.210137]  ? vm_area_alloc+0x110/0x110
[  920.210153]  ? __lock_acquire+0x1657/0x5b00
[  920.210180]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  920.210197]  ? vmacache_find+0x55/0x2a0
[  920.210213]  __split_vma+0xa8/0x4e0
[  920.210229]  __do_munmap+0x365/0x1260
[  920.210245]  ? arch_get_unmapped_area+0x450/0x450
[  920.210259]  ? lock_release+0x680/0x680
[  920.210274]  mmap_region+0x7c8/0x1500
[  920.210294]  do_mmap+0xcdb/0x11e0
[  920.210313]  vm_mmap_pgoff+0x198/0x1f0
[  920.210329]  ? randomize_page+0xb0/0xb0
[  920.210353]  ksys_mmap_pgoff+0x41c/0x560
[  920.210369]  ? find_mergeable_anon_vma+0x250/0x250
[  920.210384]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  920.210398]  ? syscall_enter_from_user_mode+0x1d/0x50
[  920.210413]  do_syscall_64+0x33/0x40
[  920.210428]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  920.210439] RIP: 0033:0x7f7e6bc66b62
[  920.210454] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[  920.210463] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  920.210479] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  920.210488] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
[  920.210497] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  920.210506] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
[  920.210513] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  933.156576] FAULT_INJECTION: forcing a failure.
[  933.156576] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  933.158060] CPU: 0 PID: 6698 Comm: syz-executor.5 Not tainted 5.10.234 #1
[  933.158855] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  933.159790] Call Trace:
[  933.160097]  dump_stack+0x107/0x167
[  933.160511]  should_fail.cold+0x5/0xa
20:20:53 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)

20:20:53 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7}) (fail_nth: 1)

20:20:53 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:20:53 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 65)

[  933.161145]  _copy_from_user+0x2e/0x1b0
[  933.161642]  vt_ioctl+0x21c2/0x2c90
[  933.162053]  ? vt_waitactive+0x3a0/0x3a0
[  933.162516]  ? __lock_acquire+0xbb1/0x5b00
[  933.162995]  ? find_held_lock+0x2c/0x110
[  933.163454]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  933.164055]  ? __sanitizer_cov_trace_switch+0x45/0x80
[  933.164636]  ? vt_waitactive+0x3a0/0x3a0
[  933.165095]  tty_ioctl+0x862/0x18b0
[  933.165504]  ? tty_fasync+0x390/0x390
[  933.165939]  ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410
[  933.166583]  ? __sanitizer_cov_trace_switch+0x45/0x80
[  933.167158]  ? do_vfs_ioctl+0x283/0x10d0
[  933.167612]  ? selinux_bprm_creds_for_exec+0xb60/0xb60
[  933.168200]  ? generic_block_fiemap+0x60/0x60
[  933.168699]  ? lock_downgrade+0x6d0/0x6d0
[  933.169165]  ? __mutex_unlock_slowpath+0xe1/0x600
[  933.169712]  ? wait_for_completion_io+0x270/0x270
[  933.170260]  ? selinux_file_ioctl+0xb6/0x270
[  933.170762]  ? tty_fasync+0x390/0x390
[  933.171201]  __x64_sys_ioctl+0x19a/0x210
[  933.171669]  do_syscall_64+0x33/0x40
[  933.172089]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  933.172665] RIP: 0033:0x7ff1f1964b19
[  933.173090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  933.175182] RSP: 002b:00007ff1eeeda188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
20:20:53 executing program 6:
semctl$IPC_RMID(0x0, 0x0, 0x0)
semctl$SEM_INFO(0xffffffffffffffff, 0x7, 0x13, &(0x7f0000000080)=""/52)
r0 = semget(0x2, 0x4, 0x40)
r1 = semget$private(0x0, 0x2, 0x108)
semctl$IPC_RMID(r1, 0x0, 0x0)
semop(r0, &(0x7f00000001c0)=[{0x0, 0x9, 0x1800}, {0x3, 0x6, 0x800}, {0x4, 0x3b, 0x800}], 0x3)
semop(0x0, &(0x7f0000000040)=[{0x2, 0x77, 0x800}, {0x4, 0x8000}, {0x3, 0x6, 0x800}, {0x2, 0x9, 0x1000}], 0x4)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r3 = semget$private(0x0, 0x4, 0x80)
clock_gettime(0x0, &(0x7f0000000200)={<r4=>0x0, <r5=>0x0})
semtimedop(r3, &(0x7f00000000c0)=[{0x1, 0x3, 0x1000}, {0x2, 0x0, 0x1800}], 0x2, &(0x7f0000000100)={r4, r5+10000000})
syz_io_uring_setup(0x52dd, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r6, 0x0, &(0x7f0000000280)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)='./file0\x00', 0x21, 0x40000, 0x23456}, 0x100)
semop(r3, &(0x7f0000000180)=[{0x2, 0x1, 0x800}, {0x0, 0x6}], 0x2)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
semop(r3, &(0x7f0000000140)=[{0x2, 0x24fb, 0x1000}, {0x0, 0x1}, {}, {0x3, 0xffff, 0x1800}], 0x4)

20:20:53 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  933.176038] RAX: ffffffffffffffda RBX: 00007ff1f1a77f60 RCX: 00007ff1f1964b19
[  933.176959] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000003
[  933.177787] RBP: 00007ff1eeeda1d0 R08: 0000000000000000 R09: 0000000000000000
[  933.178609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  933.179432] R13: 00007ffe2ebf811f R14: 00007ff1eeeda300 R15: 0000000000022000
20:20:53 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:20:53 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b71, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  933.215884] FAULT_INJECTION: forcing a failure.
[  933.215884] name failslab, interval 1, probability 0, space 0, times 0
[  933.217224] CPU: 0 PID: 6707 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  933.218019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  933.218970] Call Trace:
[  933.219270]  dump_stack+0x107/0x167
[  933.219695]  should_fail.cold+0x5/0xa
[  933.220121]  ? vm_area_alloc+0x1c/0x110
[  933.220577]  should_failslab+0x5/0x20
[  933.221018]  kmem_cache_alloc+0x5b/0x310
[  933.221488]  vm_area_alloc+0x1c/0x110
[  933.221942]  mmap_region+0x97e/0x1500
[  933.222394]  ? do_mmap+0x909/0x11e0
[  933.222822]  do_mmap+0xcdb/0x11e0
[  933.223236]  vm_mmap_pgoff+0x198/0x1f0
[  933.223688]  ? randomize_page+0xb0/0xb0
[  933.224156]  ksys_mmap_pgoff+0x41c/0x560
[  933.224627]  ? find_mergeable_anon_vma+0x250/0x250
[  933.225185]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  933.225798]  ? syscall_enter_from_user_mode+0x1d/0x50
[  933.226396]  do_syscall_64+0x33/0x40
[  933.226817]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  933.227411] RIP: 0033:0x7f7e6bc66b62
[  933.227420] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[  933.227425] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  933.227436] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  933.227441] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
20:20:53 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7}) (fail_nth: 2)

20:20:53 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:20:53 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x5e, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x202, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:20:53 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  933.227446] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  933.227452] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
20:20:53 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 66)

[  933.227457] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:20:53 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

[  933.311704] FAULT_INJECTION: forcing a failure.
[  933.311704] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  933.314492] CPU: 1 PID: 6720 Comm: syz-executor.5 Not tainted 5.10.234 #1
[  933.316043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  933.317936] Call Trace:
[  933.318536]  dump_stack+0x107/0x167
[  933.319363]  should_fail.cold+0x5/0xa
[  933.320233]  _copy_to_user+0x2e/0x180
[  933.321099]  simple_read_from_buffer+0xcc/0x160
[  933.322168]  proc_fail_nth_read+0x198/0x230
[  933.323149]  ? proc_sessionid_read+0x230/0x230
[  933.324184]  ? security_file_permission+0xb1/0xe0
[  933.325282]  ? proc_sessionid_read+0x230/0x230
[  933.326322]  vfs_read+0x228/0x620
[  933.327117]  ksys_read+0x12d/0x260
[  933.327921]  ? vfs_write+0xb10/0xb10
[  933.328769]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  933.329968]  ? syscall_enter_from_user_mode+0x1d/0x50
[  933.331141]  do_syscall_64+0x33/0x40
[  933.331990]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  933.333153] RIP: 0033:0x7ff1f191769c
[  933.334001] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  933.338199] RSP: 002b:00007ff1eeeda170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  933.339934] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff1f191769c
[  933.341547] RDX: 000000000000000f RSI: 00007ff1eeeda1e0 RDI: 0000000000000004
[  933.343174] RBP: 00007ff1eeeda1d0 R08: 0000000000000000 R09: 0000000000000000
[  933.344792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  933.346422] R13: 00007ffe2ebf811f R14: 00007ff1eeeda300 R15: 0000000000022000
20:20:53 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4bfa, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  933.363862] FAULT_INJECTION: forcing a failure.
[  933.363862] name failslab, interval 1, probability 0, space 0, times 0
[  933.366547] CPU: 1 PID: 6721 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  933.368103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  933.370002] Call Trace:
[  933.370604]  dump_stack+0x107/0x167
[  933.371431]  should_fail.cold+0x5/0xa
[  933.372293]  ? create_object.isra.0+0x3a/0xa20
[  933.373328]  should_failslab+0x5/0x20
[  933.374199]  kmem_cache_alloc+0x5b/0x310
[  933.375123]  create_object.isra.0+0x3a/0xa20
[  933.376117]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[  933.377263]  kmem_cache_alloc+0x159/0x310
[  933.378209]  vm_area_alloc+0x1c/0x110
[  933.379069]  mmap_region+0x97e/0x1500
[  933.379939]  do_mmap+0xcdb/0x11e0
[  933.380731]  vm_mmap_pgoff+0x198/0x1f0
[  933.381622]  ? randomize_page+0xb0/0xb0
[  933.382531]  ksys_mmap_pgoff+0x41c/0x560
[  933.383445]  ? find_mergeable_anon_vma+0x250/0x250
[  933.384572]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  933.384591]  ? syscall_enter_from_user_mode+0x1d/0x50
[  933.384612]  do_syscall_64+0x33/0x40
[  933.384630]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  933.384642] RIP: 0033:0x7f7e6bc66b62
[  933.384659] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[  933.384669] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  933.384688] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  933.384698] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
[  933.384708] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  933.384718] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
[  933.384728] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:21:08 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0x20, 0x0, 0x8, 0x100, 0x6, "bcc379f76926de9115409201594708acf86da2", 0x6, 0x3f})

20:21:08 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x80, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000100), 0xb}, 0x41000, 0x0, 0x0, 0x0, 0x8, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xc, 0x2010, 0xffffffffffffffff, 0x0)
r2 = perf_event_open$cgroup(&(0x7f0000000040)={0x3, 0x80, 0x3f, 0x7f, 0x2, 0x9, 0x0, 0x6, 0x20, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xd0, 0x2, @perf_config_ext={0x4b, 0x1f}, 0x0, 0x20, 0x9e24, 0x3, 0x1ff, 0x6, 0x5b, 0x0, 0x5, 0x0, 0x2}, 0xffffffffffffffff, 0xc, r0, 0x2)
syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r2}, 0x81)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:21:08 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x17, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x52dd, &(0x7f0000000240), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 67)

20:21:08 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:21:08 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:21:08 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:21:08 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:21:08 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4bfb, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

[  947.873124] FAULT_INJECTION: forcing a failure.
[  947.873124] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  947.875734] CPU: 1 PID: 6746 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  947.877187] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  947.878940] Call Trace:
[  947.879512]  dump_stack+0x107/0x167
[  947.880296]  should_fail.cold+0x5/0xa
[  947.881105]  __alloc_pages_nodemask+0x182/0x600
[  947.882102]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[  947.883395]  ? walk_mem_res+0x170/0x170
[  947.884262]  alloc_pages_current+0x187/0x280
[  947.885194]  pte_alloc_one+0x16/0x1a0
[  947.886016]  __pte_alloc+0x1d/0x330
[  947.886802]  remap_pfn_range_internal+0x9a3/0xf60
20:21:08 executing program 6:
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000180)={"3a2ae07fd8a91b559e200ef2fb60280c", 0x0, 0x0, {0x80, 0x7fff}, {0x9, 0x4}, 0x9, [0x7, 0x87, 0x101, 0x0, 0x9, 0x1, 0x1, 0x200, 0x7, 0x100, 0x5, 0x6, 0x0, 0xb5b4, 0xff, 0xfffffffffffffffb]})
connect$inet(r0, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000040)=0x20)
sendfile(r0, r1, 0x0, 0x6)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4, 0x0, 0x81, 0x5, 0x3, 0x3e, 0x4, 0x351, 0x40, 0x1d8, 0x1a, 0x2457, 0x38, 0x2, 0x6, 0x3, 0xffa9}, [{0x6474e551, 0x9, 0x3, 0x0, 0x6, 0xb17, 0x9, 0x3ff}, {0x2, 0x3, 0x1, 0x1800000000000, 0x6, 0x1ff, 0xd0a8, 0x57c}], "526778b17427116be8d6e178ba7a6988ffd81d5b26c1940df63f7be83717e8a4d29142566d42179620be29016a448802d554055e147099a7efc6161f14843791f6e501913f0c429ade59b07180b250a82c", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x901)

[  947.887835]  ? lookup_memtype+0x5b/0x200
20:21:08 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

[  947.888837]  ? apply_to_existing_page_range+0x40/0x40
[  947.890018]  remap_pfn_range+0xcd/0x160
[  947.890867]  ? remap_pfn_range_notrack+0x70/0x70
[  947.891873]  ? memcg_slab_post_alloc_hook+0x17a/0x430
[  947.892984]  io_uring_mmap+0x398/0x530
[  947.893835]  mmap_file+0x5e/0xe0
20:21:08 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='mnt/encrypted_dir\x00', 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
rename(&(0x7f0000000180)='mnt/encrypted_dir\x00', &(0x7f00000001c0)='./file0\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200), 0x4000)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

[  947.894583]  mmap_region+0xc49/0x1500
[  947.895504]  do_mmap+0xcdb/0x11e0
[  947.896261]  vm_mmap_pgoff+0x198/0x1f0
[  947.897081]  ? randomize_page+0xb0/0xb0
[  947.897950]  ksys_mmap_pgoff+0x41c/0x560
[  947.898817]  ? find_mergeable_anon_vma+0x250/0x250
[  947.899871]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  947.901006]  ? syscall_enter_from_user_mode+0x1d/0x50
[  947.902126]  do_syscall_64+0x33/0x40
[  947.902916]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  947.904011] RIP: 0033:0x7f7e6bc66b62
[  947.904809] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[  947.908754] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  947.910383] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  947.911890] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
[  947.913417] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  947.914942] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
[  947.916699] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
20:21:08 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b2f, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7})

20:21:08 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x5409, &(0x7f0000000000)={0x0, 0x0, 0x5, 0x4, 0x5})

20:21:08 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0)
r2 = creat(0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(r3, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r4, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x3be}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(0x0, r6, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x0, @fd=r5, 0x100, &(0x7f0000002e00)=""/4106, 0x100a, 0x14, 0x1}, 0x1)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_io_uring_complete(r1)
syz_emit_vhci(&(0x7f0000000f80)=@HCI_VENDOR_PKT, 0x2)

20:21:08 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00'})
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)

20:21:08 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:21:08 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
syz_io_uring_setup(0x5ee2, &(0x7f0000000640)={0x0, 0x3, 0x0, 0x0, 0x320}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff}}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f00000002c0)={0x40, 0x2, 0xfffffaf2, 0x6, 0xffffffff, 0x40})
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)

20:21:08 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4})

[  948.111657] ------------[ cut here ]------------
[  948.113431] WARNING: CPU: 1 PID: 6746 at arch/x86/mm/pat/memtype.c:1019 get_pat_info+0x216/0x270
[  948.115904] Modules linked in:
[  948.116866] CPU: 1 PID: 6746 Comm: syz-executor.7 Not tainted 5.10.234 #1
[  948.118767] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  948.121053] RIP: 0010:get_pat_info+0x216/0x270
[  948.122353] Code: c1 ea 03 80 3c 02 00 75 71 49 89 1e eb 8e e8 91 81 2e 00 0f 0b e9 97 fe ff ff 41 bc ea ff ff ff e9 77 ff ff ff e8 7a 81 2e 00 <0f> 0b 41 bc ea ff ff ff e9 65 ff ff ff 4c 89 ff e8 75 79 5a 00 e9
[  948.127099] RSP: 0018:ffff888037d0f898 EFLAGS: 00010216
[  948.128301] RAX: 0000000000012af1 RBX: ffff88800b390600 RCX: ffffc90004e32000
[  948.135626] RDX: 0000000000040000 RSI: ffffffff81123696 RDI: 0000000000000007
[  948.137169] RBP: ffff888037d0f950 R08: 0000000000000000 R09: ffff888037d0f820
[  948.138725] R10: 0000000000000020 R11: 0000000000000001 R12: 0000000000000028
[  948.140266] R13: 1ffff11006fa1f13 R14: 0000000000000000 R15: ffff88800b390650
[  948.141822] FS:  00007f7e691dc700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  948.143571] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  948.144843] CR2: 0000555566071c58 CR3: 000000002028e000 CR4: 0000000000350ee0
[  948.146388] Call Trace:
[  948.146988]  ? __warn+0xe2/0x1f0
[  948.147742]  ? get_pat_info+0x216/0x270
[  948.148627]  ? report_bug+0x1c1/0x210
[  948.149433]  ? handle_bug+0x41/0x90
[  948.150225]  ? exc_invalid_op+0x14/0x50
[  948.151095]  ? asm_exc_invalid_op+0x12/0x20
[  948.152038]  ? get_pat_info+0x216/0x270
[  948.152911]  ? get_pat_info+0x216/0x270
[  948.153789]  ? get_pat_info+0x216/0x270
[  948.154685]  ? pgprot_writethrough+0xc0/0xc0
[  948.155660]  untrack_pfn+0xdc/0x240
[  948.156434]  ? track_pfn_insert+0x150/0x150
[  948.157365]  ? lock_downgrade+0x6d0/0x6d0
[  948.158305]  ? uprobe_munmap+0x95/0x560
[  948.159194]  unmap_single_vma+0x1bc/0x300
[  948.160126]  zap_page_range_single+0x2ce/0x450
[  948.161134]  ? unmap_single_vma+0x300/0x300
[  948.162109]  ? remap_pfn_range_internal+0xc56/0xf60
[  948.163207]  ? lookup_memtype+0x5b/0x200
[  948.164120]  ? apply_to_existing_page_range+0x40/0x40
[  948.165254]  remap_pfn_range+0x139/0x160
[  948.166165]  ? remap_pfn_range_notrack+0x70/0x70
[  948.167204]  ? memcg_slab_post_alloc_hook+0x17a/0x430
[  948.168335]  io_uring_mmap+0x398/0x530
[  948.169203]  mmap_file+0x5e/0xe0
[  948.169973]  mmap_region+0xc49/0x1500
[  948.170831]  do_mmap+0xcdb/0x11e0
[  948.171621]  vm_mmap_pgoff+0x198/0x1f0
[  948.172492]  ? randomize_page+0xb0/0xb0
[  948.173340]  ksys_mmap_pgoff+0x41c/0x560
[  948.174275]  ? find_mergeable_anon_vma+0x250/0x250
[  948.175354]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[  948.176517]  ? syscall_enter_from_user_mode+0x1d/0x50
[  948.177653]  do_syscall_64+0x33/0x40
[  948.178487]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[  948.179617] RIP: 0033:0x7f7e6bc66b62
[  948.180393] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
[  948.184274] RSP: 002b:00007f7e691dc0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  948.185911] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7e6bc66b62
[  948.188967] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000
[  948.190685] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000
[  948.192245] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100
[  948.193805] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffb000
[  948.195368] irq event stamp: 2389
[  948.196151] hardirqs last  enabled at (2399): [<ffffffff8129a8cd>] console_unlock+0x92d/0xb40
[  948.198017] hardirqs last disabled at (2408): [<ffffffff8129a7d9>] console_unlock+0x839/0xb40
[  948.199883] softirqs last  enabled at (2356): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[  948.201825] softirqs last disabled at (2255): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[  948.203748] ---[ end trace 7ec3010a48a92f43 ]---

VM DIAGNOSIS:
20:21:08  Registers:
info registers vcpu 0
RAX=0000607f92e0b1a0 RBX=1ffff11001957f45 RCX=ffffffff81796e72 RDX=1ffff110019b96a9
RSI=ffffffff81796dac RDI=ffff88800cdcb548 RBP=ffff88800cdcb500 RSP=ffff88800cabf9f8
R8 =0000000000000000 R9 =ffffffff8686c6e7 R10=0000000000000000 R11=0000000000000001
R12=ffff88800cabfa48 R13=0000000000000001 R14=0000000000000000 R15=ffff88800cabfdf8
RIP=ffffffff81796dd2 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fceaf5018c0 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1f68c02d30 CR3=000000000d146000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f
XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=00000000000000006c6175747269762f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00005575c68f01f000005575c68da890
XMM06=00005575c68d30900000000000000003 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822dde81 RDI=ffffffff879f3140 RBP=ffffffff879f3100 RSP=ffff888037d0f2a8
R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001
R12=0000000000000020 R13=0000000000000020 R14=ffffffff879f3100 R15=dffffc0000000000
RIP=ffffffff822dded8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f7e691dc700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555566071c58 CR3=000000002028e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000