1.12.0-1 04/01/2014
[ 1932.908138] Call Trace:
[ 1932.908504]  dump_stack+0x107/0x167
[ 1932.909007]  should_fail.cold+0x5/0xa
[ 1932.909538]  _copy_to_user+0x2e/0x180
[ 1932.910090]  pagemap_read+0x333/0x590
[ 1932.910625]  ? clear_refs_write+0x780/0x780
[ 1932.911215]  ? iov_iter_advance+0x1b1/0xec0
[ 1932.911808]  do_iter_read+0x4fa/0x760
[ 1932.912329]  ? import_iovec+0x83/0xb0
[ 1932.912850]  vfs_readv+0xe5/0x160
[ 1932.913216] FAULT_INJECTION: forcing a failure.
[ 1932.913216] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1932.913325]  ? vfs_iter_read+0xa0/0xa0
[ 1932.913349]  ? __fdget_pos+0xf1/0x190
[ 1932.916869]  ? lock_downgrade+0x6d0/0x6d0
[ 1932.917436]  ? ksys_write+0x12d/0x260
[ 1932.917983]  ? __fget_files+0x2f8/0x520
[ 1932.918539]  do_readv+0x139/0x300
[ 1932.919016]  ? vfs_readv+0x160/0x160
[ 1932.919526]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.920241]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.920946]  do_syscall_64+0x33/0x40
[ 1932.921458]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.922183] RIP: 0033:0x7fbfce1e1b19
[ 1932.922685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1932.925191] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1932.926257] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1932.927230] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1932.928209] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1932.929183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1932.930175] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
[ 1932.931188] CPU: 1 PID: 9209 Comm: syz-executor.2 Not tainted 5.10.235 #1
[ 1932.933195] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1932.935345] Call Trace:
[ 1932.935901]  dump_stack+0x107/0x167
[ 1932.936885]  should_fail.cold+0x5/0xa
[ 1932.937734]  _copy_to_user+0x2e/0x180
[ 1932.938559]  pagemap_read+0x333/0x590
[ 1932.939476]  ? clear_refs_write+0x780/0x780
[ 1932.940390]  ? iov_iter_advance+0x1b1/0xec0
[ 1932.941312]  do_iter_read+0x4fa/0x760
[ 1932.942134]  ? import_iovec+0x83/0xb0
[ 1932.942935]  vfs_readv+0xe5/0x160
[ 1932.943661]  ? vfs_iter_read+0xa0/0xa0
[ 1932.944471]  ? __fdget_pos+0xf1/0x190
[ 1932.945267]  ? lock_downgrade+0x6d0/0x6d0
[ 1932.946303]  ? ksys_write+0x12d/0x260
[ 1932.947113]  ? __fget_files+0x2f8/0x520
[ 1932.947965]  do_readv+0x139/0x300
[ 1932.948695]  ? vfs_readv+0x160/0x160
[ 1932.949486]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.950592]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.951668]  do_syscall_64+0x33/0x40
[ 1932.952444]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.953518] RIP: 0033:0x7f3139729b19
[ 1932.954303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1932.958106] RSP: 002b:00007f3136c9f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1932.959677] RAX: ffffffffffffffda RBX: 00007f313983cf60 RCX: 00007f3139729b19
[ 1932.961152] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1932.962635] RBP: 00007f3136c9f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1932.964108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1932.965594] R13: 00007fffef67645f R14: 00007f3136c9f300 R15: 0000000000022000
11:26:23 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:23 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:23 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 90)

11:26:23 executing program 3:
syz_mount_image$tmpfs(0x0, &(0x7f0000000380)='./file0\x00', 0x83e, 0x0, 0x0, 0x428, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x88001)
open_tree(r0, &(0x7f0000000080)='./file1\x00', 0x1001)

11:26:23 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 10)

11:26:23 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4f000}], 0x2)

[ 1933.229746] FAULT_INJECTION: forcing a failure.
[ 1933.229746] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1933.233101] CPU: 1 PID: 9228 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1933.234613] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1933.236607] Call Trace:
[ 1933.237201]  dump_stack+0x107/0x167
[ 1933.237997]  should_fail.cold+0x5/0xa
[ 1933.238846]  __alloc_pages_nodemask+0x182/0x600
[ 1933.239829]  ? add_mm_counter_fast+0x220/0x220
[ 1933.240801]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1933.242127]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1933.243283]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.244239]  ? mark_held_locks+0x9e/0xe0
[ 1933.245100]  alloc_pages_vma+0xbb/0x410
[ 1933.245973]  handle_mm_fault+0x152f/0x3500
[ 1933.246847]  ? __pmd_alloc+0x5e0/0x5e0
[ 1933.247677]  ? vmacache_find+0x55/0x2a0
[ 1933.248538]  do_user_addr_fault+0x56e/0xc60
[ 1933.249471]  exc_page_fault+0xa2/0x1a0
[ 1933.250310]  asm_exc_page_fault+0x1e/0x30
[ 1933.251201] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1933.252347] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1933.256254] RSP: 0018:ffff888046ac7b50 EFLAGS: 00050246
[ 1933.257390] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1933.258893] RDX: 0000000000000000 RSI: ffff88801fe9c898 RDI: 000000002002b000
[ 1933.260402] RBP: 000000002002a768 R08: 0000000000000000 R09: ffff88801fe9cfff
[ 1933.261918] R10: ffffed1003fd39ff R11: 0000000000000001 R12: 000000002002b768
[ 1933.263420] R13: ffff88801fe9c000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1933.264977]  _copy_to_user+0x13d/0x180
[ 1933.265805]  pagemap_read+0x333/0x590
[ 1933.266627]  ? clear_refs_write+0x780/0x780
[ 1933.267544]  ? iov_iter_advance+0x1b1/0xec0
[ 1933.268474]  do_iter_read+0x4fa/0x760
[ 1933.269286]  ? import_iovec+0x83/0xb0
[ 1933.270111]  vfs_readv+0xe5/0x160
[ 1933.270847]  ? vfs_iter_read+0xa0/0xa0
[ 1933.271666]  ? __fdget_pos+0xf1/0x190
[ 1933.272472]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.273361]  ? ksys_write+0x12d/0x260
[ 1933.274185]  ? __fget_files+0x2f8/0x520
[ 1933.275053]  do_readv+0x139/0x300
[ 1933.275788]  ? vfs_readv+0x160/0x160
[ 1933.276580]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1933.277690]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1933.278797]  do_syscall_64+0x33/0x40
[ 1933.279588]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1933.280667] RIP: 0033:0x7fbfce1e1b19
[ 1933.281454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1933.285655] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1933.287269] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1933.288779] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
11:26:24 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 1933.290460] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1933.292196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1933.293933] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:26:24 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 1933.420447] FAULT_INJECTION: forcing a failure.
[ 1933.420447] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1933.423265] CPU: 1 PID: 9237 Comm: syz-executor.2 Not tainted 5.10.235 #1
[ 1933.424715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1933.426479] Call Trace:
[ 1933.427048]  dump_stack+0x107/0x167
[ 1933.427820]  should_fail.cold+0x5/0xa
[ 1933.428629]  __alloc_pages_nodemask+0x182/0x600
[ 1933.429626]  ? add_mm_counter_fast+0x220/0x220
[ 1933.430602]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1933.431876]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1933.432990]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.433875]  ? mark_held_locks+0x9e/0xe0
[ 1933.434751]  alloc_pages_vma+0xbb/0x410
[ 1933.435611]  handle_mm_fault+0x152f/0x3500
[ 1933.436519]  ? __pmd_alloc+0x5e0/0x5e0
[ 1933.437363]  ? vmacache_find+0x55/0x2a0
[ 1933.438212]  ? vmacache_update+0xce/0x140
[ 1933.439101]  do_user_addr_fault+0x56e/0xc60
[ 1933.440034]  exc_page_fault+0xa2/0x1a0
[ 1933.440873]  asm_exc_page_fault+0x1e/0x30
[ 1933.441754] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1933.442910] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1933.446853] RSP: 0018:ffff88804ab37b50 EFLAGS: 00050246
[ 1933.447996] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1933.449505] RDX: 0000000000000000 RSI: ffff888046868898 RDI: 0000000020003000
[ 1933.451031] RBP: 0000000020002768 R08: 0000000000000000 R09: ffff888046868fff
[ 1933.452537] R10: ffffed1008d0d1ff R11: 0000000000000001 R12: 0000000020003768
[ 1933.454053] R13: ffff888046868000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1933.455588]  _copy_to_user+0x13d/0x180
[ 1933.456416]  pagemap_read+0x333/0x590
[ 1933.457232]  ? clear_refs_write+0x780/0x780
[ 1933.458155]  ? iov_iter_advance+0x1b1/0xec0
[ 1933.459090]  do_iter_read+0x4fa/0x760
[ 1933.459903]  ? import_iovec+0x83/0xb0
[ 1933.460720]  vfs_readv+0xe5/0x160
[ 1933.461452]  ? vfs_iter_read+0xa0/0xa0
[ 1933.462284]  ? __fdget_pos+0xf1/0x190
[ 1933.463130]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.464287]  ? ksys_write+0x12d/0x260
[ 1933.465263]  ? __fget_files+0x2f8/0x520
[ 1933.466408]  do_readv+0x139/0x300
[ 1933.467146]  ? vfs_readv+0x160/0x160
[ 1933.468053]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1933.469382]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1933.470802]  do_syscall_64+0x33/0x40
[ 1933.471691]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1933.473014] RIP: 0033:0x7f3139729b19
[ 1933.473985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1933.478649] RSP: 002b:00007f3136c9f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1933.480555] RAX: ffffffffffffffda RBX: 00007f313983cf60 RCX: 00007f3139729b19
[ 1933.482374] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1933.484050] RBP: 00007f3136c9f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1933.485648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1933.487175] R13: 00007fffef67645f R14: 00007f3136c9f300 R15: 0000000000022000
11:26:24 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 1)

11:26:24 executing program 3:
syz_mount_image$tmpfs(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000c00), 0x400000, 0x0)
faccessat2(r5, &(0x7f0000000c40)='./file1\x00', 0x182, 0x200)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001)
r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x443, 0x100380)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x4, &(0x7f00000000c0)=[{0x7, 0x5, 0xff}, {0x7, 0x0, 0x0, 0x1c25}, {0x40, 0x20, 0x6, 0x1}, {0xff, 0x17, 0x4}]})
syz_io_uring_submit(0x0, r2, &(0x7f0000000140)=@IORING_OP_SPLICE={0x1e, 0x4, 0x0, @fd_index=0x4, 0x10001, {0x0, r7}, 0x1, 0x4, 0x1, {0x0, 0x0, r8}}, 0x6)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x88001)
open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x1900)

11:26:24 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 91)

11:26:24 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x50000}], 0x2)

11:26:24 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:24 executing program 3:
r0 = syz_mount_image$tmpfs(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x88001)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
dup3(r0, r2, 0x0)
open_tree(r1, &(0x7f0000000000)='./file1\x00', 0x101)

[ 1933.727275] FAULT_INJECTION: forcing a failure.
[ 1933.727275] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1933.730225] CPU: 1 PID: 9251 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1933.731685] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1933.733434] Call Trace:
[ 1933.734003]  dump_stack+0x107/0x167
[ 1933.734775]  should_fail.cold+0x5/0xa
[ 1933.735577]  __alloc_pages_nodemask+0x182/0x600
[ 1933.736566]  ? add_mm_counter_fast+0x220/0x220
[ 1933.737541]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1933.738833]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1933.739925]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.740790]  ? mark_held_locks+0x9e/0xe0
[ 1933.741652]  alloc_pages_vma+0xbb/0x410
[ 1933.742505]  handle_mm_fault+0x152f/0x3500
[ 1933.743407]  ? __pmd_alloc+0x5e0/0x5e0
[ 1933.744238]  ? vmacache_find+0x55/0x2a0
[ 1933.745090]  do_user_addr_fault+0x56e/0xc60
[ 1933.746021]  exc_page_fault+0xa2/0x1a0
[ 1933.746853]  asm_exc_page_fault+0x1e/0x30
[ 1933.747723] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1933.748860] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1933.752752] RSP: 0018:ffff88804a497b50 EFLAGS: 00050246
[ 1933.753880] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1933.755391] RDX: 0000000000000000 RSI: ffff88804a7fc898 RDI: 000000002002b000
[ 1933.756865] RBP: 000000002002a768 R08: 0000000000000000 R09: ffff88804a7fcfff
[ 1933.758342] R10: ffffed10094ff9ff R11: 0000000000000001 R12: 000000002002b768
[ 1933.759848] R13: ffff88804a7fc000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1933.761393]  _copy_to_user+0x13d/0x180
[ 1933.762232]  pagemap_read+0x333/0x590
[ 1933.763041]  ? clear_refs_write+0x780/0x780
[ 1933.763953]  ? iov_iter_advance+0x1b1/0xec0
[ 1933.764876]  ? pagemap_read+0x198/0x590
[ 1933.765720]  do_iter_read+0x4fa/0x760
[ 1933.766535]  ? import_iovec+0x83/0xb0
[ 1933.767353]  vfs_readv+0xe5/0x160
[ 1933.768093]  ? vfs_iter_read+0xa0/0xa0
[ 1933.768920]  ? __fdget_pos+0xf1/0x190
[ 1933.769724]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.770616]  ? ksys_write+0x12d/0x260
[ 1933.771435]  ? __fget_files+0x2f8/0x520
[ 1933.772301]  do_readv+0x139/0x300
[ 1933.773039]  ? vfs_readv+0x160/0x160
[ 1933.773832]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1933.774947]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1933.776040]  do_syscall_64+0x33/0x40
[ 1933.776825]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1933.777911] RIP: 0033:0x7fbfce1e1b19
[ 1933.778706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1933.782576] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1933.784180] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1933.785675] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1933.787189] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1933.788701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1933.790214] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:26:24 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:24 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 11)

[ 1933.813276] FAULT_INJECTION: forcing a failure.
[ 1933.813276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1933.815971] CPU: 1 PID: 9254 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1933.817716] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1933.819533] Call Trace:
[ 1933.820093]  dump_stack+0x107/0x167
[ 1933.820863]  should_fail.cold+0x5/0xa
[ 1933.821680]  _copy_from_user+0x2e/0x1b0
[ 1933.822535]  iovec_from_user+0x141/0x400
[ 1933.823390]  ? lock_acquire+0x197/0x470
[ 1933.824354]  __import_iovec+0x67/0x590
[ 1933.825406]  ? lock_release+0x680/0x680
[ 1933.826343]  ? SOFTIRQ_verbose+0x10/0x10
[ 1933.827214]  import_iovec+0x83/0xb0
[ 1933.827997]  vfs_readv+0xbb/0x160
[ 1933.828894]  ? vfs_iter_read+0xa0/0xa0
[ 1933.829892]  ? __fdget_pos+0xf1/0x190
[ 1933.830697]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.831576]  ? mutex_lock_io_nested+0xf30/0xf30
[ 1933.832565]  ? ksys_write+0x12d/0x260
[ 1933.833488]  ? __fget_files+0x2f8/0x520
[ 1933.834618]  do_readv+0x139/0x300
[ 1933.835355]  ? vfs_readv+0x160/0x160
[ 1933.836147]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1933.837234]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1933.838567]  do_syscall_64+0x33/0x40
[ 1933.839332]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1933.840526] RIP: 0033:0x7fad0dc79b19
[ 1933.841312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1933.845668] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1933.847463] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1933.849072] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1933.850584] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1933.852084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1933.853925] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
[ 1933.952634] FAULT_INJECTION: forcing a failure.
[ 1933.952634] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1933.955805] CPU: 1 PID: 9261 Comm: syz-executor.2 Not tainted 5.10.235 #1
[ 1933.957258] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1933.959019] Call Trace:
[ 1933.959689]  dump_stack+0x107/0x167
[ 1933.960617]  should_fail.cold+0x5/0xa
[ 1933.961584]  _copy_to_user+0x2e/0x180
[ 1933.962563]  pagemap_read+0x333/0x590
[ 1933.963574]  ? clear_refs_write+0x780/0x780
[ 1933.964577]  ? iov_iter_advance+0x1b1/0xec0
[ 1933.965710]  do_iter_read+0x4fa/0x760
[ 1933.966702]  ? import_iovec+0x83/0xb0
[ 1933.967605]  vfs_readv+0xe5/0x160
[ 1933.968506]  ? vfs_iter_read+0xa0/0xa0
[ 1933.969457]  ? __fdget_pos+0xf1/0x190
[ 1933.970452]  ? lock_downgrade+0x6d0/0x6d0
[ 1933.971411]  ? ksys_write+0x12d/0x260
[ 1933.972386]  ? __fget_files+0x2f8/0x520
[ 1933.973319]  do_readv+0x139/0x300
[ 1933.974241]  ? vfs_readv+0x160/0x160
[ 1933.975131]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1933.976396]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1933.977650]  do_syscall_64+0x33/0x40
[ 1933.978517]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1933.979805] RIP: 0033:0x7f3139729b19
[ 1933.980659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1933.984518] RSP: 002b:00007f3136c9f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1933.986112] RAX: ffffffffffffffda RBX: 00007f313983cf60 RCX: 00007f3139729b19
[ 1933.987599] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1933.989102] RBP: 00007f3136c9f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1933.990601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1933.992096] R13: 00007fffef67645f R14: 00007f3136c9f300 R15: 0000000000022000
11:26:43 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 12)

11:26:43 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:43 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 92)

11:26:43 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x0, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:43 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x51000}], 0x2)

11:26:43 executing program 3:
syz_mount_image$tmpfs(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x88001)
open_tree(r0, &(0x7f0000000000)='./file1\x00', 0x101)

11:26:43 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 2)

11:26:43 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 1952.933567] FAULT_INJECTION: forcing a failure.
[ 1952.933567] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1952.936234] CPU: 0 PID: 9276 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1952.937693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1952.939449] Call Trace:
[ 1952.940011]  dump_stack+0x107/0x167
[ 1952.940794]  should_fail.cold+0x5/0xa
[ 1952.941606]  __alloc_pages_nodemask+0x182/0x600
[ 1952.942608]  ? add_mm_counter_fast+0x220/0x220
[ 1952.943577]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1952.944818] FAULT_INJECTION: forcing a failure.
[ 1952.944818] name failslab, interval 1, probability 0, space 0, times 0
[ 1952.947158]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1952.947180]  ? lock_downgrade+0x6d0/0x6d0
[ 1952.947197]  ? mark_held_locks+0x9e/0xe0
[ 1952.947228]  alloc_pages_vma+0xbb/0x410
[ 1952.950929]  handle_mm_fault+0x152f/0x3500
[ 1952.951837]  ? __pmd_alloc+0x5e0/0x5e0
[ 1952.952672]  ? vmacache_find+0x55/0x2a0
[ 1952.953528]  do_user_addr_fault+0x56e/0xc60
[ 1952.954459]  exc_page_fault+0xa2/0x1a0
[ 1952.955280]  asm_exc_page_fault+0x1e/0x30
[ 1952.956161] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1952.957303] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1952.961196] RSP: 0018:ffff88801fe0fb50 EFLAGS: 00050246
[ 1952.962331] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1952.963838] RDX: 0000000000000000 RSI: ffff888046808898 RDI: 000000002002c000
[ 1952.965347] RBP: 000000002002b768 R08: 0000000000000000 R09: ffff888046808fff
[ 1952.966859] R10: ffffed1008d011ff R11: 0000000000000001 R12: 000000002002c768
[ 1952.968376] R13: ffff888046808000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1952.969905]  _copy_to_user+0x13d/0x180
[ 1952.970738]  pagemap_read+0x333/0x590
[ 1952.971555]  ? clear_refs_write+0x780/0x780
[ 1952.972462]  ? iov_iter_advance+0x1b1/0xec0
[ 1952.973389]  do_iter_read+0x4fa/0x760
[ 1952.974209]  ? import_iovec+0x83/0xb0
[ 1952.975022]  vfs_readv+0xe5/0x160
[ 1952.975753]  ? vfs_iter_read+0xa0/0xa0
[ 1952.976580]  ? __fdget_pos+0xf1/0x190
[ 1952.977388]  ? lock_downgrade+0x6d0/0x6d0
[ 1952.978290]  ? ksys_write+0x12d/0x260
[ 1952.979104]  ? __fget_files+0x2f8/0x520
[ 1952.979965]  do_readv+0x139/0x300
[ 1952.980697]  ? vfs_readv+0x160/0x160
[ 1952.981491]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1952.982609]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1952.983700]  do_syscall_64+0x33/0x40
[ 1952.984484]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1952.985568] RIP: 0033:0x7fbfce1e1b19
[ 1952.986359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1952.990255] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1952.991855] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1952.993359] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1952.994870] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1952.996375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1952.997882] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
[ 1952.999438] CPU: 1 PID: 9278 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1953.000900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1953.002652] Call Trace:
[ 1953.003213]  dump_stack+0x107/0x167
[ 1953.003985]  should_fail.cold+0x5/0xa
[ 1953.004424] FAULT_INJECTION: forcing a failure.
[ 1953.004424] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1953.004795]  ? pagemap_read+0x244/0x590
[ 1953.008070]  should_failslab+0x5/0x20
[ 1953.008874]  kmem_cache_alloc_trace+0x55/0x320
[ 1953.009844]  pagemap_read+0x244/0x590
[ 1953.010663]  ? clear_refs_write+0x780/0x780
[ 1953.011573]  ? security_file_permission+0xb1/0xe0
[ 1953.012593]  do_iter_read+0x4fa/0x760
[ 1953.013407]  ? import_iovec+0x83/0xb0
[ 1953.014230]  vfs_readv+0xe5/0x160
[ 1953.014959]  ? vfs_iter_read+0xa0/0xa0
[ 1953.015785]  ? __fdget_pos+0xf1/0x190
[ 1953.016585]  ? lock_downgrade+0x6d0/0x6d0
[ 1953.017468]  ? ksys_write+0x12d/0x260
[ 1953.018285]  ? __fget_files+0x2f8/0x520
[ 1953.019146]  do_readv+0x139/0x300
[ 1953.019875]  ? vfs_readv+0x160/0x160
[ 1953.020662]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1953.021775]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1953.022872]  do_syscall_64+0x33/0x40
[ 1953.023659]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1953.024736] RIP: 0033:0x7fad0dc79b19
[ 1953.025520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1953.029421] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1953.031028] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1953.032527] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1953.034038] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1953.035538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1953.037028] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
[ 1953.038564] CPU: 0 PID: 9275 Comm: syz-executor.2 Not tainted 5.10.235 #1
[ 1953.040020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1953.041765] Call Trace:
[ 1953.042330]  dump_stack+0x107/0x167
[ 1953.043105]  should_fail.cold+0x5/0xa
[ 1953.043918]  __alloc_pages_nodemask+0x182/0x600
[ 1953.044903]  ? add_mm_counter_fast+0x220/0x220
[ 1953.045870]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1953.047153]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1953.048261]  ? lock_downgrade+0x6d0/0x6d0
[ 1953.049128]  ? mark_held_locks+0x9e/0xe0
[ 1953.050001]  alloc_pages_vma+0xbb/0x410
[ 1953.050847]  handle_mm_fault+0x152f/0x3500
[ 1953.051753]  ? __pmd_alloc+0x5e0/0x5e0
[ 1953.052591]  ? vmacache_find+0x55/0x2a0
[ 1953.053444]  do_user_addr_fault+0x56e/0xc60
[ 1953.054368]  exc_page_fault+0xa2/0x1a0
[ 1953.055189]  asm_exc_page_fault+0x1e/0x30
[ 1953.056060] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1953.057201] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1953.061087] RSP: 0018:ffff88804e157b50 EFLAGS: 00050246
[ 1953.062219] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1953.063724] RDX: 0000000000000000 RSI: ffff88804a99c898 RDI: 0000000020004000
[ 1953.065235] RBP: 0000000020003768 R08: 0000000000000000 R09: ffff88804a99cfff
11:26:43 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 3)

[ 1953.066767] R10: ffffed10095339ff R11: 0000000000000001 R12: 0000000020004768
[ 1953.068480] R13: ffff88804a99c000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1953.070015]  _copy_to_user+0x13d/0x180
[ 1953.070844]  pagemap_read+0x333/0x590
[ 1953.071655]  ? clear_refs_write+0x780/0x780
[ 1953.072566]  ? iov_iter_advance+0x1b1/0xec0
[ 1953.073490]  do_iter_read+0x4fa/0x760
[ 1953.074314]  ? import_iovec+0x83/0xb0
[ 1953.075124]  vfs_readv+0xe5/0x160
[ 1953.075863]  ? vfs_iter_read+0xa0/0xa0
[ 1953.076688]  ? __fdget_pos+0xf1/0x190
[ 1953.077491]  ? lock_downgrade+0x6d0/0x6d0
[ 1953.078379]  ? ksys_write+0x12d/0x260
[ 1953.079188]  ? __fget_files+0x2f8/0x520
[ 1953.080048]  do_readv+0x139/0x300
[ 1953.080782]  ? vfs_readv+0x160/0x160
[ 1953.081576]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1953.082691]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1953.083790]  do_syscall_64+0x33/0x40
[ 1953.084575]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1953.085653] RIP: 0033:0x7f3139729b19
[ 1953.086452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1953.090337] RSP: 002b:00007f3136c9f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1953.091933] RAX: ffffffffffffffda RBX: 00007f313983cf60 RCX: 00007f3139729b19
[ 1953.093445] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1953.094952] RBP: 00007f3136c9f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1953.096457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1953.097962] R13: 00007fffef67645f R14: 00007f3136c9f300 R15: 0000000000022000
11:26:43 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x0, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:43 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x52000}], 0x2)

[ 1953.329384] FAULT_INJECTION: forcing a failure.
[ 1953.329384] name failslab, interval 1, probability 0, space 0, times 0
[ 1953.332680] CPU: 1 PID: 9287 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1953.334443] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1953.336744] Call Trace:
[ 1953.337605]  dump_stack+0x107/0x167
[ 1953.338590]  should_fail.cold+0x5/0xa
[ 1953.339579]  ? create_object.isra.0+0x3a/0xa20
[ 1953.340754]  should_failslab+0x5/0x20
[ 1953.341754]  kmem_cache_alloc+0x5b/0x310
[ 1953.342815]  create_object.isra.0+0x3a/0xa20
[ 1953.344073]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1953.345646]  kmem_cache_alloc_trace+0x151/0x320
[ 1953.346890]  pagemap_read+0x244/0x590
[ 1953.347870]  ? clear_refs_write+0x780/0x780
[ 1953.348840]  ? security_file_permission+0xb1/0xe0
[ 1953.350197]  do_iter_read+0x4fa/0x760
[ 1953.351212]  ? import_iovec+0x83/0xb0
[ 1953.352202]  vfs_readv+0xe5/0x160
[ 1953.353240]  ? vfs_iter_read+0xa0/0xa0
[ 1953.354544]  ? __fdget_pos+0xf1/0x190
[ 1953.355542]  ? lock_downgrade+0x6d0/0x6d0
[ 1953.356817]  ? ksys_write+0x12d/0x260
[ 1953.358018]  ? __fget_files+0x2f8/0x520
[ 1953.359077]  do_readv+0x139/0x300
[ 1953.360161]  ? vfs_readv+0x160/0x160
[ 1953.361187]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1953.362554]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1953.363746]  do_syscall_64+0x33/0x40
[ 1953.364905]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1953.366348] RIP: 0033:0x7fad0dc79b19
[ 1953.367145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1953.371055] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1953.372680] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1953.374203] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1953.375718] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1953.377244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1953.378769] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:26:57 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 4)

11:26:57 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x0, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:57 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 93)

11:26:57 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:57 executing program 3:
syz_mount_image$tmpfs(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x2000080, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x88001)
utimes(&(0x7f00000000c0)='./file1/file0\x00', &(0x7f0000000100)={{0x0, 0x2710}, {0x0, 0xea60}})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
pread64(r0, &(0x7f0000000180)=""/158, 0x9e, 0x2)
faccessat2(r1, &(0x7f0000000080)='./file1\x00', 0x188, 0x1200)
open_tree(r0, &(0x7f0000000000)='./file1\x00', 0x101)
r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000140))
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x9)

11:26:57 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:57 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x53000}], 0x2)

11:26:57 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 13)

[ 1966.861797] FAULT_INJECTION: forcing a failure.
[ 1966.861797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1966.863405] CPU: 0 PID: 9310 Comm: syz-executor.2 Not tainted 5.10.235 #1
[ 1966.864268] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1966.865332] Call Trace:
[ 1966.865672]  dump_stack+0x107/0x167
[ 1966.866144]  should_fail.cold+0x5/0xa
[ 1966.866636]  _copy_to_user+0x2e/0x180
[ 1966.867142]  pagemap_read+0x333/0x590
[ 1966.867631]  ? clear_refs_write+0x780/0x780
[ 1966.868176]  ? iov_iter_advance+0x1b1/0xec0
[ 1966.868741]  do_iter_read+0x4fa/0x760
[ 1966.869237]  ? import_iovec+0x83/0xb0
[ 1966.869740]  vfs_readv+0xe5/0x160
[ 1966.870184]  ? vfs_iter_read+0xa0/0xa0
[ 1966.870688]  ? __fdget_pos+0xf1/0x190
[ 1966.871184]  ? lock_downgrade+0x6d0/0x6d0
[ 1966.871714]  ? ksys_write+0x12d/0x260
[ 1966.872216]  ? __fget_files+0x2f8/0x520
[ 1966.872734]  do_readv+0x139/0x300
[ 1966.873189]  ? vfs_readv+0x160/0x160
[ 1966.873670]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1966.874358]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1966.874423] FAULT_INJECTION: forcing a failure.
[ 1966.874423] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1966.875018]  do_syscall_64+0x33/0x40
[ 1966.875031]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1966.875039] RIP: 0033:0x7f3139729b19
[ 1966.875051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1966.875058] RSP: 002b:00007f3136c9f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1966.875071] RAX: ffffffffffffffda RBX: 00007f313983cf60 RCX: 00007f3139729b19
[ 1966.875077] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1966.875084] RBP: 00007f3136c9f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1966.875102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1966.886068] R13: 00007fffef67645f R14: 00007f3136c9f300 R15: 0000000000022000
[ 1966.887014] CPU: 1 PID: 9307 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1966.888465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1966.890226] Call Trace:
[ 1966.890791]  dump_stack+0x107/0x167
[ 1966.891564]  should_fail.cold+0x5/0xa
[ 1966.892382]  _copy_to_user+0x2e/0x180
[ 1966.893195]  pagemap_read+0x333/0x590
[ 1966.894012]  ? clear_refs_write+0x780/0x780
[ 1966.894935]  ? iov_iter_advance+0x1b1/0xec0
11:26:57 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 1966.895865]  do_iter_read+0x4fa/0x760
[ 1966.896876]  ? import_iovec+0x83/0xb0
[ 1966.897800]  vfs_readv+0xe5/0x160
[ 1966.898729]  ? vfs_iter_read+0xa0/0xa0
[ 1966.899682]  ? __fdget_pos+0xf1/0x190
[ 1966.900736]  ? lock_downgrade+0x6d0/0x6d0
[ 1966.901715]  ? ksys_write+0x12d/0x260
[ 1966.902733]  ? __fget_files+0x2f8/0x520
[ 1966.903704]  do_readv+0x139/0x300
[ 1966.904621]  ? vfs_readv+0x160/0x160
[ 1966.905490]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1966.906887]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1966.908144]  do_syscall_64+0x33/0x40
[ 1966.909111]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1966.910406] RIP: 0033:0x7fbfce1e1b19
[ 1966.911331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1966.915977] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1966.917892] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1966.919643] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1966.921272] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1966.922788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1966.924293] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:26:57 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 14)

[ 1966.968793] FAULT_INJECTION: forcing a failure.
[ 1966.968793] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1966.971653] CPU: 1 PID: 9309 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1966.973106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1966.974868] Call Trace:
[ 1966.975440]  dump_stack+0x107/0x167
[ 1966.976225]  should_fail.cold+0x5/0xa
[ 1966.977051]  _copy_to_user+0x2e/0x180
[ 1966.977874]  pagemap_read+0x333/0x590
[ 1966.978703]  ? clear_refs_write+0x780/0x780
[ 1966.979634]  ? security_file_permission+0xb1/0xe0
[ 1966.980681]  do_iter_read+0x4fa/0x760
[ 1966.981500]  ? import_iovec+0x83/0xb0
[ 1966.982328]  vfs_readv+0xe5/0x160
[ 1966.983062]  ? vfs_iter_read+0xa0/0xa0
[ 1966.983889]  ? __fdget_pos+0xf1/0x190
[ 1966.984705]  ? lock_downgrade+0x6d0/0x6d0
[ 1966.985597]  ? ksys_write+0x12d/0x260
[ 1966.986423]  ? __fget_files+0x2f8/0x520
[ 1966.987283]  do_readv+0x139/0x300
[ 1966.988027]  ? vfs_readv+0x160/0x160
[ 1966.988814]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1966.989929]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1966.991028]  do_syscall_64+0x33/0x40
[ 1966.991819]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1966.992901] RIP: 0033:0x7fad0dc79b19
[ 1966.993687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1966.997575] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1966.999187] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1967.000699] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1967.002209] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1967.003709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1967.005218] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:26:57 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:57 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0x0, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:57 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0) (fail_nth: 1)

[ 1967.095472] FAULT_INJECTION: forcing a failure.
[ 1967.095472] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1967.098643] CPU: 1 PID: 9318 Comm: syz-executor.2 Not tainted 5.10.235 #1
[ 1967.100109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1967.101875] Call Trace:
[ 1967.102446]  dump_stack+0x107/0x167
[ 1967.103219]  should_fail.cold+0x5/0xa
[ 1967.104033]  __alloc_pages_nodemask+0x182/0x600
[ 1967.105019]  ? add_mm_counter_fast+0x220/0x220
[ 1967.105984]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1967.107265]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1967.108378]  ? lock_downgrade+0x6d0/0x6d0
[ 1967.109252]  ? mark_held_locks+0x9e/0xe0
[ 1967.110124]  alloc_pages_vma+0xbb/0x410
[ 1967.110974]  handle_mm_fault+0x152f/0x3500
[ 1967.112086]  ? __pmd_alloc+0x5e0/0x5e0
[ 1967.113046]  ? vmacache_find+0x55/0x2a0
[ 1967.113992]  ? vmacache_update+0xce/0x140
[ 1967.115116]  do_user_addr_fault+0x56e/0xc60
[ 1967.116148]  exc_page_fault+0xa2/0x1a0
[ 1967.117221]  asm_exc_page_fault+0x1e/0x30
[ 1967.118221] RIP: 0010:copy_user_generic_string+0x2c/0x40
11:26:57 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 94)

[ 1967.119613] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1967.123632] RSP: 0018:ffff88800bf37b50 EFLAGS: 00050246
[ 1967.124768] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1967.126280] RDX: 0000000000000000 RSI: ffff888019db0898 RDI: 0000000020005000
[ 1967.127792] RBP: 0000000020004768 R08: 0000000000000000 R09: ffff888019db0fff
[ 1967.129299] R10: ffffed10033b61ff R11: 0000000000000001 R12: 0000000020005768
[ 1967.130820] R13: ffff888019db0000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1967.132354]  _copy_to_user+0x13d/0x180
[ 1967.133314]  pagemap_read+0x333/0x590
11:26:57 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 5)

[ 1967.134291]  ? clear_refs_write+0x780/0x780
[ 1967.135357]  ? iov_iter_advance+0x1b1/0xec0
[ 1967.136509]  do_iter_read+0x4fa/0x760
[ 1967.137422]  ? import_iovec+0x83/0xb0
[ 1967.138435]  vfs_readv+0xe5/0x160
[ 1967.139170]  ? vfs_iter_read+0xa0/0xa0
[ 1967.139998]  ? __fdget_pos+0xf1/0x190
[ 1967.140903]  ? lock_downgrade+0x6d0/0x6d0
[ 1967.141994]  ? ksys_write+0x12d/0x260
[ 1967.142938]  ? __fget_files+0x2f8/0x520
[ 1967.144025]  do_readv+0x139/0x300
[ 1967.144757]  ? vfs_readv+0x160/0x160
11:26:57 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 1967.145566]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1967.146822]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1967.148127]  do_syscall_64+0x33/0x40
[ 1967.149100]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1967.150448] RIP: 0033:0x7f3139729b19
[ 1967.151239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1967.155471] RSP: 002b:00007f3136c9f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1967.157368] RAX: ffffffffffffffda RBX: 00007f313983cf60 RCX: 00007f3139729b19
[ 1967.158946] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1967.160559] RBP: 00007f3136c9f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1967.162333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1967.163849] R13: 00007fffef67645f R14: 00007f3136c9f300 R15: 0000000000022000
11:26:57 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x54000}], 0x2)

11:26:57 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:26:58 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(0xffffffffffffffff, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:26:58 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:26:58 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x55000}], 0x2)

[ 1967.397570] FAULT_INJECTION: forcing a failure.
[ 1967.397570] name failslab, interval 1, probability 0, space 0, times 0
[ 1967.400262] CPU: 1 PID: 9336 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1967.401703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1967.403452] Call Trace:
[ 1967.404010]  dump_stack+0x107/0x167
[ 1967.404782]  should_fail.cold+0x5/0xa
[ 1967.405582]  ? pagemap_read+0x244/0x590
[ 1967.406434]  should_failslab+0x5/0x20
[ 1967.407234]  kmem_cache_alloc_trace+0x55/0x320
[ 1967.408197]  pagemap_read+0x244/0x590
[ 1967.409011]  ? clear_refs_write+0x780/0x780
[ 1967.409920]  ? iov_iter_advance+0x1b1/0xec0
[ 1967.410855]  do_iter_read+0x4fa/0x760
[ 1967.411664]  ? import_iovec+0x83/0xb0
[ 1967.412480]  vfs_readv+0xe5/0x160
[ 1967.413214]  ? vfs_iter_read+0xa0/0xa0
[ 1967.414036]  ? __fdget_pos+0xf1/0x190
[ 1967.414857]  ? lock_downgrade+0x6d0/0x6d0
[ 1967.415740]  ? ksys_write+0x12d/0x260
[ 1967.416546]  ? __fget_files+0x2f8/0x520
[ 1967.417404]  do_readv+0x139/0x300
[ 1967.418152]  ? vfs_readv+0x160/0x160
[ 1967.418949]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1967.420060]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1967.421156]  do_syscall_64+0x33/0x40
[ 1967.421948]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1967.423039] RIP: 0033:0x7fad0dc79b19
[ 1967.423821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1967.427692] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1967.429288] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1967.430805] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1967.432307] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1967.433810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1967.435316] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
[ 1967.576649] FAULT_INJECTION: forcing a failure.
[ 1967.576649] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1967.579360] CPU: 1 PID: 9350 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1967.581067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1967.582824] Call Trace:
[ 1967.583384]  dump_stack+0x107/0x167
[ 1967.584159]  should_fail.cold+0x5/0xa
[ 1967.585126]  __alloc_pages_nodemask+0x182/0x600
[ 1967.586268]  ? add_mm_counter_fast+0x220/0x220
[ 1967.587237]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1967.588501]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1967.589608]  ? lock_downgrade+0x6d0/0x6d0
[ 1967.590487]  ? mark_held_locks+0x9e/0xe0
[ 1967.591546]  alloc_pages_vma+0xbb/0x410
[ 1967.592459]  handle_mm_fault+0x152f/0x3500
[ 1967.593423]  ? __pmd_alloc+0x5e0/0x5e0
[ 1967.594264]  ? vmacache_find+0x55/0x2a0
[ 1967.595106]  ? vmacache_update+0xce/0x140
[ 1967.596160]  do_user_addr_fault+0x56e/0xc60
[ 1967.597241]  exc_page_fault+0xa2/0x1a0
[ 1967.598087]  asm_exc_page_fault+0x1e/0x30
[ 1967.598973] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1967.600447] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1967.604683] RSP: 0018:ffff88804e05fb50 EFLAGS: 00050246
[ 1967.605812] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1967.607501] RDX: 0000000000000000 RSI: ffff88804a998898 RDI: 000000002002d000
[ 1967.609139] RBP: 000000002002c768 R08: 0000000000000000 R09: ffff88804a998fff
[ 1967.610689] R10: ffffed10095331ff R11: 0000000000000001 R12: 000000002002d768
[ 1967.612487] R13: ffff88804a998000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1967.614020]  _copy_to_user+0x13d/0x180
[ 1967.614864]  pagemap_read+0x333/0x590
[ 1967.615871]  ? clear_refs_write+0x780/0x780
[ 1967.616933]  ? iov_iter_advance+0x1b1/0xec0
[ 1967.617869]  do_iter_read+0x4fa/0x760
[ 1967.618693]  ? import_iovec+0x83/0xb0
[ 1967.619564]  vfs_readv+0xe5/0x160
[ 1967.620464]  ? vfs_iter_read+0xa0/0xa0
[ 1967.621418]  ? __fdget_pos+0xf1/0x190
[ 1967.622237]  ? lock_downgrade+0x6d0/0x6d0
[ 1967.623125]  ? ksys_write+0x12d/0x260
[ 1967.623941]  ? __fget_files+0x2f8/0x520
[ 1967.624811]  do_readv+0x139/0x300
[ 1967.625740]  ? vfs_readv+0x160/0x160
[ 1967.626598]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1967.627913]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1967.629132]  do_syscall_64+0x33/0x40
[ 1967.629920]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1967.631020] RIP: 0033:0x7fbfce1e1b19
[ 1967.631808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1967.635698] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1967.637307] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1967.638820] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1967.640333] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1967.641833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1967.643349] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:27:12 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 95)

11:27:12 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0x0, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:12 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 15)

11:27:12 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(0xffffffffffffffff, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:12 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:12 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x10}], 0x1, 0x0)

11:27:12 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 6)

11:27:12 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x56000}], 0x2)

[ 1981.565985] FAULT_INJECTION: forcing a failure.
[ 1981.565985] name failslab, interval 1, probability 0, space 0, times 0
[ 1981.568666] CPU: 0 PID: 9362 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1981.570129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1981.571873] Call Trace:
[ 1981.572437]  dump_stack+0x107/0x167
[ 1981.573204]  should_fail.cold+0x5/0xa
[ 1981.574012]  ? create_object.isra.0+0x3a/0xa20
[ 1981.574997]  should_failslab+0x5/0x20
[ 1981.575799]  kmem_cache_alloc+0x5b/0x310
[ 1981.576669]  ? pagemap_read+0x244/0x590
[ 1981.577514]  create_object.isra.0+0x3a/0xa20
[ 1981.578448]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1981.579521]  kmem_cache_alloc_trace+0x151/0x320
[ 1981.580507]  pagemap_read+0x244/0x590
[ 1981.581315]  ? clear_refs_write+0x780/0x780
[ 1981.582234]  ? iov_iter_advance+0x1b1/0xec0
[ 1981.583158]  ? do_iter_read+0x507/0x760
[ 1981.583990]  ? do_iter_read+0x3fc/0x760
[ 1981.584833]  do_iter_read+0x4fa/0x760
[ 1981.585652]  ? import_iovec+0x83/0xb0
[ 1981.586472]  vfs_readv+0xe5/0x160
[ 1981.587207]  ? vfs_iter_read+0xa0/0xa0
[ 1981.588034]  ? __fdget_pos+0xf1/0x190
[ 1981.588847]  ? lock_downgrade+0x6d0/0x6d0
[ 1981.589733]  ? ksys_write+0x12d/0x260
[ 1981.590554]  ? __fget_files+0x2f8/0x520
[ 1981.591425]  do_readv+0x139/0x300
[ 1981.592162]  ? vfs_readv+0x160/0x160
[ 1981.592960]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1981.594071]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1981.595192]  do_syscall_64+0x33/0x40
[ 1981.595995]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1981.597101] RIP: 0033:0x7fad0dc79b19
[ 1981.597909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1981.601839] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1981.603466] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1981.604990] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1981.606517] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1981.608038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1981.609560] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
[ 1981.617517] FAULT_INJECTION: forcing a failure.
[ 1981.617517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1981.620142] CPU: 1 PID: 9365 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1981.620525] FAULT_INJECTION: forcing a failure.
[ 1981.620525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1981.621577] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1981.621584] Call Trace:
[ 1981.621611]  dump_stack+0x107/0x167
[ 1981.621632]  should_fail.cold+0x5/0xa
[ 1981.621659]  _copy_to_user+0x2e/0x180
[ 1981.621683]  pagemap_read+0x333/0x590
[ 1981.621708]  ? clear_refs_write+0x780/0x780
[ 1981.621736]  ? iov_iter_advance+0x1b1/0xec0
[ 1981.631327]  do_iter_read+0x4fa/0x760
[ 1981.632140]  ? import_iovec+0x83/0xb0
[ 1981.632942]  vfs_readv+0xe5/0x160
[ 1981.633669]  ? vfs_iter_read+0xa0/0xa0
[ 1981.634508]  ? __fdget_pos+0xf1/0x190
[ 1981.635315]  ? lock_downgrade+0x6d0/0x6d0
[ 1981.636195]  ? ksys_write+0x12d/0x260
[ 1981.637005]  ? __fget_files+0x2f8/0x520
[ 1981.637865]  do_readv+0x139/0x300
[ 1981.638604]  ? vfs_readv+0x160/0x160
[ 1981.639389]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1981.640492]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1981.641576]  do_syscall_64+0x33/0x40
[ 1981.642368]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1981.643441] RIP: 0033:0x7fbfce1e1b19
[ 1981.644224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1981.648111] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1981.649719] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1981.651223] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1981.652710] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1981.654208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1981.655703] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
[ 1981.657229] CPU: 0 PID: 9361 Comm: syz-executor.2 Not tainted 5.10.235 #1
[ 1981.658709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1981.660593] Call Trace:
[ 1981.661231]  dump_stack+0x107/0x167
[ 1981.662010]  should_fail.cold+0x5/0xa
[ 1981.662843]  _copy_to_user+0x2e/0x180
[ 1981.663656]  pagemap_read+0x333/0x590
[ 1981.664470]  ? clear_refs_write+0x780/0x780
[ 1981.665384]  ? iov_iter_advance+0x1b1/0xec0
[ 1981.666327]  do_iter_read+0x4fa/0x760
[ 1981.667147]  ? import_iovec+0x83/0xb0
[ 1981.667966]  vfs_readv+0xe5/0x160
[ 1981.668709]  ? vfs_iter_read+0xa0/0xa0
[ 1981.669534]  ? __fdget_pos+0xf1/0x190
[ 1981.670350]  ? lock_downgrade+0x6d0/0x6d0
[ 1981.671248]  ? ksys_write+0x12d/0x260
[ 1981.672063]  ? __fget_files+0x2f8/0x520
[ 1981.672928]  do_readv+0x139/0x300
[ 1981.673668]  ? vfs_readv+0x160/0x160
[ 1981.674468]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1981.675579]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1981.676679]  do_syscall_64+0x33/0x40
[ 1981.677470]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1981.678571] RIP: 0033:0x7f3139729b19
[ 1981.679362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1981.683279] RSP: 002b:00007f3136c9f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1981.684907] RAX: ffffffffffffffda RBX: 00007f313983cf60 RCX: 00007f3139729b19
[ 1981.686450] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1981.687973] RBP: 00007f3136c9f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1981.689492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1981.691018] R13: 00007fffef67645f R14: 00007f3136c9f300 R15: 0000000000022000
11:27:12 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:27:12 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0x0, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:12 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(0xffffffffffffffff, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:12 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 96)

[ 1982.055525] FAULT_INJECTION: forcing a failure.
[ 1982.055525] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1982.058202] CPU: 0 PID: 9380 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1982.059636] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1982.061370] Call Trace:
[ 1982.061927]  dump_stack+0x107/0x167
[ 1982.062699]  should_fail.cold+0x5/0xa
[ 1982.063513]  __alloc_pages_nodemask+0x182/0x600
[ 1982.064493]  ? add_mm_counter_fast+0x220/0x220
[ 1982.065456]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1982.066734]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1982.067836]  ? lock_downgrade+0x6d0/0x6d0
[ 1982.068697]  ? mark_held_locks+0x9e/0xe0
[ 1982.069557]  alloc_pages_vma+0xbb/0x410
[ 1982.070421]  handle_mm_fault+0x152f/0x3500
[ 1982.071316]  ? __pmd_alloc+0x5e0/0x5e0
[ 1982.072147]  ? vmacache_find+0x55/0x2a0
[ 1982.072990]  do_user_addr_fault+0x56e/0xc60
[ 1982.073912]  exc_page_fault+0xa2/0x1a0
[ 1982.074742]  asm_exc_page_fault+0x1e/0x30
[ 1982.075610] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1982.076736] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1982.080602] RSP: 0018:ffff888047847b50 EFLAGS: 00050246
[ 1982.081716] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1982.083213] RDX: 0000000000000000 RSI: ffff888009c90898 RDI: 000000002002e000
[ 1982.084705] RBP: 000000002002d768 R08: 0000000000000000 R09: ffff888009c90fff
[ 1982.086210] R10: ffffed10013921ff R11: 0000000000000001 R12: 000000002002e768
[ 1982.087706] R13: ffff888009c90000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1982.089228]  _copy_to_user+0x13d/0x180
[ 1982.090044]  pagemap_read+0x333/0x590
[ 1982.090857]  ? clear_refs_write+0x780/0x780
[ 1982.091761]  ? iov_iter_advance+0x1b1/0xec0
[ 1982.092688]  do_iter_read+0x4fa/0x760
[ 1982.093494]  ? import_iovec+0x83/0xb0
[ 1982.094307]  vfs_readv+0xe5/0x160
[ 1982.095034]  ? vfs_iter_read+0xa0/0xa0
[ 1982.095850]  ? __fdget_pos+0xf1/0x190
[ 1982.096642]  ? lock_downgrade+0x6d0/0x6d0
[ 1982.097521]  ? ksys_write+0x12d/0x260
[ 1982.098333]  ? __fget_files+0x2f8/0x520
[ 1982.099183]  do_readv+0x139/0x300
[ 1982.099910]  ? vfs_readv+0x160/0x160
[ 1982.100695]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1982.101792]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1982.102891]  do_syscall_64+0x33/0x40
[ 1982.103668]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1982.104740] RIP: 0033:0x7fbfce1e1b19
[ 1982.105520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1982.109383] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1982.110983] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1982.112485] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1982.113977] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1982.115488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1982.116974] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:27:29 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:29 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 7)

11:27:29 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 97)

11:27:29 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x0, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:29 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x57000}], 0x2)

11:27:29 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 16)

11:27:29 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x0, 0x10}], 0x1, 0x0)

11:27:29 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, 0x0, 0x0)

[ 1998.735229] FAULT_INJECTION: forcing a failure.
[ 1998.735229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1998.737759] FAULT_INJECTION: forcing a failure.
[ 1998.737759] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1998.737784] CPU: 0 PID: 9396 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1998.737795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1998.737801] Call Trace:
[ 1998.737836]  dump_stack+0x107/0x167
[ 1998.737859]  should_fail.cold+0x5/0xa
[ 1998.737887]  _copy_to_user+0x2e/0x180
[ 1998.737915]  pagemap_read+0x333/0x590
[ 1998.737951]  ? clear_refs_write+0x780/0x780
[ 1998.737977]  ? iov_iter_advance+0x1b1/0xec0
[ 1998.738022]  do_iter_read+0x4fa/0x760
[ 1998.738056]  ? import_iovec+0x83/0xb0
[ 1998.738090]  vfs_readv+0xe5/0x160
[ 1998.738117]  ? vfs_iter_read+0xa0/0xa0
[ 1998.738144]  ? __fdget_pos+0xf1/0x190
[ 1998.738177]  ? lock_downgrade+0x6d0/0x6d0
[ 1998.754442]  ? ksys_write+0x12d/0x260
[ 1998.755289]  ? __fget_files+0x2f8/0x520
[ 1998.756181]  do_readv+0x139/0x300
[ 1998.756941]  ? vfs_readv+0x160/0x160
[ 1998.757767]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1998.758931]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1998.760065]  do_syscall_64+0x33/0x40
[ 1998.760881]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1998.762006] RIP: 0033:0x7fad0dc79b19
[ 1998.762828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1998.766874] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1998.768546] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1998.770109] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1998.771684] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1998.773254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1998.774822] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
[ 1998.776427] CPU: 1 PID: 9398 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1998.778057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1998.779998] Call Trace:
[ 1998.780625]  dump_stack+0x107/0x167
[ 1998.781485]  should_fail.cold+0x5/0xa
[ 1998.782394]  _copy_to_user+0x2e/0x180
[ 1998.783294]  pagemap_read+0x333/0x590
[ 1998.784197]  ? clear_refs_write+0x780/0x780
[ 1998.785205]  ? iov_iter_advance+0x1b1/0xec0
[ 1998.786235]  do_iter_read+0x4fa/0x760
[ 1998.787141]  ? import_iovec+0x83/0xb0
[ 1998.788040]  vfs_readv+0xe5/0x160
[ 1998.788853]  ? vfs_iter_read+0xa0/0xa0
[ 1998.789766]  ? __fdget_pos+0xf1/0x190
[ 1998.790674]  ? lock_downgrade+0x6d0/0x6d0
[ 1998.791655]  ? ksys_write+0x12d/0x260
[ 1998.792556]  ? __fget_files+0x2f8/0x520
[ 1998.793506]  do_readv+0x139/0x300
[ 1998.794328]  ? vfs_readv+0x160/0x160
[ 1998.795206]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1998.796442]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1998.797652]  do_syscall_64+0x33/0x40
[ 1998.798538]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1998.799737] RIP: 0033:0x7fbfce1e1b19
[ 1998.800610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1998.804919] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1998.806710] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1998.808376] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1998.810065] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1998.811731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1998.813390] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:27:29 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x300, 0x0)

11:27:29 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:29 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 98)

11:27:29 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x58000}], 0x2)

11:27:29 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, 0x0, 0x0)

11:27:29 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:27:29 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 8)

11:27:29 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:29 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x0, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 1999.160704] FAULT_INJECTION: forcing a failure.
[ 1999.160704] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1999.163544] CPU: 0 PID: 9416 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 1999.164993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1999.166741] Call Trace:
[ 1999.167299]  dump_stack+0x107/0x167
[ 1999.168086]  should_fail.cold+0x5/0xa
[ 1999.168907]  __alloc_pages_nodemask+0x182/0x600
[ 1999.169916]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1999.171105]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 1999.172412]  ? policy_node+0x14/0x140
[ 1999.173244]  ? __sanitizer_cov_trace_pc+0x4/0x60
[ 1999.174285]  alloc_pages_vma+0xbb/0x410
[ 1999.175164]  handle_mm_fault+0x152f/0x3500
[ 1999.176093]  ? __pmd_alloc+0x5e0/0x5e0
[ 1999.176931]  ? trace_hardirqs_on+0x5b/0x180
[ 1999.177887]  ? do_user_addr_fault+0x707/0xc60
[ 1999.178876]  do_user_addr_fault+0x56e/0xc60
[ 1999.179818]  exc_page_fault+0xa2/0x1a0
[ 1999.180654]  asm_exc_page_fault+0x1e/0x30
[ 1999.181546] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1999.182711] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 1999.186681] RSP: 0018:ffff888017f07b50 EFLAGS: 00050246
[ 1999.187819] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 1999.189342] RDX: 0000000000000000 RSI: ffff888046274898 RDI: 000000002002f000
[ 1999.190866] RBP: 000000002002e768 R08: 0000000000000000 R09: ffff888046274fff
[ 1999.192394] R10: ffffed1008c4e9ff R11: 0000000000000001 R12: 000000002002f768
[ 1999.193924] R13: ffff888046274000 R14: 00007ffffffff000 R15: 0000000000000000
[ 1999.195482]  _copy_to_user+0x13d/0x180
[ 1999.196321]  pagemap_read+0x333/0x590
[ 1999.197135]  ? clear_refs_write+0x780/0x780
[ 1999.198050]  ? iov_iter_advance+0x1b1/0xec0
[ 1999.198997]  do_iter_read+0x4fa/0x760
[ 1999.199814]  ? import_iovec+0x83/0xb0
[ 1999.200635]  vfs_readv+0xe5/0x160
[ 1999.201379]  ? vfs_iter_read+0xa0/0xa0
[ 1999.202208]  ? __fdget_pos+0xf1/0x190
[ 1999.203035]  ? lock_downgrade+0x6d0/0x6d0
[ 1999.203927]  ? ksys_write+0x12d/0x260
[ 1999.204744]  ? __fget_files+0x2f8/0x520
[ 1999.205615]  do_readv+0x139/0x300
[ 1999.206364]  ? vfs_readv+0x160/0x160
[ 1999.207168]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1999.208284]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1999.209379]  do_syscall_64+0x33/0x40
[ 1999.210171]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1999.211269] RIP: 0033:0x7fbfce1e1b19
[ 1999.212059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1999.216235] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1999.217853] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 1999.219364] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 1999.220866] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 1999.222374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1999.223870] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:27:30 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, 0x0, 0x0)

11:27:30 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:27:30 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x59000}], 0x2)

[ 1999.402711] FAULT_INJECTION: forcing a failure.
[ 1999.402711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1999.405727] CPU: 1 PID: 9427 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 1999.407283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1999.409016] Call Trace:
[ 1999.409575]  dump_stack+0x107/0x167
[ 1999.410352]  should_fail.cold+0x5/0xa
[ 1999.411163]  _copy_to_user+0x2e/0x180
[ 1999.411975]  pagemap_read+0x333/0x590
[ 1999.412788]  ? clear_refs_write+0x780/0x780
[ 1999.413693]  ? iov_iter_advance+0x1b1/0xec0
[ 1999.414611]  do_iter_read+0x4fa/0x760
[ 1999.415397]  ? import_iovec+0x83/0xb0
[ 1999.416190]  vfs_readv+0xe5/0x160
[ 1999.416921]  ? vfs_iter_read+0xa0/0xa0
[ 1999.417722]  ? __fdget_pos+0xf1/0x190
[ 1999.418539]  ? lock_downgrade+0x6d0/0x6d0
[ 1999.419407]  ? ksys_write+0x12d/0x260
[ 1999.420200]  ? __fget_files+0x2f8/0x520
[ 1999.421038]  do_readv+0x139/0x300
[ 1999.421748]  ? vfs_readv+0x160/0x160
[ 1999.422530]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1999.423604]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1999.424657]  do_syscall_64+0x33/0x40
[ 1999.425430]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1999.426487] RIP: 0033:0x7fad0dc79b19
[ 1999.427253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1999.431010] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1999.432560] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 1999.434015] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 1999.435479] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1999.436926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1999.438392] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:27:30 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x20000818}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:43 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10000000)

11:27:43 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 99)

11:27:43 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x7ffff000}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:43 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5a000}], 0x2)

11:27:43 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}], 0x1)

11:27:43 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:43 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x0, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:43 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 9)

[ 2012.802169] FAULT_INJECTION: forcing a failure.
[ 2012.802169] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2012.803996] CPU: 0 PID: 9456 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 2012.804913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2012.806017] Call Trace:
[ 2012.806383]  dump_stack+0x107/0x167
[ 2012.806877]  should_fail.cold+0x5/0xa
[ 2012.807392]  _copy_to_user+0x2e/0x180
[ 2012.807910]  pagemap_read+0x333/0x590
[ 2012.808430]  ? clear_refs_write+0x780/0x780
[ 2012.809011]  ? iov_iter_advance+0x1b1/0xec0
[ 2012.809597]  do_iter_read+0x4fa/0x760
[ 2012.810108]  ? import_iovec+0x83/0xb0
[ 2012.810626]  vfs_readv+0xe5/0x160
[ 2012.811087]  ? vfs_iter_read+0xa0/0xa0
[ 2012.811617]  ? __fdget_pos+0xf1/0x190
[ 2012.812124]  ? lock_downgrade+0x6d0/0x6d0
[ 2012.812685]  ? ksys_write+0x12d/0x260
[ 2012.813192]  ? __fget_files+0x2f8/0x520
[ 2012.813737]  do_readv+0x139/0x300
[ 2012.814195]  ? vfs_readv+0x160/0x160
[ 2012.814695]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2012.815399]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2012.816141]  do_syscall_64+0x33/0x40
[ 2012.816749]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2012.817438] RIP: 0033:0x7fbfce1e1b19
[ 2012.818041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2012.820501] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2012.821727] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 2012.822892] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 2012.824034] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 2012.825175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2012.826306] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:27:43 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 100)

[ 2012.905419] FAULT_INJECTION: forcing a failure.
[ 2012.905419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2012.908535] CPU: 1 PID: 9461 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2012.910004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2012.911830] Call Trace:
[ 2012.912400]  dump_stack+0x107/0x167
[ 2012.913190]  should_fail.cold+0x5/0xa
[ 2012.914007]  _copy_to_user+0x2e/0x180
[ 2012.914886]  pagemap_read+0x333/0x590
[ 2012.915694]  ? clear_refs_write+0x780/0x780
[ 2012.916636]  ? iov_iter_advance+0x1b1/0xec0
[ 2012.917582]  do_iter_read+0x4fa/0x760
[ 2012.918418]  ? import_iovec+0x83/0xb0
[ 2012.919277]  vfs_readv+0xe5/0x160
[ 2012.920071]  ? vfs_iter_read+0xa0/0xa0
[ 2012.920915]  ? __fdget_pos+0xf1/0x190
[ 2012.921748]  ? lock_downgrade+0x6d0/0x6d0
[ 2012.922659]  ? ksys_write+0x12d/0x260
[ 2012.923506]  ? __fget_files+0x2f8/0x520
[ 2012.924406]  do_readv+0x139/0x300
[ 2012.925155]  ? vfs_readv+0x160/0x160
[ 2012.925963]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2012.927105]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2012.928261]  do_syscall_64+0x33/0x40
[ 2012.929071]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2012.930178] RIP: 0033:0x7fad0dc79b19
[ 2012.931008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2012.935038] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2012.936715] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2012.938254] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2012.939802] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2012.941381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2012.942930] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
[ 2013.024471] FAULT_INJECTION: forcing a failure.
[ 2013.024471] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2013.028187] CPU: 1 PID: 9467 Comm: syz-executor.4 Not tainted 5.10.235 #1
[ 2013.029954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2013.031753] Call Trace:
[ 2013.032324]  dump_stack+0x107/0x167
[ 2013.033107]  should_fail.cold+0x5/0xa
[ 2013.033974]  __alloc_pages_nodemask+0x182/0x600
[ 2013.034985]  ? add_mm_counter_fast+0x220/0x220
[ 2013.035968]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2013.037258]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2013.038475]  ? lock_downgrade+0x6d0/0x6d0
[ 2013.039350]  ? mark_held_locks+0x9e/0xe0
[ 2013.040209]  alloc_pages_vma+0xbb/0x410
[ 2013.041056]  handle_mm_fault+0x152f/0x3500
[ 2013.042003]  ? __pmd_alloc+0x5e0/0x5e0
[ 2013.042860]  ? vmacache_find+0x55/0x2a0
[ 2013.043711]  do_user_addr_fault+0x56e/0xc60
[ 2013.044646]  exc_page_fault+0xa2/0x1a0
[ 2013.045465]  asm_exc_page_fault+0x1e/0x30
[ 2013.046401] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2013.047545] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2013.051514] RSP: 0018:ffff88804a1efb50 EFLAGS: 00050246
[ 2013.052634] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2013.054195] RDX: 0000000000000000 RSI: ffff888019f98898 RDI: 0000000020030000
[ 2013.055715] RBP: 000000002002f768 R08: 0000000000000000 R09: ffff888019f98fff
[ 2013.057219] R10: ffffed10033f31ff R11: 0000000000000001 R12: 0000000020030768
[ 2013.058781] R13: ffff888019f98000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2013.060323]  _copy_to_user+0x13d/0x180
[ 2013.061152]  pagemap_read+0x333/0x590
[ 2013.062014]  ? clear_refs_write+0x780/0x780
[ 2013.062935]  ? iov_iter_advance+0x1b1/0xec0
[ 2013.063868]  do_iter_read+0x4fa/0x760
[ 2013.064681]  ? import_iovec+0x83/0xb0
[ 2013.065526]  vfs_readv+0xe5/0x160
[ 2013.066288]  ? vfs_iter_read+0xa0/0xa0
[ 2013.067124]  ? __fdget_pos+0xf1/0x190
[ 2013.067932]  ? lock_downgrade+0x6d0/0x6d0
[ 2013.068822]  ? ksys_write+0x12d/0x260
[ 2013.069684]  ? __fget_files+0x2f8/0x520
[ 2013.070559]  do_readv+0x139/0x300
[ 2013.071297]  ? vfs_readv+0x160/0x160
[ 2013.072096]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2013.073209]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2013.074369]  do_syscall_64+0x33/0x40
[ 2013.075163]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2013.076254] RIP: 0033:0x7fbfce1e1b19
[ 2013.077049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2013.081601] RSP: 002b:00007fbfcb757188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2013.083675] RAX: ffffffffffffffda RBX: 00007fbfce2f4f60 RCX: 00007fbfce1e1b19
[ 2013.085578] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004
[ 2013.087405] RBP: 00007fbfcb7571d0 R08: 0000000000000000 R09: 0000000000000000
[ 2013.089218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[ 2013.091007] R13: 00007fffbd39b11f R14: 00007fbfcb757300 R15: 0000000000022000
11:27:43 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 10)

11:27:43 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}], 0x1)

11:27:43 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5b000}], 0x2)

11:27:43 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x0, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:44 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5c000}], 0x2)

[ 2013.315628] FAULT_INJECTION: forcing a failure.
[ 2013.315628] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2013.318659] CPU: 1 PID: 9478 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2013.320453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2013.322221] Call Trace:
[ 2013.322831]  dump_stack+0x107/0x167
[ 2013.323833]  should_fail.cold+0x5/0xa
[ 2013.324726]  __alloc_pages_nodemask+0x182/0x600
[ 2013.325735]  ? add_mm_counter_fast+0x220/0x220
[ 2013.326734]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2013.328322]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2013.329513]  ? lock_downgrade+0x6d0/0x6d0
[ 2013.330416]  ? mark_held_locks+0x9e/0xe0
[ 2013.331304]  alloc_pages_vma+0xbb/0x410
[ 2013.332293]  handle_mm_fault+0x152f/0x3500
[ 2013.333442]  ? __pmd_alloc+0x5e0/0x5e0
[ 2013.334293]  ? vmacache_find+0x55/0x2a0
[ 2013.335162]  ? vmacache_update+0xce/0x140
[ 2013.336068]  do_user_addr_fault+0x56e/0xc60
[ 2013.337012]  exc_page_fault+0xa2/0x1a0
[ 2013.337860]  asm_exc_page_fault+0x1e/0x30
[ 2013.338759] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2013.340047] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2013.344300] RSP: 0018:ffff88804ab47b50 EFLAGS: 00050246
[ 2013.345552] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2013.347349] RDX: 0000000000000000 RSI: ffff8880469bc898 RDI: 0000000020003000
[ 2013.349168] RBP: 0000000020002768 R08: 0000000000000000 R09: ffff8880469bcfff
[ 2013.350807] R10: ffffed1008d379ff R11: 0000000000000001 R12: 0000000020003768
[ 2013.352640] R13: ffff8880469bc000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2013.354267]  _copy_to_user+0x13d/0x180
[ 2013.355119]  pagemap_read+0x333/0x590
[ 2013.355949]  ? clear_refs_write+0x780/0x780
[ 2013.356887]  ? iov_iter_advance+0x1b1/0xec0
[ 2013.357838]  do_iter_read+0x4fa/0x760
[ 2013.358672]  ? import_iovec+0x83/0xb0
[ 2013.359508]  vfs_readv+0xe5/0x160
[ 2013.360257]  ? vfs_iter_read+0xa0/0xa0
[ 2013.361100]  ? __fdget_pos+0xf1/0x190
[ 2013.361925]  ? lock_downgrade+0x6d0/0x6d0
[ 2013.362866]  ? ksys_write+0x12d/0x260
[ 2013.363702]  ? __fget_files+0x2f8/0x520
[ 2013.364584]  do_readv+0x139/0x300
[ 2013.365338]  ? vfs_readv+0x160/0x160
[ 2013.366147]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2013.367283]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2013.368402]  do_syscall_64+0x33/0x40
[ 2013.369205]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2013.370311] RIP: 0033:0x7fad0dc79b19
[ 2013.371095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2013.374993] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2013.376591] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2013.378080] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2013.379697] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2013.381515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2013.383358] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:27:57 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x7fffffffffffff}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:57 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x3b9ac9ff)

11:27:57 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5d000}], 0x2)

11:27:57 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}], 0x1)

11:27:57 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x0, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:57 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 11)

11:27:57 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:57 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2027.061425] FAULT_INJECTION: forcing a failure.
[ 2027.061425] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2027.064317] CPU: 1 PID: 9499 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2027.065848] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2027.067716] Call Trace:
[ 2027.068312]  dump_stack+0x107/0x167
[ 2027.069132]  should_fail.cold+0x5/0xa
[ 2027.069995]  _copy_to_user+0x2e/0x180
[ 2027.070868]  pagemap_read+0x333/0x590
[ 2027.071729]  ? clear_refs_write+0x780/0x780
[ 2027.072698]  ? iov_iter_advance+0x1b1/0xec0
[ 2027.073692]  do_iter_read+0x4fa/0x760
[ 2027.074572]  ? import_iovec+0x83/0xb0
[ 2027.075445]  vfs_readv+0xe5/0x160
[ 2027.076230]  ? vfs_iter_read+0xa0/0xa0
[ 2027.077106]  ? __fdget_pos+0xf1/0x190
[ 2027.077963]  ? lock_downgrade+0x6d0/0x6d0
[ 2027.078921]  ? ksys_write+0x12d/0x260
[ 2027.079783]  ? __fget_files+0x2f8/0x520
[ 2027.080700]  do_readv+0x139/0x300
[ 2027.081487]  ? vfs_readv+0x160/0x160
[ 2027.082329]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2027.083521]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2027.084679]  do_syscall_64+0x33/0x40
[ 2027.085519]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2027.086675] RIP: 0033:0x7fad0dc79b19
[ 2027.087510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2027.091604] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2027.093297] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2027.094905] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2027.096490] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2027.098077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2027.099677] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:27:57 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5e000}], 0x2)

11:27:57 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x0, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:57 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2000}], 0x2)

11:27:57 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {0x0}], 0x2)

11:27:57 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x20000818}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:27:58 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {0x0}], 0x2)

11:28:11 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3000}], 0x2)

11:28:11 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:11 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0xfefdffff)

11:28:11 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x7ffff000}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:11 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5f000}], 0x2)

11:28:11 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {0x0}], 0x2)

11:28:11 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, 0x0}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:11 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 12)

11:28:11 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4000}], 0x2)

[ 2041.276781] FAULT_INJECTION: forcing a failure.
[ 2041.276781] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2041.280185] CPU: 1 PID: 9541 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2041.281644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2041.283409] Call Trace:
[ 2041.283975]  dump_stack+0x107/0x167
[ 2041.284751]  should_fail.cold+0x5/0xa
[ 2041.285566]  __alloc_pages_nodemask+0x182/0x600
[ 2041.286565]  ? add_mm_counter_fast+0x220/0x220
[ 2041.287543]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2041.288828]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2041.289946]  ? lock_downgrade+0x6d0/0x6d0
[ 2041.290836]  ? mark_held_locks+0x9e/0xe0
[ 2041.291709]  alloc_pages_vma+0xbb/0x410
[ 2041.292716]  handle_mm_fault+0x152f/0x3500
[ 2041.293808]  ? __pmd_alloc+0x5e0/0x5e0
[ 2041.294818]  ? vmacache_find+0x55/0x2a0
[ 2041.295681]  do_user_addr_fault+0x56e/0xc60
[ 2041.296778]  exc_page_fault+0xa2/0x1a0
[ 2041.297813]  asm_exc_page_fault+0x1e/0x30
[ 2041.298852] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2041.300003] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2041.304358] RSP: 0018:ffff88804a42fb50 EFLAGS: 00050246
[ 2041.305489] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2041.307004] RDX: 0000000000000000 RSI: ffff88804697e898 RDI: 0000000020004000
[ 2041.308520] RBP: 0000000020003768 R08: 0000000000000000 R09: ffff88804697efff
[ 2041.310024] R10: ffffed1008d2fdff R11: 0000000000000001 R12: 0000000020004768
[ 2041.311540] R13: ffff88804697e000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2041.313078]  _copy_to_user+0x13d/0x180
[ 2041.313910]  pagemap_read+0x333/0x590
[ 2041.314734]  ? clear_refs_write+0x780/0x780
[ 2041.315647]  ? iov_iter_advance+0x1b1/0xec0
[ 2041.316583]  do_iter_read+0x4fa/0x760
[ 2041.317399]  ? import_iovec+0x83/0xb0
[ 2041.318215]  vfs_readv+0xe5/0x160
[ 2041.318963]  ? vfs_iter_read+0xa0/0xa0
[ 2041.319789]  ? __fdget_pos+0xf1/0x190
[ 2041.320600]  ? lock_downgrade+0x6d0/0x6d0
[ 2041.321490]  ? ksys_write+0x12d/0x260
[ 2041.322413]  ? __fget_files+0x2f8/0x520
[ 2041.323361]  do_readv+0x139/0x300
[ 2041.324255]  ? vfs_readv+0x160/0x160
[ 2041.325206]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2041.326360]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2041.327556]  do_syscall_64+0x33/0x40
[ 2041.328491]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2041.329712] RIP: 0033:0x7fad0dc79b19
[ 2041.330501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2041.335002] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2041.336950] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2041.338465] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2041.340003] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2041.341516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2041.343047] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:28:12 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5000}], 0x2)

11:28:12 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x60000}], 0x2)

11:28:12 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)

11:28:26 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0xffc99a3b)

11:28:26 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6000}], 0x2)

11:28:26 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x7fffffffffffff}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:26 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:26 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x61000}], 0x2)

11:28:26 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, 0x0}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:26 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)

11:28:26 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 13)

[ 2055.326319] FAULT_INJECTION: forcing a failure.
[ 2055.326319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2055.328191] CPU: 0 PID: 9583 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2055.329102] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2055.330217] Call Trace:
[ 2055.330577]  dump_stack+0x107/0x167
[ 2055.331069]  should_fail.cold+0x5/0xa
[ 2055.331585]  _copy_to_user+0x2e/0x180
[ 2055.332098]  pagemap_read+0x333/0x590
[ 2055.332607]  ? clear_refs_write+0x780/0x780
[ 2055.333181]  ? iov_iter_advance+0x1b1/0xec0
[ 2055.333779]  do_iter_read+0x4fa/0x760
[ 2055.334293]  ? import_iovec+0x83/0xb0
[ 2055.334817]  vfs_readv+0xe5/0x160
[ 2055.335280]  ? vfs_iter_read+0xa0/0xa0
[ 2055.335802]  ? __fdget_pos+0xf1/0x190
[ 2055.336307]  ? lock_downgrade+0x6d0/0x6d0
[ 2055.336868]  ? ksys_write+0x12d/0x260
[ 2055.337389]  ? __fget_files+0x2f8/0x520
[ 2055.337934]  do_readv+0x139/0x300
[ 2055.338400]  ? vfs_readv+0x160/0x160
[ 2055.338909]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2055.339609]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2055.340294]  do_syscall_64+0x33/0x40
[ 2055.340790]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2055.341477] RIP: 0033:0x7fad0dc79b19
[ 2055.341973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2055.344457] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2055.345470] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2055.346420] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2055.347403] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2055.348355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2055.349303] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:28:26 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 14)

11:28:26 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2000}], 0x2)

11:28:26 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x62000}], 0x2)

[ 2055.464448] FAULT_INJECTION: forcing a failure.
[ 2055.464448] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2055.466033] CPU: 0 PID: 9595 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2055.466906] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2055.467963] Call Trace:
[ 2055.468312]  dump_stack+0x107/0x167
[ 2055.468778]  should_fail.cold+0x5/0xa
[ 2055.469268]  __alloc_pages_nodemask+0x182/0x600
[ 2055.469863]  ? add_mm_counter_fast+0x220/0x220
[ 2055.470449]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2055.471234]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2055.471909]  ? lock_downgrade+0x6d0/0x6d0
[ 2055.472441]  ? mark_held_locks+0x9e/0xe0
[ 2055.472964]  alloc_pages_vma+0xbb/0x410
[ 2055.473473]  handle_mm_fault+0x152f/0x3500
[ 2055.474022]  ? __pmd_alloc+0x5e0/0x5e0
[ 2055.474527]  ? vmacache_find+0x55/0x2a0
[ 2055.475036]  ? vmacache_update+0xce/0x140
[ 2055.475577]  do_user_addr_fault+0x56e/0xc60
[ 2055.476137]  exc_page_fault+0xa2/0x1a0
[ 2055.476637]  asm_exc_page_fault+0x1e/0x30
[ 2055.477176] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2055.477862] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2055.480215] RSP: 0018:ffff88804a607b50 EFLAGS: 00050246
[ 2055.480900] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2055.481802] RDX: 0000000000000000 RSI: ffff8880462e0898 RDI: 0000000020005000
[ 2055.482723] RBP: 0000000020004768 R08: 0000000000000000 R09: ffff8880462e0fff
[ 2055.483624] R10: ffffed1008c5c1ff R11: 0000000000000001 R12: 0000000020005768
[ 2055.484538] R13: ffff8880462e0000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2055.485466]  _copy_to_user+0x13d/0x180
[ 2055.485956]  pagemap_read+0x333/0x590
[ 2055.486442]  ? clear_refs_write+0x780/0x780
[ 2055.486994]  ? iov_iter_advance+0x1b1/0xec0
[ 2055.487568]  do_iter_read+0x4fa/0x760
[ 2055.488064]  ? import_iovec+0x83/0xb0
[ 2055.488546]  vfs_readv+0xe5/0x160
[ 2055.488983]  ? vfs_iter_read+0xa0/0xa0
[ 2055.489482]  ? __fdget_pos+0xf1/0x190
[ 2055.489972]  ? lock_downgrade+0x6d0/0x6d0
[ 2055.490502]  ? ksys_write+0x12d/0x260
[ 2055.490999]  ? __fget_files+0x2f8/0x520
[ 2055.491517]  do_readv+0x139/0x300
[ 2055.491969]  ? vfs_readv+0x160/0x160
[ 2055.492440]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2055.493103]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2055.493767]  do_syscall_64+0x33/0x40
[ 2055.494243]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2055.494910] RIP: 0033:0x7fad0dc79b19
[ 2055.495377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2055.497699] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2055.498653] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2055.499539] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2055.500421] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2055.501307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2055.502192] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:28:26 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7000}], 0x2)

11:28:26 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)

11:28:26 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, 0x0}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:26 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x63000}], 0x2)

11:28:26 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:42 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x64000}], 0x2)

11:28:42 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:42 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0xfffffdfe)

11:28:42 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:42 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9000}], 0x2)

11:28:42 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3000}], 0x2)

11:28:42 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{0x0}, {&(0x7f0000000840)=""/4096, 0x1000}], 0x2)

11:28:42 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 15)

[ 2071.734302] FAULT_INJECTION: forcing a failure.
[ 2071.734302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2071.736084] CPU: 1 PID: 9632 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2071.736972] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2071.738038] Call Trace:
[ 2071.738385]  dump_stack+0x107/0x167
[ 2071.738861]  should_fail.cold+0x5/0xa
[ 2071.739364]  _copy_to_user+0x2e/0x180
[ 2071.739864]  pagemap_read+0x333/0x590
[ 2071.740359]  ? clear_refs_write+0x780/0x780
[ 2071.740917]  ? iov_iter_advance+0x1b1/0xec0
[ 2071.741489]  do_iter_read+0x4fa/0x760
[ 2071.741983]  ? import_iovec+0x83/0xb0
[ 2071.742480]  vfs_readv+0xe5/0x160
[ 2071.742939]  ? vfs_iter_read+0xa0/0xa0
[ 2071.743438]  ? __fdget_pos+0xf1/0x190
[ 2071.743926]  ? lock_downgrade+0x6d0/0x6d0
[ 2071.744473]  ? ksys_write+0x12d/0x260
[ 2071.744971]  ? __fget_files+0x2f8/0x520
[ 2071.745514]  do_readv+0x139/0x300
[ 2071.745963]  ? vfs_readv+0x160/0x160
[ 2071.746447]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2071.747134]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2071.747805]  do_syscall_64+0x33/0x40
[ 2071.748288]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2071.748946] RIP: 0033:0x7fad0dc79b19
[ 2071.749434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2071.751840] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2071.752820] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2071.753737] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2071.754669] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2071.755591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2071.756517] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:28:42 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 16)

11:28:42 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4000}], 0x2)

11:28:42 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x65000}], 0x2)

11:28:42 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa000}], 0x2)

11:28:42 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{0x0}, {&(0x7f0000000840)=""/4096, 0x1000}], 0x2)

[ 2071.931713] FAULT_INJECTION: forcing a failure.
[ 2071.931713] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2071.934828] CPU: 0 PID: 9644 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2071.936345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2071.938092] Call Trace:
[ 2071.938655]  dump_stack+0x107/0x167
[ 2071.939433]  should_fail.cold+0x5/0xa
[ 2071.940250]  __alloc_pages_nodemask+0x182/0x600
[ 2071.941235]  ? add_mm_counter_fast+0x220/0x220
[ 2071.942194]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2071.943474]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2071.944577]  ? lock_downgrade+0x6d0/0x6d0
[ 2071.945456]  ? mark_held_locks+0x9e/0xe0
[ 2071.946316]  alloc_pages_vma+0xbb/0x410
[ 2071.947168]  handle_mm_fault+0x152f/0x3500
[ 2071.948076]  ? __pmd_alloc+0x5e0/0x5e0
[ 2071.948916]  ? vmacache_find+0x55/0x2a0
[ 2071.949765]  do_user_addr_fault+0x56e/0xc60
[ 2071.950683]  exc_page_fault+0xa2/0x1a0
[ 2071.951532]  asm_exc_page_fault+0x1e/0x30
[ 2071.952414] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2071.953555] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2071.957439] RSP: 0018:ffff88804791fb50 EFLAGS: 00050246
[ 2071.958567] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2071.960085] RDX: 0000000000000000 RSI: ffff88801fd9e898 RDI: 0000000020006000
[ 2071.961582] RBP: 0000000020005768 R08: 0000000000000000 R09: ffff88801fd9efff
[ 2071.963083] R10: ffffed1003fb3dff R11: 0000000000000001 R12: 0000000020006768
[ 2071.964584] R13: ffff88801fd9e000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2071.966124]  _copy_to_user+0x13d/0x180
[ 2071.966960]  pagemap_read+0x333/0x590
[ 2071.967779]  ? clear_refs_write+0x780/0x780
[ 2071.968686]  ? iov_iter_advance+0x1b1/0xec0
[ 2071.969613]  do_iter_read+0x4fa/0x760
[ 2071.970419]  ? import_iovec+0x83/0xb0
[ 2071.971236]  vfs_readv+0xe5/0x160
[ 2071.971975]  ? vfs_iter_read+0xa0/0xa0
[ 2071.972797]  ? __fdget_pos+0xf1/0x190
[ 2071.973603]  ? lock_downgrade+0x6d0/0x6d0
[ 2071.974482]  ? ksys_write+0x12d/0x260
[ 2071.975308]  ? __fget_files+0x2f8/0x520
[ 2071.976142]  do_readv+0x139/0x300
[ 2071.976875]  ? vfs_readv+0x160/0x160
[ 2071.977664]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2071.978779]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2071.979870]  do_syscall_64+0x33/0x40
11:28:42 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2071.980654]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2071.981906] RIP: 0033:0x7fad0dc79b19
[ 2071.982697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2071.986591] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2071.988214] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2071.989721] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2071.991240] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2071.992740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2071.994276] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:28:42 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:42 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5000}], 0x2)

11:28:42 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44}, 0x1000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r5, &(0x7f0000002a80)=[{0x0}, {&(0x7f0000000840)=""/4096, 0x1000}], 0x2)

11:28:42 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xb000}], 0x2)

11:28:55 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x66000}], 0x2)

11:28:55 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:55 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 17)

11:28:55 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:55 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000000)=0x81)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:28:55 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x60000}], 0x2)

11:28:55 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xc000}], 0x2)

11:28:55 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6000}], 0x2)

[ 2085.266606] FAULT_INJECTION: forcing a failure.
[ 2085.266606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2085.270379] CPU: 0 PID: 9686 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2085.271891] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2085.273591] Call Trace:
[ 2085.274142]  dump_stack+0x107/0x167
[ 2085.274907]  should_fail.cold+0x5/0xa
[ 2085.275695]  _copy_to_user+0x2e/0x180
[ 2085.276487]  pagemap_read+0x333/0x590
[ 2085.277270]  ? clear_refs_write+0x780/0x780
[ 2085.278150]  ? iov_iter_advance+0x1b1/0xec0
[ 2085.279059]  do_iter_read+0x4fa/0x760
[ 2085.279841]  ? import_iovec+0x83/0xb0
[ 2085.280631]  vfs_readv+0xe5/0x160
[ 2085.281348]  ? vfs_iter_read+0xa0/0xa0
[ 2085.282160]  ? __fdget_pos+0xf1/0x190
[ 2085.282950]  ? lock_downgrade+0x6d0/0x6d0
[ 2085.283862]  ? ksys_write+0x12d/0x260
[ 2085.284645]  ? __fget_files+0x2f8/0x520
[ 2085.285482]  do_readv+0x139/0x300
[ 2085.286190]  ? vfs_readv+0x160/0x160
[ 2085.286968]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2085.288041]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2085.289102]  do_syscall_64+0x33/0x40
[ 2085.289865]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2085.290915] RIP: 0033:0x7fad0dc79b19
[ 2085.291668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2085.295405] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2085.296966] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2085.298415] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2085.299880] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2085.301329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2085.302790] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:28:56 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7000}], 0x2)

11:28:56 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:28:56 executing program 3:
r0 = getpgrp(0x0)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x800000}, 0x0, 0x2000, 0xffffffffffffffff, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000080)={0x9})
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x86)
openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x3cba43, 0x0)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYBLOB="4000000000e6ff00000000005ba38c26f4e59e1c0861d8ecc214cd12fa4fc6b82a169e88891eebf888e2069a9860dfff28a74f474503e6070856e4c2a2d6b6d01963977b7487919724c4032814840d59cc471299c8eec8b46eac00"/104])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100), &(0x7f0000000140), 0x2, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x342, 0x144)
write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0xfdef)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040))
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r3 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r3}], 0x1, 0x0)

11:28:56 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x67000}], 0x2)

11:28:56 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xd000}], 0x2)

11:28:56 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9000}], 0x2)

11:28:56 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:28:56 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 18)

11:28:56 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

[ 2085.721235] FAULT_INJECTION: forcing a failure.
[ 2085.721235] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2085.723027] CPU: 1 PID: 9721 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2085.723980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2085.725243] Call Trace:
[ 2085.725586]  dump_stack+0x107/0x167
[ 2085.726056]  should_fail.cold+0x5/0xa
[ 2085.726541]  __alloc_pages_nodemask+0x182/0x600
[ 2085.727127]  ? add_mm_counter_fast+0x220/0x220
[ 2085.727687]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2085.728433]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2085.729076]  ? lock_downgrade+0x6d0/0x6d0
[ 2085.729592]  ? mark_held_locks+0x9e/0xe0
[ 2085.730232]  alloc_pages_vma+0xbb/0x410
[ 2085.730803]  handle_mm_fault+0x152f/0x3500
[ 2085.731467]  ? __pmd_alloc+0x5e0/0x5e0
[ 2085.732055]  ? vmacache_find+0x55/0x2a0
[ 2085.732548]  do_user_addr_fault+0x56e/0xc60
[ 2085.733206]  exc_page_fault+0xa2/0x1a0
[ 2085.733690]  asm_exc_page_fault+0x1e/0x30
[ 2085.734371] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2085.735208] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2085.737720] RSP: 0018:ffff88804a7e7b50 EFLAGS: 00050246
[ 2085.738521] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2085.739460] RDX: 0000000000000000 RSI: ffff888015bec898 RDI: 0000000020007000
[ 2085.740408] RBP: 0000000020006768 R08: 0000000000000000 R09: ffff888015becfff
[ 2085.741491] R10: ffffed1002b7d9ff R11: 0000000000000001 R12: 0000000020007768
[ 2085.742465] R13: ffff888015bec000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2085.743543]  _copy_to_user+0x13d/0x180
[ 2085.744044]  pagemap_read+0x333/0x590
[ 2085.744506]  ? clear_refs_write+0x780/0x780
[ 2085.745026]  ? iov_iter_advance+0x1b1/0xec0
[ 2085.745654]  do_iter_read+0x4fa/0x760
[ 2085.746152]  ? import_iovec+0x83/0xb0
[ 2085.746671]  vfs_readv+0xe5/0x160
[ 2085.747209]  ? vfs_iter_read+0xa0/0xa0
[ 2085.747771]  ? __fdget_pos+0xf1/0x190
[ 2085.748233]  ? lock_downgrade+0x6d0/0x6d0
[ 2085.748741]  ? ksys_write+0x12d/0x260
[ 2085.749206]  ? __fget_files+0x2f8/0x520
[ 2085.749789]  do_readv+0x139/0x300
[ 2085.750253]  ? vfs_readv+0x160/0x160
[ 2085.750795]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2085.751585]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2085.752283]  do_syscall_64+0x33/0x40
[ 2085.752734]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2085.753355] RIP: 0033:0x7fad0dc79b19
[ 2085.753804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2085.756051] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2085.756967] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2085.757819] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2085.758673] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2085.759531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2085.760385] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:29:09 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:29:09 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 19)

11:29:09 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xe000}], 0x2)

11:29:09 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa000}], 0x2)

11:29:09 executing program 3:
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'})
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:29:09 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:09 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:09 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x68000}], 0x2)

[ 2099.014340] FAULT_INJECTION: forcing a failure.
[ 2099.014340] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2099.016139] CPU: 0 PID: 9742 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2099.017007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2099.018123] Call Trace:
[ 2099.018484]  dump_stack+0x107/0x167
[ 2099.019003]  should_fail.cold+0x5/0xa
[ 2099.019515]  _copy_to_user+0x2e/0x180
[ 2099.020036]  pagemap_read+0x333/0x590
[ 2099.020554]  ? clear_refs_write+0x780/0x780
[ 2099.021135]  ? iov_iter_advance+0x1b1/0xec0
[ 2099.021722]  do_iter_read+0x4fa/0x760
[ 2099.022240]  ? import_iovec+0x83/0xb0
[ 2099.022761]  vfs_readv+0xe5/0x160
[ 2099.023238]  ? vfs_iter_read+0xa0/0xa0
[ 2099.023757]  ? __fdget_pos+0xf1/0x190
[ 2099.024248]  ? lock_downgrade+0x6d0/0x6d0
[ 2099.024808]  ? ksys_write+0x12d/0x260
[ 2099.025299]  ? __fget_files+0x2f8/0x520
[ 2099.025847]  do_readv+0x139/0x300
[ 2099.026293]  ? vfs_readv+0x160/0x160
[ 2099.026794]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2099.027522]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2099.028214]  do_syscall_64+0x33/0x40
[ 2099.028725]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2099.029417] RIP: 0033:0x7fad0dc79b19
[ 2099.029923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2099.032528] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2099.033554] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2099.034506] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2099.035472] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2099.036432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2099.037391] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:29:09 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xb000}], 0x2)

11:29:09 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x10)

11:29:09 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
statx(r0, &(0x7f0000000140)='./file0\x00', 0x6000, 0x1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0xa1, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000200)="e721cf61c14854af18f2a0a7ea8e479c92e881f248b9f14b0aeb4fc5a0366a53957b709515cb52104c7297d9680a280cd3116f5dd66bbaff290f134bc75a07d0582a881c8216225223ea2db27288bfbc1f02c6fd5a95dee8ee90bd6506d739ab1d2e4fdab86becd98e9a26cbf3ecb9f33781c142aea6f19b75ce9461239e667b1cf60440ad48a4564545474cc80f527348e13e4d41b16127a853809692e04c85315383f2075236eeacd953c57f39d1835f9384b9c191fe4f15d882dd2354d4053ba6af86afe2bdadcf7d8ff0cd9e8a26d0b0fdb3208947e7", 0xd8, 0x1}], 0x131000, &(0x7f0000000440)={[{@delalloc}, {@stripe={'stripe', 0x3d, 0x4}}, {@noquota}, {@nolazytime}, {@delalloc}], [{@appraise_type}, {@euid_gt={'euid>', r1}}]})
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000000000), 0x1000, 0x400)
ioctl$FIONCLEX(r2, 0x5450)

11:29:09 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x69000}], 0x2)

11:29:09 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xf000}], 0x2)

11:29:09 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 20)

11:29:09 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580), 0x0, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:09 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:10 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xc000}], 0x2)

[ 2099.379264] FAULT_INJECTION: forcing a failure.
[ 2099.379264] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2099.382168] CPU: 0 PID: 9766 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2099.383621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2099.385359] Call Trace:
[ 2099.385920]  dump_stack+0x107/0x167
[ 2099.386694]  should_fail.cold+0x5/0xa
[ 2099.387513]  __alloc_pages_nodemask+0x182/0x600
[ 2099.388498]  ? add_mm_counter_fast+0x220/0x220
[ 2099.389462]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2099.390727]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2099.391841]  ? lock_downgrade+0x6d0/0x6d0
[ 2099.392717]  ? mark_held_locks+0x9e/0xe0
[ 2099.393576]  alloc_pages_vma+0xbb/0x410
[ 2099.394420]  handle_mm_fault+0x152f/0x3500
[ 2099.395330]  ? __pmd_alloc+0x5e0/0x5e0
[ 2099.396159]  ? vmacache_find+0x55/0x2a0
[ 2099.397009]  do_user_addr_fault+0x56e/0xc60
[ 2099.397937]  exc_page_fault+0xa2/0x1a0
[ 2099.398765]  asm_exc_page_fault+0x1e/0x30
[ 2099.399646] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2099.400785] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2099.404672] RSP: 0018:ffff88804770fb50 EFLAGS: 00050246
[ 2099.405784] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2099.407302] RDX: 0000000000000000 RSI: ffff88804686e898 RDI: 0000000020008000
[ 2099.408803] RBP: 0000000020007768 R08: 0000000000000000 R09: ffff88804686efff
[ 2099.410301] R10: ffffed1008d0ddff R11: 0000000000000001 R12: 0000000020008768
[ 2099.411809] R13: ffff88804686e000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2099.413337]  _copy_to_user+0x13d/0x180
[ 2099.414162]  pagemap_read+0x333/0x590
[ 2099.414978]  ? clear_refs_write+0x780/0x780
[ 2099.415892]  ? iov_iter_advance+0x1b1/0xec0
[ 2099.416824]  do_iter_read+0x4fa/0x760
[ 2099.417638]  ? import_iovec+0x83/0xb0
[ 2099.418445]  vfs_readv+0xe5/0x160
[ 2099.419190]  ? vfs_iter_read+0xa0/0xa0
[ 2099.420011]  ? __fdget_pos+0xf1/0x190
[ 2099.420815]  ? lock_downgrade+0x6d0/0x6d0
[ 2099.421701]  ? ksys_write+0x12d/0x260
[ 2099.422508]  ? __fget_files+0x2f8/0x520
[ 2099.423379]  do_readv+0x139/0x300
[ 2099.424116]  ? vfs_readv+0x160/0x160
[ 2099.424907]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2099.426012]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2099.427119]  do_syscall_64+0x33/0x40
[ 2099.427900]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2099.428985] RIP: 0033:0x7fad0dc79b19
[ 2099.429768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2099.433642] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2099.435246] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2099.436756] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2099.438251] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2099.439766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2099.441264] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:29:25 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 21)

11:29:25 executing program 3:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000040)=0x30)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x80000, 0xc0)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f0000000140)={{0xa, 0x4e24, 0x3, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}, {0xa, 0x4e22, 0xfffffffa, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x3, [0x3, 0x7, 0x8000, 0x1, 0x9, 0xa160, 0x20, 0xfffffffb]}, 0x5c)
lseek(r2, 0x100000000, 0x4)
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x0)

11:29:25 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:25 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x11000}], 0x2)

11:29:25 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x10)

11:29:25 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6a000}], 0x2)

11:29:25 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xd000}], 0x2)

11:29:25 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580), 0x0, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:25 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x12000}], 0x2)

[ 2115.052791] FAULT_INJECTION: forcing a failure.
[ 2115.052791] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2115.055572] CPU: 1 PID: 9789 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2115.057048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2115.058804] Call Trace:
[ 2115.059381]  dump_stack+0x107/0x167
[ 2115.060160]  should_fail.cold+0x5/0xa
[ 2115.060975]  _copy_to_user+0x2e/0x180
[ 2115.061785]  pagemap_read+0x333/0x590
[ 2115.062594]  ? clear_refs_write+0x780/0x780
[ 2115.063513]  ? iov_iter_advance+0x1b1/0xec0
[ 2115.064456]  do_iter_read+0x4fa/0x760
[ 2115.065270]  ? import_iovec+0x83/0xb0
[ 2115.066091]  vfs_readv+0xe5/0x160
[ 2115.066827]  ? vfs_iter_read+0xa0/0xa0
[ 2115.067669]  ? __fdget_pos+0xf1/0x190
[ 2115.068477]  ? lock_downgrade+0x6d0/0x6d0
[ 2115.069370]  ? ksys_write+0x12d/0x260
[ 2115.070197]  ? __fget_files+0x2f8/0x520
[ 2115.071080]  do_readv+0x139/0x300
[ 2115.071823]  ? vfs_readv+0x160/0x160
[ 2115.072624]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2115.073747]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2115.074848]  do_syscall_64+0x33/0x40
[ 2115.075650]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2115.076740] RIP: 0033:0x7fad0dc79b19
[ 2115.077535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2115.081461] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2115.083097] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2115.084619] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2115.086138] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2115.087663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2115.089197] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:29:25 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:25 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x10)

11:29:25 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xe000}], 0x2)

11:29:25 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6b000}], 0x2)

11:29:25 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 22)

11:29:26 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x109200, 0x1d)

11:29:26 executing program 3:
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000140)={0x3, 0xb572, 0x4, 0x1ff, 0x7})
pread64(r0, &(0x7f0000000040)=""/181, 0xb5, 0x2)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000200))
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x1d9201, 0x80)
r2 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e21, 0xf98d1db5, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x3f}, 0x1c)
poll(&(0x7f00000001c0)=[{r2}], 0x1, 0x0)

[ 2115.496835] FAULT_INJECTION: forcing a failure.
[ 2115.496835] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2115.499920] CPU: 0 PID: 9820 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2115.501369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2115.503130] Call Trace:
[ 2115.503697]  dump_stack+0x107/0x167
[ 2115.504478]  should_fail.cold+0x5/0xa
[ 2115.505302]  __alloc_pages_nodemask+0x182/0x600
[ 2115.506286]  ? add_mm_counter_fast+0x220/0x220
[ 2115.507298]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2115.508574]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2115.509693]  ? lock_downgrade+0x6d0/0x6d0
[ 2115.510570]  ? mark_held_locks+0x9e/0xe0
[ 2115.511460]  alloc_pages_vma+0xbb/0x410
[ 2115.512306]  handle_mm_fault+0x152f/0x3500
[ 2115.513220]  ? __pmd_alloc+0x5e0/0x5e0
[ 2115.514069]  ? vmacache_find+0x55/0x2a0
[ 2115.514910]  ? vmacache_update+0xce/0x140
[ 2115.515816]  do_user_addr_fault+0x56e/0xc60
[ 2115.516751]  exc_page_fault+0xa2/0x1a0
[ 2115.517582]  asm_exc_page_fault+0x1e/0x30
[ 2115.518471] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2115.519628] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2115.523536] RSP: 0018:ffff88804a8dfb50 EFLAGS: 00050246
[ 2115.524670] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2115.526176] RDX: 0000000000000000 RSI: ffff88801827c898 RDI: 0000000020009000
[ 2115.527690] RBP: 0000000020008768 R08: 0000000000000000 R09: ffff88801827cfff
[ 2115.529210] R10: ffffed100304f9ff R11: 0000000000000001 R12: 0000000020009768
[ 2115.530734] R13: ffff88801827c000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2115.532292]  _copy_to_user+0x13d/0x180
[ 2115.533124]  pagemap_read+0x333/0x590
[ 2115.533956]  ? clear_refs_write+0x780/0x780
[ 2115.534876]  ? iov_iter_advance+0x1b1/0xec0
[ 2115.535819]  do_iter_read+0x4fa/0x760
[ 2115.536650]  ? import_iovec+0x83/0xb0
[ 2115.537467]  vfs_readv+0xe5/0x160
[ 2115.538213]  ? vfs_iter_read+0xa0/0xa0
[ 2115.539039]  ? __fdget_pos+0xf1/0x190
[ 2115.539858]  ? lock_downgrade+0x6d0/0x6d0
[ 2115.540774]  ? ksys_write+0x12d/0x260
[ 2115.541593]  ? __fget_files+0x2f8/0x520
[ 2115.542466]  do_readv+0x139/0x300
[ 2115.543228]  ? vfs_readv+0x160/0x160
[ 2115.544019]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2115.545289]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2115.546392]  do_syscall_64+0x33/0x40
[ 2115.547199]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2115.548294] RIP: 0033:0x7fad0dc79b19
[ 2115.549082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2115.553005] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2115.554613] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2115.556135] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2115.557637] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2115.559150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2115.560667] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:29:26 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xf000}], 0x2)

11:29:26 executing program 7:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:29:26 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x13000}], 0x2)

11:29:26 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580), 0x0, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:26 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6c000}], 0x2)

11:29:40 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:40 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:40 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6d000}], 0x2)

11:29:40 executing program 7:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:29:40 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0xe17, 0x802)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="00000000000000002e2f6669a2760403"])
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f00000000c0)={0x0, 0x8, '\x00', 0x1, &(0x7f0000000080)=[0x0]})

11:29:40 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x11000}], 0x2)

11:29:40 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 23)

11:29:40 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x14000}], 0x2)

[ 2129.822548] FAULT_INJECTION: forcing a failure.
[ 2129.822548] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2129.824083] CPU: 0 PID: 9861 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2129.824929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2129.825960] Call Trace:
[ 2129.826301]  dump_stack+0x107/0x167
[ 2129.826770]  should_fail.cold+0x5/0xa
[ 2129.827265]  _copy_to_user+0x2e/0x180
[ 2129.827745]  pagemap_read+0x333/0x590
[ 2129.828231]  ? clear_refs_write+0x780/0x780
[ 2129.828774]  ? iov_iter_advance+0x1b1/0xec0
[ 2129.829327]  do_iter_read+0x4fa/0x760
[ 2129.829807]  ? import_iovec+0x83/0xb0
[ 2129.830299]  vfs_readv+0xe5/0x160
[ 2129.830735]  ? vfs_iter_read+0xa0/0xa0
[ 2129.831238]  ? __fdget_pos+0xf1/0x190
[ 2129.831716]  ? lock_downgrade+0x6d0/0x6d0
[ 2129.832248]  ? ksys_write+0x12d/0x260
[ 2129.832726]  ? __fget_files+0x2f8/0x520
[ 2129.833238]  do_readv+0x139/0x300
[ 2129.833670]  ? vfs_readv+0x160/0x160
[ 2129.834143]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2129.834805]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2129.835546]  do_syscall_64+0x33/0x40
[ 2129.836022]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2129.836666] RIP: 0033:0x7fad0dc79b19
[ 2129.837135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2129.839449] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2129.840400] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2129.841297] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2129.842200] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2129.843089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2129.843998] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:29:54 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:54 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:54 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000040)={0x0, 0x1, 0x101})
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x0, r2, 0x9, 0x0, 0x3f, 0x81})

11:29:54 executing program 7:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:29:54 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6e000}], 0x2)

11:29:54 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 24)

11:29:54 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x12000}], 0x2)

11:29:54 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x15000}], 0x2)

11:29:54 executing program 7:
mknod$loop(0x0, 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

[ 2143.861293] FAULT_INJECTION: forcing a failure.
[ 2143.861293] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2143.863598] CPU: 1 PID: 9882 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2143.864874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.866418] Call Trace:
[ 2143.866917]  dump_stack+0x107/0x167
[ 2143.867603]  should_fail.cold+0x5/0xa
[ 2143.868311]  __alloc_pages_nodemask+0x182/0x600
[ 2143.869171]  ? add_mm_counter_fast+0x220/0x220
[ 2143.870017]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2143.871109]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2143.872100]  ? lock_downgrade+0x6d0/0x6d0
[ 2143.872860]  ? mark_held_locks+0x9e/0xe0
[ 2143.873781]  alloc_pages_vma+0xbb/0x410
[ 2143.874633]  handle_mm_fault+0x152f/0x3500
[ 2143.875663]  ? __pmd_alloc+0x5e0/0x5e0
[ 2143.876447]  ? vmacache_find+0x55/0x2a0
[ 2143.877282]  do_user_addr_fault+0x56e/0xc60
[ 2143.878289]  exc_page_fault+0xa2/0x1a0
[ 2143.879119]  asm_exc_page_fault+0x1e/0x30
[ 2143.880005] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2143.881236] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2143.885128] RSP: 0018:ffff88804a3c7b50 EFLAGS: 00050246
[ 2143.886250] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2143.887868] RDX: 0000000000000000 RSI: ffff888046744898 RDI: 000000002000a000
[ 2143.889315] RBP: 0000000020009768 R08: 0000000000000000 R09: ffff888046744fff
[ 2143.890954] R10: ffffed1008ce89ff R11: 0000000000000001 R12: 000000002000a768
[ 2143.892432] R13: ffff888046744000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2143.894009]  _copy_to_user+0x13d/0x180
[ 2143.894890]  pagemap_read+0x333/0x590
[ 2143.895778]  ? clear_refs_write+0x780/0x780
[ 2143.896693]  ? iov_iter_advance+0x1b1/0xec0
[ 2143.897515]  do_iter_read+0x4fa/0x760
[ 2143.898366]  ? import_iovec+0x83/0xb0
[ 2143.899281]  vfs_readv+0xe5/0x160
[ 2143.899920]  ? vfs_iter_read+0xa0/0xa0
[ 2143.900761]  ? __fdget_pos+0xf1/0x190
[ 2143.901581]  ? lock_downgrade+0x6d0/0x6d0
[ 2143.902526]  ? ksys_write+0x12d/0x260
[ 2143.903221]  ? __fget_files+0x2f8/0x520
[ 2143.903997]  do_readv+0x139/0x300
[ 2143.904788]  ? vfs_readv+0x160/0x160
[ 2143.905588]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.906717]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.907688]  do_syscall_64+0x33/0x40
[ 2143.908475]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.909637] RIP: 0033:0x7fad0dc79b19
[ 2143.910403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.913969] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2143.915554] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2143.916853] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2143.918131] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2143.919436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.920712] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:29:54 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
writev(r1, &(0x7f0000000000), 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x6, 0xfffffffffffffff8, 0x6, 0x6})
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
sendfile(r2, r3, &(0x7f0000000080)=0x3, 0xb3c0)

11:29:54 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x13000}], 0x2)

11:29:54 executing program 7:
mknod$loop(0x0, 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:29:54 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6f000}], 0x2)

11:29:54 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x16000}], 0x2)

11:29:54 executing program 3:
r0 = add_key$keyring(&(0x7f0000001000), &(0x7f0000001040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, r0, 0x0, 0x1)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x0)

11:29:54 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:54 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x14000}], 0x2)

11:29:54 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:29:55 executing program 7:
mknod$loop(0x0, 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:29:55 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x17000}], 0x2)

11:30:08 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:08 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x70000}], 0x2)

11:30:08 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x0, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:30:08 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:08 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 25)

11:30:08 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x15000}], 0x2)

11:30:08 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x18000}], 0x2)

11:30:08 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x400, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000080))
creat(&(0x7f0000000000)='./file0\x00', 0x151)
open(&(0x7f0000000040)='\x00', 0x400000, 0x11)

[ 2157.850757] FAULT_INJECTION: forcing a failure.
[ 2157.850757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2157.853041] CPU: 0 PID: 9938 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2157.854252] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2157.855577] Call Trace:
[ 2157.856000]  dump_stack+0x107/0x167
[ 2157.856581]  should_fail.cold+0x5/0xa
[ 2157.857194]  _copy_to_user+0x2e/0x180
[ 2157.857795]  pagemap_read+0x333/0x590
[ 2157.858413]  ? clear_refs_write+0x780/0x780
[ 2157.859108]  ? iov_iter_advance+0x1b1/0xec0
[ 2157.859820]  do_iter_read+0x4fa/0x760
[ 2157.860433]  ? import_iovec+0x83/0xb0
[ 2157.861045]  vfs_readv+0xe5/0x160
[ 2157.861600]  ? vfs_iter_read+0xa0/0xa0
[ 2157.862230]  ? __fdget_pos+0xf1/0x190
[ 2157.862843]  ? lock_downgrade+0x6d0/0x6d0
[ 2157.863523]  ? ksys_write+0x12d/0x260
[ 2157.864143]  ? __fget_files+0x2f8/0x520
[ 2157.864789]  do_readv+0x139/0x300
[ 2157.865335]  ? vfs_readv+0x160/0x160
[ 2157.865932]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.866772]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2157.867594]  do_syscall_64+0x33/0x40
[ 2157.868180]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2157.868990] RIP: 0033:0x7fad0dc79b19
[ 2157.869590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2157.872510] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2157.873708] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2157.874849] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2157.875972] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2157.877101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2157.878239] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:30:08 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x16000}], 0x2)

11:30:08 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x0, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:30:08 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x19000}], 0x2)

11:30:08 executing program 3:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0)
unlink(&(0x7f0000000040)='./file0\x00')
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = fspick(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000640)={0x0, r2, 0x7fff, 0x200, 0x100, 0x10000})
sendmsg$nl_generic(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="65e3f569fc9e6a448138faa8e83aea71a40200003207000129bd7000fddbdf25", @ANYRES32, @ANYBLOB="0a8c8a2cd7c37f8175f4f4274205f85cddb68bb08b89158f34a4e2fa87cce9b88d4d7889ff38f30ac993ff573facab8609388ff33af761ad48ce5ed09a2354c72724ad9b290cc6f058759b844006ee19183c6c14ee32ad823d08f9256333df310aa1e248da43d8f049ca9f34ad8888c906ab0f4f2074ca494bc04c8e4b879f602b09aa57a2091553801fbfc9ee15a78d79ddfcee7d3752d42b4628d9aa0034e7a9fa3ff740555c504b34d6d9280d2503dc62b14404d691e8f90a9c5d9f37c05cfa62903f24d8c6963ac1882fd9ad36bd103b9cc476a24cbb2b7886487524e926fb5de1a3200e7810a40375b9303a677f7aa6c45a879d88b9afd15619ca469c3f1a98ee8914cf68ff22f6e4d50e9a72acffa6ee0223c407b1898f2e389fb203b049db86a324d045f5467ae54a589cc0e6e0f788870ebaa7937d31c1d75d61c8cf226d16099be9f561edb8e08d712457b64e1282823b89ca3bfd929ad114080da123b9ddd137d97b980bfdc46847f85cac5ee58834fd02bb18c950854f66ac74bcf88d40b902b8534ae96a79c68006e33683cefa76cadd2d90897c12d3b5bc9fef14863ebb2a7058101adb24161e8a01e81797c782a0e13efca50393d3df2e74b318cda2fd0abcb4bebe0567aa88a76144e8a70030976e27ad28a515e0a7a86c1be148ca1cc106caafd143862363cfd86d228804b6f143b9c212252d88bb2e999451abf7d8d6c3784d1b84555b8bd4171aa97f2751316472c12bf1ca87e730747e0c8cfad8eaf64960e619ca1fb13d768dac157c18fbce74156024e4ad9401e0176648e6b374882894810b1f5743d2de73f8446a467ace0cf3994cab7554877b9766a65ebe20c7ad1e23e6a33cb2831d41a9bbef0c00000000000000049c4aa767"], 0x2a4}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r3, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x252}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0xc5}}, './file1\x00'})

11:30:08 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x71000}], 0x2)

11:30:08 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:08 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 26)

11:30:08 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2158.235209] FAULT_INJECTION: forcing a failure.
[ 2158.235209] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2158.238159] CPU: 1 PID: 9971 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2158.239642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2158.241396] Call Trace:
[ 2158.241959]  dump_stack+0x107/0x167
[ 2158.242738]  should_fail.cold+0x5/0xa
[ 2158.243561]  __alloc_pages_nodemask+0x182/0x600
[ 2158.244553]  ? add_mm_counter_fast+0x220/0x220
[ 2158.245557]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2158.246881]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2158.248042]  ? lock_downgrade+0x6d0/0x6d0
[ 2158.248948]  ? mark_held_locks+0x9e/0xe0
[ 2158.249846]  alloc_pages_vma+0xbb/0x410
[ 2158.250727]  handle_mm_fault+0x152f/0x3500
[ 2158.251677]  ? __pmd_alloc+0x5e0/0x5e0
[ 2158.252542]  ? vmacache_find+0x55/0x2a0
[ 2158.253430]  do_user_addr_fault+0x56e/0xc60
[ 2158.254392]  exc_page_fault+0xa2/0x1a0
[ 2158.255252]  asm_exc_page_fault+0x1e/0x30
[ 2158.256177] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2158.257363] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2158.261418] RSP: 0018:ffff88801809fb50 EFLAGS: 00050246
[ 2158.262587] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2158.264163] RDX: 0000000000000000 RSI: ffff888017c2e898 RDI: 000000002000b000
[ 2158.265730] RBP: 000000002000a768 R08: 0000000000000000 R09: ffff888017c2efff
[ 2158.267297] R10: ffffed1002f85dff R11: 0000000000000001 R12: 000000002000b768
[ 2158.268873] R13: ffff888017c2e000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2158.270470]  _copy_to_user+0x13d/0x180
[ 2158.271327]  pagemap_read+0x333/0x590
[ 2158.272178]  ? clear_refs_write+0x780/0x780
[ 2158.273123]  ? iov_iter_advance+0x1b1/0xec0
[ 2158.274085]  do_iter_read+0x4fa/0x760
[ 2158.274930]  ? import_iovec+0x83/0xb0
[ 2158.275779]  vfs_readv+0xe5/0x160
[ 2158.276546]  ? vfs_iter_read+0xa0/0xa0
[ 2158.277399]  ? __fdget_pos+0xf1/0x190
[ 2158.278235]  ? lock_downgrade+0x6d0/0x6d0
[ 2158.279156]  ? ksys_write+0x12d/0x260
[ 2158.280010]  ? __fget_files+0x2f8/0x520
[ 2158.280905]  do_readv+0x139/0x300
[ 2158.281667]  ? vfs_readv+0x160/0x160
[ 2158.282489]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2158.283645]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2158.284781]  do_syscall_64+0x33/0x40
[ 2158.285604]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2158.286726] RIP: 0033:0x7fad0dc79b19
[ 2158.287548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2158.291585] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2158.293254] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2158.294816] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2158.296391] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2158.297956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2158.299528] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:30:22 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 27)

11:30:22 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x17000}], 0x2)

11:30:22 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r9, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r10, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:22 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1a000}], 0x2)

11:30:22 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x0, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:30:22 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x72000}], 0x2)

11:30:22 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
poll(&(0x7f0000000080)=[{r0}, {r0, 0x3001}, {r1, 0x8099}, {r2}, {r3, 0x240}, {r2, 0x200}, {r4, 0xe402}], 0x7, 0x7)

11:30:22 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2171.679463] FAULT_INJECTION: forcing a failure.
[ 2171.679463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2171.681164] CPU: 0 PID: 9987 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2171.682023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2171.682957] Call Trace:
[ 2171.683259]  dump_stack+0x107/0x167
[ 2171.683673]  should_fail.cold+0x5/0xa
[ 2171.684105]  _copy_to_user+0x2e/0x180
[ 2171.684531]  pagemap_read+0x333/0x590
[ 2171.684960]  ? clear_refs_write+0x780/0x780
[ 2171.685437]  ? iov_iter_advance+0x1b1/0xec0
[ 2171.685923]  do_iter_read+0x4fa/0x760
[ 2171.686348]  ? import_iovec+0x83/0xb0
[ 2171.686772]  vfs_readv+0xe5/0x160
[ 2171.687157]  ? vfs_iter_read+0xa0/0xa0
[ 2171.687596]  ? __fdget_pos+0xf1/0x190
[ 2171.688019]  ? lock_downgrade+0x6d0/0x6d0
[ 2171.688482]  ? ksys_write+0x12d/0x260
[ 2171.688905]  ? __fget_files+0x2f8/0x520
[ 2171.689356]  do_readv+0x139/0x300
[ 2171.689739]  ? vfs_readv+0x160/0x160
[ 2171.690153]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2171.690734]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2171.691308]  do_syscall_64+0x33/0x40
[ 2171.691729]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2171.692294] RIP: 0033:0x7fad0dc79b19
[ 2171.692706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2171.694729] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2171.695579] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2171.696364] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2171.697150] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2171.697933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2171.698718] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:30:22 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(0x0, 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:30:22 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x18000}], 0x2)

11:30:22 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x73000}], 0x2)

11:30:22 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r0, 0x0, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r1, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r2 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r2, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r7}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:22 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000000440)={{0x0, 0x0, 0x101, 0x80, 0x0, 0xffff, 0x3, 0x8, 0x6, 0x0, 0x4, 0x0, 0xcbc, 0x704eb8cc, 0x4}})
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:30:22 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1b000}], 0x2)

11:30:22 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r9, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r10, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:22 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 28)

11:30:22 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x19000}], 0x2)

[ 2171.996765] FAULT_INJECTION: forcing a failure.
[ 2171.996765] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2171.998412] CPU: 0 PID: 10015 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2171.999159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.000104] Call Trace:
[ 2172.000398]  dump_stack+0x107/0x167
[ 2172.000792]  should_fail.cold+0x5/0xa
[ 2172.001210]  __alloc_pages_nodemask+0x182/0x600
[ 2172.001711]  ? add_mm_counter_fast+0x220/0x220
[ 2172.002205]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2172.002853]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2172.003417]  ? lock_downgrade+0x6d0/0x6d0
[ 2172.003867]  ? mark_held_locks+0x9e/0xe0
[ 2172.004318]  alloc_pages_vma+0xbb/0x410
[ 2172.004748]  handle_mm_fault+0x152f/0x3500
[ 2172.005209]  ? __pmd_alloc+0x5e0/0x5e0
[ 2172.005777]  ? vmacache_find+0x55/0x2a0
[ 2172.006214]  do_user_addr_fault+0x56e/0xc60
[ 2172.006685]  exc_page_fault+0xa2/0x1a0
[ 2172.007110]  asm_exc_page_fault+0x1e/0x30
[ 2172.007565] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2172.008147] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2172.010115] RSP: 0018:ffff88804e287b50 EFLAGS: 00050246
[ 2172.010689] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2172.011460] RDX: 0000000000000000 RSI: ffff88800e794898 RDI: 000000002000c000
[ 2172.012226] RBP: 000000002000b768 R08: 0000000000000000 R09: ffff88800e794fff
[ 2172.012992] R10: ffffed1001cf29ff R11: 0000000000000001 R12: 000000002000c768
[ 2172.013759] R13: ffff88800e794000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2172.014543]  _copy_to_user+0x13d/0x180
[ 2172.014966]  pagemap_read+0x333/0x590
[ 2172.015377]  ? clear_refs_write+0x780/0x780
[ 2172.015847]  ? iov_iter_advance+0x1b1/0xec0
[ 2172.016317]  ? do_iter_read+0x37e/0x760
[ 2172.016748]  do_iter_read+0x4fa/0x760
[ 2172.017169]  vfs_readv+0xe5/0x160
[ 2172.017543]  ? vfs_iter_read+0xa0/0xa0
[ 2172.017963]  ? __fdget_pos+0xf1/0x190
[ 2172.018373]  ? lock_downgrade+0x6d0/0x6d0
[ 2172.018822]  ? ksys_write+0x12d/0x260
[ 2172.019236]  ? __fget_files+0x2f8/0x520
[ 2172.019681]  do_readv+0x139/0x300
[ 2172.020057]  ? vfs_readv+0x160/0x160
[ 2172.020460]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.021023]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.021578]  do_syscall_64+0x33/0x40
[ 2172.021979]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.022527] RIP: 0033:0x7fad0dc79b19
[ 2172.022928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.024898] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2172.025714] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2172.026484] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2172.027255] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2172.028025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.028788] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:30:35 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 29)

11:30:35 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(0x0, 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:30:35 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1a000}], 0x2)

11:30:35 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1c000}], 0x2)

11:30:35 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
acct(&(0x7f0000000040)='./file0\x00')
openat(r0, &(0x7f0000000000)='./file0\x00', 0x58800, 0x0)

11:30:35 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x74000}], 0x2)

11:30:35 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r9, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r10, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:35 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r0, 0x0, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r1, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r2 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r2, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r7}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2184.966368] FAULT_INJECTION: forcing a failure.
[ 2184.966368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2184.969399] CPU: 0 PID: 10046 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2184.971181] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2184.973313] Call Trace:
[ 2184.973994]  dump_stack+0x107/0x167
[ 2184.974937]  should_fail.cold+0x5/0xa
[ 2184.975931]  _copy_to_user+0x2e/0x180
[ 2184.976922]  pagemap_read+0x333/0x590
[ 2184.977915]  ? clear_refs_write+0x780/0x780
[ 2184.979026]  ? iov_iter_advance+0x1b1/0xec0
[ 2184.980165]  do_iter_read+0x4fa/0x760
[ 2184.981147]  ? import_iovec+0x83/0xb0
[ 2184.982214]  vfs_readv+0xe5/0x160
[ 2184.983116]  ? vfs_iter_read+0xa0/0xa0
[ 2184.983977]  ? __fdget_pos+0xf1/0x190
[ 2184.984951]  ? lock_downgrade+0x6d0/0x6d0
[ 2184.986017]  ? __fget_files+0x2f8/0x520
[ 2184.987067]  do_readv+0x139/0x300
[ 2184.987972]  ? vfs_readv+0x160/0x160
[ 2184.988929]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2184.990272]  do_syscall_64+0x33/0x40
[ 2184.991235]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2184.992578] RIP: 0033:0x7fad0dc79b19
[ 2184.993524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2184.997500] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2184.999146] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2185.000685] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2185.002202] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2185.003738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2185.005277] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:30:35 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r5}}, 0x80000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r5}}, 0x3)

11:30:35 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:35 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x75000}], 0x2)

11:30:35 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(0x0, 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:30:35 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1b000}], 0x2)

11:30:49 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r0, 0x0, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r1, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r2 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r2, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r7}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:49 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 30)

11:30:49 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x76000}], 0x2)

11:30:49 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x942, 0x100)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')

11:30:49 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:30:49 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1c000}], 0x2)

11:30:49 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1d000}], 0x2)

11:30:49 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2198.344112] FAULT_INJECTION: forcing a failure.
[ 2198.344112] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2198.345613] CPU: 0 PID: 10081 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2198.346408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2198.347344] Call Trace:
[ 2198.347656]  dump_stack+0x107/0x167
[ 2198.348078]  should_fail.cold+0x5/0xa
[ 2198.348519]  __alloc_pages_nodemask+0x182/0x600
[ 2198.349058]  ? add_mm_counter_fast+0x220/0x220
[ 2198.349582]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2198.350271]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2198.350873]  ? lock_downgrade+0x6d0/0x6d0
[ 2198.351346]  ? mark_held_locks+0x9e/0xe0
[ 2198.351818]  alloc_pages_vma+0xbb/0x410
[ 2198.352280]  handle_mm_fault+0x152f/0x3500
[ 2198.352762]  ? mark_held_locks+0x9e/0xe0
[ 2198.353228]  ? __pmd_alloc+0x5e0/0x5e0
[ 2198.353675]  ? vmacache_find+0x55/0x2a0
[ 2198.354128]  ? vmacache_update+0xce/0x140
[ 2198.354608]  do_user_addr_fault+0x56e/0xc60
[ 2198.355113]  exc_page_fault+0xa2/0x1a0
[ 2198.355556]  asm_exc_page_fault+0x1e/0x30
[ 2198.356035] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2198.356654] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2198.358751] RSP: 0018:ffff88804693fb50 EFLAGS: 00050246
[ 2198.359356] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2198.360176] RDX: 0000000000000000 RSI: ffff888047fb0898 RDI: 000000002000d000
[ 2198.360988] RBP: 000000002000c768 R08: 0000000000000000 R09: ffff888047fb0fff
[ 2198.361796] R10: ffffed1008ff61ff R11: 0000000000000001 R12: 000000002000d768
[ 2198.362601] R13: ffff888047fb0000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2198.363426]  _copy_to_user+0x13d/0x180
[ 2198.363884]  pagemap_read+0x333/0x590
[ 2198.364316]  ? clear_refs_write+0x780/0x780
[ 2198.364803]  ? iov_iter_advance+0x1b1/0xec0
[ 2198.365301]  do_iter_read+0x4fa/0x760
[ 2198.365736]  ? import_iovec+0x83/0xb0
[ 2198.366171]  vfs_readv+0xe5/0x160
[ 2198.366564]  ? vfs_iter_read+0xa0/0xa0
[ 2198.367010]  ? __fdget_pos+0xf1/0x190
[ 2198.367443]  ? lock_downgrade+0x6d0/0x6d0
[ 2198.367925]  ? ksys_write+0x12d/0x260
[ 2198.368358]  ? __fget_files+0x2f8/0x520
[ 2198.368825]  do_readv+0x139/0x300
[ 2198.369225]  ? vfs_readv+0x160/0x160
[ 2198.369649]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2198.370244]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2198.370837]  do_syscall_64+0x33/0x40
[ 2198.371259]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2198.371852] RIP: 0033:0x7fad0dc79b19
[ 2198.372275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2198.374383] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2198.375252] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2198.376068] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2198.376876] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2198.377684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2198.378493] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:30:49 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x77000}], 0x2)

11:30:49 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0xc84b, 0x1ee)

11:30:49 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1e000}], 0x2)

11:30:49 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:49 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1d000}], 0x2)

11:30:49 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 31)

11:30:49 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:30:49 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x78000}], 0x2)

[ 2198.655495] FAULT_INJECTION: forcing a failure.
[ 2198.655495] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2198.657009] CPU: 0 PID: 10111 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2198.657793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2198.658734] Call Trace:
[ 2198.659040]  dump_stack+0x107/0x167
[ 2198.659454]  should_fail.cold+0x5/0xa
[ 2198.659897]  _copy_to_user+0x2e/0x180
[ 2198.660336]  pagemap_read+0x333/0x590
[ 2198.660778]  ? clear_refs_write+0x780/0x780
[ 2198.661266]  ? iov_iter_advance+0x1b1/0xec0
[ 2198.661767]  do_iter_read+0x4fa/0x760
[ 2198.662209]  ? import_iovec+0x83/0xb0
[ 2198.662648]  vfs_readv+0xe5/0x160
[ 2198.663041]  ? vfs_iter_read+0xa0/0xa0
[ 2198.663480]  ? __fdget_pos+0xf1/0x190
[ 2198.663925]  ? lock_downgrade+0x6d0/0x6d0
[ 2198.664402]  ? ksys_write+0x12d/0x260
[ 2198.664843]  ? __fget_files+0x2f8/0x520
[ 2198.665306]  do_readv+0x139/0x300
[ 2198.665699]  ? vfs_readv+0x160/0x160
[ 2198.666122]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2198.666717]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2198.667298]  do_syscall_64+0x33/0x40
[ 2198.667724]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2198.668308] RIP: 0033:0x7fad0dc79b19
[ 2198.668734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2198.670848] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2198.671731] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2198.672546] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2198.673353] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2198.674168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2198.674979] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:30:49 executing program 3:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x21)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x5, 0x100000000, 0x6, 0x880f})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f00000000c0)={0x2, 'veth1\x00', {0x101}, 0x3926})
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x541c, &(0x7f0000000040))
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r3 = openat$cgroup(r0, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0)
creat(&(0x7f0000001400)='./file0\x00', 0x74)
ioctl$BTRFS_IOC_ADD_DEV(r0, 0x5000940a, &(0x7f0000000200)={{r3}, "83e764e2c96b330203b18dc980c0bcabada9a647a355b92d1cec335a5d8be78d65929168922093d028fd709ea12275a9f2aa334c12fe2e33727f524b316de50e34e2d9e8e8238651cee4ffe89b875d79ac4e1811d8e7b4a3a9c8f10c25ff8b623f0daced94cb0ad2f52b4d5c699246bd4411e86ca101657094251529118acc75de786d079c753ef7264efab49c439def1a328dd348178fbec514a146f6943b130c90da5920fe8d8c7eafec578566e44ace1d33ea341fc09d52b2a93ade120d3d444a66436d813617de8707e6f278ce5a3ca61538ff627dce75edb4bf9d5a47942b6c5aa568799827ef9dac1988305915208c2f36c63cec9beb9c7aeb5e767512f143fd0f5079bb1f71a0010a4e181cabd82367393aa4886054f2faba22a122c91c95e59e496e757c75d8ce427f759cec755aca1206071369a15c5b33b28d46320dea6d23eb21f354498e07eca0e86b596beecb34331dcf6e52a5f96c82d9172eabf7ff02c6422387aea96a381e8abcb589ed7895502b43e2a47fb74197e2fe47b5cb49402aaa04aaf3a54764d40a89c6bf9aa454ad061dcc4f3b0d540ed5534ead85f532ecc705890831ff0e64dfb7b413f69af989fd0eb7babc2b6bf725e2c8984b05714f949c93c5ca0f6997b65318e3515abbaa2f475859ed335baa80218b29777903ebe4327030ac76f7b4e6c07225f0f2861b1028cdc7a61d774d68205975eff0ef6d5103e87b5c965279374bddbee5bca37646a0d86d8056d547e0c4747631290cfac8985958af2f3bc4a4246fba48a4e90052f53adb62ab237bb9507905ed786861da5014ad275ff6cca9e1eb3d9cba20dd47cd99d6bce19521e3ecee41cfd095a0661fd31fe06e7a2c3e84c5d7523ea357806f3f74e204c7c3051722481b560ab6e3fb6be0151d59640d8cf1f1e8175c3e58dd762946f079d2ba19bda999838d773357ecb14f24a8db6c4e009dc696cd19a06aae52fa3e250def41f6c1c0e42fc494d004e2081995fe3ee226da81b8a673b50431b8dbf320f3632b31905059f630e8266da653a2d09f476f3bbdb64bc21a7ba3f884d1f26c8bf0facc03ff491384a99da77cb4fea2dd31b3ef76a8da240f2eef559b2496746487748f2725282924ad5e7f5f7466484e153a011a8b6a296e77960e460d6fcc960b384fdb14ee0d629979e5d8877c3454d5ce700635243ea44d763bb02813be6d41bcd32f3bab0b9a99663e3ad8c730ae3d8ec412a9090b3a29c773c51a9b911b4f08a15abcf08812ccfce4184324833c5ff18d7c122d5c11c94c9dc83b48cfe6aa3f9adc5e0b037d32ac2605313291613e1384ab75cdb6aa47a1aa91abbba681f39afaf79dc85d103c281958bc325cb0caa5cbe43955345a08767583994ab178fd8598f123c1e250785ff8d60040c72b7c2aeacb35a406fd4eb576a8b4a8b1a5f2961cc0b3e937892005ac2a84e0574c42a40ec29df8d31193605863a820f5c8bffa4b3b7c1a29b9acc1b420aa8d2d2ab89f58e081e0d2596b05b76d93d011c870a16478948e550da1e7c7babd0423b3567e5d40ce9b091d8b66418bf6fec99d752e4460f7249190a836f198477a8cf5b81f7ab8ebde22523a71d4be90ae0f1072b105f63bb503d3d3821f23f5565f353fbec2eaffa5f1da0707d847c4669f3c8dd9f77af47b8f3661ddfac528311479c8967d36967fe94a4acc83e3e6c653744d2d55547c0b6e1dca1ac18a0025e8e406b8724d36401fdd7f7c9cfc5c84f662c8eceee63a440b185673568aa1f2aebe04ef7681097f003b2eef893ec7791381443ad4834ec21c39543a66c6cd5d831df4f233e2568102d8f4cf57a668a9ee478d3966cea6ccbd67e19743607d3e1e34aae6d4ccf4228edfbddd7a9013cb819156e92fa8397811bb80d9ac0b0f63705937ab5f1bc456a9d0b0996c98ad2a8f14ae22825d8ae120b3ba32e3f68998dbfa5064a5ed3a1c33bf7ffed1152ebcde136a47469fe11502cfb0bad14825d9fd244b73cb906064247b6ae1c92c92c1ec6b6e8f9ad7d80c088a54eddf5fc3f8bb750bfee02c9e331fddac9d8e22d8e69e55369bc5b8e1a21982b189065caa17749103123ffe5e874697e43de0db25914138eda8122e3dbe53ecda6495df20dfc05554556900149655d565f43c91d271d959fe9fcbd58d0cfd32e755f4ba7058db5195c9e64a51056c63dbfecb118273df76b8eeead0abb4913f000e2713d9c45ab8ed581da024db27c5de561bddaa2eb61cb943d8f88ed673063fb6b47ad0dbf6febc41b5644d3f756070f68261b3c10862ef546c1204fbe0cad55cc3f0790476d2b8bce51f555df2b31313968c177f619bf59ca0210764d5df81341e7ca35be797b2c227c880b36e6ed56827641936a26dc6b0ec601fb672c563319c8631b67542eaccd06873e22a94f19578d65d8d9530a44f5ed75030c3c8139e35d69d64db5774b054b19604f454f48548970ab927e74208097ab4625a191a0461d53185c781f7af9211d42f985bf3b2ac5946c01b4e2f4bd05e7ba3cdb7b360b964c3e6eaa1ef7cd56155765748ff6b38db81c3cd297eeb1d6255c022367e9c88cc366a58e52e2a3b2011ca9111bb9d0a8497d02622a5db3f58e430f47e3934e1bcd058edbb0b30c4e2788e11a2f5c8f47bf4e35d3b3990c504276a79ca9ad6bd4fbe36defc552337c39407d4d49a2d032c9a674c040c1f8b8cec13c5d44b577313ca36b30c82ca689444964393bdfbc4314724ed3e81e26b6141926fee47817337c7898fda1925cbb0b6c887235fcfca49b1c0ca23656c295a4a9395e5c6d48c026e3988e695493c99f484ef42c6e5b363927c78469ebb5035c699d3a50ec6ce6e7008de735a0e9869ded8ddc4fbe331f3971ef1361091876a1eddb9ec48d3116f520135274c0f776e919b807a544282914a623c203db535b7046ef808d205c7e3f2f654d03bbde97cea9c5706745e78ae5d77a3458d415879de65b76c75507d2b6358267b770fdb53ee3905597275c6b32da9b2ec5ad60651ef75c1f9f7ea8364d4d035f3041fdb170994cd54c866e83fc39dad97eb3ff4e3772646d5e3c140ddf0f420395d2abfaf6813d8a32b66341e4280526d4f5bc2f76bb89d82497176940d3d23a97f3647b9a1b7f2dfe5cae326f8d0ec7f2e8538d0ac96935d8023c0434e279383e04b8c7fb83c47a9f85d60a382d0d57d82356b44fdc9647077e46156bf79132b08c684d0e93508a90d362ae7a51275a523466eb820519e40f5986a62a90c61db02e1fafa4d4871aa82c1a96ffde732d976abe7c89f546393188a181ff626b9b1d19267cbbbf8c3ed8e1a9cd29d1add97d945389ede44b6710bd533aa3325f89bf520532da877c1ab1e21aac3eb7fa755c6476d57f6bcf1b8b92cd98a99184ba16830375cc746bec0642fc50528a2f9b3de228231d72ccb4cf150321faa1c83dcc1276006ad08370272ed45d8ad1717c6149c82a3e05c9211d80c2304772f3c5d9e133d3a867d5a924b3ded6b786b785c3a453b6f231a818cb6a219a15cd7cd42a36648cdd7806b2d8a834f5aaa9a2b9fa26bd878927e1192006b702ad936dc5747ebcab0da405d216c3b16a87badb7940e7428c5635823502a806df27135ec8ecaeff72581a774fe10c0e21b237430c7482b3b448ee22e387f0ec418a985cdc723b244db4c8e972979cceeab9b6e6c586d21c82d658f9dd2b35c880dda7b8d38a671ae1777bc09b1553cc9cac8245b092d7d8b710a6263097e3091fcc521a6f3653eb6fef3773646fb3cbd24ecd63988579de73bcac04f90c62b13b7fb7d723571c89e6ccd2f323faa6aff90964e61111d1aa03e6b6574ad52ef19a930d3928fd5f0ef71dde5b504869fbf50ad291b9633a5652cb04776517dcea2c23bad5e7d7c155d4503f16f49f39ee2dd3f096eb8829749bff31e554eefca61404fcbd489c9611b408c6a223cf93489b2ab2ba42bb209e2356977c3a693e2d023e69f5637cb552dc97c5538091a0da666c35db41b1302c0a3bc1404f422d0033043b7f71012d4abf481d58b2695dfb246e87e0250fd8ff641a5b1ff0e0eda22ae24af99751ef1f2b2636d38ab08de442e204f20b17e152ace6816fdff4abf9e73d729005deb2778d8ba7c0de6cb289f8ee4f7fb1c9f4c075553560b4fd0135cb34aa5870b1bbe69a3348eaedeaa63fdb0d1d9154b7aa9667db183a13d15de1432b58fe95732704849b52d1093cffcb30428d72959d64348e62dce9e6f3160295969f9cb84c66b012c736e08da8142d3cb6434613d9ffe463471ce3d619a25bd8df9c3e530e0e29df7c82b20c83c35a30f586691e9254c04fb9c1e7cfa491d3901e2e789423ff04468b2c30a0ee4804d488e5ffb917d06c450e4fde2eeab34af033e90a057825ccf972427418e78722baecb6f569a7cea4d3d7292688c92050a8b7dc4d64a3bc83fd18202d26b4a24829e5bdc43a7e946b7550b86bd632b76d0b6630cdeeba1753aab76dc140dbf2cdbc2e707f04889266c06bae8b48cf48f404814b1bf1ecfe42854e4ea80841bbfbef722b7fdf52ce3ecce33d260613a3370d72c5f12bbbd29c1de39ba35f67adea8dc56119916d4bde252ab19368fc361f97926cfcb8e988d423b5d641499abee841530a2822222aea7ccedc2fece0694f9cf49d769d2053e6b1364a40ee7cb99b554db5bd5034a8020095c3dd973b855ded4e3ebf567d915bde2e152230299096de72afd7ebce7a41cf4b0291587dd874288f6eddc77a6da4bc8415347d58d8e11ef0dac4922efcb1cc3b67a763159d9b27a79a0f820fc972ad9a894cf61c11cb8b6b721f089541dfea84946a8654e1b47693db2140efd171034ab4390d771d2dc93131828f2ee6119f6bf7ad036dec25c1f79df18031c351beddb460e496ca7d629c71602bdaec626cd05e4f98e5e3e6de3a7bc2c1ce61f954f3c6b7d683f7f6190274d1090d0e7f729f436b97fb619528006566f843e4d959ccfb8ff01b763f0dd7121ec6bdb9fe3959268b3e5ad07a2cebbb8ad9de18b52dc5a9ba1a9310444cba95e22e47c6cbb1c9705e224c6dfcb6be4c4b2077492c9d6376dd1a8706b5a07ac0d45ccaa22fbeab07fc15462c363d7e0f5824527e8d19062b80497cab153a6bd572a7c76ed0fbd977eb5e1fb4b1b0bb3f3dd29048dc3e4eed642b366fce90be10a891e6c0193c7f8248f197efa1d9a9d40642f799886b16c54548de59b64d6c839439115c267f4328d323b0c21d51a24b470aa4ebdf93d1e010948a90970288ed07a94ed69728d8043d2a04f773353ee9d613d85ee97a8cfd75044b2e1dcc9c0ea6316639e75a0d6f9cfa9de1035c59d0538b1060b926e05094479ab92db3987f69ff9abaa5350858345f491f8ab048f3040bc4f04f3c88012eccea46bffc485b9adda80cd5a85aebafcdcdca2db702abb1ae00d3d4bf5d7ccfc5c036fbc227c7ddb87c456e575f06dfc940969e480d7779cdd5aed5d584ec4196d43e6d993796217a4f3cfb5be5261870a2bc3819c7d262930bae2017361a566807bb09ff66688f628aa25972022c749fa0945d0cdf6d77163332ae3741a1c262922ece147981bfd4bd3968d37da82dc321428245ac3a4b1ea6c608aa9487963bfca1d10e3c76dd65f766a81afb8953362225b84e9c887f0762c18431b224fa594bc082dea75de26b55b8397e1ef783c9e5ffa4a1a7cd5f9612d73d220e366d1417cbba349ddc5f82612200252e8d640223b08b154199ffabb2ec7972f9694cdb19b6722"})
syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f0000001200)='./file0\x00', 0x100, 0x1, &(0x7f0000001340)=[{&(0x7f0000001240)="f4f3564201e16f502a3e2100b5a0080d6dbf6826b6ded72bc757e623d6aeedfab129084180975ae1557367446ea929da6eed4674d6207a23339c7c2810750896c70492f4334b2314ee6ab9a30441e526eb5ef9e5d654ef94a899d41c098b11f1a251e9972d6204551fc91f424e89df30e42422699fe27c5e9d5f5fa3770139d4b8699219672e86330cd2c43cb35f33045a7cc89182987abe736be44a09814ba9f3bc6a811b4de31d6e0447807de47eeaf28abe5b9f551dbed945842781247706ad6631f14eee91c0e65748a90af5c5c9e4166dda7a8f1d0eb60a5f57", 0xdc, 0x80}], 0x100004, &(0x7f0000001380)=ANY=[@ANYBLOB="6875672ea9fcac9375e79b2c687567653d6e657665722c73697a653d672c6769643d", @ANYRESHEX=0xee01, @ANYBLOB=',euid>', @ANYRESDEC=0x0, @ANYBLOB=',appraise_type=imasig,\x00'])
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
preadv(r4, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
openat(r1, &(0x7f0000000000)='./file0\x00', 0x400000, 0x12)

11:30:49 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 32)

[ 2198.853282] FAULT_INJECTION: forcing a failure.
[ 2198.853282] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2198.856130] CPU: 1 PID: 10124 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2198.857578] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2198.859303] Call Trace:
[ 2198.859867]  dump_stack+0x107/0x167
[ 2198.860643]  should_fail.cold+0x5/0xa
[ 2198.861447]  __alloc_pages_nodemask+0x182/0x600
[ 2198.862422]  ? add_mm_counter_fast+0x220/0x220
[ 2198.863381]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2198.864678]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2198.865771]  ? lock_downgrade+0x6d0/0x6d0
[ 2198.866638]  ? mark_held_locks+0x9e/0xe0
[ 2198.867503]  alloc_pages_vma+0xbb/0x410
[ 2198.868331]  handle_mm_fault+0x152f/0x3500
[ 2198.869231]  ? __pmd_alloc+0x5e0/0x5e0
[ 2198.870061]  ? vmacache_find+0x55/0x2a0
[ 2198.870913]  do_user_addr_fault+0x56e/0xc60
[ 2198.871847]  exc_page_fault+0xa2/0x1a0
[ 2198.872667]  asm_exc_page_fault+0x1e/0x30
[ 2198.873532] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2198.874668] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2198.878534] RSP: 0018:ffff88801cf87b50 EFLAGS: 00050246
[ 2198.879640] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2198.881166] RDX: 0000000000000000 RSI: ffff8880457a0898 RDI: 000000002000e000
[ 2198.882666] RBP: 000000002000d768 R08: 0000000000000000 R09: ffff8880457a0fff
[ 2198.884129] R10: ffffed1008af41ff R11: 0000000000000001 R12: 000000002000e768
[ 2198.885578] R13: ffff8880457a0000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2198.887086]  _copy_to_user+0x13d/0x180
[ 2198.887921]  pagemap_read+0x333/0x590
[ 2198.888727]  ? clear_refs_write+0x780/0x780
[ 2198.889645]  ? iov_iter_advance+0x1b1/0xec0
[ 2198.890573]  do_iter_read+0x4fa/0x760
[ 2198.891382]  ? import_iovec+0x83/0xb0
[ 2198.892197]  vfs_readv+0xe5/0x160
[ 2198.892924]  ? vfs_iter_read+0xa0/0xa0
[ 2198.893746]  ? __fdget_pos+0xf1/0x190
[ 2198.894542]  ? lock_downgrade+0x6d0/0x6d0
[ 2198.895418]  ? __fget_files+0x1cd/0x520
[ 2198.896276]  ? __fget_files+0x2f8/0x520
[ 2198.897119]  do_readv+0x139/0x300
[ 2198.897861]  ? vfs_readv+0x160/0x160
[ 2198.898655]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2198.899755]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2198.900837]  do_syscall_64+0x33/0x40
[ 2198.901615]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2198.902683] RIP: 0033:0x7fad0dc79b19
[ 2198.903462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2198.907331] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2198.908929] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2198.910426] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2198.911932] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2198.913438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2198.914947] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:04 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:31:04 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1f000}], 0x2)

11:31:04 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 33)

11:31:04 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x79000}], 0x2)

11:31:04 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1e000}], 0x2)

11:31:04 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x320902, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
write$P9_RREADDIR(r0, &(0x7f0000000000)={0xac, 0x29, 0x2, {0x1f, [{{0x10, 0x6, 0x5}, 0x2, 0xff, 0x7, './file0'}, {{0x0, 0x1, 0x8}, 0x97c5, 0x9, 0x7, './file0'}, {{0x8, 0x0, 0x4}, 0xc0, 0xf9, 0x7, './file0'}, {{0x40, 0x4, 0x8}, 0x8001, 0x40, 0x7, './file0'}, {{0x4, 0x3, 0x6}, 0x3, 0x1c, 0xd, './file0/file0'}]}}, 0xac)

11:31:04 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:04 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2214.198437] FAULT_INJECTION: forcing a failure.
[ 2214.198437] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2214.201204] CPU: 1 PID: 10138 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2214.202670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2214.204436] Call Trace:
[ 2214.205001]  dump_stack+0x107/0x167
[ 2214.205776]  should_fail.cold+0x5/0xa
[ 2214.206588]  _copy_to_user+0x2e/0x180
[ 2214.207402]  pagemap_read+0x333/0x590
[ 2214.208219]  ? clear_refs_write+0x780/0x780
[ 2214.209136]  ? iov_iter_advance+0x1b1/0xec0
[ 2214.210064]  do_iter_read+0x4fa/0x760
[ 2214.210875]  ? import_iovec+0x83/0xb0
[ 2214.211686]  vfs_readv+0xe5/0x160
[ 2214.212430]  ? vfs_iter_read+0xa0/0xa0
[ 2214.213255]  ? __fdget_pos+0xf1/0x190
[ 2214.214061]  ? lock_downgrade+0x6d0/0x6d0
[ 2214.214946]  ? ksys_write+0x12d/0x260
[ 2214.215764]  ? __fget_files+0x2f8/0x520
[ 2214.216632]  do_readv+0x139/0x300
[ 2214.217365]  ? vfs_readv+0x160/0x160
[ 2214.218159]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2214.219279]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2214.220377]  do_syscall_64+0x33/0x40
[ 2214.221170]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2214.222255] RIP: 0033:0x7fad0dc79b19
[ 2214.223043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2214.226949] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2214.228567] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2214.230072] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2214.231775] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2214.233471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2214.235141] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:05 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 34)

11:31:05 executing program 3:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x800, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = getpgrp(0x0)
sched_setattr(r2, &(0x7f0000000180)={0x38}, 0x0)
perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x0, 0x4, 0xf8, 0x7, 0x0, 0x2011ae36, 0x20004, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffff81, 0x2, @perf_config_ext={0x6}, 0x40011, 0x3f, 0x2, 0x8, 0x711, 0x3, 0x1f, 0x0, 0x1856, 0x0, 0x3}, r2, 0xf, 0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x110)

11:31:05 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1f000}], 0x2)

11:31:05 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x20000}], 0x2)

11:31:05 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7a000}], 0x2)

11:31:05 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:05 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2214.533703] FAULT_INJECTION: forcing a failure.
[ 2214.533703] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2214.536662] CPU: 1 PID: 10156 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2214.538127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2214.540248] Call Trace:
[ 2214.540893]  dump_stack+0x107/0x167
[ 2214.541671]  should_fail.cold+0x5/0xa
[ 2214.542628]  __alloc_pages_nodemask+0x182/0x600
[ 2214.543796]  ? add_mm_counter_fast+0x220/0x220
[ 2214.544854]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2214.546127]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2214.547238]  ? lock_downgrade+0x6d0/0x6d0
[ 2214.548115]  ? mark_held_locks+0x9e/0xe0
[ 2214.548980]  alloc_pages_vma+0xbb/0x410
[ 2214.549823]  handle_mm_fault+0x152f/0x3500
[ 2214.550733]  ? __pmd_alloc+0x5e0/0x5e0
[ 2214.551568]  ? vmacache_find+0x55/0x2a0
[ 2214.552441]  do_user_addr_fault+0x56e/0xc60
[ 2214.553363]  exc_page_fault+0xa2/0x1a0
[ 2214.554197]  asm_exc_page_fault+0x1e/0x30
[ 2214.555069] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2214.556219] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2214.560127] RSP: 0018:ffff88804758fb50 EFLAGS: 00050246
[ 2214.561245] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2214.562750] RDX: 0000000000000000 RSI: ffff888046a18898 RDI: 000000002000f000
[ 2214.564265] RBP: 000000002000e768 R08: 0000000000000000 R09: ffff888046a18fff
[ 2214.565769] R10: ffffed1008d431ff R11: 0000000000000001 R12: 000000002000f768
[ 2214.567269] R13: ffff888046a18000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2214.568807]  _copy_to_user+0x13d/0x180
[ 2214.569630]  pagemap_read+0x333/0x590
[ 2214.570441]  ? clear_refs_write+0x780/0x780
[ 2214.571357]  ? iov_iter_advance+0x1b1/0xec0
[ 2214.572300]  do_iter_read+0x4fa/0x760
[ 2214.573106]  ? import_iovec+0x83/0xb0
[ 2214.573910]  vfs_readv+0xe5/0x160
[ 2214.574644]  ? vfs_iter_read+0xa0/0xa0
[ 2214.575517]  ? __fdget_pos+0xf1/0x190
[ 2214.576469]  ? lock_downgrade+0x6d0/0x6d0
[ 2214.577593]  ? ksys_write+0x12d/0x260
[ 2214.578416]  ? __fget_files+0x2f8/0x520
[ 2214.579444]  do_readv+0x139/0x300
[ 2214.580401]  ? vfs_readv+0x160/0x160
[ 2214.581244]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2214.582600]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2214.583853]  do_syscall_64+0x33/0x40
[ 2214.584816]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2214.586103] RIP: 0033:0x7fad0dc79b19
[ 2214.587030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2214.591684] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2214.593534] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2214.595367] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2214.597224] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2214.598809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2214.600384] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:05 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x20000}], 0x2)

11:31:19 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:31:19 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 35)

11:31:19 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x21000}], 0x2)

11:31:19 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = syz_io_uring_setup(0x6270, &(0x7f0000000140)={0x0, 0xf8de, 0x10, 0x1, 0x2c7}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000200)=<r2=>0x0)
poll(&(0x7f0000000240)=[{r1}, {r0, 0x802}], 0x2, 0x0)
r3 = openat$cgroup(r0, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r4, 0x8000000)
syz_io_uring_submit(r9, r6, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001)
syz_io_uring_submit(r9, r2, &(0x7f00000002c0)=@IORING_OP_NOP={0x0, 0x4}, 0x5)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="8b00"])
creat(&(0x7f0000000080)='./file0\x00', 0x61)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x80, 0x38)

11:31:19 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7b000}], 0x2)

11:31:19 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:19 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x21000}], 0x2)

11:31:19 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2228.463370] FAULT_INJECTION: forcing a failure.
[ 2228.463370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2228.466237] CPU: 0 PID: 10191 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2228.467705] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2228.469507] Call Trace:
[ 2228.470066]  dump_stack+0x107/0x167
[ 2228.470823]  should_fail.cold+0x5/0xa
[ 2228.471634]  _copy_to_user+0x2e/0x180
[ 2228.472447]  pagemap_read+0x333/0x590
[ 2228.473248]  ? clear_refs_write+0x780/0x780
[ 2228.474141]  ? iov_iter_advance+0x1b1/0xec0
[ 2228.475056]  do_iter_read+0x4fa/0x760
[ 2228.475882]  ? import_iovec+0x83/0xb0
[ 2228.476678]  vfs_readv+0xe5/0x160
[ 2228.477413]  ? vfs_iter_read+0xa0/0xa0
[ 2228.478229]  ? __fdget_pos+0xf1/0x190
[ 2228.479037]  ? lock_downgrade+0x6d0/0x6d0
[ 2228.479925]  ? ksys_write+0x12d/0x260
[ 2228.480713]  ? __fget_files+0x2f8/0x520
[ 2228.481551]  do_readv+0x139/0x300
[ 2228.482296]  ? vfs_readv+0x160/0x160
[ 2228.483067]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2228.484145]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2228.485243]  do_syscall_64+0x33/0x40
[ 2228.486037]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2228.487127] RIP: 0033:0x7fad0dc79b19
[ 2228.487922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2228.491827] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2228.493445] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2228.494922] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2228.496441] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2228.497934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2228.499455] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:19 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x22000}], 0x2)

11:31:19 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 36)

11:31:19 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x22000}], 0x2)

11:31:19 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7c000}], 0x2)

11:31:19 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2228.757830] FAULT_INJECTION: forcing a failure.
[ 2228.757830] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2228.761250] CPU: 1 PID: 10204 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2228.762961] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2228.765080] Call Trace:
[ 2228.765755]  dump_stack+0x107/0x167
[ 2228.766685]  should_fail.cold+0x5/0xa
[ 2228.767648]  __alloc_pages_nodemask+0x182/0x600
[ 2228.768835]  ? add_mm_counter_fast+0x220/0x220
[ 2228.769951]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2228.771448]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2228.772804]  ? lock_downgrade+0x6d0/0x6d0
[ 2228.773872]  ? mark_held_locks+0x9e/0xe0
[ 2228.774927]  alloc_pages_vma+0xbb/0x410
[ 2228.775961]  handle_mm_fault+0x152f/0x3500
[ 2228.777061]  ? __pmd_alloc+0x5e0/0x5e0
[ 2228.778076]  ? vmacache_find+0x55/0x2a0
[ 2228.779140]  do_user_addr_fault+0x56e/0xc60
[ 2228.780269]  exc_page_fault+0xa2/0x1a0
[ 2228.781234]  asm_exc_page_fault+0x1e/0x30
[ 2228.782248] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2228.783572] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
11:31:19 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2228.788287] RSP: 0018:ffff888042887b50 EFLAGS: 00050246
[ 2228.789909] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2228.791686] RDX: 0000000000000000 RSI: ffff88804623a898 RDI: 0000000020010000
[ 2228.793524] RBP: 000000002000f768 R08: 0000000000000000 R09: ffff88804623afff
[ 2228.795338] R10: ffffed1008c475ff R11: 0000000000000001 R12: 0000000020010768
[ 2228.797196] R13: ffff88804623a000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2228.799026]  _copy_to_user+0x13d/0x180
[ 2228.800015]  pagemap_read+0x333/0x590
[ 2228.800957]  ? clear_refs_write+0x780/0x780
[ 2228.802007]  ? iov_iter_advance+0x1b1/0xec0
[ 2228.803106]  do_iter_read+0x4fa/0x760
[ 2228.804110]  ? import_iovec+0x83/0xb0
[ 2228.805083]  vfs_readv+0xe5/0x160
[ 2228.805937]  ? vfs_iter_read+0xa0/0xa0
[ 2228.806930]  ? __fdget_pos+0xf1/0x190
[ 2228.807894]  ? lock_downgrade+0x6d0/0x6d0
[ 2228.808950]  ? ksys_write+0x12d/0x260
[ 2228.809915]  ? __fget_files+0x2f8/0x520
[ 2228.810947]  do_readv+0x139/0x300
[ 2228.811831]  ? vfs_readv+0x160/0x160
[ 2228.812814]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2228.814141]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2228.815399]  do_syscall_64+0x33/0x40
[ 2228.816330]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2228.817572] RIP: 0033:0x7fad0dc79b19
[ 2228.818476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2228.823138] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2228.825093] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2228.826894] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2228.828713] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2228.830489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2228.832308] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:33 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(0x0, 0x0, 0x10)

11:31:33 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:33 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x23000}], 0x2)

11:31:33 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7d000}], 0x2)

11:31:33 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x23000}], 0x2)

11:31:33 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 37)

11:31:33 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:33 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xee00, 0xee01, 0x800)
fstat(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000080)={0x0, 0x6c, "407c0e3a292919b88dae671b08a52b3debb738563063558c60411f3772a6692290bc4f5d9fef21ea53328ebbe466e332ec0ad43ef202df1d01d85885160a64a2f93304599d944cb0148235d09440b2dd08fc7f314373d0a3e3226a2b2eb5de0630feb2d34c460452f2f3e254"})
chown(&(0x7f0000000040)='./file0\x00', r0, 0xee00)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
utimensat(r1, &(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x77359400}}, 0x100)
r2 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$EVIOCGID(r3, 0x80084502, &(0x7f0000000200)=""/230)
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000340)=<r4=>0x0)
sendmsg$nl_generic(r2, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000002600)={0x35e4, 0x3f, 0x100, 0x70bd2c, 0x25dfdbfb, {0x1e}, [@nested={0x109, 0x3, 0x0, 0x1, [@typed={0x4, 0x4d}, @typed={0x8, 0x3a, 0x0, 0x0, @pid}, @typed={0x6f, 0x76, 0x0, 0x0, @binary="77e7323dc1ce9ff9313305e2549c84b7c29125ef1d46d9805ca8b216c02d61e0b54eda313ec2f9c686065fa012059bae5439b49d9c37c040bc8d02953b320f1d91e0b14f3f9c48956355464ab54b017d486332788e412767e9b209c983f57afc41fffc317a9af0e7b8e4c0"}, @generic="b560b303a1b4de8d5d94786b0a319118abba31281efe839edbc264ee33514739f1cd4261476c55d09c106ee8b782da6a9ec03c7829ddddc89756dac73ea2ea4db1fd8f37e63258287c842cbbb80ac2516fadf6ef763007af4901a55551b473336d010d0131eda61311ecde11d056916f4fa12df73ede2ec943fa9b662737203040304628b27205283c"]}, @nested={0x1004, 0xc, 0x0, 0x1, [@generic="41915e81b8c89bb70ec99fec4859d7128ee2f5031580c82f85366119deda37cb8d0f4166c38b81557f639d19434cd762ccdebc98e8e435a86ca7598c75c1924373b0ab7240e81010f8b3f4b70afcd9afaa694663c183936c70bd48d6b98e7a0e016a49cc700b93dfc76c044bf93fe2e2fa1b180eea437f3847f580ebf798d8d92261421d83d587b05a3e48464518339afb42fb36a4c011961e2b3cbbc9edea861886b38e9e7d2008483ff10d2614ccf0292f3fe0bcdd5980f6e805cf89148166129cbe0d70b6b620195efbf5cc83edc1d2a6a0e788cde3f5fee87bc949f748646d9ac82cc8455aa951d38a87296cbf3c88a4dcacbbdbd4e679ca991f3bf9ab5dc965fede63c47d16744363d69a617bfc5ee3951b305846cb46bb6f2cfa22e63978fd77ee05e1c513fff059ed2420be6c81fa07c4b769d1ee0beb23b736bb8a033d9cb44bcad95172aff4a3807b3f725acb93f15f24825488f72af1b686a9f50be2af4c9b00453b55fe96ad661d930ed6b7b48009fad1eb492ea29d420df30569e85abb2a1385f1d371fb921c22b8d9946725f67e4f93f218910b8e88e28dad97f0418db082a63d5afa50a3cbfdf155d439215036841979610845706ba716fc85d4eadddbf5f5aae335569b08713df20fc3a7152a18a248cfcbd48f2314ca078c9d950b8f1ada141de7cc2add11b64d18007d08b0e44b20c548111003b1064a87d4df7ea3eb5ec52197765ad0066d51d4d94e92ba966e86ce862139524dcb682b466088ea6de5cb793847c9715ee7c8fa4a64dc89be5c723462a11d502c024e88af7c956eecee8a012e3c314b69a9c0b240bff2fa76414777eeafd3aa283f76b3ec2a15aa27bf396251961639105dbc84eed8b3611bc975c08b5faf8b41545e9ce6f81b44947b276aaccbbbe18ee555d248a5f3a40f492e5d7bca8808deb5fb4d45129837675fa4ebcc85c39884bc3d570036a44f331513ae1743275d597700563e82eec14117f841cd0c9069ab8af9f6a0edf9c81e742df1d9b64293a14916147006c498009f53a20d141ad53c476402ce98ccb04f2c7132492387f3cafc3c659fb30ca72d04546804391f37187ef674b614bf3b8145dfbc0a9d46e3e488d46470985b03714d8ea02c821705d63b8c3bd1e64710b851dbc962b4111268a64b36941291a4ce1905c408ec2947bdeb3fd72d8b285149c0d503ccc85c6c45150689183f9d56bef358bcba51866d0ba43bd596824546026d8a801ec1c3115cf696358265c6b843e0dc75b1e54cd3ac00c1df96eebdd2ad656a3356cf83f29c18e8926ffdf0bd7e60bcdd521f4a0348500fc6e03771bcb9bbe89b16bd3c49427ac720074dd2a5956e6b1144c4aa44f0684eb70bbf8be8932d6026e36b4f9e5db1f4e2515c180d4e10489eed6cd2654b7ade7d396784142cf2b7e4ae9c9dfd63e9df54445c484f568d866b83ecef85e41fd17587f0ea90c0a7665cad75a5c74d1403cb5f94efb4302b291513a6a6b721d798980c85c373a5b91d5a75bca52bcfdec72ad1dc7662ebcc6ec2968d9122c8b5bf4cb39dc375f0eede4ed519efdb4d087214b6ab2f14b00fe26d7a269963da97e9e0d8aaf934c445c1dfddf3a4d33974cf82351e6cb22ccee7c3c7e73221f824f0e0995eee8514b5143f16cf3678d6fa88715b2c5ca9c13867996f871bec9b5ccb295162f766fec6d7aa8d26c97342be03fcf0f6e1987bf31e39322cf74ca7feffb5f8bbaeed6e0a2ff670f350eb994f0434af27032064ba980df29f4cdd84b2833c87440127577c6ec3697574b01a47c7248fd19eec74d0dd846a713422b9a041e08be8ab7b646a3b9eafaa4a49fce4760ff776b12ca8b9e934693edf5051470ba3b8585d0d295e1c02cb5539470137eb089fd01ec312f85b2b6f8f91e17334e196c29d8cc58e5cffb7e61e805c1f041b5f00c044f1794457e387f4500759447c292875e7b0598fcbec0ac00a7eecaffc597833ae6a8253e5ee61f5f97b0ec6afa1687d2f240407984a77d8fa9ac8445b84f32a03bc9e1a7a1d2c3f16f46416d2b5fd847da56a963b3461ccf46001a1e6e368efb8b659578291fc1394d4177e949a7e363ce30605733dfaf53e53423d34811bbf74f1ce4b80e0dcbdc7fceb5a2f9b226cfab185ceedeedd7591e9f66d44f33977027f871459c1e2b378bd002a0da85b018d58a75c6cf341a6bb779c81c0492d5d8e40ead07b806259ef3bb14b9c82ce835e445909e0cc9fb8dd3c0146295c00d066ab1e71fc096e9dba85c2dfb5256f24e44ab5cadc0ac70c8cf5cb538925f20aece35315c883a4d5a3657bf079a34fea510598e0a105582cbb9e1c5c0fdbbe172a18db82a4de92b0782b55844708df3ca653249fae5aab0721c959d6f0817edfdf1af172ca2ed709fbc25088900e21b6a0f3ab7d684f361c1b63fcd72a88612c982db54c03b55bfb2fcef8eb82be8e62237dfb1b366085a1e7cd49e700cab9eae969b2eec93a252d173678331ecddf094489a7e38b96b012359ef774cc8ac77f16bbe9ed685d75f8622c45c196965531de01455fbee7e7ab27bb7b0426fe9e3c99094bc6969e2039f362769b37b904db4bfd4b1ac6ec74b345888ab5804baad2a3c3fef116d26bec9561ee8583b0a101f8bd278c35657ee34dd5cc890345f60e10581b934e477cfb2f46950d33140e9d86514d8fb3772eee1fa04af20071190016f9be81140a43377d0de52700c8341b255476f7856f34ccf87963418ce6d9fdffb94c80ca1eea3ce894fd3a6cb21f0ba56e76f12ab04c58651ac66ce790cf66a71a380260f044862474a8780053fe49dcf2bd80390e7665791b7df445fbf13ccda5d1e10a97557f1cf693f8896947e80fed704a3840131fc8e07bd3b812f8e3c6e3a42100b7d6c6069ab4c929c90f452480522421ca29695964ce2ca5fe860de73858c7f1bbfb7b803e39109ea435db20a00fbe0490945e8c36a0aa1d527979cd1948cbfba3a93cb031e2b951a3b8a4832992ecdff448fcd58cce3378bd28a38180d1814d1719f7a04effda325e468466b8b4888790ed3772cbc7565660719cde7021c90f16d11d29d0ebe674cff478456f039e4eb3c221737f540e8301989ac643c57301f40dee52bb581866fc0abd48b583298a912b7732b4e786605ebc0ceef8833f74ce86efbee10b400f377b206b40fad908b81d002540d1b854bf6a2861b874615fccbfef91cfa0c5fd24379890f145803bb59f764876cc837a0748270300603a78104a0ee219680be2dac998d672600c7137d3f22a0271df528bf5a873d9cc56da7cc55938514f50ea3461aa8be3548f27765ce248c9263ada588f1e45d38fd8f92abeab950569bf77fd5cbd0274fdd462abb5dfdaa7a5ae441822ce606c16fa4955ecaa291b4e65caceee06a4c6df906834c340b21c5225d9d19be08db17f4a27a7c9e099e867ff105b3bbd99298be8b584ca17a5b4866b321ea1983b44611971baa058826205d7bf24029158eed0fad980d75ac41f455c5d5c0a1b166448d270068d5abdc7c11a9b6efc435d3c8837b7a2bda58f08d40bb22838911a2ac20ee34bf09a0d0a67d28088da907cd8b0f9d19399b868f4102cabd6223651dc710f9e26f2870b46b138359912ed9679f28aebc468b029a985509cb14171b20e75c0fdb5bef766d27b713250d4d29a305a066451e23f75b645944bdc702e505dc45e267df679d9dbc2afa322409e0cb51dc8180d4a868c10d822d170e022a0a796fe8b3971bc798e71cf78535d464eb39138c472bf450ff747f46450dcd63efc8dd04c64af447fec2df1ca0fadbc809c7083dbbb0656163a92855289d509d7e2f4868b5ec07a48886dd70eeac325c1cd30410db9b675e451957e94e7c783112a701d12f37778a9c3fa77bba3e171d3cbeccf625e3eff26851e187b0d0adab37f06984e88c0e7757bef48daa7a07d011dc810c2a56c641a6219ead31923a0d4424cb1edde82eb73c10c7628b6936aebd506fca0c99d243cf3cd1197f2a501e61ab9665971b4269234ea958717d2adb1ace77d791ab5e338388acf309d79368a0e92b9d22340730e157b43b98375012095dd0013c6f33eefa55f3db6ec49439f6cf095d8631c2c9ff51cbafc9a08b69400b308355f2b9bbeea6ec35b6dfbd0201b096cb58acbf7975e473228c5fb67b9928bb547a846f80ea6260749592df28f10756aae9a679c5b80f90a82ae47d87dd4b65731413e9a22ee37b1f030b92491d7c87996fa64df9033b65f4c83ee6b4af0bbd952d6342a95fbe9d34957836f23521613772c3fd8e88e852f73b6caa4033f68bb1c18a0659bfce722677b3fdcc263373aca62feefc62039d90fd6aa7b8fa43c2632c539460ab81e69d333d1aacf34a776032d245becfd0e687f9335033e6e5170091717442f66409cbebfa9edd774bbcbc86ab5c3ee9f0b0b570b2df60e3a08634d6bdca9671f412719dbbac7dd91a47b26054dff85a0de95d6c9dadfbd91f7db5a401345d52545b86c3d0cbbc50ac1b0bdf357926e3a5ca0142f4095017b226ebd97c940aeddf3930e99f34bc47ef1b2323d2120d4d155ca298af73aa8add88e78f820f3ac33a2ca7a62d1e87f14d24290a3fdb72993beaf044d7708d723108dec564074d7d7271bb028592c68d8c1073d021ab416c2edb3e3f614040c93d6f2cf7e8255127b13d7b848bfa286f8c5f41add92e9ee08d4f50d2aa101aaf2a445f381d8e2415b9ecdc0d65abba5ffc14e19a93ee20a0430d90db5a4a575bb040ad5412d4ae10b1589768a6ee98344069ff9c9fe8dbf1fae1a435f3daa0ba0857d7035cecf250789df247aac02385becf642cf574f6b73956addad46a59ce48e4545c42a8af252b176887ccbc0f976f8514d0f66a57abfbacdd03feabe68ad873bcb73d68fcaf9098c3d8d65cba49335f492fe0ad8552920ac17849a14e0a27e0478267c11c6340e0cb673ce97a79842b0f19424c0e8c9ee9f65831966e9331c07a2bb3fbca19757191d001e9823e08fc517b84ed7d21f0a4fe0ab9013bff38d09b083fa295a3dca370c10e8a41481fe848c361bddd60b85958500203d763d4ff7365977b4d825bac426c64e33d9726c3b4058616816f8bbeb51ae42a4ac61d814254dd4d3def3d879319024c7f78bcf7c36141916d8663a8940402e7128eb0023b7992e9989a6411696833bff0d43da50df6f2594ef5fe099b5cef63ba675811ebc7c15610789dd699eaf5715da445a91736a20168800bb310abd7f092e4be701686453960bbb5c798d792dc232237850a58037c42ed50460986b837406adf782606ea872f797503988d14b77a5851da50ac62501b1a4c9e5d690528b299e739df004d9f9e52e815bdd713edf70aae3dafbf94dadf7fd386b495e961f13464e4d5ce1f9fcb5c6b318e8d4f75591b0a6c047d2a4cffab007f3c1044b9051ed0f767cac29c71079d500f856e89f52497fe09a3310a14896d5be119ece2656e9ff599180cc38403d136c13aadbaa7c6e6815163f01eb96cca7bb6f4595305bce7d9efab86a2b91ec3ef3d2ffe2b56aeee01b004a821da25d9c4e403784e5f2b289ced1b75267f08e2da16f108a9c3b68c49ac8fa5e20663863ea1e4355ccd0de4f30d2a1b401219e8a31bb78a7034d35ebe0ca66f112b5bad5a0d8ca233962b7a0e98673505dccb8b429db446dbcd0f2a33a51b7bd13e68c022ee6ce76e75b34cb636935501854631b5161a1504c0221efc1ac57aa54b9a0fc519bc82fa68cf7e5af4ed18917a7008a75f9af"]}, @typed={0x8, 0x38, 0x0, 0x0, @u32=0x4}, @typed={0x8, 0x84, 0x0, 0x0, @uid=r0}, @nested={0x1308, 0x20, 0x0, 0x1, [@generic="d26f51229bd9f0b239a0b0f3bf3036f207e6ae1711e0589f584a8df417a4be9b9e0a77199910685c286003b4cc58e9aab15a5209d4169540371781c3f3f23d59f2bae5167478fe5b435c21c3158f6a5d585eedc9263320685fac797e50b2b436fd137ce9e89dce3d133fb1947b420a4c58a05a8544ecb78d685c27ca72eaead0ee4e58a37af9007bb9f7d06c2313ca317c3c078058ab083fbcad516af7d17f133151115fb66719c59cc3f6a0de3ee3512cb6c53fcd894bd8180f95250fe1aa7f97e9225725ffeeb50f151a89cbc98a62c9", @generic="2f8696b8edac6122e07c242fe8aacb9b4ff4dab0e6760ffb9be8fa8e5d15b5c0e50cc5950fccee934eb91bc5919d318e06e49a5341125bf6acc1f12d7cb6494c1be887e7b0720cf951554f4a3856340af80bdc0d660b6375c80efa4f4c45cbbfeb3ddf630c2f54c5b918e93a97c1d1cfb6fedda6b90d177a1adc928fa3729a804a851947f1191b3361e3", @generic="58b87f49f36c61a573188d292b5c31a465299228ea886509bbfb21d91173661bd63e553eae184879a64ff9ca559f54bece6958edfd16a2d8564511a4a8f9bce3050ad938aa13f8", @generic="c17a816dba7cf5ecda5a158780fdffae14e3330bb42f7be698e0828b6d76a340519db6e4f8b483c9ecbe1612a370e5b5f254ee02ed196aedcefe7fe46370a2d53d664d39f4228be41c530c07c03de9a4f6c912cf56c229791ff5362419f92a1e4f349e051de7815edde6b03954f43d64f6bedc687e246165981ea4002ee83be705a87a90039373378072b15a02e3d9d500f8b1e6f2600164b283cea7e36cc9edba55550a13ce34c2dc7023116fa6d2489a8dd7ae65fef49435593a3753e7a10cda6398d6bda7f56fca5fa193c4ab32673032e7c6fb3c1c7fc2a39147b1c50d6fc87ac3bb25c16ddf136bd4ef4f5ffb6a43ec07ae920ea4e5ddd0ec585afefa195aa00e06511bd1ce310c581272a547689f732fb86bcef8dfd57728539bc0af942a57ee7f63548a012b849710f4c99e6db23b8787d3460c2643e6be92cc9a4051d9061f207f2a21ea457a06bfa010c20dcd0ee6616a4533eb9b846cd2a48433898234ad63fc0d876847a9410f3d298e4f2d31df1e9d0609d983ddd46648690ec72fbf493e31826cec941eb45ceeda4a5dc882ccaa78ad5f0e86754c624179f2d570e8f33f440715c24abf4864b6af5a5c3b74711b9cb0ffc2c8c00a76538101c9f55c7f042a1c4840b01ee122e7c5f39b5d30b3e20e13dc0068d53caff9d00fa82f3f2c36134107db6aff83f553e119d229e063fd52e6923c9612497ba95c7776851f7f975105a9242f62ea3349731a2e7a3e57d04daad450182579b9b8e5bdd591cad0605cd0f78b08c0008d5c56bbd06d3bca559b3993e040d99ce0899b19983707dbdc45a2b0651440fc616b22e051f581ffdb048535fb22f08dff8d8a5f84874f7ca1dd60320e46b10bedcfa333486db53f619377f41f48ca35af86e06adfede416d8d221d0f6979af077d62e1f001c1ec236589b703aeb140217cd91b087c415bbc1cc04927b62927c0da02a1ee89f82b84a016e8135b880e4625de0cdaa91da7a8e021d0edda879f95f6a90e6f787d1c4fd298c81e15e551e0f0b22adf944d8c0b676824a5c721a303e92d3a510a1e0261e9714a5ba5e39a766611dced4287eeb76cb86a96eadba24b9217ba512035ccde4964699de7e699a3e1beb7ff5921314147742199eb0bab83e65eb4cee077891cc9c794fb92e9907b15369c6844a30f6ef160819a74c14c8eb4085065c843eb66eebea878e3500985660653c3bf2048751f7d55366087b02ffa4d5f3fef7b707e76fd63f07856f04a7ad7e385d9f5c35a3b51e791fa4e0da2978244e1d1b746be91fdf4714dc562cbc121680f8063b3f41617986b5b5f1d3a328909e7d95ab77260600ef2e00cf642091d4b4a01d4ce6b45789d6c8dffa90228beb30fbdb71f818950bf691ba7ddf42c8795816b7d110f67f967916ff13b20dea5580757b11823964d591d1d1bf7d72b884a816f895206a26acd7ef79a69d5e16bc790a4899998726cb49722fb730773a22459a6e8261f700de864afd5f8c82030f87dd2545f6232853428274ec69b10e75937c2d33afa50da454bab9b28e5b926d3cef65ae2e48d6a945afb9968f7248b7fb8b7b03d60873940eb6f11f34e2ca7a94b77949d4d4fbcb256c8b8134bbe562aa84c9c81764b8666147c785fc60fd694fa5986ab1d0dc49ffb9f840c063c591bd8525f751b18ccf445b55d9b797dff268767a061743c69674a8a642f1602e871426cc124c5486380e36df0bbc34c4c41c22565cad792c4ba91f9314a91603f5cb1ddff249cb3966028e2babf4b671e879743579086891efd1642a022a7f9e9bdc458b37d24f3df751f3634ecc1d9dd66d4799b1df22d9a8e290705e09fa3ee4660be4c2289ca535a8f2eb29179b08211acc6c32808a8482bfe59f1c6f98a4b108cbb6e6fc6ca573b0b59ca42bfb84b385355d535246bab25eb2f36118f0786142656e5125facf8018f269de4fb1eeedc9ffe849e86c4e0d728c208b5e50ce496f26ca8e5d4c171569d62644bf9aa63250b1fd5b94b4dd082090e1cf3750cac4ee99d68e5ac8d9f5f04bcec12c00e8cbee41c4db653c9b135d7a5cee3018fd1b2e5a7a01570f181afd7d23a941963622860cddd4f9bc2ac64094a5e3b26ab3fc21bc7e8cff6398a66b4dff6d3e223b5112e7924adb68aa807adfe4586707cdf1e080b074bb69e218a58656fea653103d1872f0025dd94f2d2551c2c86f5ef151768a947f6637acb071c18a018095e66fdf427cdcdabea89bc6636fcb6cdf156038d29e7c29ff21fd98bff8512959ed252684dc381f6142364482751916e3802dca7eca7ebe79f391a2d85991bf2facf26b8aff08d84cc519f247aa9a558ad4338838814a40e84ad55770ebad0d615f5526956bc0b186a05a97dec28ff5cd0f3aaf7de5ac00a25932c2da42702ac9bd07b4534805d730711fa5aae25e3474b8e45769459ae4d8d0aaca4e9a91d0fa9391d2a7a34fd653da3e8688fe586427f8e0a650d5f539b2238c0e071aa144b0d402a2ba27305ddcac975f648dbfd003b4f8d637dee3fb6737efdcd0b89cf047fa35675a86c7b881ff56c14bc8475fd5db2463e5843d57e4115e63045d7ffd33230e73cde641f9928355cf04d53418838ab28dbe34c5a81425aa2af20e6482ddc78ed56d4ba6e4baeff261c3c223d1c8f5ca6ab2bbaf885c58942aa8d04237b3b9ed75632faaa09721d5221336638cfe1313fd4f4d27a47e816e0cde70c1365eacee00f46b02d5c56b0abaf78c5a45b2136821dc7b682d57f950103482ed8b7a81946f0dd137f3ba55b8e5b63b5a61a22aff6c23a46dffa7b18a120e89320f226281e340b22e0632e64336eadaf8e19e4402b79d35019ced684414accdbef20a5a4992a4ab6aa917ba431cefd651f20f75c29c794881f836d19de32e26bac0b9cfa23a9a134420967b956a39bee9b5ee622890e25cded6d09bfcd3e4f50add95f7613140ba7efa82aa51f308e810e9b03045caf25ae6a59138eea3cf71145753d59d992009102e5395a0890e4b766c4fcea80f85e20610c6d39478b7c16976e1050e3c5bb51988d88a7de6ed713fa12805307709e395e14d479297ac15b7f8726df2557a2c28e64c1a47d17caadda14bbfe4c09e709401f6c203cab248b5b433d73aecfe159ac9708e3dd3854e99d00ba84b123a8b90b1e64cf8903e47fa8a0d94968a6b2b7db9c4c0a3d1bda9debde355eaba658af31751073db32298e75a41f46b97235ee7873c470022d73cc38c014509c77750ac0c03497d1e5e60011bb0162a16e47e20b26a567748c58c5a2e789e260c8035f71df04045e304ca8ee4487f35cf33313231b10f2285d23d5931d6759eb20636f4311d0eb8590daa2cc1bdb3d3fff122b7c252299852318f42170b4cabd5780404786542717042ab3bbd66843603964c9a880f1d94e040ff213e510668f4c1990dfd9a36ed82446c6e73c43679fd5e4bdc2864a217966de12d3a8325fab18a3fd43c0bf7443adfe12cba69da94520c44554ff0e823c78cd6197da9fd42eca8ad9ef72204b9e5a3c8854c89f91dae41e42c27d2bc6e0bc7a2d4f89d2091e5d893d0fb3a32cd82427edf3d69d255de256760b8825bc1343f7ddd996da91548138c8b3f808d5734a5c4c83d0d95b41698af446761bb2e3459b9c1a346b0834dba517dc763f46885d1f89c7c90fa8166bfaf3b2a03337730befdab2d284b37d30535ce209af524cf52902f648c2008425e70e00bec612aa8305f9c3b37804f4c48731aee94ef0cc678eb4ffce6ad8746e9bc249bf3faadaa2e2c6029208e14185f74236b230cf179d54bddb636b337a9ae3f938fa8ec29f66a54561fa409016b5744f06e615245e6088138800f21bf1aba9a6d28d1ab815385554d7b8912e91a3412541b228561db89f54dfb82b7399ea1c1357682a0eba656e369ae52b9702791d7c5796f65541b217f9a476590760b1201791c168204492c1f202bfc4e92f44eba69567a8625747df5321171a796135dae56fbcdbe60dd833e94d3e559a8eea228602bb3594c6d7c5443ce37dc3aef78380b428707c5252fb0b57fd27ab4e6f1b2c68c3140e79ac9a557ed2293e35a31edbc0a679a18fb0c151d31a995e77f930a7ce354697f8908317b4d52619634cb682585440b37d253d319c89a0dba077be1da14dc39deb175bd10a9a9565e484a92a6d47a4692c4b62f7db32cd5653edfa271b09e614537a0971614d27709f38d0f074298f9a576754a9843cdbbf7371fbf12d36a431bc4ffc113b400bf157f67ce9b6439b666a2daaa349f01ebabfb38aebfd0ac6f222f12c5572ee5cbb7cf726eff2a1c87fbc1fc4eba1e6c6041004be73e84145abde32a58da8a0591a09e38a4095a3f9e4db24b9672dc0eb4933ec0fba6780086a304a5088a1ecd0308ead2ce5033e82165140f504ce0efc9c2138248344575558908a40fed1e512858da4e516b48e7f3752617a73fc49637dbf6e7bc2c3d98bfcfbdbfd4532ac75eac802fd771de9f839dd842cad5c1fdd6ae5085492f8879ad9109caef50aac21b7379b6b60bdd48546a9dae20eb39f4e029647d18b241ca9f15e554e69309d43417c3aebfad5d11c80a76973dd34d9422c45167a8fd9b32a4c01e61c5467ff15402e0f4435a06ce17ee49f05feb334315d775f48a39bf712a2f3cedb7616a5239955a3acb3e68bcd6668c8469e4fb38e6370f1463dd607d616d034334ceca3f2b7bfc9bb90f102f95ad423978d4639ceeabd5b18dbf2bdfa17ad7a79892f59448533500f6712818ec2dfae80fb7dcd83d2a99c19848c0983c3d8693aa97b27165d5d514fc654ac8799eb528c43aea6ce41ca794b7a8e6ce0d68f21b4ab8b16c2c4a39a43db8fafbf89d52fc54a839836f4c4fa98f022538ebf1192c86990d9e38c52789908cb78f3fd2c0b9806e22247702652c7d433c1d2fee3342050d0dcdd73b5a523a2319dbe39a21fb71173d9ebbb4abce2ba302c6915213a8128a25af2a5690b98c2d42a76a7713f17b8de08cab5c7ec1ce58373fadc9630701099489a15e22079b5fb40503eee56b6a6b8d3fb87775fdab7cdcc9020e06249b7db77341dac51e1ba5755a22d8e34edc789b8536639abbae8d7a534b59ad034c2cd423b16e13a34df2f8e246435481dc3793e140438be4c0c61e983a1b3fbf3f3d9ca88f0c9c08c1c2644793fe39d44dc80313b26621bd52807aa4855dc90e024e3f7b0d83554b9e11e8851cbfb3898e26c665006b0b354ab5b9819ffd435b8673753c8b5a1f1df9c2ea479d00016a796788d6614b4870bdd6020c194877cfa69fc04b7d5150b797c52b30935606da82caa444a9cd22177e77bbd9aba15af54e9cdf9b4b3be383400a4286646994dd7dd487fb5d7bdcd9e915a7ef39734203422550fc00251334cdaca08baa4a7884f23bfd75b206db3bb9dc2a541ae843ccff733fc1577c2634ab088ea5d378a544f7e811da3892416d1cb7d81a1a413aa9955b69f0881758dd16b45b9241954a0def806feafb27629ddd0c63231182300ce2468acd769a7e57232883f5fec7a0a8a43b7683df9f21ffe6223fc6b597416da317082f8eae02dbcc62b00f52c89742e266eb2e27e235e30bc9f189fff3674c1b83ba0fb9366c02a773cda5ae9ae55212634bb366251cb866ba5a27842494ab012bd8eeac366044d5079f7cabcf703c0a910ca56725e6075f7e943898867250923336d18fe2725fd07973b376fd9daf9e88204fe89ae4738665422e777e961b768a73c0c185046d65a0a5e7c2f92cc272644ac7ff665190", @generic="d07add8d7e92ff08d4b10d58165ed3b80dee3ce4b5e43c12fb76034a52d8adcf1ff7e621b8ce1c983c31c84cce9b5e5f42912e33b53776e8154c06d927364df4095ca59c4c16830a11481d2efefd92116712f7ed9b7870864344eb982ad3fff2850405eb3b265baeb75da4be3ca55b7c629e98e61de63f9d3e932969b06847b6fc69ffcce46fb7899d9c3a8682d504ac37cc53754383af65fb53441a2cc9c60b08c1ee592490ae0cdbc0032edd7aca01ee25bef9e174053f8a55cef4b3c54fac25d975dd738b490c1928", @generic="184703b0f84c0f00775999373d9b18bd1589fa12b1b958242213c5aca908b8de3571ade02f78e80f82ff61d40b09f5c24367adbe2f3ac9d36132afc8194f1de956a33a5d2780b70f493644b2a2d424d78e19ad63ae49323352c3d85d3659868b5c1a3334898cc49e8d5618f5b70da135e3434e98b6d43175db8772e83a5f3ba6d3d6d99e", @typed={0x14, 0x74, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, @nested={0x19f, 0x1c, 0x0, 0x1, [@generic="233736e6499f12daf47e7597a3d9427b78502f2556eb078064c4daf891b40dbb64dfa184c4ffd8648e3927beb9fc60578a0e7cdb95d19b3d554cbb09d06197fe5f0631eb7ae1031400b990b686662c9df97c35cd3957a9c116755fffed71b7c0d9767834fb5d9f7d4e0ad003a45f982b843269526da99dbf30e32fa9ac960c6b886ec62cd2c5c01e9890983205c324ea3b5aee0e0b6c4dcbc9e3e3588d9f76d3646dd817ee00577c67eadbd3e399d14a428008d4941434f45001cd23604cf9d0bb7213c1f81bcc0df19e49abb220a73a290016d97bbc7a07d5882a1192e297a3d926", @typed={0x8, 0x1d, 0x0, 0x0, @uid=r0}, @generic="3ab6bc9235d568340ba82a21b3a8e20abdf8f003819cac1f6217ffbc7467ae956ead3953c107c6d68f79f161657c2b2f133dcd58cd369d2d00233f6ff0eaa2f3fdd5f6a0a13ab5a798d8c81151c1c72dfc6f3d47d1c00fbb9cbd590ebe8f90381da9707d1b2f4f6c8312dd97bbc8f7a3", @typed={0x8, 0x52, 0x0, 0x0, @ipv4=@local}, @typed={0x4, 0x39}, @generic="bc9688d667853bebf09706ba9d199449862f00a33ae8997fbef0fea598ef7ae543dcff1f121a7608bdcd6a1201", @typed={0x8, 0x5a, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @generic="7eddb9701be3801fbcc9b0fa027e9e7e78239b302a3a8bd522e2707ebe6f8246594b5bb6f9d689ef69c16c754556ebfaced333ef9cf1d4428a7eee47c8d069f5e31f9a675d6c037ee9016995191324370b2871bef06e17b12b7450ca51f087eb77dcf84b6a01644aa0db67d5e614a6f7210bc7bc8736382b080efadbd8fdddccf18f7994a690faf0112ce7712fd1e20dd06a589ec0f490f4082fa2131127e614bf0891e8fc620dbc11b4ff236cd5e2c5037d0c74bb051ae7d81447e66eafa9b8fa99b7712d2a57c5c38d32c52bb34145bb512e041aa44b80c3673315a3f4785005241c9c9e1525481f9b86c035887a75f52f852bec7895a5835e73ddd37a956e4033b71e1e7a0c2d24ee0e6d012cadf4c114ea24f889aaacf1828acf929216d0833b47856b852899e18e2f3b48a153dbd3f8c12f1b67aea0dd6919e9dd3032bede67a47d321cf9a8d79eb2e398c99d8c5630186a22d07fc47705ce7686b75ccfea2bd0ace8f084f12de8ef58a0da1a987d5a739c259151d6992ccb1a8684bbf972015e824c171ee2f67949b1976a32b334269b22bfc743a2d21be9e06132537ebaf0cc709e7c68f7a39d9d504c64e8eddb95970bda5dc789e841c73cf1c5a31963307e2fb32af6048acb121ddd0e50e36ea23190393e7b188cf189a1037385015477edeb5e2862db10fc85dc852010a89f72a82e7935d0ed40c2a398c902f94474af85aca34f8caa14053ee95ecdbb32c559d6d2f807a8c8c4acc575f23d189d8bc7cf873e8dd331dcf226c5b72c11d4c082e0e075e66a6c76e0ae4256bea911a93e0bc34d8ceeaf743dee89ad48cc06ddd101ed200dd33f198470fc61e4de1c6a0fa0344ea3f03c8e28ffd0f42536d4f3855bfae673c6a7d39d67adc8232074e4d9106c73af80ba9805a21070717f89cda5f1fa742059a961e5c11181006016d2cf8df98ec2462da43bb103f3866a5fa72caebddeb52e946cf468ef41d44f5fcad3e1020c3fa768654f16ae5197bcc4242aed0666ec56ff1385a6eb1abbdb4273e837d820342e8d447462b973e681556bac16ade0ee1d6a0bb20f97036c35cfb0315aa59087f2e2a23fe60f6dacc8fcc2812440b1be3764bf5bebad980886b6cc7dcb03fd4fcd6b56f672f0293482d3eebaccea2b890d97990f08cab9307d17f9dc1f7ff59a2e8a08fca1e3cad1339f412e6af73be332710de81ac10443b70c3994ef1f682d3bf72d27f171280ed89f31543399bef94fe1bf18f792630bf5ba0f3b0ac77f0f0da73503d8af4f1bfef46da5082bd321505e24b1ee7f41a32f5df1722224166ec8314714c859db1f8db646eb3ab0c90d86be3372b138bb4f56548a78d897ad63a65b7d5b4d09c95c6dcdb93d7006935e164095306a9d320c912ec682ad391d85cf4c785c363e564d6e10680e0af6a064d601a92e54c3ecc6643c45381db42a49e6c108a8035cfbeb5a1165473d35035810db236a7bd7d411c52b2d40b0d86aa8c2c12fd278c8bce9ebf459fe0d05427968595ce0987564ae36d74bdca52b138d651e931eeb8eebcad81d89a20b99b5c6886e4cab946ae6c415a84ec6da0e47c78d46764cd1798ebf757d660f67e82710f6ffa4f39ce4ae40ac646701db7126912a2cd4e5ddaebe75e0b63df01b80adea7b8388e3452f6ef82da833786856b8c2d1c49c123b9cc70da90c2ef25f4331e9ade2b5b7112a3eb93bf7c5e61f8854ba4a14e63243a55df12449d9e673be0b740a7af8e408152cead051a6caaae3b51418ae463740db0eb1965ed4b77c2159772e31313a6db83fb66340dff60899b9e6927b3c5a31484a56260c68f4f5fb6a58de52b5719744304b4b24e546494a74abc1752a3a18cc6f91d5ea561b4617c4c0a7d546d6be9383972b5fdd90d62e397106adcdbe9a0b5ce604a284628a861a30f770d1a3b5eefa219a884ee4479c20a7a82aae33bb0217aec1d72973078ccc7e2b4da262f96a81157641fa31136438f47c4cf516e4c51931149b1f34eb06fb3328c33bdcb096df3b8cd9935c6f101adc7483802ac70f00a2986ed69e70a439ea33dfadb6d33fdf7f19e3a01e12c8706de1db09a629393916596c4cf97fdd81a49b092cddc5a7b153ac3484e4aef2cd181b3f7ed19457312bde3df6aff57d0506723c6034b6827e3d0f87d0f7dc939022a87545fa9349d8cc6caa2c19a7d2a63fa5c5eeee92ed97a1aab184418ca35e11b35bae027a61a09d180461554ddda88aec56a595d74bd900bf9b6c0355649c930d20317d1514e0f2a7936ee78777931072afdc228286d2c12249dba116b4cf00f1ff19d400b1da5432ffd08c194af43183cc94290b8f13dcdaee18da4b72348f405b201b2bb5536d0acf3f083655dda04ed82d8d8c48744f086077c55ffe946051bce1266b9b61b858167b9ff525d6a24bc12f1595aed3154ae735b1acb76cc731aa2c7f3062ff54fc7ff208063ad9666c85cea68bd87ae57bc16e276ba66facd070ef0a8c831c910ae924a0645cdd499ca423c30102505ed312b55f05ad3fd6cb0e4f9cd17e8f274a3e7a303a0e7c3e045e2d5724d20314c432914ba2fb8cf1548bf83194f0debcea8497f7ff9718698bac40b617a74b70efbece0c3803f1c139328de670e5fd6f5f9453e925afdccac43e5a9f3654ca4433868a7680405e258baf0a0d6accddf8cd8b3ed19d810dad53a770b11830fc257817461ad68df5b5a7ae06adf67a20e8c6300a5ff10f33dc648632deafaf4c7fcde760163670c6e44e1c96c799e82e78f18cc2024b792f8cd12260971565bcfb41a7fbc33b15cc7fccf9f5ea17ac5d95ed745a3c3e79359814d40c25eab2777696f6b1066c3f2e55b3619bb36ca40a8f809af5592e66d9986f0b4d9fa16bbfa96a9d4694b07e3852cd1dceebd301a4e9cdaab126043e9873b678c522dbb0fda90aeb5c8cf9ab7b5d1a0e0557915de85c81102b1129249f28fa8168bdd845438bf06f6846eacdb034a9097ed50e49d22aade56dc4893e0964fe99674368ee230cf7308b2f7cb6d185400a38eee80f2136ee5fa03148278003eb799d9dfa026d88a952ccca74fc92c00901aaeb12b8ce152ada6d94f77e18e20c4d43def9cf7be08433345fc48da340fc960447f28fa1f4133bcfe78dc98038942a3e194e6ba951c2cc2ed9b71a7a218ceaf76048efbaeefb1133140d30474f4c6123007a2b883784064ea5ae720875f335ef37db3d208145d5fee85b4adf7d2de1ef28fbe0f312f0f8605558c3c72b545132b83a022418c0e63c3bb987218414fc326399a717efd0025c5edd7005c91de2f8f685db05f929fdf363c6d212e7e3e9b490300b42641def3896b798d06f98e98bf541f5d64d751510cda2c8174cd8cccd7fd75fa7a63d63457372c915d4734d3538c2f8166d4a7261c63df9f4d6e46e615dc0eb23e56980aa422cd519d58ee3ab318dd9be580c414acc628d651e6d4ab8c2925d29bdd4f9e7a697e93f51149934b3c4f63fda75d71d5a0fa158687f57363b9cbcd4d47a9db25028ebef0ce79e38a8e52b6477dd019dcb5ac4c8cec9fc9b0f9145153306422b0aa203e5eefd530f1a7a9b144f688e6640b4e14f6dfc26139ee628bced69a6eb3558212f2e99c4a988112a59e59fb2faabcf884f984eb5e8471ef6fe65c0bba977518606ee7e09e64a0ff63c05632a3e9ad713081a9d2a08e2a9fd519bf0da0460a2f527c6497f9c21353a9bc3ff124967fd91303f7be6882c61019e41ebbbaac04cdb1ae469a6b7a0807c487550ee8949b10a3dcb4d396f11e9bfa22158a7ff5a71b8570ee4e9c5f2baa948a4f69491d467cbfd1356f7a18477d165afc87588359912c10e28ec1fc70b6487d7a342be71e4a14d3deb7bdd9ca1e703370b00079910e0269872b8451e4abdf3c2331acefa78a9eeda86853b33ab53b30dc9a9cc12c7ed85d2cf73e8adc8605b3f0e73d62288bae5f13b413108eaf57b98839dee2acd58224c04016e062e881cd029388e79fed95ac358d7ddf7f3ba7c1bb2cd8cb1c649aadb8245153137d9e5f976f4d0b7a799d6534fa2096175982ec00bb2cfed0de089fc4f8d62e320c97f9771efc35faa827255a738a79702284d8bbc5f67a12bc4bd8590ad9ec32f851a5f2828f764476d602ee09c0a5148986b1877ac4c67bab6d45bad4530f5edeeb9cb1f4c0ac62c83a03af7997af5fefd0e65942f2b486d373b95fde2ece3794d1edac5d8432afdb05f99daf66bf726b20ac43be9b5303af975c18b20b49f95b7554ea96cc6449205b70a06d415050a6da35c42de5dfbd0917e7dbd32b7c80c69acc04f14762ea02c0cf21c87357a0bf21e2f39f5196e0cc80cf98b6ff4f5ff29d0f070a0f7fdcb26c0a1a33a3d0ac3035d976ddb88b664ede642619080c3235731591c4f98e7768f1773d81d55a7764d0ceb3ca2fe73ba8d87d4a65fbc84fc8ae8964f72f284cf5c4d8622632c480cdcb7e83d5d241c81d9b00c1a50c1b8c25b0eec3eb70b372a7a5d0b3a79f5bdb92deada1ad29f49eb4e5cde38c7e61948849dcf42b646237ac2d07185b527d9f23e8aa9a623acadbb5449e9ba94bbaf309ac10d78dd9728da9d77b77b860f4de4188f0a966f998f051895c9409296ec736f285bb3c433663b78c5c2fbfb329d5e37d9adf5a8c637fdea149cf4ccc7d0af52129af1d4b3c4c7cda4d5745fb62e9972197535d7491041613a34de3b4e40df93c9c272f766fe0f5a06f775680c95dd0361dbf1773908def2be3359e85887c7b6c691b23cd6006053c76dc89cc32b17d765fb03e86260d5fb61e7e6c0cb1e07d28d1a5f13c5872da07fc315d767a67a78236b343d9cc0dcf1a8528790695ad129ade020cbd623f5dc9c08e3f848b5733e77c0baca69d180d456e05150aa2d969f2761cfeb8947e2c2a1ab8041285bb27645a98112a4540303be20fee79947a371d6fb996982572f2ea9f121612bbdd87d257d6de07fc2ed972308651a493ed3fe77b7328ed4e1fd664776654ae4de84df879f08ff2bed1d0fd373082bf0208c1803f8fa006ef3bb9d240c366ec2c6cebdb8a6c91c1d20fc0263a2b86142307cb84dde4e790247c0a0fb152a4a3275f3ea5804ab2727a1f8851b91182a07a24d32510a48b7bccc0d96fdc5086fee63f56a13096f1037a691ded0859f7f65d095c497b5107917028ce1ee7e6e1b3bd6102502c6107881d1503a9a0b330acc67d04a69930b2c3b68e69d934b8cc49a2c5d2ec01abba9823b11dc1efe9963bc6b0da597941053b2df6098472efea7f7217aa38a6303cd5e44d56a97470b3dc625e69a0d941b749673b05189e1832a30a6245a591358bd850430df3ac442e31aee19e66a64347817a93d4ba25e815ad8036bbdd99289d2d8c03059447f3d4b642c6321aeca564f23a6b0ed8158282f04e25f16c2a91ba6ad2a470586dea0f11ef2608fcb30836145f7be73bade28c7af26480bc3e34ee708085f566a3ca8c136a6e41b450bc9df8e6319bd48168c4ac766d926e046b30eefbab62232f291cf3f9db5070404dd23d4ff7336b444e455adff42ae39cd8c5a895864c715ccb9bd5b1a69d9e774bd7677912b563110733f9fa96a31265a0b45341a5ba5d0ec34e54c62e323bf725791a9e28ed949e69a5c8fd34372a19a7d73b387dac17f2eeec9c5fff308bee976c8548ce4552dac1f72e3409d090641d2b734736459a41172ec8501cfd13a7ade2fe17be0cde81ebc8a988e2c90a7252e9d4a987e932bf4ae2c886ea2921ea97d131aba82d205c5c166a717a2a8cb30dcfa", @typed={0x8, 0x7a, 0x0, 0x0, @pid=r4}]}, 0x35e4}, 0x1, 0x0, 0x0, 0x40000}, 0x14)
poll(&(0x7f00000001c0)=[{r2}], 0x1, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000440)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, <r6=>0x0})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r5, 0xc0c89425, &(0x7f0000000640)={"59806d4a67b792daca35a2757a24d9d5", r6, 0x0, {0x3, 0x6}, {0xfe, 0x2dfd}, 0x5, [0x2, 0x7, 0xbc, 0x6ae6, 0xe93, 0x0, 0x0, 0x1, 0x0, 0x400, 0x8, 0x6, 0x5, 0xb6, 0x3, 0x6]})

11:31:33 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(0x0, 0x0, 0x10)

[ 2243.190760] FAULT_INJECTION: forcing a failure.
[ 2243.190760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2243.193882] CPU: 1 PID: 10238 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2243.195566] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2243.197650] Call Trace:
[ 2243.198354]  dump_stack+0x107/0x167
[ 2243.199225]  should_fail.cold+0x5/0xa
[ 2243.200241]  _copy_to_user+0x2e/0x180
[ 2243.201056]  pagemap_read+0x333/0x590
[ 2243.201999]  ? clear_refs_write+0x780/0x780
[ 2243.203148]  ? iov_iter_advance+0x1b1/0xec0
[ 2243.204161]  do_iter_read+0x4fa/0x760
[ 2243.205139]  ? import_iovec+0x83/0xb0
[ 2243.206230]  vfs_readv+0xe5/0x160
[ 2243.207027]  ? vfs_iter_read+0xa0/0xa0
[ 2243.208019]  ? __fdget_pos+0xf1/0x190
[ 2243.209042]  ? lock_downgrade+0x6d0/0x6d0
[ 2243.210003]  ? ksys_write+0x12d/0x260
[ 2243.210971]  ? __fget_files+0x2f8/0x520
[ 2243.211990]  do_readv+0x139/0x300
[ 2243.212891]  ? vfs_readv+0x160/0x160
[ 2243.213681]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2243.214963]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2243.216310]  do_syscall_64+0x33/0x40
[ 2243.217187]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2243.218437] RIP: 0033:0x7fad0dc79b19
[ 2243.219411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2243.223961] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2243.225740] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2243.227496] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2243.229098] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2243.230719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2243.232290] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:34 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x24000}], 0x2)

11:31:34 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
stat(&(0x7f0000000000)='\x00', &(0x7f0000000040))
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x40}], 0x1, 0x0)

11:31:34 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x24000}], 0x2)

11:31:34 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 38)

11:31:34 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7e000}], 0x2)

11:31:34 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(0x0, 0x0, 0x10)

11:31:34 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:34 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r7}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2243.632797] FAULT_INJECTION: forcing a failure.
[ 2243.632797] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2243.636083] CPU: 0 PID: 10264 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2243.637558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2243.639220] Call Trace:
[ 2243.639755]  dump_stack+0x107/0x167
[ 2243.640495]  should_fail.cold+0x5/0xa
[ 2243.641256]  __alloc_pages_nodemask+0x182/0x600
[ 2243.642198]  ? add_mm_counter_fast+0x220/0x220
[ 2243.643111]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2243.644341]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2243.645376]  ? lock_downgrade+0x6d0/0x6d0
[ 2243.646202]  ? mark_held_locks+0x9e/0xe0
[ 2243.647015]  alloc_pages_vma+0xbb/0x410
[ 2243.647814]  handle_mm_fault+0x152f/0x3500
[ 2243.648684]  ? __pmd_alloc+0x5e0/0x5e0
[ 2243.649477]  ? vmacache_find+0x55/0x2a0
[ 2243.650272]  ? vmacache_update+0xce/0x140
[ 2243.651111]  do_user_addr_fault+0x56e/0xc60
[ 2243.652004]  exc_page_fault+0xa2/0x1a0
[ 2243.652776]  asm_exc_page_fault+0x1e/0x30
[ 2243.653618] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2243.654701] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2243.658371] RSP: 0018:ffff88800f267b50 EFLAGS: 00050246
[ 2243.659427] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2243.660859] RDX: 0000000000000000 RSI: ffff8880469be898 RDI: 0000000020011000
[ 2243.662285] RBP: 0000000020010768 R08: 0000000000000000 R09: ffff8880469befff
[ 2243.663712] R10: ffffed1008d37dff R11: 0000000000000001 R12: 0000000020011768
[ 2243.665145] R13: ffff8880469be000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2243.666596]  _copy_to_user+0x13d/0x180
[ 2243.667371]  pagemap_read+0x333/0x590
[ 2243.668126]  ? clear_refs_write+0x780/0x780
[ 2243.668978]  ? iov_iter_advance+0x1b1/0xec0
[ 2243.669818]  do_iter_read+0x4fa/0x760
[ 2243.670584]  ? import_iovec+0x83/0xb0
[ 2243.671351]  vfs_readv+0xe5/0x160
[ 2243.672060]  ? vfs_iter_read+0xa0/0xa0
[ 2243.672825]  ? __fdget_pos+0xf1/0x190
[ 2243.673580]  ? lock_downgrade+0x6d0/0x6d0
[ 2243.674409]  ? ksys_write+0x12d/0x260
[ 2243.675180]  ? __fget_files+0x2f8/0x520
[ 2243.675994]  do_readv+0x139/0x300
[ 2243.676684]  ? vfs_readv+0x160/0x160
[ 2243.677433]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2243.678467]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2243.679499]  do_syscall_64+0x33/0x40
[ 2243.680252]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2243.681259] RIP: 0033:0x7fad0dc79b19
[ 2243.681990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2243.685625] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2243.687112] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2243.688523] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2243.689910] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2243.691317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2243.692739] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:47 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 39)

11:31:47 executing program 3:
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000040)={0x6, 0x18, '\x00', 0x1, &(0x7f0000000000)=[0x0, 0x0, 0x0]})
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:31:47 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, 0x0, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:47 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r7}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:47 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x25000}], 0x2)

11:31:47 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x25000}], 0x2)

11:31:47 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0), 0x0, 0x10)

11:31:47 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7f000}], 0x2)

[ 2256.533766] FAULT_INJECTION: forcing a failure.
[ 2256.533766] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2256.535545] CPU: 0 PID: 10284 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2256.536444] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2256.537515] Call Trace:
[ 2256.537862]  dump_stack+0x107/0x167
[ 2256.538336]  should_fail.cold+0x5/0xa
[ 2256.538837]  _copy_to_user+0x2e/0x180
[ 2256.539336]  pagemap_read+0x333/0x590
[ 2256.539834]  ? clear_refs_write+0x780/0x780
[ 2256.540400]  ? iov_iter_advance+0x1b1/0xec0
[ 2256.540967]  do_iter_read+0x4fa/0x760
[ 2256.541462]  ? import_iovec+0x83/0xb0
[ 2256.541959]  vfs_readv+0xe5/0x160
[ 2256.542409]  ? vfs_iter_read+0xa0/0xa0
[ 2256.542915]  ? __fdget_pos+0xf1/0x190
[ 2256.543408]  ? lock_downgrade+0x6d0/0x6d0
[ 2256.543948]  ? ksys_write+0x12d/0x260
[ 2256.544452]  ? __fget_files+0x2f8/0x520
[ 2256.544981]  do_readv+0x139/0x300
[ 2256.545427]  ? vfs_readv+0x160/0x160
[ 2256.545915]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2256.546595]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2256.547275]  do_syscall_64+0x33/0x40
[ 2256.547759]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2256.548437] RIP: 0033:0x7fad0dc79b19
[ 2256.548927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2256.551345] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2256.552345] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2256.553280] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2256.554200] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2256.555148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2256.556064] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:47 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x26000}], 0x2)

11:31:47 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
creat(&(0x7f0000000180)='./file0\x00', 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x38000, 0x0)
quotactl(0xf4, &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040)="3cf68f0e1f202c4213b5684fc48b69fac2314806d2c20852c3ccac8f7b1d9cd55d66041920086261abfe56a5c771ac93a55d60d480f0eb7f04d7336dc8913b96b65f68be3a61e055b1fea0a6b2f72c1e1cebc40cb3828986bdec2c61b3b6057c9a6fb37fc33d4c691d24479899645fd7c83fef6d03916b031f33d6dc1d51fc61a5be2e83ec643da71789a1be259db2da1837965ccf5768fed1be22e3ee10d148607ef3a43a1ad4")
r0 = open(&(0x7f0000000100)='./file0\x00', 0x943, 0x148)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:31:47 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, 0x0, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:47 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0), 0x0, 0x10)

11:31:47 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 40)

11:31:47 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x26000}], 0x2)

11:31:47 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x80000}], 0x2)

[ 2256.829744] FAULT_INJECTION: forcing a failure.
[ 2256.829744] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2256.832554] CPU: 1 PID: 10306 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2256.834025] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2256.835778] Call Trace:
[ 2256.836352]  dump_stack+0x107/0x167
[ 2256.837132]  should_fail.cold+0x5/0xa
[ 2256.837952]  __alloc_pages_nodemask+0x182/0x600
[ 2256.838944]  ? add_mm_counter_fast+0x220/0x220
[ 2256.839918]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2256.841207]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2256.842319]  ? lock_downgrade+0x6d0/0x6d0
[ 2256.843198]  ? mark_held_locks+0x9e/0xe0
[ 2256.844064]  alloc_pages_vma+0xbb/0x410
[ 2256.844929]  handle_mm_fault+0x152f/0x3500
[ 2256.845837]  ? __pmd_alloc+0x5e0/0x5e0
[ 2256.846680]  ? vmacache_find+0x55/0x2a0
[ 2256.847535]  do_user_addr_fault+0x56e/0xc60
[ 2256.848476]  exc_page_fault+0xa2/0x1a0
[ 2256.849311]  asm_exc_page_fault+0x1e/0x30
[ 2256.850194] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2256.851350] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2256.855239] RSP: 0018:ffff888047acfb50 EFLAGS: 00050246
[ 2256.856384] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2256.857899] RDX: 0000000000000000 RSI: ffff88801fe16898 RDI: 0000000020012000
[ 2256.859419] RBP: 0000000020011768 R08: 0000000000000000 R09: ffff88801fe16fff
[ 2256.860954] R10: ffffed1003fc2dff R11: 0000000000000001 R12: 0000000020012768
[ 2256.862465] R13: ffff88801fe16000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2256.864011]  _copy_to_user+0x13d/0x180
[ 2256.864860]  pagemap_read+0x333/0x590
[ 2256.865686]  ? clear_refs_write+0x780/0x780
[ 2256.866608]  ? iov_iter_advance+0x1b1/0xec0
[ 2256.867545]  do_iter_read+0x4fa/0x760
[ 2256.868374]  ? import_iovec+0x83/0xb0
[ 2256.869189]  vfs_readv+0xe5/0x160
[ 2256.869929]  ? vfs_iter_read+0xa0/0xa0
[ 2256.870762]  ? __fdget_pos+0xf1/0x190
[ 2256.871562]  ? lock_downgrade+0x6d0/0x6d0
[ 2256.872467]  ? ksys_write+0x12d/0x260
[ 2256.873293]  ? __fget_files+0x2f8/0x520
[ 2256.874159]  do_readv+0x139/0x300
[ 2256.874898]  ? vfs_readv+0x160/0x160
[ 2256.875697]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2256.876816]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2256.877925]  do_syscall_64+0x33/0x40
[ 2256.878720]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2256.879809] RIP: 0033:0x7fad0dc79b19
[ 2256.880609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2256.885405] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2256.887381] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2256.889230] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2256.891070] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2256.892981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2256.894905] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:31:47 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0), 0x0, 0x10)

11:31:47 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x27000}], 0x2)

11:31:47 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x81000}], 0x2)

11:31:47 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x10)

11:31:47 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r3 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r7}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r8, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:47 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x27000}], 0x2)

11:31:47 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x82000}], 0x2)

11:31:47 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x28000}], 0x2)

11:31:47 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, 0x0, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:31:47 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 41)

[ 2257.319769] FAULT_INJECTION: forcing a failure.
[ 2257.319769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2257.322396] CPU: 1 PID: 10342 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2257.323854] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2257.325631] Call Trace:
[ 2257.326194]  dump_stack+0x107/0x167
[ 2257.326975]  should_fail.cold+0x5/0xa
[ 2257.327786]  _copy_to_user+0x2e/0x180
[ 2257.328609]  pagemap_read+0x333/0x590
[ 2257.329425]  ? clear_refs_write+0x780/0x780
[ 2257.330338]  ? iov_iter_advance+0x1b1/0xec0
[ 2257.331275]  do_iter_read+0x4fa/0x760
[ 2257.332097]  ? import_iovec+0x83/0xb0
[ 2257.332912]  vfs_readv+0xe5/0x160
[ 2257.333650]  ? vfs_iter_read+0xa0/0xa0
[ 2257.334472]  ? __fdget_pos+0xf1/0x190
[ 2257.335282]  ? lock_downgrade+0x6d0/0x6d0
[ 2257.336171]  ? ksys_write+0x12d/0x260
[ 2257.336982]  ? __fget_files+0x2f8/0x520
[ 2257.337841]  do_readv+0x139/0x300
[ 2257.338581]  ? vfs_readv+0x160/0x160
[ 2257.339375]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2257.340503]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2257.341603]  do_syscall_64+0x33/0x40
[ 2257.342396]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2257.343478] RIP: 0033:0x7fad0dc79b19
[ 2257.344270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2257.348184] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2257.349790] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2257.351309] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2257.352823] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2257.354326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2257.355829] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:32:02 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x29000}], 0x2)

11:32:02 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:32:02 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, 0x0, 0x0, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:02 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x83000}], 0x2)

11:32:02 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580), 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:02 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 42)

11:32:02 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x10)

11:32:02 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x28000}], 0x2)

[ 2271.557281] FAULT_INJECTION: forcing a failure.
[ 2271.557281] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2271.558852] CPU: 0 PID: 10360 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2271.559732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2271.560797] Call Trace:
[ 2271.561139]  dump_stack+0x107/0x167
[ 2271.561602]  should_fail.cold+0x5/0xa
[ 2271.562084]  __alloc_pages_nodemask+0x182/0x600
[ 2271.562684]  ? add_mm_counter_fast+0x220/0x220
[ 2271.563265]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2271.564010]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2271.564684]  ? lock_downgrade+0x6d0/0x6d0
[ 2271.565207]  ? mark_held_locks+0x9e/0xe0
[ 2271.565715]  alloc_pages_vma+0xbb/0x410
[ 2271.566223]  handle_mm_fault+0x152f/0x3500
[ 2271.566759]  ? __pmd_alloc+0x5e0/0x5e0
[ 2271.567265]  ? vmacache_find+0x55/0x2a0
[ 2271.567774]  do_user_addr_fault+0x56e/0xc60
[ 2271.568382]  exc_page_fault+0xa2/0x1a0
[ 2271.568877]  asm_exc_page_fault+0x1e/0x30
[ 2271.569404] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2271.570068] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2271.572400] RSP: 0018:ffff88804663fb50 EFLAGS: 00050246
[ 2271.573063] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2271.573975] RDX: 0000000000000000 RSI: ffff8880469f4898 RDI: 0000000020013000
[ 2271.574861] RBP: 0000000020012768 R08: 0000000000000000 R09: ffff8880469f4fff
[ 2271.575735] R10: ffffed1008d3e9ff R11: 0000000000000001 R12: 0000000020013768
[ 2271.576635] R13: ffff8880469f4000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2271.577526]  _copy_to_user+0x13d/0x180
[ 2271.578007]  pagemap_read+0x333/0x590
[ 2271.578473]  ? clear_refs_write+0x780/0x780
[ 2271.579008]  ? iov_iter_advance+0x1b1/0xec0
[ 2271.579554]  do_iter_read+0x4fa/0x760
[ 2271.580025]  ? import_iovec+0x83/0xb0
[ 2271.580504]  vfs_readv+0xe5/0x160
[ 2271.580929]  ? vfs_iter_read+0xa0/0xa0
[ 2271.581404]  ? __fdget_pos+0xf1/0x190
[ 2271.581884]  ? lock_downgrade+0x6d0/0x6d0
[ 2271.582395]  ? __fget_files+0x3ad/0x520
[ 2271.582905]  ? __fget_files+0x2f8/0x520
[ 2271.583419]  do_readv+0x139/0x300
[ 2271.583865]  ? vfs_readv+0x160/0x160
[ 2271.584355]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2271.585019]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2271.585678]  do_syscall_64+0x33/0x40
[ 2271.586153]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2271.586801] RIP: 0033:0x7fad0dc79b19
[ 2271.587272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2271.589588] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2271.590542] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2271.591430] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2271.592339] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2271.593239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2271.594142] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:32:02 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000000)='./file0\x00', 0x228942, 0x0)

11:32:02 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x10)

11:32:02 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setresuid(0xffffffffffffffff, r3, 0x0)
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setresuid(0xffffffffffffffff, r5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {<r6=>0xee01}}, './file0\x00'})
r7 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38)
statx(r7, &(0x7f0000000180)='./file1\x00', 0x4000, 0x800, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0, <r9=>0x0})
fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', r8, r9, 0x100)
fsetxattr$system_posix_acl(r2, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{0x2, 0x5, 0xffffffffffffffff}, {0x2, 0xc5e83bb6dec20983, 0xee00}, {0x2, 0x8, 0xee01}, {0x2, 0x2, 0xee00}, {0x2, 0x7}, {0x2, 0x0, r3}, {0x2, 0x2, r4}, {0x2, 0x4, r5}, {0x2, 0x4, r6}], {0x4, 0x5}, [{0x8, 0x0, r9}], {0x10, 0x1}, {0x20, 0x5}}, 0x74, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000005c0)={{{@in=@private, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@private0}, 0x0, @in6=@initdev}}, &(0x7f00000006c0)=0xe8)
fsetxattr$security_capability(r1, &(0x7f0000000000), &(0x7f0000000700)=@v3={0x3000000, [{0x11, 0x1}, {0x3}], r10}, 0x18, 0x3)

11:32:16 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2a000}], 0x2)

11:32:16 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, 0x0, 0x0, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:16 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580), 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:16 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x84000}], 0x2)

11:32:16 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x29000}], 0x2)

11:32:16 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:32:16 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 43)

11:32:16 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r0 = timerfd_create(0x8, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
poll(&(0x7f0000000040)=[{r1, 0xb21a}, {r0, 0xd010}, {r2, 0x1200}], 0x3, 0x0)

11:32:16 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2a000}], 0x2)

[ 2285.721262] FAULT_INJECTION: forcing a failure.
[ 2285.721262] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2285.724778] CPU: 1 PID: 10394 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2285.726576] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2285.728602] Call Trace:
[ 2285.729163]  dump_stack+0x107/0x167
[ 2285.729932]  should_fail.cold+0x5/0xa
[ 2285.730817]  _copy_to_user+0x2e/0x180
[ 2285.731737]  pagemap_read+0x333/0x590
[ 2285.732753]  ? clear_refs_write+0x780/0x780
[ 2285.733877]  ? iov_iter_advance+0x1b1/0xec0
[ 2285.734933]  do_iter_read+0x4fa/0x760
[ 2285.735969]  ? import_iovec+0x83/0xb0
[ 2285.736884]  vfs_readv+0xe5/0x160
[ 2285.737781]  ? vfs_iter_read+0xa0/0xa0
[ 2285.738697]  ? __fdget_pos+0xf1/0x190
[ 2285.739737]  ? lock_downgrade+0x6d0/0x6d0
[ 2285.740728]  ? ksys_write+0x12d/0x260
[ 2285.741736]  ? __fget_files+0x2f8/0x520
[ 2285.742616]  do_readv+0x139/0x300
[ 2285.743474]  ? vfs_readv+0x160/0x160
[ 2285.744348]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2285.745461]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2285.746543]  do_syscall_64+0x33/0x40
[ 2285.747325]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2285.748404] RIP: 0033:0x7fad0dc79b19
[ 2285.749178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2285.753033] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2285.754629] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2285.756117] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2285.757602] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2285.759088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2285.760586] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:32:16 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x85000}], 0x2)

11:32:16 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2b000}], 0x2)

11:32:30 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580), 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:30 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:32:30 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, 0x0, 0x0, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:30 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2b000}], 0x2)

11:32:30 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x942, 0x4)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f0000000440)=""/4115, 0x1013}], 0x1, 0x2, 0x200)
ioctl$AUTOFS_IOC_PROTOVER(r1, 0x80049363, &(0x7f0000000040))
fsmount(r0, 0x0, 0xf0)

11:32:30 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 44)

11:32:30 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2c000}], 0x2)

11:32:30 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x86000}], 0x2)

[ 2299.654452] FAULT_INJECTION: forcing a failure.
[ 2299.654452] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2299.656619] CPU: 0 PID: 10424 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2299.657673] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2299.658920] Call Trace:
[ 2299.659323]  dump_stack+0x107/0x167
[ 2299.659872]  should_fail.cold+0x5/0xa
[ 2299.660457]  __alloc_pages_nodemask+0x182/0x600
[ 2299.661155]  ? add_mm_counter_fast+0x220/0x220
[ 2299.661841]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2299.662746]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2299.663522]  ? lock_downgrade+0x6d0/0x6d0
[ 2299.664141]  ? mark_held_locks+0x9e/0xe0
[ 2299.664766]  alloc_pages_vma+0xbb/0x410
[ 2299.665365]  handle_mm_fault+0x152f/0x3500
[ 2299.666012]  ? __pmd_alloc+0x5e0/0x5e0
[ 2299.666601]  ? vmacache_find+0x55/0x2a0
[ 2299.667215]  do_user_addr_fault+0x56e/0xc60
[ 2299.667866]  exc_page_fault+0xa2/0x1a0
[ 2299.668459]  asm_exc_page_fault+0x1e/0x30
[ 2299.669087] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2299.669898] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2299.672667] RSP: 0018:ffff88804621fb50 EFLAGS: 00050246
[ 2299.673462] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2299.674515] RDX: 0000000000000000 RSI: ffff88801fe98898 RDI: 0000000020014000
[ 2299.675566] RBP: 0000000020013768 R08: 0000000000000000 R09: ffff88801fe98fff
[ 2299.676643] R10: ffffed1003fd31ff R11: 0000000000000001 R12: 0000000020014768
[ 2299.677709] R13: ffff88801fe98000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2299.678798]  _copy_to_user+0x13d/0x180
[ 2299.679385]  pagemap_read+0x333/0x590
[ 2299.679960]  ? clear_refs_write+0x780/0x780
[ 2299.680611]  ? iov_iter_advance+0x1b1/0xec0
[ 2299.681266]  do_iter_read+0x4fa/0x760
[ 2299.681840]  ? import_iovec+0x83/0xb0
[ 2299.682418]  vfs_readv+0xe5/0x160
[ 2299.682923]  ? vfs_iter_read+0xa0/0xa0
[ 2299.683506]  ? __fdget_pos+0xf1/0x190
[ 2299.684075]  ? lock_downgrade+0x6d0/0x6d0
[ 2299.684705]  ? ksys_write+0x12d/0x260
[ 2299.685279]  ? __fget_files+0x2f8/0x520
[ 2299.685887]  do_readv+0x139/0x300
[ 2299.686404]  ? vfs_readv+0x160/0x160
[ 2299.686959]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2299.687721]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2299.688495]  do_syscall_64+0x33/0x40
[ 2299.689048]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2299.689812] RIP: 0033:0x7fad0dc79b19
[ 2299.690361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2299.693096] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2299.694223] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2299.695263] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2299.696319] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2299.697344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2299.698402] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:32:30 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x400, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000))
poll(&(0x7f0000000040)=[{r0}, {r1, 0x8400}], 0x2, 0x3)

11:32:30 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2c000}], 0x2)

11:32:30 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:32:30 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2d000}], 0x2)

11:32:30 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x87000}], 0x2)

11:32:30 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140), 0x0, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:30 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 45)

11:32:30 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80000, 0x80)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

[ 2300.082469] FAULT_INJECTION: forcing a failure.
[ 2300.082469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2300.084045] CPU: 0 PID: 10461 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2300.084884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2300.085933] Call Trace:
[ 2300.086269]  dump_stack+0x107/0x167
[ 2300.086733]  should_fail.cold+0x5/0xa
[ 2300.087217]  _copy_to_user+0x2e/0x180
[ 2300.087679]  pagemap_read+0x333/0x590
[ 2300.088150]  ? clear_refs_write+0x780/0x780
[ 2300.088709]  ? iov_iter_advance+0x1b1/0xec0
[ 2300.089261]  do_iter_read+0x4fa/0x760
[ 2300.089737]  ? import_iovec+0x83/0xb0
[ 2300.090226]  vfs_readv+0xe5/0x160
[ 2300.090649]  ? vfs_iter_read+0xa0/0xa0
[ 2300.091119]  ? __fdget_pos+0xf1/0x190
[ 2300.091584]  ? lock_downgrade+0x6d0/0x6d0
[ 2300.092087]  ? ksys_write+0x12d/0x260
[ 2300.092550]  ? __fget_files+0x2f8/0x520
[ 2300.093040]  do_readv+0x139/0x300
[ 2300.093455]  ? vfs_readv+0x160/0x160
[ 2300.093904]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2300.094535]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2300.095185]  do_syscall_64+0x33/0x40
[ 2300.095645]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2300.096278] RIP: 0033:0x7fad0dc79b19
[ 2300.096746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2300.099025] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2300.099958] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2300.100993] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2300.101880] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2300.102724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2300.103567] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:32:44 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140), 0x0, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:44 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2d000}], 0x2)

11:32:44 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2e000}], 0x2)

11:32:44 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000001480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001440)={&(0x7f00000014c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="04002cbd6000ff0fa11fc7dbdf258600000008000300", @ANYRES32=r4, @ANYBLOB="0800270001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r5 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x82000, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)={0x28, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_STOP_AP(r5, &(0x7f0000002640)={&(0x7f0000001500), 0xc, &(0x7f0000002600)={&(0x7f0000001540)={0x20, r7, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xfe000000, 0x76}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x200088c4}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000000)=""/173, 0xad}, {&(0x7f0000000140)=""/79, 0x4f}, {&(0x7f00000000c0)=""/20, 0x14}, {&(0x7f0000000200)=""/23, 0x17}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000000240)=""/237, 0xed}], 0x6, 0x0, 0x3)

11:32:44 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:32:44 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 46)

11:32:44 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x88000}], 0x2)

11:32:44 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x83000}], 0x2)

[ 2313.982824] FAULT_INJECTION: forcing a failure.
[ 2313.982824] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2313.985659] CPU: 1 PID: 10481 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2313.987123] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2313.988892] Call Trace:
[ 2313.989458]  dump_stack+0x107/0x167
[ 2313.990235]  should_fail.cold+0x5/0xa
[ 2313.991053]  __alloc_pages_nodemask+0x182/0x600
[ 2313.992040]  ? add_mm_counter_fast+0x220/0x220
[ 2313.993028]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2313.994319]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2313.995438]  ? lock_downgrade+0x6d0/0x6d0
[ 2313.996315]  ? mark_held_locks+0x9e/0xe0
[ 2313.997200]  alloc_pages_vma+0xbb/0x410
[ 2313.998051]  handle_mm_fault+0x152f/0x3500
[ 2313.998962]  ? __pmd_alloc+0x5e0/0x5e0
[ 2313.999798]  ? vmacache_find+0x55/0x2a0
[ 2314.000653]  ? vmacache_update+0xce/0x140
11:32:44 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2e000}], 0x2)

[ 2314.001539]  do_user_addr_fault+0x56e/0xc60
[ 2314.002700]  exc_page_fault+0xa2/0x1a0
[ 2314.003604]  asm_exc_page_fault+0x1e/0x30
[ 2314.004483] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2314.005638] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2314.009524] RSP: 0018:ffff88804a577b50 EFLAGS: 00050246
[ 2314.010653] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2314.012147] RDX: 0000000000000000 RSI: ffff888046274898 RDI: 0000000020015000
[ 2314.013664] RBP: 0000000020014768 R08: 0000000000000000 R09: ffff888046274fff
[ 2314.015167] R10: ffffed1008c4e9ff R11: 0000000000000001 R12: 0000000020015768
[ 2314.016680] R13: ffff888046274000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2314.018219]  _copy_to_user+0x13d/0x180
[ 2314.019063]  pagemap_read+0x333/0x590
[ 2314.019882]  ? clear_refs_write+0x780/0x780
[ 2314.020799]  ? iov_iter_advance+0x1b1/0xec0
[ 2314.021725]  do_iter_read+0x4fa/0x760
[ 2314.022536]  ? import_iovec+0x83/0xb0
[ 2314.023346]  vfs_readv+0xe5/0x160
[ 2314.024080]  ? vfs_iter_read+0xa0/0xa0
[ 2314.024909]  ? __fdget_pos+0xf1/0x190
[ 2314.025716]  ? lock_downgrade+0x6d0/0x6d0
[ 2314.026607]  ? ksys_write+0x12d/0x260
11:32:44 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2f000}], 0x2)

[ 2314.027423]  ? __fget_files+0x2f8/0x520
[ 2314.028392]  do_readv+0x139/0x300
[ 2314.029142]  ? vfs_readv+0x160/0x160
[ 2314.029945]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2314.031149]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2314.032255]  do_syscall_64+0x33/0x40
[ 2314.033062]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2314.034156] RIP: 0033:0x7fad0dc79b19
[ 2314.034950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2314.038876] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2314.040513] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2314.042030] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2314.043547] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2314.045086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2314.046609] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:32:44 executing program 7:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9000}], 0x2)

11:32:44 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0xee01}}, './file0\x00'})
sendmsg$nl_generic(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000440)={0x22c, 0x2f, 0x200, 0x70bd2d, 0x25dfdbfb, {0x2}, [@generic="0b9d568c09cb9f8e57a717fae7979a472ad760c7e8ea7807ee5a9f5850615c11c86a2d10ef9ef8ae169ee6dd586d9cc90750215b547b3853b6e56eaff6080f8601ac75ed622acdcdf250fe097954adc90931e4032683d867f980d335445565782567c22491500516cc8af85575a831587b5547c4d255e7ea82d0d1f8aff5b7baeb307278efce649d5ad3333d61adf90c120439330c010ba8564078ff5d5110b534277cb4dfa3bd55a3e0235d6c983b6246d5bf37f21eb4c0cec335737459a4", @generic="2c0ce693c0cc6b52e4be42e98be0e74a2cbdec8e0bb246230cf53bf4cdfe4fc25a46abb638d0f72675d88ba1b43bc2142f70a80075b479fbb7ff7f621ee4b061425870a1e1ad203eceff82a9a0f7cf0cda5c1a03e97244cb1881d9dd02ddf2db6f8b9efbd15410e9abc8b185e65fbc7c86076bf690a95152fd66c375267b19cb0e67f38e5cb98ea1ab67eb36d0d4408f9f58dc3bd58179621d14f9e9bde7aca7ece45f0b36c9aeacb43135f8cc77a5b7d9476141403493a2a773460f7654b3bf136c087cca0c7f9a9d0fce654ce5cdd3790ed79fab70bc387216f6016a", @nested={0x79, 0x63, 0x0, 0x1, [@generic="d59f60a9b284e2bb128630e1ad7256658d6c0ea3a44a21761dc63bcf42b91405de6dcfbfd2ecc7e72cb88fd61c5f17e9af3c0bdaf82eb901451257e53985a71a2f50014ac8a182c39beea7e258149df3bcf518001dd76813d41437f8eba356e1bc69a71854ed69aabd68a48b44", @typed={0x8, 0x82, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x17}}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x44000}, 0x0)

11:32:44 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x89000}], 0x2)

11:32:44 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140), 0x0, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:01 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10) (fail_nth: 1)

11:33:01 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 47)

11:33:01 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe", 0x55, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:01 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x8a000}], 0x2)

11:33:01 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x30000}], 0x2)

11:33:01 executing program 3:
open$dir(&(0x7f0000000040)='./file0\x00', 0x101001, 0x18)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="5dc5030000000000000066696c653000"])

11:33:01 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:01 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2f000}], 0x2)

[ 2331.014358] FAULT_INJECTION: forcing a failure.
[ 2331.014358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2331.016965] CPU: 0 PID: 10526 Comm: syz-executor.7 Not tainted 5.10.235 #1
[ 2331.018423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2331.020174] Call Trace:
[ 2331.020755]  dump_stack+0x107/0x167
[ 2331.021539]  should_fail.cold+0x5/0xa
[ 2331.022350]  _copy_from_user+0x2e/0x1b0
[ 2331.023200]  do_sys_poll+0x1f9/0xe50
[ 2331.023988]  ? mark_lock+0xf5/0x2df0
[ 2331.024787]  ? lock_chain_count+0x20/0x20
[ 2331.025672]  ? lock_chain_count+0x20/0x20
[ 2331.026567]  ? compat_core_sys_select+0x8b0/0x8b0
[ 2331.027593]  ? __lock_acquire+0x1657/0x5b00
[ 2331.028512]  ? mark_lock+0xf5/0x2df0
[ 2331.029320]  ? mark_lock+0xf5/0x2df0
[ 2331.030107]  ? lock_chain_count+0x20/0x20
[ 2331.030977]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2331.032084]  ? SOFTIRQ_verbose+0x10/0x10
[ 2331.032949]  ? lock_chain_count+0x20/0x20
[ 2331.033850]  ? __lock_acquire+0xbb1/0x5b00
[ 2331.034759]  ? __lock_acquire+0x1657/0x5b00
[ 2331.035701]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2331.036829]  ? SOFTIRQ_verbose+0x10/0x10
[ 2331.037693]  ? lock_acquire+0x197/0x470
[ 2331.038552]  ? find_held_lock+0x2c/0x110
[ 2331.039418]  ? find_held_lock+0x2c/0x110
[ 2331.040292]  ? poll_select_set_timeout+0xd8/0x130
[ 2331.041319]  ? lock_downgrade+0x6d0/0x6d0
[ 2331.042209]  ? timespec64_add_safe+0x189/0x210
[ 2331.043168]  ? nsec_to_clock_t+0x30/0x30
[ 2331.044026]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2331.045131]  ? trace_hardirqs_on+0x5b/0x180
[ 2331.046049]  ? recalibrate_cpu_khz+0x10/0x10
[ 2331.046974]  ? ktime_get_ts64+0x220/0x2f0
[ 2331.047868]  __x64_sys_poll+0x190/0x490
[ 2331.048721]  ? __ia32_sys_pselect6+0x240/0x240
[ 2331.049695]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2331.050804]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2331.051886]  ? trace_hardirqs_on+0x5b/0x180
[ 2331.052805]  do_syscall_64+0x33/0x40
[ 2331.053609]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2331.054691] RIP: 0033:0x7f1bb85ecb19
[ 2331.055477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2331.059391] RSP: 002b:00007f1bb5b62188 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[ 2331.060221] FAULT_INJECTION: forcing a failure.
[ 2331.060221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2331.061020] RAX: ffffffffffffffda RBX: 00007f1bb86fff60 RCX: 00007f1bb85ecb19
[ 2331.061033] RDX: 0000000000000010 RSI: 0000000000000001 RDI: 00000000200001c0
[ 2331.061046] RBP: 00007f1bb5b621d0 R08: 0000000000000000 R09: 0000000000000000
[ 2331.061057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2331.061085] R13: 00007ffc12035daf R14: 00007f1bb5b62300 R15: 0000000000022000
[ 2331.071047] CPU: 1 PID: 10522 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2331.072531] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2331.074299] Call Trace:
[ 2331.074868]  dump_stack+0x107/0x167
[ 2331.075644]  should_fail.cold+0x5/0xa
[ 2331.076467]  _copy_to_user+0x2e/0x180
[ 2331.077295]  pagemap_read+0x333/0x590
[ 2331.078116]  ? clear_refs_write+0x780/0x780
[ 2331.079037]  ? iov_iter_advance+0x1b1/0xec0
[ 2331.079969]  do_iter_read+0x4fa/0x760
[ 2331.080792]  ? import_iovec+0x83/0xb0
[ 2331.081608]  vfs_readv+0xe5/0x160
[ 2331.082345]  ? vfs_iter_read+0xa0/0xa0
[ 2331.083177]  ? __fdget_pos+0xf1/0x190
[ 2331.083999]  ? lock_downgrade+0x6d0/0x6d0
[ 2331.084896]  ? ksys_write+0x12d/0x260
[ 2331.085706]  ? __fget_files+0x2f8/0x520
[ 2331.086567]  do_readv+0x139/0x300
[ 2331.087310]  ? vfs_readv+0x160/0x160
[ 2331.088107]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2331.089229]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2331.090323]  do_syscall_64+0x33/0x40
[ 2331.091117]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2331.092211] RIP: 0033:0x7fad0dc79b19
[ 2331.093011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2331.096895] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2331.098503] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2331.100016] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2331.101550] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2331.103061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2331.104607] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:33:01 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x12000, 0x181)

11:33:01 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x30000}], 0x2)

11:33:01 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10) (fail_nth: 2)

11:33:02 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x31000}], 0x2)

11:33:02 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x8b000}], 0x2)

11:33:02 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x80, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:33:02 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{0x0}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:02 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe", 0x55, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:02 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 48)

11:33:02 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x31000}], 0x2)

11:33:02 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x32000}], 0x2)

11:33:02 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0xf000, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x7, 0x4, 0x3f0, 0x110, 0x110, 0x1f8, 0x308, 0x308, 0x308, 0x4, &(0x7f0000000000), {[{{@arp={@remote, @empty, 0xffffffff, 0xffffffff, 0xa, 0x6, {@mac=@local, {[0x0, 0xff, 0x0, 0xff, 0x0, 0xff]}}, {@mac=@link_local, {[0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x6200, 0x71, 0x6, 0x23fb, 0x497, 0x6, 'batadv0\x00', 'batadv0\x00', {0xff}, {0xff}, 0x0, 0x5}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @mac=@multicast, @rand_addr=0x64010100, @private=0xa010102, 0x1, 0x1}}}, {{@arp={@multicast1, @broadcast, 0x0, 0xffffffff, 0xc, 0xb, {@empty, {[0xff, 0xff, 0xff, 0x0, 0xff]}}, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, 0x1, 0x3, 0x9, 0xffff, 0x100, 0x5, 'bond_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x0, 0x220}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0xfa65}}}, {{@arp={@empty, @loopback, 0xff, 0x0, 0x8, 0x8, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@mac, {[0x0, 0xff, 0xff, 0xff]}}, 0xffff, 0x0, 0x3fae, 0x4, 0x80, 0xfffe, 'veth1_vlan\x00', 'team0\x00', {}, {0xff}, 0x0, 0xa8}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @local, @private=0xa010102, 0x4, 0xfffffffc}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)

[ 2331.567544] FAULT_INJECTION: forcing a failure.
[ 2331.567544] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2331.570065] CPU: 0 PID: 10553 Comm: syz-executor.7 Not tainted 5.10.235 #1
[ 2331.571537] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2331.573282] Call Trace:
[ 2331.573842]  dump_stack+0x107/0x167
[ 2331.574617]  should_fail.cold+0x5/0xa
[ 2331.575425]  _copy_to_user+0x2e/0x180
[ 2331.576234]  simple_read_from_buffer+0xcc/0x160
[ 2331.577240]  proc_fail_nth_read+0x198/0x230
[ 2331.578152]  ? proc_sessionid_read+0x230/0x230
[ 2331.579116]  ? security_file_permission+0xb1/0xe0
[ 2331.580142]  ? proc_sessionid_read+0x230/0x230
[ 2331.581126]  vfs_read+0x228/0x620
[ 2331.581864]  ksys_read+0x12d/0x260
[ 2331.582609]  ? vfs_write+0xb10/0xb10
[ 2331.583407]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2331.584510]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2331.585605]  do_syscall_64+0x33/0x40
[ 2331.586395]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2331.587470] RIP: 0033:0x7f1bb859f69c
[ 2331.588255] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2331.592129] RSP: 002b:00007f1bb5b62170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2331.593751] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1bb859f69c
[ 2331.595263] RDX: 000000000000000f RSI: 00007f1bb5b621e0 RDI: 0000000000000004
[ 2331.596789] RBP: 00007f1bb5b621d0 R08: 0000000000000000 R09: 0000000000000000
[ 2331.598290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2331.599787] R13: 00007ffc12035daf R14: 00007f1bb5b62300 R15: 0000000000022000
[ 2331.688342] FAULT_INJECTION: forcing a failure.
[ 2331.688342] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2331.691054] CPU: 1 PID: 10556 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2331.692500] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2331.694236] Call Trace:
[ 2331.694792]  dump_stack+0x107/0x167
[ 2331.695549]  should_fail.cold+0x5/0xa
[ 2331.696349]  __alloc_pages_nodemask+0x182/0x600
[ 2331.697319]  ? add_mm_counter_fast+0x220/0x220
[ 2331.698274]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2331.699524]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2331.700610]  ? lock_downgrade+0x6d0/0x6d0
[ 2331.701484]  ? mark_held_locks+0x9e/0xe0
[ 2331.702341]  alloc_pages_vma+0xbb/0x410
[ 2331.703174]  handle_mm_fault+0x152f/0x3500
[ 2331.704078]  ? __pmd_alloc+0x5e0/0x5e0
[ 2331.704912]  ? vmacache_find+0x55/0x2a0
[ 2331.705749]  do_user_addr_fault+0x56e/0xc60
[ 2331.706659]  exc_page_fault+0xa2/0x1a0
[ 2331.707474]  asm_exc_page_fault+0x1e/0x30
[ 2331.708332] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2331.709451] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2331.713230] RSP: 0018:ffff88804c08fb50 EFLAGS: 00050246
[ 2331.714328] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2331.715793] RDX: 0000000000000000 RSI: ffff8880462f8898 RDI: 0000000020016000
[ 2331.717269] RBP: 0000000020015768 R08: 0000000000000000 R09: ffff8880462f8fff
[ 2331.718744] R10: ffffed1008c5f1ff R11: 0000000000000001 R12: 0000000020016768
[ 2331.720213] R13: ffff8880462f8000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2331.721717]  _copy_to_user+0x13d/0x180
[ 2331.722519]  pagemap_read+0x333/0x590
[ 2331.723306]  ? clear_refs_write+0x780/0x780
[ 2331.724192]  ? iov_iter_advance+0x1b1/0xec0
[ 2331.725105]  do_iter_read+0x4fa/0x760
[ 2331.725889]  ? import_iovec+0x83/0xb0
[ 2331.726678]  vfs_readv+0xe5/0x160
[ 2331.727392]  ? vfs_iter_read+0xa0/0xa0
[ 2331.728200]  ? __fdget_pos+0xf1/0x190
[ 2331.729000]  ? lock_downgrade+0x6d0/0x6d0
[ 2331.729871]  ? ksys_write+0x12d/0x260
[ 2331.730660]  ? __fget_files+0x2f8/0x520
[ 2331.731506]  do_readv+0x139/0x300
[ 2331.732232]  ? vfs_readv+0x160/0x160
[ 2331.733019]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2331.734094]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2331.735151]  do_syscall_64+0x33/0x40
[ 2331.735914]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2331.736978] RIP: 0033:0x7fad0dc79b19
[ 2331.737731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2331.741473] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2331.743009] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2331.744456] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2331.745911] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2331.747356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2331.748818] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:33:02 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:33:17 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:17 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x8c000}], 0x2)

11:33:17 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 49)

11:33:17 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:33:17 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x32000}], 0x2)

11:33:17 executing program 3:
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=@sha1={0x1, "0e720344c44e1c3fdbcf28935f65524dfdbe1f15"}, 0x15, 0x1)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {r0}}, './file0\x00'})
ioctl$RTC_UIE_ON(r1, 0x7003)
openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x101801, 0x0)

11:33:17 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x33000}], 0x2)

11:33:17 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe", 0x55, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2347.264311] FAULT_INJECTION: forcing a failure.
[ 2347.264311] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2347.267122] CPU: 1 PID: 10585 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2347.268589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2347.270350] Call Trace:
[ 2347.270913]  dump_stack+0x107/0x167
[ 2347.271690]  should_fail.cold+0x5/0xa
[ 2347.272515]  _copy_to_user+0x2e/0x180
[ 2347.273341]  pagemap_read+0x333/0x590
[ 2347.274153]  ? clear_refs_write+0x780/0x780
[ 2347.275063]  ? iov_iter_advance+0x1b1/0xec0
[ 2347.275990]  do_iter_read+0x4fa/0x760
[ 2347.276809]  ? import_iovec+0x83/0xb0
[ 2347.277623]  vfs_readv+0xe5/0x160
[ 2347.278365]  ? vfs_iter_read+0xa0/0xa0
[ 2347.279188]  ? __fdget_pos+0xf1/0x190
[ 2347.280002]  ? lock_downgrade+0x6d0/0x6d0
[ 2347.280899]  ? ksys_write+0x12d/0x260
[ 2347.281709]  ? __fget_files+0x2f8/0x520
[ 2347.282571]  do_readv+0x139/0x300
[ 2347.283308]  ? vfs_readv+0x160/0x160
[ 2347.284098]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2347.285216]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2347.286312]  do_syscall_64+0x33/0x40
[ 2347.287104]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2347.288188] RIP: 0033:0x7fad0dc79b19
[ 2347.288983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2347.292884] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2347.294499] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2347.296008] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2347.297521] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2347.299027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2347.300551] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:33:18 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x34000}], 0x2)

11:33:18 executing program 3:
kexec_load(0x380, 0x9, &(0x7f0000000700)=[{&(0x7f0000000000)="4a29cc8d0d0f7a0424eec86aa42e21d55b6ee190d2eefd382097c7eabeb9f51727f61c181fe41f40349beab3da4e656ff9fc2b03c667945ad39939296e2dc8da37aa0b9043c54e60d360ab7390550606f8828faad58b27e62bc8d7c7c7f09e6f74c8ac85a9c19f1e42cde99c68a00b414f95a6282b22899199e65b3820c5d4ff8c79101cda27e8c5386745fd1be3e025c1262e1eed14f88aeeb63ff3d87426f82fe31c36408a339ac9197b183a6b15b009310acf10547c07504814de5d12768c7e9fe4818c8d28b8a3b1fc06745573b37543841d250032d384629dbc006225e9f908223375dd121d6694062d57b9248178c1c07cfd1a5ca2b51c44", 0xfb, 0x3, 0x400}, {&(0x7f0000000140)="3be756e9786aba0966b1b7a51a1e38a51384125f35f4536789fdd53259df724c00ea277b5b9feb5b07c29717e4136d847b3f665135ed9d68d243c54a3cd7761cd8c53b25f42257741e7a39b04441aee22e06f0ce558ad08b05", 0x59, 0x8, 0x8}, {&(0x7f0000000200)="2afe3e5888a4f19c3782799b0edd047c4698f8012daf72a163104f994fdd3d8bef0ebf588a0cc4b9944d9766edf7dc01eff4d09259e37df65f14c5b42d803afbb68305b4b8e6454326a35f1fa2eff5657ea8b060559ced035b2bdc1052321540b387591f0a21a90450", 0x69, 0x8, 0x3ff}, {&(0x7f0000000280)="f5bebdb3d70d303ec62b175fc5b6b5fb9eddad00e12f1bac22c22395a4c936dd929ccf937d6a1cc75e0232582f0ec9d4c1252d772a33075c630872b8e073219a3161fe220349757d0e9d6ea7f8972bd719150d290705ac663d74781abe01311058dd46687604cb39d9a44b11e29cd884589929b79c9cc15cde0536561ea19dea0746c0bf46d2d1f77094fc77602cfae694fb412788d50a05d59f232015654fa5bd108057c3ae37f991decbac07f1fe59b23809f86b23328906acb9b7e9f603959d087ee3ad6ac6986a6d57f5fbc815e98e528287fb", 0xd5, 0x8, 0x254}, {&(0x7f0000000380)="c6c1a1ed8c", 0x5, 0x9, 0x9}, {&(0x7f00000003c0)="e5bd75f6ae6b36068887e5981b3e842b38cdda7ea65730df136413b858f3e3d3b63ec5c470", 0x25, 0x9, 0x100000001}, {&(0x7f0000000440)="ab4896c55c2e3846adfb40aca3f04b9bceb331a5bc15a9e5aeadad564eb25630cde50363d85ee56c55b7a6b7576130f588ac13390e009390f1a04e0b8ff220466e9ab394952d9c9c37c3f28c55f7a20a2c210f113b78088464c0d0e295fc2910d78418465770f0608453558f2265f8655a57e456a68950deea29d019eddab37489bf3280303e0e7b1d28e7bca224eddb3eed9e4bc6cc6815da34c3", 0x9b, 0x4, 0x9}, {&(0x7f0000000500)="102c07713d46e14a2dc5db71b767c0f8288100cc3e3cb7a236fa38db5e6e720029ac7b1f6d01a3717e62d07ff109d2f6fe8b17ae689e2829757e0c5234395b45c5e111f25dd5d2d1c39fbbd25ba84725afa6bef7354e52f7996a6c45fe6be822a5f20fdbdf155882c7003e9a3efb4305de999b4ae84408cecd5ced00c97158446ec8f0d057b2a656546d9127faff9517b077962bac65740a393e26c6723e516ec54a46ec3f2cb890d450611bbc76b72ad166d214558f5ce8750d26f37f114394a7164d3982f6100c265d1734e821b8", 0xcf, 0x0, 0x9}, {&(0x7f0000000600)="6581c54d81e809c142e52717e2b921f0fda6f84afc0fad2d80c4030a9bf2a677c64296d7ae04ed5e8d5dcda6ad1cd5a1c873e451edb2caf2788306a1900097d2e24c643758547be7603a7edf2b0b053db1fd9193158ffb21dc7d81fa342c99c910d0d47ffeef897061a1a7209599b09559e1f3122ebce4a78f6554b57f2e66543cc9ff3c2078bba78588d0daf38ae8708d00573c15206e7447ce1b1e4469eeca269d01cdefde8f980f0069ed8c42529b6cff77e1cb54600b0edbdddf242eec377f2adea97cc42fef1e8f382a49fe0396f812de8fc5bbe4", 0xd7, 0x5, 0x6}], 0x2a0000)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:33:18 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x8}], 0x1, 0x10)

11:33:18 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x33000}], 0x2)

11:33:18 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x8d000}], 0x2)

11:33:18 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 50)

11:33:18 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2347.633177] FAULT_INJECTION: forcing a failure.
[ 2347.633177] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2347.636142] CPU: 1 PID: 10606 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2347.637620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2347.639365] Call Trace:
[ 2347.639929]  dump_stack+0x107/0x167
[ 2347.640698]  should_fail.cold+0x5/0xa
[ 2347.641516]  __alloc_pages_nodemask+0x182/0x600
[ 2347.642499]  ? add_mm_counter_fast+0x220/0x220
[ 2347.643459]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2347.644731]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2347.645847]  ? lock_downgrade+0x6d0/0x6d0
[ 2347.646736]  ? mark_held_locks+0x9e/0xe0
[ 2347.647594]  alloc_pages_vma+0xbb/0x410
[ 2347.648441]  handle_mm_fault+0x152f/0x3500
[ 2347.649351]  ? __pmd_alloc+0x5e0/0x5e0
[ 2347.650184]  ? vmacache_find+0x55/0x2a0
[ 2347.651032]  do_user_addr_fault+0x56e/0xc60
[ 2347.651950]  exc_page_fault+0xa2/0x1a0
[ 2347.652784]  asm_exc_page_fault+0x1e/0x30
[ 2347.653664] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2347.654803] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2347.658686] RSP: 0018:ffff888047b37b50 EFLAGS: 00050246
[ 2347.659802] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2347.661308] RDX: 0000000000000000 RSI: ffff888046f88898 RDI: 0000000020017000
[ 2347.662805] RBP: 0000000020016768 R08: 0000000000000000 R09: ffff888046f88fff
[ 2347.664308] R10: ffffed1008df11ff R11: 0000000000000001 R12: 0000000020017768
[ 2347.665818] R13: ffff888046f88000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2347.667355]  _copy_to_user+0x13d/0x180
[ 2347.668189]  pagemap_read+0x333/0x590
[ 2347.669009]  ? clear_refs_write+0x780/0x780
[ 2347.669917]  ? iov_iter_advance+0x1b1/0xec0
[ 2347.670843]  do_iter_read+0x4fa/0x760
[ 2347.671650]  ? import_iovec+0x83/0xb0
[ 2347.672458]  vfs_readv+0xe5/0x160
[ 2347.673198]  ? vfs_iter_read+0xa0/0xa0
[ 2347.674027]  ? __fdget_pos+0xf1/0x190
[ 2347.674830]  ? lock_downgrade+0x6d0/0x6d0
[ 2347.675718]  ? ksys_write+0x12d/0x260
[ 2347.676527]  ? __fget_files+0x2f8/0x520
[ 2347.677394]  do_readv+0x139/0x300
[ 2347.678126]  ? vfs_readv+0x160/0x160
[ 2347.678915]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2347.680016]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2347.681116]  do_syscall_64+0x33/0x40
[ 2347.681899]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2347.682975] RIP: 0033:0x7fad0dc79b19
[ 2347.683759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2347.687649] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2347.689250] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2347.690759] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2347.692269] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2347.693775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2347.695277] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:33:34 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x1b3)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
fcntl$getown(r2, 0x9)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f0000000080)={0x400, 0x18, '\x00', 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0]})
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4800)
openat(r3, &(0x7f0000000140)='./file0\x00', 0x410440, 0x40)

11:33:34 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:34 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e13", 0x7f, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:34 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 51)

11:33:34 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x8e000}], 0x2)

11:33:34 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x34000}], 0x2)

11:33:34 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x10}], 0x1, 0x10)

11:33:34 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x35000}], 0x2)

[ 2363.419111] FAULT_INJECTION: forcing a failure.
[ 2363.419111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2363.420838] CPU: 0 PID: 10632 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2363.421715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2363.422757] Call Trace:
[ 2363.423089]  dump_stack+0x107/0x167
[ 2363.423546]  should_fail.cold+0x5/0xa
[ 2363.424006]  _copy_to_user+0x2e/0x180
[ 2363.424491]  pagemap_read+0x333/0x590
[ 2363.424983]  ? clear_refs_write+0x780/0x780
[ 2363.425529]  ? iov_iter_advance+0x1b1/0xec0
[ 2363.426080]  do_iter_read+0x4fa/0x760
[ 2363.426570]  ? import_iovec+0x83/0xb0
[ 2363.427045]  vfs_readv+0xe5/0x160
[ 2363.427483]  ? vfs_iter_read+0xa0/0xa0
[ 2363.427946]  ? __fdget_pos+0xf1/0x190
[ 2363.428399]  ? lock_downgrade+0x6d0/0x6d0
[ 2363.428933]  ? ksys_write+0x12d/0x260
[ 2363.429411]  ? __fget_files+0x2f8/0x520
[ 2363.429911]  do_readv+0x139/0x300
[ 2363.430327]  ? vfs_readv+0x160/0x160
[ 2363.430773]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2363.431394]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2363.432006]  do_syscall_64+0x33/0x40
[ 2363.432448]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2363.433106] RIP: 0033:0x7fad0dc79b19
[ 2363.433572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2363.435743] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2363.436633] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2363.437524] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2363.438372] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2363.439206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2363.440097] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:33:34 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x64}], 0x1, 0x10)

11:33:34 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x1ff, 0x20000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg$unix(r0, &(0x7f0000005b00)=[{{&(0x7f0000000140), 0x6e, &(0x7f0000000700)=[{&(0x7f0000000200)=""/191, 0xbf}, {&(0x7f00000002c0)=""/108, 0x6c}, {&(0x7f0000000340)=""/118, 0x76}, {&(0x7f0000000440)=""/223, 0xdf}, {&(0x7f00000000c0)=""/9, 0x9}, {&(0x7f0000000540)=""/170, 0xaa}, {&(0x7f0000000600)=""/105, 0x69}, {&(0x7f0000000680)=""/91, 0x5b}], 0x8}}, {{&(0x7f0000000780), 0x6e, &(0x7f00000003c0)=[{&(0x7f0000000800)=""/199, 0xc7}, {&(0x7f0000000900)=""/177, 0xb1}], 0x2, &(0x7f00000009c0)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000000a00)=@abs, 0x6e, &(0x7f0000002e00)=[{&(0x7f0000000a80)=""/69, 0x45}, {&(0x7f0000000b00)=""/215, 0xd7}, {&(0x7f0000000c00)=""/83, 0x53}, {&(0x7f0000000c80)=""/4096, 0x1000}, {&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/97, 0x61}, {&(0x7f0000002d00)=""/113, 0x71}, {&(0x7f0000002d80)=""/116, 0x74}], 0x8, &(0x7f0000002e80)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f0000002f80), 0x6e, &(0x7f0000003200)=[{&(0x7f0000003000)=""/103, 0x67}, {&(0x7f0000003080)=""/165, 0xa5}, {&(0x7f0000003140)=""/146, 0x92}], 0x3, &(0x7f0000003240)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000003280), 0x6e, &(0x7f0000004600)=[{&(0x7f0000003300)=""/4096, 0x1000}, {&(0x7f0000004300)=""/42, 0x2a}, {&(0x7f0000004340)=""/152, 0x98}, {&(0x7f0000004400)=""/125, 0x7d}, {&(0x7f0000004480)=""/49, 0x31}, {&(0x7f00000044c0)=""/73, 0x49}, {&(0x7f0000004540)=""/124, 0x7c}, {&(0x7f00000045c0)=""/32, 0x20}], 0x8, &(0x7f0000004680)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r3=>0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}}, {{&(0x7f0000004780), 0x6e, &(0x7f0000005a00)=[{&(0x7f0000004800)=""/227, 0xe3}, {&(0x7f0000004900)=""/230, 0xe6}, {&(0x7f0000004a00)=""/4096, 0x1000}], 0x3, &(0x7f0000005a40)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa8}}], 0x6, 0x10010, &(0x7f0000005c80))
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x810000, &(0x7f0000005cc0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_uid}, {@cache_loose}, {@debug={'debug', 0x3d, 0x4}}, {@cachetag={'cachetag', 0x3d, '+{,[\''}}, {@access_client}, {@privport}, {@dfltuid}, {@cache_loose}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'f\xf8)d'}}, {@obj_role}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@fowner_eq={'fowner', 0x3d, r3}}]}})

11:33:34 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x35000}], 0x2)

11:33:34 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x36000}], 0x2)

11:33:34 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x8f000}], 0x2)

11:33:34 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e13", 0x7f, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:34 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 52)

11:33:34 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2363.672588] 9pnet: Insufficient options for proto=fd
[ 2363.676400] 9pnet: Insufficient options for proto=fd
[ 2363.734609] FAULT_INJECTION: forcing a failure.
[ 2363.734609] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2363.736199] CPU: 0 PID: 10655 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2363.737001] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2363.737943] Call Trace:
[ 2363.738242]  dump_stack+0x107/0x167
[ 2363.738663]  should_fail.cold+0x5/0xa
[ 2363.739106]  __alloc_pages_nodemask+0x182/0x600
[ 2363.739640]  ? add_mm_counter_fast+0x220/0x220
[ 2363.740163]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2363.740860]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2363.741436]  ? lock_downgrade+0x6d0/0x6d0
[ 2363.741921]  ? mark_held_locks+0x9e/0xe0
[ 2363.742392]  alloc_pages_vma+0xbb/0x410
[ 2363.742853]  handle_mm_fault+0x152f/0x3500
[ 2363.743345]  ? __pmd_alloc+0x5e0/0x5e0
[ 2363.743771]  ? vmacache_find+0x55/0x2a0
[ 2363.744238]  do_user_addr_fault+0x56e/0xc60
[ 2363.744745]  exc_page_fault+0xa2/0x1a0
[ 2363.745208]  asm_exc_page_fault+0x1e/0x30
[ 2363.745691] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2363.746315] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2363.748435] RSP: 0018:ffff88800e78fb50 EFLAGS: 00050246
[ 2363.749057] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2363.749827] RDX: 0000000000000000 RSI: ffff888046a18898 RDI: 0000000020018000
[ 2363.750655] RBP: 0000000020017768 R08: 0000000000000000 R09: ffff888046a18fff
[ 2363.751431] R10: ffffed1008d431ff R11: 0000000000000001 R12: 0000000020018768
[ 2363.752255] R13: ffff888046a18000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2363.753049]  _copy_to_user+0x13d/0x180
[ 2363.753505]  pagemap_read+0x333/0x590
[ 2363.753949]  ? clear_refs_write+0x780/0x780
[ 2363.754452]  ? iov_iter_advance+0x1b1/0xec0
[ 2363.754958]  do_iter_read+0x4fa/0x760
[ 2363.755405]  ? import_iovec+0x83/0xb0
[ 2363.755846]  vfs_readv+0xe5/0x160
[ 2363.756247]  ? vfs_iter_read+0xa0/0xa0
[ 2363.756699]  ? __fdget_pos+0xf1/0x190
[ 2363.757146]  ? lock_downgrade+0x6d0/0x6d0
[ 2363.757629]  ? ksys_write+0x12d/0x260
[ 2363.758072]  ? __fget_files+0x2f8/0x520
[ 2363.758541]  do_readv+0x139/0x300
[ 2363.758942]  ? vfs_readv+0x160/0x160
[ 2363.759373]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2363.759976]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2363.760571]  do_syscall_64+0x33/0x40
[ 2363.760984]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2363.761576] RIP: 0033:0x7fad0dc79b19
[ 2363.762004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2363.764125] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2363.765002] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2363.765825] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2363.766599] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2363.767424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2363.768254] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:33:48 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 53)

11:33:48 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x91b}], 0x1, 0x10)

11:33:48 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:48 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x36000}], 0x2)

11:33:48 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x37000}], 0x2)

11:33:48 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)

11:33:48 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x90000}], 0x2)

11:33:48 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e13", 0x7f, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2378.163684] FAULT_INJECTION: forcing a failure.
[ 2378.163684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2378.166821] CPU: 1 PID: 10672 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2378.168629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
11:33:48 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x50, 0xffffffffffffffff, 0x10000000)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f00000000c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x4, 0x0, r1, &(0x7f0000000080)={0xb}, 0xffffffffffffffff, 0x1, 0x0, 0x1}, 0xffff)
r2 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r2}], 0x1, 0x0)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, 0x1)

[ 2378.170799] Call Trace:
[ 2378.171587]  dump_stack+0x107/0x167
[ 2378.172527]  should_fail.cold+0x5/0xa
[ 2378.173543]  _copy_to_user+0x2e/0x180
[ 2378.174537]  pagemap_read+0x333/0x590
[ 2378.175527]  ? clear_refs_write+0x780/0x780
[ 2378.176649]  ? iov_iter_advance+0x1b1/0xec0
[ 2378.177790]  do_iter_read+0x4fa/0x760
[ 2378.178779]  ? import_iovec+0x83/0xb0
[ 2378.179779]  vfs_readv+0xe5/0x160
[ 2378.180531]  ? vfs_iter_read+0xa0/0xa0
[ 2378.181550]  ? __fdget_pos+0xf1/0x190
[ 2378.182541]  ? lock_downgrade+0x6d0/0x6d0
11:33:48 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x38000}], 0x2)

[ 2378.183625]  ? ksys_write+0x12d/0x260
[ 2378.184704]  ? __fget_files+0x2f8/0x520
[ 2378.185769]  do_readv+0x139/0x300
[ 2378.186676]  ? vfs_readv+0x160/0x160
[ 2378.187638]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2378.188988]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2378.190332]  do_syscall_64+0x33/0x40
[ 2378.191283]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2378.192607] RIP: 0033:0x7fad0dc79b19
[ 2378.193574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2378.198377] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2378.200355] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2378.202226] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2378.204090] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2378.205731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2378.207289] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:33:48 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x1b09}], 0x1, 0x10)

11:33:48 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x91000}], 0x2)

11:33:48 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 54)

11:33:49 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed52", 0x94, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:49 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:33:49 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x37000}], 0x2)

11:33:49 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x39000}], 0x2)

[ 2378.396243] FAULT_INJECTION: forcing a failure.
[ 2378.396243] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2378.397653] CPU: 0 PID: 10693 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2378.398434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2378.399390] Call Trace:
[ 2378.399694]  dump_stack+0x107/0x167
[ 2378.400109]  should_fail.cold+0x5/0xa
[ 2378.400544]  __alloc_pages_nodemask+0x182/0x600
[ 2378.401096]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2378.401689]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2378.402377]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2378.402966]  ? lock_downgrade+0x6d0/0x6d0
[ 2378.403436]  ? mark_held_locks+0x9e/0xe0
[ 2378.403898]  alloc_pages_vma+0xbb/0x410
[ 2378.404350]  handle_mm_fault+0x152f/0x3500
[ 2378.404837]  ? __pmd_alloc+0x5e0/0x5e0
[ 2378.405298]  ? vmacache_find+0x55/0x2a0
[ 2378.405754]  ? vmacache_update+0xce/0x140
[ 2378.406227]  do_user_addr_fault+0x56e/0xc60
[ 2378.406730]  exc_page_fault+0xa2/0x1a0
[ 2378.407175]  asm_exc_page_fault+0x1e/0x30
[ 2378.407645] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2378.408254] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2378.410340] RSP: 0018:ffff88804a817b50 EFLAGS: 00050246
[ 2378.410946] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2378.411767] RDX: 0000000000000000 RSI: ffff888047512898 RDI: 0000000020019000
[ 2378.412591] RBP: 0000000020018768 R08: 0000000000000000 R09: ffff888047512fff
[ 2378.413427] R10: ffffed1008ea25ff R11: 0000000000000001 R12: 0000000020019768
[ 2378.414250] R13: ffff888047512000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2378.415088]  _copy_to_user+0x13d/0x180
[ 2378.415538]  pagemap_read+0x333/0x590
[ 2378.415976]  ? clear_refs_write+0x780/0x780
[ 2378.416473]  ? iov_iter_advance+0x1b1/0xec0
[ 2378.416976]  do_iter_read+0x4fa/0x760
[ 2378.417435]  ? import_iovec+0x83/0xb0
[ 2378.417872]  vfs_readv+0xe5/0x160
[ 2378.418268]  ? vfs_iter_read+0xa0/0xa0
[ 2378.418713]  ? __fdget_pos+0xf1/0x190
[ 2378.419149]  ? lock_downgrade+0x6d0/0x6d0
[ 2378.419627]  ? ksys_write+0x12d/0x260
[ 2378.420067]  ? __fget_files+0x2f8/0x520
[ 2378.420531]  do_readv+0x139/0x300
[ 2378.420927]  ? vfs_readv+0x160/0x160
[ 2378.421367]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2378.421966]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2378.422557]  do_syscall_64+0x33/0x40
[ 2378.422982]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2378.423567] RIP: 0033:0x7fad0dc79b19
[ 2378.423992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2378.426112] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2378.426994] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2378.427814] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2378.428639] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2378.429478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2378.430300] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:34:03 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 55)

11:34:03 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed52", 0x94, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:03 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:03 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x6400}], 0x1, 0x10)

11:34:03 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x92000}], 0x2)

11:34:03 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x38000}], 0x2)

11:34:03 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000000)='@\x00', &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:34:03 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3a000}], 0x2)

[ 2392.508804] FAULT_INJECTION: forcing a failure.
[ 2392.508804] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2392.510726] CPU: 0 PID: 10722 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2392.511699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2392.512859] Call Trace:
[ 2392.513390]  dump_stack+0x107/0x167
[ 2392.514320]  should_fail.cold+0x5/0xa
[ 2392.515303]  _copy_to_user+0x2e/0x180
[ 2392.516269]  pagemap_read+0x333/0x590
[ 2392.517256]  ? clear_refs_write+0x780/0x780
[ 2392.518304]  ? iov_iter_advance+0x1b1/0xec0
[ 2392.519281]  do_iter_read+0x4fa/0x760
[ 2392.520146]  ? import_iovec+0x83/0xb0
[ 2392.520997]  vfs_readv+0xe5/0x160
[ 2392.521779]  ? vfs_iter_read+0xa0/0xa0
[ 2392.522655]  ? __fdget_pos+0xf1/0x190
[ 2392.523512]  ? lock_downgrade+0x6d0/0x6d0
[ 2392.524454]  ? ksys_write+0x12d/0x260
[ 2392.525321]  ? __fget_files+0x2f8/0x520
[ 2392.526238]  do_readv+0x139/0x300
[ 2392.527021]  ? vfs_readv+0x160/0x160
[ 2392.527866]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2392.529035]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2392.530205]  do_syscall_64+0x33/0x40
[ 2392.531033]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2392.532182] RIP: 0033:0x7fad0dc79b19
[ 2392.533019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2392.537121] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2392.538829] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2392.540409] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2392.542021] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2392.543609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2392.545215] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:34:17 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3b000}], 0x2)

11:34:17 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x93000}], 0x2)

11:34:17 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 56)

11:34:17 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:17 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x42201, 0x100)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x0)

11:34:17 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:34:17 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x39000}], 0x2)

11:34:17 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed52", 0x94, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2406.604639] FAULT_INJECTION: forcing a failure.
[ 2406.604639] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2406.607725] CPU: 1 PID: 10750 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2406.609310] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2406.611180] Call Trace:
[ 2406.611782]  dump_stack+0x107/0x167
[ 2406.612610]  should_fail.cold+0x5/0xa
[ 2406.613489]  __alloc_pages_nodemask+0x182/0x600
[ 2406.614546]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2406.615733]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2406.616950]  ? trace_hardirqs_on+0x5b/0x180
[ 2406.617940]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2406.619292]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2406.620532]  ? alloc_pages_vma+0x18b/0x410
[ 2406.621503]  alloc_pages_vma+0xbb/0x410
[ 2406.622417]  handle_mm_fault+0x152f/0x3500
[ 2406.623388]  ? __pmd_alloc+0x5e0/0x5e0
[ 2406.624269]  ? vmacache_find+0x55/0x2a0
[ 2406.625169]  do_user_addr_fault+0x56e/0xc60
[ 2406.626171]  exc_page_fault+0xa2/0x1a0
[ 2406.627047]  asm_exc_page_fault+0x1e/0x30
[ 2406.627985] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2406.629198] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2406.633342] RSP: 0018:ffff888048af7b50 EFLAGS: 00050246
[ 2406.634544] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2406.636136] RDX: 0000000000000000 RSI: ffff888019fde898 RDI: 000000002001a000
[ 2406.637754] RBP: 0000000020019768 R08: 0000000000000000 R09: ffff888019fdefff
[ 2406.639336] R10: ffffed10033fbdff R11: 0000000000000001 R12: 000000002001a768
[ 2406.640921] R13: ffff888019fde000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2406.642567]  _copy_to_user+0x13d/0x180
[ 2406.643449]  pagemap_read+0x333/0x590
[ 2406.644308]  ? clear_refs_write+0x780/0x780
[ 2406.645280]  ? iov_iter_advance+0x1b1/0xec0
[ 2406.646264]  do_iter_read+0x4fa/0x760
[ 2406.647125]  ? import_iovec+0x83/0xb0
[ 2406.647983]  vfs_readv+0xe5/0x160
[ 2406.648760]  ? vfs_iter_read+0xa0/0xa0
[ 2406.649640]  ? __fdget_pos+0xf1/0x190
[ 2406.650490]  ? lock_downgrade+0x6d0/0x6d0
[ 2406.651421]  ? ksys_write+0x12d/0x260
[ 2406.652284]  ? __fget_files+0x2f8/0x520
[ 2406.653194]  do_readv+0x139/0x300
[ 2406.653977]  ? vfs_readv+0x160/0x160
[ 2406.654810]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2406.655976]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2406.657127]  do_syscall_64+0x33/0x40
[ 2406.657971]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2406.659106] RIP: 0033:0x7fad0dc79b19
[ 2406.659933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2406.664040] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2406.665742] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2406.667325] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2406.668911] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2406.670521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2406.672116] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:34:17 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0c", 0x9f, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:17 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x0, 0x8}], 0x1, 0x10)

11:34:17 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3c000}], 0x2)

11:34:17 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3a000}], 0x2)

11:34:17 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 57)

11:34:17 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:17 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x94000}], 0x2)

11:34:17 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000140)={{{@in=@private, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@remote}}, &(0x7f00000000c0)=0xe8)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setresuid(0xffffffffffffffff, r2, 0x0)
recvmsg$unix(r0, &(0x7f0000000440)={&(0x7f0000000240), 0x6e, &(0x7f00000002c0), 0x0, &(0x7f0000000300)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, <r3=>0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xf0}, 0x40000000)
r4 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38)
statx(r4, &(0x7f0000000180)='./file1\x00', 0x4000, 0x800, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', r5, r6, 0x100)
getgroups(0xa, &(0x7f0000000480)=[0x0, 0x0, 0xffffffffffffffff, <r7=>0xee00, 0xee00, 0xee00, 0x0, 0x0, 0xffffffffffffffff, 0xee00])
r8 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38)
statx(r8, &(0x7f0000000180)='./file1\x00', 0x4000, 0x800, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0, <r10=>0x0})
fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', r9, r10, 0x100)
setxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f00000004c0)={{}, {0x1, 0x1}, [{0x2, 0x5, r1}, {0x2, 0x1, r2}], {0x4, 0x2}, [{0x8, 0x7, 0xffffffffffffffff}, {0x8, 0x0, r3}, {0x8, 0x2, 0xee01}, {0x8, 0x4, r6}, {0x8, 0x2, r7}, {0x8, 0x0, 0xee01}, {0x8, 0x1, r10}, {0x8, 0x4, 0xee01}], {0x10, 0x1}, {0x20, 0x1}}, 0x74, 0x3)
poll(&(0x7f0000000000)=[{r0}], 0x1, 0x800000)

11:34:17 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3d000}], 0x2)

11:34:17 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x0, 0x10}], 0x1, 0x10)

[ 2406.997526] FAULT_INJECTION: forcing a failure.
[ 2406.997526] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2407.000280] CPU: 1 PID: 10774 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2407.001929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2407.004052] Call Trace:
[ 2407.004631]  dump_stack+0x107/0x167
[ 2407.005432]  should_fail.cold+0x5/0xa
[ 2407.006264]  _copy_to_user+0x2e/0x180
[ 2407.007103]  pagemap_read+0x333/0x590
[ 2407.007914]  ? clear_refs_write+0x780/0x780
[ 2407.008873]  ? iov_iter_advance+0x1b1/0xec0
[ 2407.009908]  do_iter_read+0x4fa/0x760
[ 2407.010836]  ? import_iovec+0x83/0xb0
[ 2407.011853]  vfs_readv+0xe5/0x160
[ 2407.012597]  ? vfs_iter_read+0xa0/0xa0
[ 2407.013435]  ? __fdget_pos+0xf1/0x190
[ 2407.014253]  ? lock_downgrade+0x6d0/0x6d0
[ 2407.015165]  ? ksys_write+0x12d/0x260
[ 2407.016161]  ? __fget_files+0x2f8/0x520
[ 2407.017269]  do_readv+0x139/0x300
[ 2407.018007]  ? vfs_readv+0x160/0x160
[ 2407.019045]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2407.020414]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2407.021783]  do_syscall_64+0x33/0x40
[ 2407.022768]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2407.024000] RIP: 0033:0x7fad0dc79b19
[ 2407.025004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2407.029528] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2407.031302] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2407.032819] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2407.034377] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2407.035870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2407.037727] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:34:17 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3b000}], 0x2)

11:34:17 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x95000}], 0x2)

11:34:17 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3e000}], 0x2)

11:34:17 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x0, 0x64}], 0x1, 0x10)

11:34:18 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0c", 0x9f, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:18 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 58)

11:34:18 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3c000}], 0x2)

11:34:18 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:18 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x0, 0x91b}], 0x1, 0x10)

11:34:18 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3f000}], 0x2)

11:34:18 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x96000}], 0x2)

[ 2407.560218] FAULT_INJECTION: forcing a failure.
[ 2407.560218] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2407.562993] CPU: 1 PID: 10799 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2407.564491] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2407.566285] Call Trace:
[ 2407.566869]  dump_stack+0x107/0x167
[ 2407.567748]  should_fail.cold+0x5/0xa
[ 2407.568653]  __alloc_pages_nodemask+0x182/0x600
[ 2407.569918]  ? add_mm_counter_fast+0x220/0x220
[ 2407.570987]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2407.572550]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2407.573939]  ? lock_downgrade+0x6d0/0x6d0
[ 2407.574862]  ? mark_held_locks+0x9e/0xe0
[ 2407.575857]  alloc_pages_vma+0xbb/0x410
[ 2407.576955]  handle_mm_fault+0x152f/0x3500
[ 2407.577989]  ? __pmd_alloc+0x5e0/0x5e0
[ 2407.578832]  ? vmacache_find+0x55/0x2a0
[ 2407.579885]  do_user_addr_fault+0x56e/0xc60
[ 2407.581063]  exc_page_fault+0xa2/0x1a0
[ 2407.581986]  asm_exc_page_fault+0x1e/0x30
[ 2407.582888] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2407.584049] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2407.588009] RSP: 0018:ffff8880465ffb50 EFLAGS: 00050246
[ 2407.589162] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2407.590721] RDX: 0000000000000000 RSI: ffff88800bbe8898 RDI: 000000002001b000
[ 2407.592263] RBP: 000000002001a768 R08: 0000000000000000 R09: ffff88800bbe8fff
[ 2407.593805] R10: ffffed100177d1ff R11: 0000000000000001 R12: 000000002001b768
[ 2407.595344] R13: ffff88800bbe8000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2407.596899]  _copy_to_user+0x13d/0x180
[ 2407.597767]  pagemap_read+0x333/0x590
[ 2407.598600]  ? clear_refs_write+0x780/0x780
[ 2407.599528]  ? iov_iter_advance+0x1b1/0xec0
[ 2407.600462]  do_iter_read+0x4fa/0x760
[ 2407.601291]  ? import_iovec+0x83/0xb0
[ 2407.602109]  vfs_readv+0xe5/0x160
[ 2407.602867]  ? vfs_iter_read+0xa0/0xa0
[ 2407.603718]  ? __fdget_pos+0xf1/0x190
[ 2407.604537]  ? lock_downgrade+0x6d0/0x6d0
[ 2407.605445]  ? ksys_write+0x12d/0x260
[ 2407.606288]  ? __fget_files+0x2f8/0x520
[ 2407.607172]  do_readv+0x139/0x300
[ 2407.607918]  ? vfs_readv+0x160/0x160
[ 2407.608723]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2407.609850]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2407.610991]  do_syscall_64+0x33/0x40
[ 2407.611805]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2407.612919] RIP: 0033:0x7fad0dc79b19
[ 2407.613728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2407.617689] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2407.619329] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2407.620851] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2407.622414] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2407.623932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2407.625458] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:34:18 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3d000}], 0x2)

11:34:18 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x0, 0x1b09}], 0x1, 0x10)

11:34:32 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 59)

11:34:32 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000440)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:34:32 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x0, 0x6400}], 0x1, 0x10)

11:34:32 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x40000}], 0x2)

11:34:32 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x97000}], 0x2)

11:34:32 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0c", 0x9f, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:32 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3e000}], 0x2)

11:34:32 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2421.537616] FAULT_INJECTION: forcing a failure.
[ 2421.537616] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2421.540418] CPU: 1 PID: 10833 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2421.541924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2421.543726] Call Trace:
[ 2421.544305]  dump_stack+0x107/0x167
[ 2421.545096]  should_fail.cold+0x5/0xa
[ 2421.545933]  _copy_to_user+0x2e/0x180
[ 2421.546760]  pagemap_read+0x333/0x590
[ 2421.547589]  ? clear_refs_write+0x780/0x780
[ 2421.548522]  ? iov_iter_advance+0x1b1/0xec0
[ 2421.549479]  do_iter_read+0x4fa/0x760
[ 2421.550322]  ? import_iovec+0x83/0xb0
[ 2421.551184]  vfs_readv+0xe5/0x160
[ 2421.551940]  ? vfs_iter_read+0xa0/0xa0
[ 2421.552781]  ? __fdget_pos+0xf1/0x190
[ 2421.553613]  ? lock_downgrade+0x6d0/0x6d0
[ 2421.554515]  ? ksys_write+0x12d/0x260
[ 2421.555351]  ? __fget_files+0x2f8/0x520
[ 2421.556236]  do_readv+0x139/0x300
[ 2421.556988]  ? vfs_readv+0x160/0x160
[ 2421.557804]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2421.558940]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2421.560060]  do_syscall_64+0x33/0x40
[ 2421.560865]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2421.561980] RIP: 0033:0x7fad0dc79b19
[ 2421.562785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2421.566761] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2421.568404] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2421.569957] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2421.571643] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2421.573176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2421.574728] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:34:32 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040))
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
fcntl$dupfd(r1, 0x406, r0)

11:34:32 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x41000}], 0x2)

11:34:32 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2", 0xa4, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:32 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x2, 0x10)

11:34:32 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x98000}], 0x2)

11:34:32 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3f000}], 0x2)

[ 2422.049986] kworker/dying (7) used greatest stack depth: 22480 bytes left
11:34:44 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x42000}], 0x2)

11:34:44 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x40000}], 0x2)

11:34:44 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 60)

11:34:44 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x99000}], 0x2)

11:34:44 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:44 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x8, 0x10)

11:34:44 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2", 0xa4, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:34:44 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = accept$packet(r0, &(0x7f0000000040), &(0x7f00000000c0)=0x14)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000140)={0x50000003})
ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@ipv4={""/10, ""/2, @multicast2}, @in6=@private0}}, {{@in6=@private2}, 0x0, @in=@dev}}, &(0x7f0000000080)=0xe8)
r3 = eventfd(0x3)
sendfile(r3, r0, &(0x7f0000000180)=0x2, 0x4)

[ 2434.055321] FAULT_INJECTION: forcing a failure.
[ 2434.055321] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2434.056857] CPU: 1 PID: 10881 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2434.057711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2434.058716] Call Trace:
[ 2434.059039]  dump_stack+0x107/0x167
[ 2434.059486]  should_fail.cold+0x5/0xa
[ 2434.059950]  __alloc_pages_nodemask+0x182/0x600
[ 2434.060517]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2434.061252]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2434.061898]  ? lock_downgrade+0x6d0/0x6d0
[ 2434.062406]  alloc_pages_vma+0xbb/0x410
[ 2434.062892]  handle_mm_fault+0x152f/0x3500
[ 2434.063412]  ? __schedule+0x82c/0x1ea0
[ 2434.063884]  ? __pmd_alloc+0x5e0/0x5e0
[ 2434.064368]  ? vmacache_find+0x55/0x2a0
[ 2434.064858]  do_user_addr_fault+0x56e/0xc60
[ 2434.065388]  exc_page_fault+0xa2/0x1a0
[ 2434.065872]  asm_exc_page_fault+0x1e/0x30
[ 2434.066376] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2434.067031] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2434.069255] RSP: 0018:ffff88801fcf7b50 EFLAGS: 00050246
[ 2434.069910] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2434.070775] RDX: 0000000000000000 RSI: ffff888019e32898 RDI: 000000002001c000
[ 2434.071639] RBP: 000000002001b768 R08: 0000000000000000 R09: ffff888019e32fff
[ 2434.072504] R10: ffffed10033c65ff R11: 0000000000000001 R12: 000000002001c768
[ 2434.073360] R13: ffff888019e32000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2434.074241]  _copy_to_user+0x13d/0x180
[ 2434.074716]  pagemap_read+0x333/0x590
[ 2434.075177]  ? clear_refs_write+0x780/0x780
[ 2434.075696]  ? iov_iter_advance+0x1b1/0xec0
[ 2434.076227]  do_iter_read+0x4fa/0x760
[ 2434.076692]  ? import_iovec+0x83/0xb0
[ 2434.077152]  vfs_readv+0xe5/0x160
[ 2434.077583]  ? vfs_iter_read+0xa0/0xa0
[ 2434.078052]  ? __fdget_pos+0xf1/0x190
[ 2434.078510]  ? lock_downgrade+0x6d0/0x6d0
[ 2434.079015]  ? ksys_write+0x12d/0x260
[ 2434.079476]  ? __fget_files+0x2f8/0x520
[ 2434.079968]  do_readv+0x139/0x300
[ 2434.080388]  ? vfs_readv+0x160/0x160
[ 2434.080839]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2434.081475]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2434.082096]  do_syscall_64+0x33/0x40
[ 2434.082542]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2434.083157] RIP: 0033:0x7fad0dc79b19
[ 2434.083608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2434.085815] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2434.086727] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2434.087581] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2434.088435] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2434.089283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2434.090138] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:34:44 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0), 0x0, 0x100000)

11:34:44 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0xf, 0x10)

11:35:03 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x8e)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:35:03 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x300, 0x10)

11:35:03 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x0, 0x0}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:03 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 61)

11:35:03 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x43000}], 0x2)

11:35:03 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9a000}], 0x2)

11:35:03 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2", 0xa4, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:03 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x41000}], 0x2)

11:35:03 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
getsockname(r0, &(0x7f0000000140)=@qipcrtr, &(0x7f00000000c0)=0x80)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000080)={&(0x7f0000000000)=""/127, 0x7f})

11:35:03 executing program 7:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000000))
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x10)

[ 2452.917417] FAULT_INJECTION: forcing a failure.
[ 2452.917417] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2452.920683] CPU: 1 PID: 10923 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2452.922403] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2452.924546] Call Trace:
[ 2452.925200]  dump_stack+0x107/0x167
[ 2452.926235]  should_fail.cold+0x5/0xa
[ 2452.927160]  _copy_to_user+0x2e/0x180
[ 2452.928136]  pagemap_read+0x333/0x590
[ 2452.929193]  ? clear_refs_write+0x780/0x780
[ 2452.930210]  ? iov_iter_advance+0x1b1/0xec0
[ 2452.931403]  do_iter_read+0x4fa/0x760
[ 2452.932345]  ? import_iovec+0x83/0xb0
[ 2452.933309]  vfs_readv+0xe5/0x160
[ 2452.934337]  ? vfs_iter_read+0xa0/0xa0
[ 2452.935259]  ? __fdget_pos+0xf1/0x190
[ 2452.936198]  ? lock_downgrade+0x6d0/0x6d0
[ 2452.937299]  ? __fget_files+0x2f8/0x520
[ 2452.938528]  do_readv+0x139/0x300
[ 2452.939730]  ? vfs_readv+0x160/0x160
[ 2452.940762]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2452.942104]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2452.943516]  do_syscall_64+0x33/0x40
[ 2452.944379]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2452.945519] RIP: 0033:0x7fad0dc79b19
[ 2452.946441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2452.950805] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2452.952475] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2452.954061] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2452.955630] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2452.957192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2452.958782] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:35:03 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9b000}], 0x2)

11:35:19 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x400942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:35:19 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9c000}], 0x2)

11:35:19 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x0, 0x0}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:19 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x42000}], 0x2)

11:35:19 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x44000}], 0x2)

11:35:19 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df2", 0xa7, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:19 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 62)

11:35:19 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="fb90aa846e4af9fdb129d6e7ee804eb250af6ddac53bf41e331999d5e5d68a4d48b3850943af0a400dd5560c4ddd7e8c6a3fee6d0fe1f3498eea3f26dd44bc180f79fb223916505bfd2c42ea55edbb4e61f8a0345089c8756a82543c083ccc38d67df27f97726d5b64e653dd8e8b0179de3d8ace99c14531ac24ac11d7056102d8c79547f38c646d217f5fb7327059f5477748d0", 0x94}], 0x1)
r1 = inotify_init()
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
dup2(r1, r2)
ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000440)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ppoll(&(0x7f00000000c0)=[{r3}], 0x1, 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v1={0x1000000, [{0x101, 0x8000}]}, 0xc, 0x1)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

[ 2468.460341] FAULT_INJECTION: forcing a failure.
[ 2468.460341] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2468.462740] CPU: 1 PID: 10956 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2468.464095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2468.465729] Call Trace:
[ 2468.466260]  dump_stack+0x107/0x167
[ 2468.466964]  should_fail.cold+0x5/0xa
[ 2468.467698]  __alloc_pages_nodemask+0x182/0x600
[ 2468.468596]  ? add_mm_counter_fast+0x220/0x220
[ 2468.469471]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2468.470642]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2468.471653]  ? lock_downgrade+0x6d0/0x6d0
[ 2468.472451]  ? mark_held_locks+0x9e/0xe0
[ 2468.473244]  alloc_pages_vma+0xbb/0x410
[ 2468.474028]  handle_mm_fault+0x152f/0x3500
[ 2468.474849]  ? __pmd_alloc+0x5e0/0x5e0
[ 2468.475601]  ? vmacache_find+0x55/0x2a0
[ 2468.476378]  ? vmacache_update+0xce/0x140
[ 2468.477184]  do_user_addr_fault+0x56e/0xc60
[ 2468.478034]  exc_page_fault+0xa2/0x1a0
[ 2468.478785]  asm_exc_page_fault+0x1e/0x30
[ 2468.479579] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2468.480618] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2468.484135] RSP: 0018:ffff88800e78fb50 EFLAGS: 00050246
[ 2468.485168] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2468.486537] RDX: 0000000000000000 RSI: ffff88803777e898 RDI: 000000002001d000
[ 2468.487892] RBP: 000000002001c768 R08: 0000000000000000 R09: ffff88803777efff
[ 2468.489255] R10: ffffed1006eefdff R11: 0000000000000001 R12: 000000002001d768
[ 2468.490623] R13: ffff88803777e000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2468.492009]  _copy_to_user+0x13d/0x180
[ 2468.492756]  pagemap_read+0x333/0x590
[ 2468.493487]  ? clear_refs_write+0x780/0x780
[ 2468.494325]  ? iov_iter_advance+0x1b1/0xec0
[ 2468.495155]  do_iter_read+0x4fa/0x760
[ 2468.495886]  ? import_iovec+0x83/0xb0
[ 2468.496612]  vfs_readv+0xe5/0x160
[ 2468.497271]  ? vfs_iter_read+0xa0/0xa0
[ 2468.498021]  ? __fdget_pos+0xf1/0x190
[ 2468.498749]  ? lock_downgrade+0x6d0/0x6d0
[ 2468.499546]  ? ksys_write+0x12d/0x260
[ 2468.500281]  ? __fget_files+0x2f8/0x520
[ 2468.501056]  do_readv+0x139/0x300
[ 2468.501723]  ? vfs_readv+0x160/0x160
[ 2468.502440]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2468.503426]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2468.504381]  do_syscall_64+0x33/0x40
[ 2468.505069]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2468.506042] RIP: 0033:0x7fad0dc79b19
[ 2468.506754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2468.510228] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2468.511666] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2468.513012] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2468.514350] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2468.515701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2468.517052] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:35:19 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x6)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:35:19 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x43000}], 0x2)

11:35:19 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x45000}], 0x2)

11:35:19 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x0, 0x0}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:19 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9d000}], 0x2)

11:35:19 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
unlink(&(0x7f00000000c0)='./file0/file0\x00')
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080)=0xffffffffffffffff, 0x12)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
mknod$loop(&(0x7f0000000040)='./file0/file0\x00', 0x800, 0x1)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r0, {0x1}}, './file0/file0\x00'})
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)={0x574, 0x1b, 0x0, 0x70bd2d, 0x25dfdbfd, {0x17}, [@nested={0x4, 0x8}, @typed={0x8, 0x17, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="0ae6c2a3a853d00da78f694a7be6fa1ba5f6b4d2925bb5f31fe6585a", @typed={0xc, 0x15, 0x0, 0x0, @u64=0x43}, @generic="e9e82f67e50b", @generic="376a885caddd4eb05c0a8bb8d3b88b8370033316c81c246eedd2da597f88ccabb84a2338aae6f814da17267bab2f69efd5383ef7b60f66d44889086c78f11ac295a8d8b69440d7aa92d9855b0db5c295cb03d660b6041474443901da1a8faf3bb77a08c7f3a38c2472397c0fc73bc1b8ce75d435afad760e1f0cd429", @nested={0x215, 0x86, 0x0, 0x1, [@typed={0x8, 0x3f, 0x0, 0x0, @u32=0xfffffff7}, @typed={0x4, 0x4c}, @generic="be7668c0ff3f30516c26c5f530f9aeb1f1d5b88a2112b6d1690dfb3def73c53d6d8388777b921e87a25c7a607277319eae52fcb266c2a40d443e9c87f73823a9dcee673e9d3a40033206b1166bc1ae737df80eed4bbda410bc4a212fc4ecc5cdf1e56ac7d33524588aa69ee402", @typed={0x8, 0x3a, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="4da47f764322906b3462181f1b4356222c6909cf40b5596191916edc92d118090244da0266332b39b9d77a4294796f5e5829fbc3dda14a1c08c89cc6df15333d6e1c656352ee771036d7973732b0cdc7e193462d", @generic="c3319f155ac9a3c82173ca3509d467ce0cd1cc41fd8ad87f7ccb2fc8183c093a8d7ff0a3460be7ab7443ba3b0f28c3224b9166c67ec8a1f4ddc3c050bc7a0ab59721e37016e5a9f5299ccd241ca52d0566298457bc25d0e44aa7c87f67e4f8b2c375e4e0b0632fac42d240fae72f99aea718bc701a133b1ec52c32de28295e60b8f938d15065db09fa098955421b5085ff301e59d9b262112b8261e3f791ae5fbeab32da96cb0ae8f86f6ff45e69ce147580155941e3444ffe70f29b3349d57e465f53", @generic="c685efe75470414987f0c36d762b93db7b31ef0fec2c09694b3fde97360ee5cbf1264dad0985064e967503a78c38a0f9f6de5061dd0a383eab6e00dce190e25b6b5ab3c0f56d5d546e08f32d21754d99c059d8884812bf1141dfbf269362e9d5416cbf5375c1a29e9816f05014bba61d6b9eb088b7ff741003"]}, @generic="8790949769e8338a388ad1f059d9b2e6eb1b58a29faaec30f1ce7c525ce6fe14f5cad375343795010e0669c5765938208fa8c38b31cd27f0d5adb592b9a2df06cc", @nested={0xd1, 0x12, 0x0, 0x1, [@generic="dfbf2d014a138dfbd0c2147755d222ee0c2b5b484c789f7faf0bd95f89af35021a25934d0efda9964b6c215a210edc59b41d9d517907ee2becd731386d89d9b04d116ab332283a02e8f541bbfeee97ad0d8ea6f07fa14922d579b3003e8ea4c985361a10741e448b5b4acfabc7f408e3cc7e250108fe4a2bf5e0534e5acf17a262f401ab26b18d871dcac4ae13add099849bfe081fb2ca5c1d624a78f23d7a9896a1d6f66345a0c5e84e389e44e9b41fb9edda9bbc50a80dccee1b516388131488930451f15558752baf1526e6"]}, @nested={0x17c, 0x2d, 0x0, 0x1, [@generic="c197c0db4d1e9ee389ed75469ea4fd50d20a4993e8b5199f44083a1d06456ddd50b4f7f947f98021a7a7c1676d9d8c516ee81cf1d1b14fd513aa403d29c8f5dfb9a55a394c7264e7801930c347472f72be573b72abe6fbd6f77cba407bd6455351f4d0b5f4152437b08d97cd1a5dcbff5b96ce42d3e91e61cf8f3b23438c3e385d0c84eec7cb6668585291cdcc84b97144ae9e4d4ffc5fcde51b5c16b4fa4fa93979db6a89f826bf094557fdba1d90139c23d8", @typed={0x14, 0x7e, 0x0, 0x0, @ipv6=@private2}, @typed={0x4, 0x84}, @typed={0xc, 0x3, 0x0, 0x0, @str='@(+#%.@\x00'}, @typed={0x8, 0x58, 0x0, 0x0, @uid=r3}, @generic="14659fee6a2039e4fc71c0bcb0a6eba5bd44e1ee5393a8f41417c1a8383c58d155d1168af8ba0d4bab6335c12f03e2dcd4b526d18721ac95327178dd4beca6f87fdd3081c4c000e9051f1c65a03f457248fe3628fea9636f97f42a043b367409b050a967b5469b21921720ace31c37f406a0b68d2f2e72fbf327afb4d1f2107cd75e18faf3e4a0677590acdbe3c4f262201ca9ca4755351ea6"]}]}, 0x574}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)

11:35:19 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
setresuid(0xffffffffffffffff, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38)
statx(r0, &(0x7f0000000180)='./file1\x00', 0x4000, 0x800, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0, <r2=>0x0})
fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', r1, r2, 0x100)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setresuid(0xffffffffffffffff, r3, 0x0)
r4 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38)
statx(r4, &(0x7f0000000180)='./file1\x00', 0x4000, 0x800, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', r5, r6, 0x100)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000600)=<r7=>0x0)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setresuid(0xffffffffffffffff, r8, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{}, 0x0, @in6=@private1}}, &(0x7f0000000740)=0xe8)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000008c0)=[{{&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000080)=[{&(0x7f0000000200)="c7a76ca9b1f1810bd897986c68b2aef06806d9d2d0b96e892ea5fe03823d9ad2d7718f3097b12843608dfcf08f8e9fa49e9ea95df14703a428d5e5ccac60e1337893fa90fcc17bb84a6cf949a228372f26ec14304f2ecdc9ad1f9213c3d58864d7acb4b1e0a6acee94368af55fd78b08ab18f6e962042bf35394495a5068b3319740abdd03da41589747783000d0d6204e2da524760ec7ba3afb54f0b802b9762d9ec184b509a22e74d1f1cd2e148fa91c68aff4439f220aad843dbb1584964f0f9974f37cc5a72c5fa6c6d47f2fb755bc035ab100480da86b6c4a", 0xdb}], 0x1, &(0x7f0000000340)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0, 0x18050}}, {{0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000780)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r2}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r3, r6}}}, @cred={{0x1c, 0x1, 0x2, {r7, r8, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r9]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r10}}}], 0x110, 0x4000001}}], 0x2, 0x40000)
r11 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r11}], 0x1, 0x10)

11:35:19 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x46000}], 0x2)

11:35:19 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x0, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:32 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
sendmsg(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)=@hci={0x1f, 0x2, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)="16ee989e191b7b3d9cb9dad1f396d2dbc596ea3e2681281573eae4f7c49c1149d425e32f4720176489731722", 0x2c}], 0x1, &(0x7f0000000200)=[{0x20, 0x10b, 0x0, "17a3b678ebfe6b201de84d04e3d71e40"}, {0x88, 0x3a, 0x2cd9, "66a731871969b2fd90b283806af7fd8646bd9ebadfe0bf756ccf4fb18876bd91636ecb3416fa6652918b4af5cfaf3aca58a8b603a56424a0bd468bdf254eeb1ff8f15cefb89cd2c5a3a4129502be9183a7174c71682acbec2046ffe9e55a5be8687ae55fdba8c8e5953957ac4a1c6f36669087634c87"}], 0xa8}, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:35:32 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df2", 0xa7, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:32 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x0, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:32 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9e000}], 0x2)

11:35:32 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040))
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:35:32 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x47000}], 0x2)

11:35:32 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 63)

11:35:32 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x44000}], 0x2)

[ 2482.325412] FAULT_INJECTION: forcing a failure.
[ 2482.325412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2482.326985] CPU: 0 PID: 11017 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2482.327913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2482.329016] Call Trace:
[ 2482.329357]  dump_stack+0x107/0x167
[ 2482.329815]  should_fail.cold+0x5/0xa
[ 2482.330301]  _copy_to_user+0x2e/0x180
[ 2482.330777]  pagemap_read+0x333/0x590
[ 2482.331264]  ? clear_refs_write+0x780/0x780
[ 2482.331800]  ? iov_iter_advance+0x1b1/0xec0
[ 2482.332357]  do_iter_read+0x4fa/0x760
[ 2482.332832]  ? import_iovec+0x83/0xb0
[ 2482.333309]  vfs_readv+0xe5/0x160
[ 2482.333744]  ? vfs_iter_read+0xa0/0xa0
[ 2482.334239]  ? __fdget_pos+0xf1/0x190
[ 2482.334719]  ? lock_downgrade+0x6d0/0x6d0
[ 2482.335238]  ? ksys_write+0x12d/0x260
[ 2482.335723]  ? __fget_files+0x2f8/0x520
[ 2482.336231]  do_readv+0x139/0x300
[ 2482.336661]  ? vfs_readv+0x160/0x160
[ 2482.337127]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2482.337782]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2482.338432]  do_syscall_64+0x33/0x40
[ 2482.338893]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2482.339531] RIP: 0033:0x7fad0dc79b19
[ 2482.339995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2482.342285] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2482.343232] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2482.344340] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2482.345232] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2482.346180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2482.347072] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:35:33 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x45000}], 0x2)

11:35:33 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x200200, 0x8)

11:35:33 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040))
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r1, 0x9156, 0x9, 0x1297, 0x7})

11:35:33 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x48000}], 0x2)

11:35:33 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 64)

11:35:33 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df2", 0xa7, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:33 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9f000}], 0x2)

11:35:33 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x0, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:33 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)={'L-', 0x2}, 0x16, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:35:33 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, 0x0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000180), 0x5, 0x0, 0x0, &(0x7f0000000200), 0x4000000)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x10)

[ 2482.588732] FAULT_INJECTION: forcing a failure.
[ 2482.588732] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2482.590364] CPU: 0 PID: 11040 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2482.591225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2482.592127] Call Trace:
[ 2482.592446]  dump_stack+0x107/0x167
[ 2482.592868]  should_fail.cold+0x5/0xa
[ 2482.593313]  __alloc_pages_nodemask+0x182/0x600
[ 2482.593867]  ? add_mm_counter_fast+0x220/0x220
[ 2482.594371]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2482.595072]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2482.595682]  ? lock_downgrade+0x6d0/0x6d0
[ 2482.596165]  ? mark_held_locks+0x9e/0xe0
[ 2482.596642]  alloc_pages_vma+0xbb/0x410
[ 2482.597116]  handle_mm_fault+0x152f/0x3500
[ 2482.597611]  ? __pmd_alloc+0x5e0/0x5e0
[ 2482.598074]  ? vmacache_find+0x55/0x2a0
[ 2482.598541]  do_user_addr_fault+0x56e/0xc60
[ 2482.599048]  exc_page_fault+0xa2/0x1a0
[ 2482.599501]  asm_exc_page_fault+0x1e/0x30
[ 2482.599970] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2482.600599] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2482.602733] RSP: 0018:ffff88804841fb50 EFLAGS: 00050246
[ 2482.603326] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2482.604145] RDX: 0000000000000000 RSI: ffff888014fd4898 RDI: 000000002001e000
[ 2482.604970] RBP: 000000002001d768 R08: 0000000000000000 R09: ffff888014fd4fff
[ 2482.605751] R10: ffffed10029fa9ff R11: 0000000000000001 R12: 000000002001e768
[ 2482.606578] R13: ffff888014fd4000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2482.607416]  _copy_to_user+0x13d/0x180
[ 2482.607869]  pagemap_read+0x333/0x590
[ 2482.608293]  ? clear_refs_write+0x780/0x780
[ 2482.608799]  ? iov_iter_advance+0x1b1/0xec0
[ 2482.609304]  do_iter_read+0x4fa/0x760
[ 2482.609747]  ? import_iovec+0x83/0xb0
[ 2482.610196]  vfs_readv+0xe5/0x160
[ 2482.610593]  ? vfs_iter_read+0xa0/0xa0
[ 2482.611020]  ? __fdget_pos+0xf1/0x190
[ 2482.611463]  ? lock_downgrade+0x6d0/0x6d0
[ 2482.611918]  ? ksys_write+0x12d/0x260
[ 2482.612358]  ? __fget_files+0x2f8/0x520
[ 2482.612826]  do_readv+0x139/0x300
[ 2482.613230]  ? vfs_readv+0x160/0x160
[ 2482.613665]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2482.614281]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2482.614877]  do_syscall_64+0x33/0x40
[ 2482.615312]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2482.615903] RIP: 0033:0x7fad0dc79b19
[ 2482.616326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2482.618436] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2482.619306] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2482.620127] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2482.620944] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2482.621760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2482.622581] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:35:33 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x49000}], 0x2)

11:35:33 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x46000}], 0x2)

11:35:33 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa0000}], 0x2)

11:35:33 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:33 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)
lsetxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@sha1={0x1, "68d5d62ff30dd4eaf60614c244b3220e05441f60"}, 0x15, 0x0)

11:35:33 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000000)={0xffffffff, 0x3ff, 0x63, 0x65fc, 0x1})
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:35:33 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:33 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201", 0xa8, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:33 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4a000}], 0x2)

11:35:33 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x47000}], 0x2)

11:35:47 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 65)

11:35:47 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x48000}], 0x2)

11:35:47 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201", 0xa8, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:35:47 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa1000}], 0x2)

11:35:47 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4b000}], 0x2)

11:35:47 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = openat(r0, &(0x7f0000000000)='./file0\x00', 0x412041, 0x184)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
openat(r2, &(0x7f0000000040)='./file1\x00', 0x200, 0x41)
poll(&(0x7f0000000080)=[{r0}, {r1}, {r0, 0x110}], 0x3, 0x7fc)

11:35:47 executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f00000015c0)=""/4095, 0xfff}], 0x1, 0x2, 0x0)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x10)

11:35:47 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2496.899209] FAULT_INJECTION: forcing a failure.
[ 2496.899209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2496.901270] CPU: 0 PID: 11093 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2496.902455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2496.903837] Call Trace:
[ 2496.904286]  dump_stack+0x107/0x167
[ 2496.904901]  should_fail.cold+0x5/0xa
[ 2496.905548]  _copy_to_user+0x2e/0x180
[ 2496.906196]  pagemap_read+0x333/0x590
[ 2496.906848]  ? clear_refs_write+0x780/0x780
[ 2496.907575]  ? iov_iter_advance+0x1b1/0xec0
[ 2496.908315]  do_iter_read+0x4fa/0x760
[ 2496.908955]  ? import_iovec+0x83/0xb0
[ 2496.909597]  vfs_readv+0xe5/0x160
[ 2496.910206]  ? vfs_iter_read+0xa0/0xa0
[ 2496.910860]  ? __fdget_pos+0xf1/0x190
[ 2496.911489]  ? lock_downgrade+0x6d0/0x6d0
[ 2496.912200]  ? ksys_write+0x12d/0x260
[ 2496.912848]  ? __fget_files+0x2f8/0x520
[ 2496.913527]  do_readv+0x139/0x300
[ 2496.914117]  ? vfs_readv+0x160/0x160
[ 2496.914753]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2496.915630]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2496.916482]  do_syscall_64+0x33/0x40
[ 2496.917112]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2496.917965] RIP: 0033:0x7fad0dc79b19
[ 2496.918586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2496.921638] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2496.922910] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2496.924095] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2496.925281] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2496.926484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2496.927646] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:35:47 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x110)
acct(0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000000)={{0x4, @broadcast, 0x4e21, 0x8000000, 'sed\x00', 0x4, 0x3ff, 0x8}, {@loopback, 0x4e21, 0x1, 0x7, 0x9}}, 0x44)

11:35:47 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x400, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)
openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.events\x00', 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
statx(r1, &(0x7f0000000040)='./file0\x00', 0x0, 0x200, &(0x7f0000000200))
openat(r1, &(0x7f0000000000)='./file0\x00', 0x42, 0x81)

11:35:47 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa2000}], 0x2)

11:35:47 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4c000}], 0x2)

11:35:47 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x49000}], 0x2)

11:35:47 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:01 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 66)

11:36:01 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_mount_image$tmpfs(&(0x7f0000002740), &(0x7f0000002800)='./file0\x00', 0xfffffffffffffffa, 0x3, &(0x7f0000002a40)=[{&(0x7f0000002840)="1808465460fa889a3e01bd33296fd9486d4ab0b3a87ea8d55d98c4f4eef565b79a75148908da1afee8", 0x29, 0x401}, {&(0x7f0000002880)="40488c5921f6742eabc1be706e6b5dabdec6060b76801fba41fc758e5d2a48c695f93c86105a355b8ca7eaff357cf7e6a759bd55402b439f9b103de52e66817f8ae425d1bebf04a00695c5f583dddd9a37d7e92cbfc23ea479ac9b21ac10ee7b50a3f24d81f9bd127e2f64a33097ed3f4cb80f8cc91640c36e035885b060cb7297996cd79f1d784be015bbe27c7b3f6bc3d1320c31e0995e9a5d7e3b5c9b4edc68a40cb85f173a6bb9d3a66cae5318ee49c31d00de60f0ed3df31881a639e7ebbd15adc36f65492d149a607edb83f3db0ec7e86c6d33c4ead7d9a8c8b2d97d447ca51f16498ec4c3436016", 0xeb, 0x8}, {&(0x7f0000002980)="e4e30c509553f4d5581ca727c3d07b7d7c71f658e6c02bcd760061ce28c533e6a375231a50bd81dc64d894fdac2d56d88f49a716138f40a019f7faae8bf49a8564490ff5248e45f0f84b42aa9432d56294722748ba338d2a64fa862cfa3e437ffa7fa0d3f8b7e7dd4fac2c003388d51aef98ae87be5a10a04076db399d58aac92a16084ce588b92462e35297990575a0823ac64371878104a034898049c41536260e13562ff6a2e826dbe30cd34137", 0xaf, 0x5}], 0x8000, &(0x7f0000002ac0)=ANY=[@ANYBLOB="687567653d77697468696e5f73697a652c6d6f64653d303030303030303030303030303030303030512a9623c7f6e99dd124a94200", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0xfffe}, 0x0, 0xffffffffffdfffff, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000000200), 0x4)
setsockopt$inet6_int(r4, 0x29, 0x43, 0x0, 0x0)
chown(&(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0xffffffffffffffff)
r5 = syz_open_dev$usbmon(&(0x7f0000002b40), 0x0, 0x10001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x3)
fallocate(r5, 0x40, 0x1, 0x7fff)
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f00000003c0))
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x1, 0x9, &(0x7f0000002600)=[{&(0x7f0000000440)="3623e2bb9b3816f964f1d85a78fb59d4c1020e66c1734a09bee386b988815f44b0244e6ba0ceb64a106a63ed3215ef7dbcd4c4306dfaaea45d6d6fb2c59fbb3a524d624dab908627186fc7c13edc4ec1f77f02db2a447ecabbce7fec335eb97894fc6e5bebc2d595093a2b65bc5561972520136ca33af6fc13804285a07f8c6b05533cbbf789d14f51359a8add133cac979164557ccfca3e979d4954fc89d578c599bee7bfa29b330eb8e40695a932660d7838c1cec58ca53a3f0e5b341a13af5c3ebab70edcc2d09b1edd9fc00a70bbfd8b1aa2199eefcd0b257992d4b82873bc829dcb5b5582a60770254dddc00ab73ffc23e5b786648a51c4b559f98a8b32e83526efda887739def522d447c27327d7c2578b59cdbe754e53e1c6a3cbf9d21f9dc9c73de03a9407613054516799634dd2a9bb828d5a970ae02b63f1480f1ba84c9ea8a01098885344db7e3406814d4e0634f97f7aa3f3c0552ed1e802f8f496f37f3dbafd12e1ab9b90474b03631b8b23b772fa6f64366be654bf12815b069472b2cf73b3d2f377a70d0bcf9e75d270e49d7fb0ec97e82836a30652286e1ffa63cd2d1218590dcc57542285aff30434081826e9c95ce32678a8d107f3483b5085512dbd83bbe88d48236476fd90d6b924272a4d7ac1d454da75ec6799b62fb0074338e66127b9f9de40d4e0e5929f81110c734b00ac34c32414148a620181ff50ea8afc0e3c865cff17ac69c146c6f305d7f15256d3c284891786070bc15e7533c0ab39361906d7aa568a9a57567b1765b4a2222409a1682670f75eac29025b1ef873ed5be71f8f6d25e3187369245e94c267e6bffdde946fd17f42db57b77130c1d032957307e599afa7cc42d6b9f6a45940b00407d1c4315418c8ab48143fda8f5841b0ba75a0cfd386d502ff18db58a21fc922573061e759d3ab8bd9c81fd231480f3714af58eff8e2e2a1e9659ffd3ff77290e314db4c4488813f278700a26303e8be5e651e51dd6526698b6e5c63f2f468b47fcf69cfcec3e403689629f5e01fb31fc9120aee655300a4454dc1145dbf08b09fbe5743323c5eb55d583940f9cc16e634bbeda82aa9bdbcc80ef93812b85089b377c56b5b4cc67c70a205adbce5cd14266ee06128d89077c7bee98fd5d94a2903242c513d2b42c3cb13fdb4310ff8a4ca11118d734db7686368ff7e03b0fa51e539e345c61e6da4a5525a85839df05df8dcd3b7441841b5022e79c9bc1b9df00bc15bc6605272c615f657c06b9621eb990e32f586a680620e95e7e99611e59b48c556cc32c5cee51da7647901432f62aaaa753c668ed92cd827ce54ccb1c2b22bd50487c0e1e4db957f581e3bf9f585728fb06c93908ce55bb3abb8155e724df4c94b7211f0e7826f20e00e3265a83ba7f77676db9d6259d5d97ac675900b4a08f249aef4b87b6fc340b18e426fd861be6b16ab66b8ec51b992605166e29572ca5b339679329d06f719934a66d03b0b7240bfe8d0d149575329c72cd70a5f8fe97b49564e8f7147a677c62cc7bb3a72e3fd036c251e10d4624c240a287c10a4d98e3525a1feb0b8ea63b9e90900be37d74238fbf130e0b46a98573176d5f3c31f7c65ea3d4b23021377623974f651b6f7e36cb150faaac9412c5c0b628eba2a8c0135a3ece552a9646ab4e05d836ccdbad7327baf4b38380a7c3b26e1e8022d403f1946bca86930e44a589024fe4736ba106eb42e8d23bb948c24b25eecfefc5637c004845c3bd4f99a8d3a10560f2dc395981ff8e7f2e69a4a78832efb87ff6b09dfcf4a86283b21f4acac0f84c720fa61e14190d75965d5623df086b500bb7599b85a33e7f714d9ba35c3554fa0f3d7e8ad11fca09c2974547c863fce84bbdadb108eacb4d4b2ee7c1fa74b8b2a29a2f369afa94f34b694678c23ecd06cda303a4035a984d36d2c9c8c1ed63e63455fc63660cf5fba79c6e39bcca1598a72ae9dae9348b8ac51566f45141744ea1a32ffde8dc2cdc2eac1fd073713bf1f55db2434aadc93be76dc3fe08d1b5a32853b9e8ea9f0a34eb61263e9b89058d452069e1df99a1cefdd8b6401bfc4d145fa0913f65e5ffd5d6b5f5e1315acc2ef53f816d6ce07a15338b1eb4c90487fd7970b892c47ab05be4a6ae184244cf6f157f21961cbe4c7cc0f8efec47ac75d5e31a9e145455e23b30163f049785dd137f2f5ffe8a22275b2efe52e8179ea7b3a724a25054ceac0cc52c784734a21c89c95bd235abe01e3220b495562aeebe7092bb35052eb2b0f0ea98b6843953857d6321beba25e6825bef7f746f6cf93c4312a4647e6a7ed95d68d008dedf2016cb12da0935cb0936d65b2925a2e019cdd64fcb26e867e65920fff7b1d9c1d1e77d3d4957b552d1d33146962882acff24e310352de905ac8ec6720c2014908092cfe0b1471c330a7a15c3819cb4cf2b84f8fac943f990f297bd05a76e3967895b89465776ffe33a9820071e3c198880bfe79e73665c727c9b26a94640ef7af1e03aa6499402c192cfeae23b41ec1e2a7b9c3ac2f259510161d00d68bca25a562c98b9e70c32702edc753984bbc816e76a507f20364b417304630467b09e0df65e87791a90b2a8aa92694c6ed55bf83a030f5602a554353a6f3cabd56c2d990aa73e7753592209c72544a309e371553190078d194fc2d3235c18a935a34377c849380a6c4fea11a8ee5a9af4835504241a16089154da458512f97da060ee06ecf20983fd8c3fc33333944fd7c9bc5e8a949a075c8ff2bff7d52eaa9d1eeab169f5f28623d92143adf9c5a94bd4f1f20476d715ed24bd29390611b221bb497ee4b42c13d4a42d3e1c7d6cc27c9bcf7aebd80d2c76556fdc0006c6dc26eebf8ac472b53540b6b0fa4ba872847d3459b12095189e50227ea1dbd7bb4c1879dd6513a7c0bca4a4c1e2f2d06fa8c3b8d89e976a8c495b2662186004b33b3f65ed12d3066f8ff08d932bcb9837fe232c899285f3d80831ad552d5906770fea772790b7a9288e7798b21281b720358bc1a3ca0ee08a490567bd77ec02655ae20e8b0732451f26dd17c9f4fa8e8b16fc2dcae22f7bf05cacbca4a8cda5b387133bb80720bde371dad6f0ca53c733be03069bdcc56d94c4c8f2bae284241e2d066c030fd407f7bbb616a5d93243b4ae1f0c7be3fdbd0896fa9233901cfb5295b21aa41208cf89a11f12ffb6500f613ad7d4ab633cbb03f74abd1c13873d7d6484566da162591546843bb841bf415d6d04a99baebfa792ea5339cc6d89022a8eb481d4da53e085c9d57c55891be19b3cd8cd4908fa1c928a009e45c48aafe60716fd2051ea20b0e3c04b099cb0901bc16748fe6dc2baa4d2f64d001fc6e2418e3f02977b72c09a119c447ef7fd33f8b251d695420c43e3eb70c0f9c37451b498e23e1c09f6a7aa615547e7dc54513bea16aa15626182c43f6d18594cf96d92f2d78a2bb140a6f50afd6f554f4b36e2226c6f23f20a3003f6173f0c3b299073192a309f9673f3d4e81deb0c8217c8d7181087c134afdb8510fb88e9d9355aecfa416274342d35b764d6d4b3dc8e77964729072ed83c2ed82af5f95884d9497d01abc5db8865464ef1837a704f571b8d552e30a4e835fc5071c676eba016ddfbfa7bef6af594a23db6b3847d6a574ebb7653a683d9512b0672fe82959e8f3da3bcf8224c2dbd2630673e3dcc6231f77262a2d6780c39e74d3739201709a3877c32b016d3b2e077efe589a7474bb83976bec298c3c8108b5efa341ae64acfa870012c3f3bb8e9cd00889042b3eca3d3fa8841baccb37472e0f587c76057d1079c7b5ff3ccf878d102c4cd004414d5315bc61f512cb1b518bf26b8529cbe55c236dca983ffdbab32be7b9ed9418de259c5fedade0aae86fe4cea5fcb62f8847d23b9269b8ef389bf025228c57de457b061e9280c5493b01d8264217b8d818241fea972e10e4f862fa0b2f1f6b3bc4c0d0780083792a0e5fa0b07f43e6d0473654893c1314088e03db806887c501df3db7c0af6f7d368b2ad492858f7249a65a9e46d8107b89ca8eacc1585ee48f59de0787b91938588e8b11d8b244a5143afaf5c06c90077ea554f3dd162f171d65b00f470ec5bc5936a7362431f4614c05de2b82b30977317a8a655346699a3f23c5ae548de753825c58c570126d6074e9c99eb0185721cb6d43556a140916420e7ecd903b44e618fa31da3f911cd100b0716cf9ac8b6dcaf724f3a4b6b274a89e24e7498a33ed60c2f8f1e2f4c88acc5dfa6e2b83cf6d7f146216f92223797b759c0573a634bfdf0764dfe6f7a72027741eaa3397343cd954aa5287fc386cac8b864645b18a6d3187f8a15b7e1fe31ed5cbf1621c0a7de1694bae228e2f0b074cd4a8d591b8265e054654eb39f72458568e0d5cd7d6b3bf09e6a02200d0cd3b301fbf10d74bfdff4bb7105c21eee73123f1af214417d1beacf27b29105a489a86f3d048a477df8bde6b5b104584e9188a446fb706057515a45a83a15d79cb06c1f19591bc1c470c442af1953b70c28233fe017dd7b1a92f54bf5f3854ef34839361efc8de7fd7e46ae216c9fd157ab07a8642f991a97f1520793032da05908d8348dd592239c7efd3ad1496e6651720a32625fa0c7def7cfd92017be71f07540a9da2f3472f9ba5c743726f759828f68cee63ba73e203476c17902bb6fbe96e7b8ada0c29a9ff572bdf9dbd0d25035208aff411def18827e4b3e05b491338c143722bdf0ffcb566504d19531f455e944f1e103a3f4aa85ffaf66c767790d56ad45cac9fdd9c20eec1e20ce23ab9a9e55f500a563ee82ff66245c2407c8c2aacf2f36aafa5be41df1e4da3fa6df62a90d0db7c0c5bb87f6d8eb9ebc4970a85c95541041e26833c003f78ec0831cfc271615f376ea138a5129af1ec4af420ff1c613a85ba960f0a38bb6698117cf9046f7e88215b58e5fd7d395dbf2cf81433df6189cd50be4e02b6bc569e62273b52966bafca9162996b427939005b0080a53be6517bb2e160004bd4c20313e94793f01da84eba4a69fb08e81dad86788bda37755a7e9fff5afbfd784657214788fb9ae0e78387979673f67c1e84546f81cea276f0f97e45cb514a20d696d423d4e095bbb29dafae7c7cc9c866463c7698c1d3305492b76fff29afc3d9dc631e98b84a897f9043d319757599136a081aa666346ca696bbe1ac1ab7ef04a1415f5fab0078e45687ba229faa2bcc70322979fe766479b00ec5821785b4e2a424bbbc63dc57629edcf5da4345e7e09bedd9fe0af39020700fb99f38f1c9ab4e0d39db51230e105bcad167ceb62a3690a86bc5938a624fd0c5d23771dbe8946d05b1e22dbd23d041d4563463a7103ff8fbdbf2421387014187adaaa6af6c6bce3bcbc303d839e8ce52648b8f550b33fb57021dcb27520d702c3a214d65ebffe6ab9cf23c55bdb75410487f6f1c77a9793127d8157fe2bd40a6c15e8546a390b56bb987a271c89ceb05fc34474fdd21517df42a28ea325ea5e5de4921430d3bd5bcd49f8f4ec1930f069a724696c75404935f080733d5648cb9edd271a15436d0772e1ef96fe460b874ac69d4fe6ad05feb549821ef72a4c365836f88eff845208f77880d4d9575b4f0586de1117b20591cb59126383803027b7816c80427f3c3d5a782e46a449b77aff7e9969a368cebca9a6387441779c000881247ec04cd30fd9e95556365df5c2b7e52a5ff95d459050f36ab82ff28ef67579234a31ffd482aca9e63a473bf6fe2c052bc40a059b6c25bcbe06412bfa264626ec3", 0x1000, 0x6}, {&(0x7f00000000c0)="8c4aaf7469c9", 0x6, 0x100}, {&(0x7f0000000200)="cfd19ddf8b08135e4b352b73150ba16d796e812fad4ea3402ca0ff7fa3ebb5eb5ec288c3444ecc66fd7f1b11e1343ac5881b46938119f04eda520a61bac14e48afd605a840320f609570bfdd1e764c1b5ba2e71a58ec235060c9eebfd98b40f8fcc06f5fdddffd40feb4f4d500a582bf352ddda1105371e2003951563f819628385c3da2282c23ef821da5ea588477b56ddcafb7c947d595ee8b621792fcde7c0db75111da56585c11a1859ed8ce4b2a466300286d007b2328bd72b975005a77", 0xc0}, {&(0x7f0000000140)="ae95d759e13af914c1731203e59d04e5419bd71b84bbea2129d591f4c4e4ce2982", 0x21, 0x4}, {&(0x7f0000000180), 0x0, 0xfff}, {&(0x7f0000002d00)="3025ee814b4bb0d3e491ef9a80393c008314871b31b0dcc2ed8cf56e20605e47cff2456b6c11e693b08df6827034fc4ee6db0d6b4edfb779ef36fc709296b258f5528b4f0c3937589007000000ad53119c403d0947665d40840494bcfd507b8ecfb2e768564f9e2431db85a55bffad82d6a76d7f7444ad6ea322a98dc466cb09a44344c79b6d890b4ae3dc31874d9216277e99ace822603b46f532ba0343468c2cfb5536b8861dd1b22ec6953518e4f9efeb6107b8530914438334a8078fe099e8092afc757d9bb1c94f03c20cc38a409b3b46de8f002a6aaf932d33daa37a14a976f8bc682af3a09f0ca3a64e66b50625a9bd02cf1df8461f89d18537d37394ec7fc270deb7f5c85f4beac3b1104c0e6f2e3608428a7c6e95057be71ab03cc990fcf5609360da4333f70e8afeef8ffe157ed60881773e530b566ca5a70a1a676b93437292ce3721fd7156fadbe2604a17ea2b6574c504f6b810c52ca9e38912ec5024e2c69a8100bba04657fbb83193eff6e52f8459975287d3", 0x17a, 0x4}, {&(0x7f0000001440)="b7d90477e384eba22f9106468f8fa6537a3a57afa6e8ab4b06e7197dfb0a9fff0f479092a40d40d68f3c94c61318937a13d7b9025326f10568366e1287131d29bcb249ea469348f7cef6acb78ea583a95c7436c0136e708c1d5e88b8f17c651242b496db85f75400b5f253f54e0a277c6721113b82595448bb13f6f8201c400d2f94858a3ee5db5fe1bdcdc08bb12303e93527262c1222e420c411aec6c4fb25fd73f8bd1793b30a32f4fe3fd923d627116b2a30a2", 0xb5, 0x1}, {&(0x7f0000001500)="d9b1a35f744a624322c82fb2e15436440c0d0ea4014e7a43050cbd2f5d04c18e5c05f4f602703b073f22a5bb0a0067d39572f54eb924290227bde5dd7991c78f017625e60dfb8084581029d6e6f75db48424fd6ef439702cb03fc28dca5cb5f6c8ac3491abffb20d1d839863154ebdae6b876db7920c260ca05b5e52b0e695f0d8b59e3253e122e448b726197369b1913a4486d79fbc0cc188534e250ebb185a4d66ff64e45589f8332671562a2243c953c897eacd2dd5bfb117ec19e4841cd5ed9291136bce11afe97148c9b74587c329460bc2597b45c36ecfd475df1bf9ce44a0383f349a12e914b907910480235870b90967910e5a8c6da589357a66f04c25b5304176f122a420d98795c3640c703f2b3df26cad82bad4d13583b68fa848e04c4b17ec67abbac809a1792dae7f505e0eed5d4d520e5f391aa74a1709ade9aa3ddf75c3fe69f19d9546f1285c6df8174f093b0d8b952d6c7771651ddc2918b8c86b8a9af08ea6e5375c9440f9234a2be1902e8096e332cabe34aca6988265b6fb6706a09b3622821df7101c00e95721e9c1f430170406307d8dcb0545ee9c3d52fa3eb1a334ef4673f57eb71502a7e9f3b9799f3b0430e0df72773d439f3fd4f3c8a6325ec079cdf2ed7c56784a2fee810ca4eb24d165d6da76b00025580ed64770c874a3668b56b7c7a36b8cd38873c74a95b46b5a2658844625ef8c3914d5d6cb4c1b28eae084c2a53f28ce5b3f574d319863872ca5fd742243a8ba5d2d8c80386c87f138c0a0af301741845034fa0350344c148ed8cdebedc23e3e5c46145934ead1450f26f3ec25da3f1548860c8064f1e0ee2f0b7bc2c6134b3fa646aabaae7d866fcfb7f59b2a53ba54203625c66d6cd8143494b3a266ba9802887f5020d7929ebb9e23556f793fac0e6c17d7ac49212bc99e5edf67fa70a2e390ebce47cfcef0b09b5c175a5374c262fa73c03bc1ee7721d0e42e0801c0da6c0bca531e846479524821b3794287c5fbf20bc741aa5ab2586a60d52c449e62eb6923e48cb360860d09191cfcf4e91ab1b793535d1e0f858164eedea4dcd55f83e720ee732c2eea3d648e4cc9da704733568cdd6cc0997af1e89bf770db8ac344a349d1e8609c6775361616463ed988307d8674984291e7ccb4a790742510333a5294d4334384ce5efea392d47df2436197cdff1ec1c6f92cd17dcb7d229f402f626e3b3dc2dbe203924fe40357897758b0e571e7ac1a2b082aa3882b1fe1e2629d008270de5ad484cffc9d551c94691752e68e3d7d24e5ad1bd83dfcba904859f81655b7210d1f94ba3cf3255822cd10dca73ad782dd5a85dd08d488bf7150ec7bb33b2bc65bde06c8b51b8b9d41b9fdb636abe44c05fb5c8413e0e825e91f4860a8062e484af6e97bec7dcc3d609e4c428a0ca681e4788a143a96aac8f92f084df5e54d9bcfb2b971aa61d42394ea612bd114a7edcc6aef6e456ebf4118b4e7732a7fa613f3f73a6ab58de4ec31030e7491cbde8d4bc138da0df08df73effe13f54cde460b6354d570a5e5717919d06c3c65c1ec8f7f028845627d8fa6c7e7c766ca3ca6adceee30c553f71bc4a6d9c6fb9bb6dd626620fa890c40746ff43d4863d65aa53340b63c9ca52b942606533969704d2a42b6f635d9de88b175bd3c55d6640c2284e69f4d40ec462d6f9a691e00596baa801fc4fa036feb939a46273568661e955094d293cd2a4ffdb7ac57022a07aa9989e70129a7c5782463543417d07568376ebc09a7fd9835a27d2f78b6038545050741494485b54783cdf432e3811d1dc74719414e72b94ea1f8a5c2a7b0e31a63b12f1829da0b36294fd00f52b7eef980c661eb21121beb0460713a6f23a6c2a01c64b619b3fe2d2834f1d6c31591e7f3f1359cb51f70ae47711f0b67492b1ebf3e538993c36af3b2c77148426b139884db33554b7d11f024842a0d40853d96463e5cdd77f03c61bfc808f11e640a21c093d9b9925bfd602e0cf30c05bfad5a83c3b00bf0a593f78ca759bb8c76bca4757738a6d06ef72657d5bbc6b925d840188217a3b71a08be702172909001c4259958b048e9e85395543b1fd1258c86e0e03801277ccc5fdc4e1bedc6271a51158046c23400f37d27416af4d95280b45d4a75b99dc72bdd63deb6f2bf0a2b5ef765e7008ced03b81ad9a09f020d673e854b9cff7721cbcb3545b6f77d7ddb739f7021a18ba38b92c50a34efbb72cd7633b9e07c3a3c6f109e49a664f744ff969b574f7b0c64e180c1f32229b5ff73eff9f63b79e6d05e8a2d2dea6193dac5adf4cbba69fa9439d0ad2cf16d840553a592754b7a2a3992590601bfc2914ff88f9ec575a1f388d0de8b24dff8e04a3b21f3068cb7576a6164ccd41dfb06f1528de365e718958ca69b05709677b5e7e238a923e489c0fc32ec76cd2fcd733d73627efdd77058791b111483270b498c2bb89197ff79bad1f628c7f558685834fbe73c2420fe3db421f7f402547f173fa7578b68473d080ddf8c3eacfea75abfc68ce6d2311506dea3620ad3791010cf5396f98775abfa804cff4ba51fc7c47a7375c3e5e06f83444c1bc8fce21df9a785761d296732db237903b7286e78f79be825bd9275ea2437d494b30b692f2afaca449b929898cf821a39048ff7650d370c91a7411f7cb86989ad2c15d3bd1954cde011b5eac283d49f6009fd0cf0c04be44d3668d726ab4c558d6d7672fa31c4e6cb2fab3a3bcba786fdf6b016a6cc05dc1315e43c196c76eb0fbc4df31962402c614d21c970ac58e7aa4ddce1eeba210b8acd745749c53e0e33010ae73d1df86b19b8bd4ab4e848b57cc0dc8c1829bd965d893561b90c06cf5656c4e8547e17e2566b0fd42cfee35819749b5c1ffb9dfc4bdd0290ee1d66f4f5d41458c550808816a568f9e4dc20d761d23c5619a0128389204247ce85e2d3d24386b4e0fd50f154560be707dc4f942859d4eab84514089b0653eb9b33cea09045222d37db88404570335c03b1400538736a0e28294659c1aa72931575d33a2502b52f0962747591ed343086ae8424cef2e31d413ae4c86d50336766661f67647a3edcc8638db2280716d501630a6ce3c703eb7a3f315b82127f263690bd3848f118d9dca63ff5d619415e22f9caf1082da6bf86f437fe212d078bb404e63994d73f3a65e40dd6adf008ee817367971434c0dd787d167809ef3e6f4e3db92740a190d57c6254df895405ecb9137d7b9c3a64bfff45c0a5c5bc521879a9a57e6d8a1b031207ddd6957fc18c51da40437bb303e1cbf2c3f307147ce9525df731fbf509479fa5dbdb15112fbbf2908c1b9bd79bef1d25e9483d78870a24cbfe47882aae4401f7ec6b93f34d90f399134adf4d33c987f792053727a14862d264b2101bec8a1ee77cdd4349201e9da5b2c285da227cf373d5ea3977cd93b3daea9fedcbe4f116f8b06ad586b7663289df132e8cd8b7d4545bb37fba7d010949379f2fff202306750975e714ab07e5c8baf64cd8f87de713b2c19d1728ce168c83681d2df153c8dbb2180fd707ca1f88a4563381e4300aa1d85b1d06c73f89ddc8e4f49ab7bb1f4d63d1a7b5196a3af5c4b71e00c84791723e77e57d902f593ffe7d27da2d8e224f6221e2f775c2c4d2915fbc3a7bf9cd4303689409d70b519fe8735486aa30ffc45dedabb45f31c1ab036402c87111615d4c39544a72d8c8096fd26260cff06d25084fa33d5cb409081417cc2386be4fafe4383896943bae5a9e092ef396091a087fb8baa011862483b9c6945c62063a317af60d9580eea4708995160c8f037a54653a40456ec570036f12f9c2b6ad362af15b61297252aa012a7f6850ba10835ca49123a31680c2495e70029a0d485c5ccecb2069b7c07dc8f2eff8f1f7f1e06b8944aed157bf6caab1526b003b428eada41f68434e7e302ef008c0725eaca38863f05233ebd892944abcbc087631fa4098e5e416db400ae82e0da826ea94edc178048136cbb329142106aace99b4725a3d835eea7329d7ab0c3636fb74d1dddb19a158acf8687eb9370cb8255422ae164c67ccea13ad7f8ac25405a39ded83c62cc59d5a373bfc35750c1cd720bf463dcaddfc0555d66dae7671a1d726a8b62d7689a7fa22e605eeae19cc22d561fbedfb76cd278973e41bc5a5bb9d93f1bc160c80072d51738f208c256cb1fb9c39539ca2b2c74f83917e5af73da816b8951286854ebeba65fbbd5c09bc9c1a32081561dbb8c4fb896326fb6e8bff142c3fc93a120440884566308b88ba1b7efb65c645b2cc7c750b8a573aaf1e4ff1423b4f1879962fb980f81f322e95992a32f0ff3bd3badf34e511ca236abbdc3b7ca6f3c6800a9f1ec118c5de7ad6a0a4d1b89093052baa04e24fac8c4e249c22529024623d6a66b482b27bf13fb81b2b7f83a62626b81fdc823647ae2b977fd0636001e7e41cd6545e933441d054ddeb2f6fb23e12432d89806bfab2acd64a5542fea86fbdc571c81aa8ff0e32bc1dc0f3ebc9861a837f057485fe6202906653d53659cba73b1c695b1ee78fd86e3caf055ef84f50da89f6198cef02fe862ca268c131a34fd01f7b488bb586171ac4665658894acf2be2ea68c089c67b0d4295344a77de1c7bda5b101d1cfd8fbaee055e5daacf37b7953f2cc5ffc59195392ee94fdaf096082b41e51ef96a3461c4fd276d3c9a89a308725382228e9a7f4fa9ad8fa5905f76d160072e604a35f4b92487d975bee6e9c25f9c8a0ba5d76cde92953d31e541e67369718cf0fee74e6feea1003433da80b8d4f4a1b274c1b216c7cef7f7a6885a93f86f1670f45a240da1daa3f8f7dbfae8265f36c131ea073f62d8f0d7c6bf590ee0a2948cf15d6b700ec79d2c3bbea8389b9fc5b525353e20ef9ecf057adeb78be7743dbcfb2a27f49901eb72b198815ec9d8e5d14b957c0c1a32db7bbddcbb01b5e25ef1eb2fd5a6dbe8968c1f9f4535e5d8f7023727ee416d2c83df02f2c95ec8f0476ea382add2b4912235fe9b43f55e3f3be2b2a91d5eefb1645a3ac6550918be5d5215324380d5684cdc7db35d47aed36369f0a7ec888d8249f3b1e9486d7e6e10ee3c4b369981b1c2f1715924625ac32e29dec63518d554510387c3376207c5cd05945ff2dbc9f85b72f4a1be5b8ef3d8c7901d373fb219e018bdd9fa3a39dd03e3d11a5adc49c8ce33cb51679f791a3939eba0366f8a58ce6a88f26b19a93f15153c188abc011b6983ecf2695df1204f20cb25f98dc29efbff69a6155ccb5e1bc6e4ed5069907344e53c22fe940e1dcbebe892aa0857f913d366de6ed5ad5d0d27b19063673b89e5098e010a349211ed019ec16a2ae9da910639d5011d509ed7f544e345af4558e619f99671cec35eeeb96143f901b7eaeafded39b7ad506d26bbbb20e5cc643ea9a3bb15405b22959d6050ab6ef5f9a699e02c5dc2d8903a88f9811b6c42eee61b94c2edcc22c63ef7d769399ddbcdcc29910dfd238f8277d01ba999b43a67330f103b3f58669eddb592a7299921c519d35c08fcdcf040aded32fc01e224672f568aa250e26c8dcbff928e406a0479d96e6e934222c796a78a837fe0695ae763ce7d5172b4baa6234acafc98f72d413e5d4ed5c365d2df7e214e180995d83ec2d33fc9fa6efa517d00908896f41828986afb7d96c6f703149ec0361c904bd30bf20baf61b69534e41e4f11c8cfc6303c51bbc8e70fead726aeee5f0a3168f28706dcc4e21dacbd16440d3a7304254e046e60e8b1125943011be9e389388203a36dac866e8", 0x1000, 0x800}, {&(0x7f0000002500)="fff3fba67806617064d7197888026424ade9022b97f6183a8b1873cc0216f5cd96f62c51e978c3c95230d9d9b6a071c426cf002282c51f271bebe5a92c4c6e8a3ebdb8d39d690487114fc3fdac4faba7e8a01f6410f66447bd3a407ddead89a6fb6b1130863eabe50ca9eaa3bddc4d9ebb63ccaefb7b7b48d9ac4c15949a4f94ebf3867464088d4cc806338df2aef74c125acb141f0842ee4c6a835c16b4f4947f22eeb9109c42498c75550d1aae3734dd0f6cc264cd53640013c5e7a607c7c2a9491767b0e0a7b6fd45a094a67ac7", 0xcf, 0xd0}], 0x0, &(0x7f0000002780)=ANY=[@ANYBLOB='dots,dots,dont_hash,smackfsfloor=\x00,fowner<', @ANYRESDEC=0xee01, @ANYBLOB="2c65b1776d47af54435ce97569643d", @ANYRESDEC, @ANYBLOB=',obj_type=,\x00'])

11:36:01 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:01 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa3000}], 0x2)

11:36:01 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4d000}], 0x2)

11:36:01 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x2f, 0x3, 0x1, 0xffff, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7, 0x8000, 0x4, 0x3}})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
write$P9_RREADLINK(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="1000000017080000002e2f66696c653044680317e6d1c0b39f42fd5fff41895090c65233bb9948679f39c124aab68fccfaf73ac8ec09e2368ef296bf"], 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:36:01 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4a000}], 0x2)

11:36:01 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201", 0xa8, 0x44080, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2510.673654] FAULT_INJECTION: forcing a failure.
[ 2510.673654] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2510.676789] CPU: 0 PID: 11135 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2510.678421] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2510.680235] Call Trace:
[ 2510.680816]  dump_stack+0x107/0x167
[ 2510.681616]  should_fail.cold+0x5/0xa
[ 2510.682466]  __alloc_pages_nodemask+0x182/0x600
[ 2510.683486]  ? add_mm_counter_fast+0x220/0x220
[ 2510.684488]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2510.685790]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2510.686927]  ? lock_downgrade+0x6d0/0x6d0
[ 2510.687827]  ? mark_held_locks+0x9e/0xe0
[ 2510.688716]  alloc_pages_vma+0xbb/0x410
[ 2510.689568]  handle_mm_fault+0x152f/0x3500
[ 2510.690506]  ? __pmd_alloc+0x5e0/0x5e0
[ 2510.691360]  ? vmacache_find+0x55/0x2a0
[ 2510.692236]  do_user_addr_fault+0x56e/0xc60
[ 2510.693184]  exc_page_fault+0xa2/0x1a0
[ 2510.694031]  asm_exc_page_fault+0x1e/0x30
[ 2510.694938] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2510.696104] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2510.700049] RSP: 0018:ffff88804a3b7b50 EFLAGS: 00050246
[ 2510.701203] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2510.702766] RDX: 0000000000000000 RSI: ffff8880469ba898 RDI: 000000002001f000
[ 2510.704333] RBP: 000000002001e768 R08: 0000000000000000 R09: ffff8880469bafff
[ 2510.705892] R10: ffffed1008d375ff R11: 0000000000000001 R12: 000000002001f768
[ 2510.707468] R13: ffff8880469ba000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2510.709073]  _copy_to_user+0x13d/0x180
[ 2510.709929]  pagemap_read+0x333/0x590
[ 2510.710779]  ? clear_refs_write+0x780/0x780
[ 2510.711711]  ? iov_iter_advance+0x1b1/0xec0
[ 2510.712674]  do_iter_read+0x4fa/0x760
[ 2510.713493]  ? import_iovec+0x83/0xb0
[ 2510.714344]  vfs_readv+0xe5/0x160
[ 2510.715108]  ? vfs_iter_read+0xa0/0xa0
[ 2510.715946]  ? __fdget_pos+0xf1/0x190
[ 2510.716769]  ? lock_downgrade+0x6d0/0x6d0
[ 2510.717689]  ? ksys_write+0x12d/0x260
[ 2510.718546]  ? __fget_files+0x2f8/0x520
[ 2510.719453]  do_readv+0x139/0x300
[ 2510.720215]  ? vfs_readv+0x160/0x160
[ 2510.721039]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2510.722167]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2510.723293]  do_syscall_64+0x33/0x40
[ 2510.724112]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2510.725231] RIP: 0033:0x7fad0dc79b19
[ 2510.726046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2510.730101] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2510.731765] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2510.733344] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2510.734915] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2510.736450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2510.737984] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:36:01 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4e000}], 0x2)

11:36:01 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa4000}], 0x2)

11:36:01 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
fallocate(r0, 0x5b, 0x10000, 0x5)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:36:01 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0xa0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
copy_file_range(r1, &(0x7f0000000040)=0x9, r0, &(0x7f0000000080)=0x5, 0x1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x24, 0x0, 0x8, 0x3, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000000}, 0x804)
open(&(0x7f00000000c0)='./file1\x00', 0x410040, 0x84)

11:36:01 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4b000}], 0x2)

11:36:16 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4c000}], 0x2)

11:36:16 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 67)

11:36:16 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa5000}], 0x2)

11:36:16 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4f000}], 0x2)

11:36:16 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x0, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:16 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
syz_io_uring_setup(0xa06, &(0x7f0000000000)={0x0, 0xf0a0, 0x1, 0x3, 0x342, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000180)=@IORING_OP_WRITE={0x17, 0x2, 0x2000, @fd_index=0x8, 0x1ff, &(0x7f0000000140)="2555715951fc3894e26b4b51895341b824c00046eb4a5bf0f3ff340fc0e3c41ebb240d02", 0x24, 0x10, 0x1}, 0x4)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:36:16 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
creat(&(0x7f0000000000)='\x00', 0x4)
creat(&(0x7f0000000040)='./file0\x00', 0x0)

11:36:16 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

[ 2526.087488] FAULT_INJECTION: forcing a failure.
[ 2526.087488] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2526.089400] CPU: 1 PID: 11184 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2526.090366] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2526.091528] Call Trace:
[ 2526.091900]  dump_stack+0x107/0x167
[ 2526.092403]  should_fail.cold+0x5/0xa
[ 2526.092938]  _copy_to_user+0x2e/0x180
[ 2526.093468]  pagemap_read+0x333/0x590
[ 2526.094004]  ? clear_refs_write+0x780/0x780
[ 2526.094602]  ? iov_iter_advance+0x1b1/0xec0
[ 2526.095204]  do_iter_read+0x4fa/0x760
[ 2526.095726]  ? import_iovec+0x83/0xb0
[ 2526.096256]  vfs_readv+0xe5/0x160
[ 2526.096736]  ? vfs_iter_read+0xa0/0xa0
[ 2526.097276]  ? __fdget_pos+0xf1/0x190
[ 2526.097801]  ? lock_downgrade+0x6d0/0x6d0
[ 2526.098385]  ? ksys_write+0x12d/0x260
[ 2526.098914]  ? __fget_files+0x2f8/0x520
[ 2526.099468]  do_readv+0x139/0x300
[ 2526.099939]  ? vfs_readv+0x160/0x160
[ 2526.100450]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2526.101168]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2526.101875]  do_syscall_64+0x33/0x40
[ 2526.102409]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2526.103100] RIP: 0033:0x7fad0dc79b19
[ 2526.103607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2526.106150] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2526.107198] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2526.108164] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2526.109123] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2526.110092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2526.111073] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:36:16 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0xfffffffc)

11:36:16 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x50000}], 0x2)

11:36:31 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:31 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x4000, 0x2a)
creat(&(0x7f0000000000)='./file0\x00', 0x8)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080))

11:36:31 executing program 7:
ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0xed6)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x242, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x200)
flistxattr(r1, &(0x7f0000000040)=""/178, 0xb2)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
ioctl$TCFLSH(r0, 0x540b, 0x1)
r2 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x20)
poll(&(0x7f00000001c0)=[{r2}], 0x1, 0x10)

11:36:31 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x51000}], 0x2)

11:36:31 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa6000}], 0x2)

11:36:31 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x0, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:31 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 68)

11:36:31 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4d000}], 0x2)

[ 2540.885524] FAULT_INJECTION: forcing a failure.
[ 2540.885524] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2540.888427] CPU: 0 PID: 11221 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2540.889922] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2540.891719] Call Trace:
[ 2540.892295]  dump_stack+0x107/0x167
[ 2540.893084]  should_fail.cold+0x5/0xa
[ 2540.893913]  __alloc_pages_nodemask+0x182/0x600
[ 2540.894945]  ? add_mm_counter_fast+0x220/0x220
[ 2540.895936]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2540.897239]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2540.898382]  ? lock_downgrade+0x6d0/0x6d0
[ 2540.899279]  ? mark_held_locks+0x9e/0xe0
[ 2540.900166]  alloc_pages_vma+0xbb/0x410
[ 2540.901038]  handle_mm_fault+0x152f/0x3500
[ 2540.901966]  ? __pmd_alloc+0x5e0/0x5e0
[ 2540.902836]  ? vmacache_find+0x55/0x2a0
[ 2540.903708]  do_user_addr_fault+0x56e/0xc60
[ 2540.904843]  exc_page_fault+0xa2/0x1a0
[ 2540.905694]  asm_exc_page_fault+0x1e/0x30
[ 2540.906606] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2540.907774] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2540.911764] RSP: 0018:ffff88804a347b50 EFLAGS: 00050246
[ 2540.912920] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2540.914471] RDX: 0000000000000000 RSI: ffff88801fe72898 RDI: 0000000020020000
[ 2540.916010] RBP: 000000002001f768 R08: 0000000000000000 R09: ffff88801fe72fff
[ 2540.917554] R10: ffffed1003fce5ff R11: 0000000000000001 R12: 0000000020020768
[ 2540.919102] R13: ffff88801fe72000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2540.920679]  _copy_to_user+0x13d/0x180
[ 2540.921528]  pagemap_read+0x333/0x590
[ 2540.922368]  ? clear_refs_write+0x780/0x780
[ 2540.923309]  ? iov_iter_advance+0x1b1/0xec0
[ 2540.924259]  do_iter_read+0x4fa/0x760
[ 2540.925091]  ? import_iovec+0x83/0xb0
[ 2540.925928]  vfs_readv+0xe5/0x160
[ 2540.926692]  ? vfs_iter_read+0xa0/0xa0
[ 2540.927537]  ? __fdget_pos+0xf1/0x190
[ 2540.928364]  ? lock_downgrade+0x6d0/0x6d0
[ 2540.929275]  ? ksys_write+0x12d/0x260
[ 2540.930108]  ? __fget_files+0x2f8/0x520
[ 2540.931005]  do_readv+0x139/0x300
[ 2540.931759]  ? vfs_readv+0x160/0x160
[ 2540.932572]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2540.933706]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2540.934833]  do_syscall_64+0x33/0x40
[ 2540.935637]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2540.936742] RIP: 0033:0x7fad0dc79b19
[ 2540.937545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2540.941520] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2540.943170] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2540.944706] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2540.946242] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2540.947785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2540.949322] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:36:31 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0xffffffffffffffff, r0, 0x0)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setresuid(0xffffffffffffffff, r1, 0x0)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setresuid(0xffffffffffffffff, r2, 0x0)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
setresuid(0xffffffffffffffff, r4, 0x0)
setresuid(r3, r0, r4)
setresuid(0xffffffffffffffff, r3, 0x0)
setxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02000000010003000000000002000100", @ANYRES32=0xee00, @ANYBLOB="2300ff89", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32=r0, @ANYBLOB="02000400", @ANYRES32=r1, @ANYBLOB="98195b566c600b4205c28e723d2d05485273d194648bfb97ea25ba6f161909ab76c03a6b09be878b6760f46c942a51de88eb1cfb01cffcff69417f3200923f987edf09c648143272f67d3a2c2b298ec8e16f7f3500b44c935c561964b0f8232cb82dd3606d6528229f33fc7100ea94c3a91cf777e5b266d37497101938932082a95e8b5660d84bd0aa7b6ac5c8c7cdb20f7295b42379000000000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=r2, @ANYBLOB="02000200", @ANYRES32=r3, @ANYBLOB="040002000000000008000600", @ANYRES32=0xee01, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB="10000400000000002000030000000000"], 0x6c, 0x0)
r5 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r5}], 0x1, 0x0)

11:36:31 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x52000}], 0x2)

11:36:31 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa7000}], 0x2)

11:36:31 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
poll(&(0x7f0000000080)=[{r0, 0x8020}, {r0, 0x1000}], 0x2, 0x10)

11:36:31 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4e000}], 0x2)

11:36:31 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:31 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x0, 0x0, {0x0, r8}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:31 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 69)

[ 2541.329097] FAULT_INJECTION: forcing a failure.
[ 2541.329097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2541.331970] CPU: 0 PID: 11250 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2541.333433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2541.335193] Call Trace:
[ 2541.335758]  dump_stack+0x107/0x167
[ 2541.336535]  should_fail.cold+0x5/0xa
[ 2541.337347]  _copy_to_user+0x2e/0x180
[ 2541.338158]  pagemap_read+0x333/0x590
[ 2541.338983]  ? clear_refs_write+0x780/0x780
[ 2541.339895]  ? iov_iter_advance+0x1b1/0xec0
[ 2541.340821]  do_iter_read+0x4fa/0x760
[ 2541.341631]  ? import_iovec+0x83/0xb0
[ 2541.342456]  vfs_readv+0xe5/0x160
[ 2541.343197]  ? vfs_iter_read+0xa0/0xa0
[ 2541.344017]  ? __fdget_pos+0xf1/0x190
[ 2541.344826]  ? lock_downgrade+0x6d0/0x6d0
[ 2541.345708]  ? ksys_write+0x12d/0x260
[ 2541.346528]  ? __fget_files+0x2f8/0x520
[ 2541.347387]  do_readv+0x139/0x300
[ 2541.348118]  ? vfs_readv+0x160/0x160
[ 2541.348907]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2541.350018]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2541.351115]  do_syscall_64+0x33/0x40
[ 2541.351902]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2541.352978] RIP: 0033:0x7fad0dc79b19
[ 2541.353765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2541.357685] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2541.359298] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2541.360813] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2541.362332] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2541.363833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2541.365347] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:36:46 executing program 7:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
creat(&(0x7f0000000040)='./file0\x00', 0x104)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x185600, 0x123)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x69a5)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r1, 0xc0a85322, &(0x7f0000000200))

11:36:46 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 70)

11:36:46 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa8000}], 0x2)

11:36:46 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x53000}], 0x2)

11:36:46 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x1, 0x7, &(0x7f0000000640)=[{&(0x7f00000000c0)="54ab81830206dcc794404a398d1542a95c4505eb01aa984e95018557e5d0757c5b0dd7", 0x23, 0xfffffffffffffff7}, {&(0x7f0000000200)="2623a4d36fd42a4a82fac5267d085b017c0e4f299ee72c799eba89f9d7b0533fb9529c97606cde22dff1c2741a13e55a8e73757c4969e9dc7b860dd7afa17dfe39c26485ca7f461830071f150f11569b2a2649c8087e6ab7cf1c2653461126264f1068c489dae74044748a6e47ee83b15c49b90be5805623b7b60a1cac54e9ff7d76f6424c5c34e753077dd6d7d89307014f5c49725b20499cde6f58e7f4a7c596b2b9e9b0870e5381dd7ac0a8129f27cb290344308749890399a1dc42e1393d25fc9bf0fe9c4caa9a568742e7fb445a0938515039e5eb640a2b", 0xda, 0x4}, {&(0x7f0000000140)="572e6c765ac61eb2307c50764f443f7a7bf3eda317584afa445e35c07b444f026852c8f85540713dadbd247b6432a4e8badab1086bb8f57af1d110d8fbae9a82de28bcca5be3f82c10e9eddcffde1fa50a75cd075489b8baf84c19e07b1f275f5102e7b9766e322eef57a13b3b9d15e95e7cd49be389f18ef0428b1fcd98e2", 0x7f}, {&(0x7f0000000300)="ba382154150d269090909bc51c1980bf247d50b75c20f5a8d983e6370f0f1e042736e3cd80791591b376aa8edfb88b00b8b875fa0391c0da61bdc27194fb5345", 0x40, 0xc84}, {&(0x7f0000000340)="6c5084fba5649a160de02bbbfeb22289dcb43290b748958f49aaf4f0abd2da1f15b893b72714b9f54c90ae5987dbb71b5e18bb3635b0dbf44517dd39fd138531f4c258d002f4bbb1685e0706c30875d26edfadfd0bac8e91ec3ef12a042a2f8078a771defbde0288e71753e400993021863d44cc146a519dd1374555306c32144b1075dc67fb32ecb1811c4917acba4d1f294d5a74b965", 0x97, 0xffffffff}, {&(0x7f0000000440)="7f43c64e0061fc0fda57a916c4398d31eba9c62e0ceb5417c0947acf14f052b4b99d89ad6e02cab310d1a855c7782d28f108a43ef871829898649cb6af691d55cc4f21eb8aa411fee6844a7fb2d7f638412ad4f7e89320cec786509ebbe6242ac541dc4cca6f6b61256b14d1edd526d1214638c5401aee095efc64dd17476c2e6f5d0b55486e52b23c9e94f46d22c91c6c71ed7a0a2f9190cc2523b55ad637008dba3804d2132034dc3abfa2cfb0cd6ee27bd0ab52df6f7b597afe2fd2ed0cba02f6283601a5", 0xc6, 0xff}, {&(0x7f0000000540)="1f7f15f31b7951664570e35caeed38ea805a6b28a8d740ec083c753c57d5879b9f8ba6d6948f9777836300c65cc4929fa7f036829755b9179a5116f33103df5ff8bfd483388bad1f218a3f8a4dff7e133e395661bba9fdbd64f0bb421451f3190e7e148082d97eecb79010afc7fad1eefb3045925cf9f0bd9b791483c415006b050f43be53197afcb33a212160691154cbd325b3c686d9d6abed951f32a04601da86f911248c85a88cb63a783a627e65c2963e5fb88564973fc0ba1d5985f1ca52657e6c29", 0xc5, 0xffff}], 0xae0c10a9eef2fcef, &(0x7f0000000700)={[{@uni_xlate}], [{@smackfstransmute}, {@smackfshat}, {@audit}, {@uid_gt={'uid>', 0xee00}}, {@obj_role={'obj_role', 0x3d, '\\+\\@'}}, {@smackfsdef={'smackfsdef', 0x3d, '}-\''}}, {@hash}, {@subj_role={'subj_role', 0x3d, '*,-\xda^'}}]})
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x8d0c]}, 0x8, 0x0)

11:36:46 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4f000}], 0x2)

11:36:46 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:46 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:46 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x54000}], 0x2)

[ 2555.523645] FAULT_INJECTION: forcing a failure.
[ 2555.523645] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2555.526506] CPU: 1 PID: 11263 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2555.527995] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2555.529768] Call Trace:
[ 2555.530337]  dump_stack+0x107/0x167
[ 2555.531135]  should_fail.cold+0x5/0xa
[ 2555.531961]  __alloc_pages_nodemask+0x182/0x600
[ 2555.532952]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2555.534068]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2555.535239]  ? trace_hardirqs_on+0x5b/0x180
[ 2555.536163]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2555.537451]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2555.538628]  ? alloc_pages_vma+0x181/0x410
[ 2555.539534]  ? alloc_pages_vma+0x18b/0x410
[ 2555.540452]  alloc_pages_vma+0xbb/0x410
[ 2555.541309]  handle_mm_fault+0x152f/0x3500
[ 2555.542225]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2555.543360]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2555.544510]  ? trace_hardirqs_on+0x5b/0x180
[ 2555.545430]  ? __pmd_alloc+0x5e0/0x5e0
[ 2555.546266]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2555.547441]  ? find_vma+0xd5/0x180
[ 2555.548200]  ? vmacache_update+0xce/0x140
[ 2555.549098]  do_user_addr_fault+0x56e/0xc60
[ 2555.550039]  exc_page_fault+0xa2/0x1a0
[ 2555.550888]  asm_exc_page_fault+0x1e/0x30
[ 2555.551779] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2555.552933] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2555.556872] RSP: 0018:ffff88804e117b50 EFLAGS: 00050246
[ 2555.558004] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2555.559528] RDX: 0000000000000000 RSI: ffff8880457a0898 RDI: 0000000020021000
[ 2555.561037] RBP: 0000000020020768 R08: 0000000000000000 R09: ffff8880457a0fff
[ 2555.562566] R10: ffffed1008af41ff R11: 0000000000000001 R12: 0000000020021768
[ 2555.564075] R13: ffff8880457a0000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2555.565621]  _copy_to_user+0x13d/0x180
[ 2555.566465]  pagemap_read+0x333/0x590
[ 2555.567280]  ? clear_refs_write+0x780/0x780
[ 2555.568201]  ? iov_iter_advance+0x1b1/0xec0
[ 2555.569148]  do_iter_read+0x4fa/0x760
[ 2555.569964]  ? import_iovec+0x83/0xb0
[ 2555.570796]  vfs_readv+0xe5/0x160
[ 2555.571538]  ? vfs_iter_read+0xa0/0xa0
[ 2555.572366]  ? __fdget_pos+0xf1/0x190
[ 2555.573182]  ? lock_downgrade+0x6d0/0x6d0
[ 2555.574071]  ? ksys_write+0x12d/0x260
[ 2555.574903]  ? __fget_files+0x2f8/0x520
[ 2555.575747]  do_readv+0x139/0x300
[ 2555.576487]  ? vfs_readv+0x160/0x160
[ 2555.577545]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2555.578867]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2555.580199]  do_syscall_64+0x33/0x40
[ 2555.581043]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2555.582386] RIP: 0033:0x7fad0dc79b19
[ 2555.583278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2555.588005] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2555.589849] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2555.591715] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2555.593408] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2555.595152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2555.596994] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:36:46 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:46 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:36:46 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x4242, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

11:36:46 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x50000}], 0x2)

11:36:46 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 71)

11:36:46 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa9000}], 0x2)

[ 2555.963725] FAULT_INJECTION: forcing a failure.
[ 2555.963725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2555.965169] CPU: 0 PID: 11295 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2555.965977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2555.966955] Call Trace:
[ 2555.967270]  dump_stack+0x107/0x167
[ 2555.967699]  should_fail.cold+0x5/0xa
[ 2555.968145]  _copy_to_user+0x2e/0x180
[ 2555.968591]  pagemap_read+0x333/0x590
[ 2555.969037]  ? clear_refs_write+0x780/0x780
[ 2555.969539]  ? iov_iter_advance+0x1b1/0xec0
[ 2555.970050]  do_iter_read+0x4fa/0x760
[ 2555.970500]  ? import_iovec+0x83/0xb0
[ 2555.970945]  vfs_readv+0xe5/0x160
[ 2555.971349]  ? vfs_iter_read+0xa0/0xa0
[ 2555.971801]  ? __fdget_pos+0xf1/0x190
[ 2555.972246]  ? lock_downgrade+0x6d0/0x6d0
[ 2555.972728]  ? _raw_spin_unlock_irq+0x27/0x30
[ 2555.973255]  ? __fget_files+0x2f8/0x520
[ 2555.973729]  do_readv+0x139/0x300
[ 2555.974136]  ? vfs_readv+0x160/0x160
[ 2555.974627]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2555.975348]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2555.975942]  do_syscall_64+0x33/0x40
[ 2555.976382]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2555.976969] RIP: 0033:0x7fad0dc79b19
[ 2555.977401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2555.979523] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2555.980406] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2555.981227] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2555.982057] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2555.982885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2555.983709] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:37:06 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:37:06 executing program 7:
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)

11:37:06 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x51000}], 0x2)

11:37:06 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xaa000}], 0x2)

11:37:06 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:37:06 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 72)

11:37:06 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x55000}], 0x2)

11:37:06 executing program 3:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040)=0x400)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
stat(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240))
r1 = accept$unix(r0, &(0x7f0000000080), &(0x7f0000000140)=0x6e)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1}, './file0\x00'})

[ 2575.933397] FAULT_INJECTION: forcing a failure.
[ 2575.933397] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2575.936339] CPU: 0 PID: 11318 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2575.937979] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2575.939959] Call Trace:
[ 2575.940592]  dump_stack+0x107/0x167
[ 2575.941463]  should_fail.cold+0x5/0xa
[ 2575.942377]  __alloc_pages_nodemask+0x182/0x600
[ 2575.943501]  ? add_mm_counter_fast+0x220/0x220
[ 2575.944605]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2575.946063]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2575.947336]  ? lock_downgrade+0x6d0/0x6d0
[ 2575.948333]  ? mark_held_locks+0x9e/0xe0
[ 2575.949323]  alloc_pages_vma+0xbb/0x410
[ 2575.950287]  handle_mm_fault+0x152f/0x3500
[ 2575.951334]  ? __pmd_alloc+0x5e0/0x5e0
[ 2575.952288]  ? vmacache_find+0x55/0x2a0
[ 2575.953262]  do_user_addr_fault+0x56e/0xc60
[ 2575.954316]  exc_page_fault+0xa2/0x1a0
[ 2575.955269]  asm_exc_page_fault+0x1e/0x30
[ 2575.956271] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2575.957578] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2575.962017] RSP: 0018:ffff88804e3cfb50 EFLAGS: 00050246
[ 2575.963311] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2575.965033] RDX: 0000000000000000 RSI: ffff888019cce898 RDI: 0000000020022000
[ 2575.966759] RBP: 0000000020021768 R08: 0000000000000000 R09: ffff888019ccefff
[ 2575.968483] R10: ffffed1003399dff R11: 0000000000000001 R12: 0000000020022768
[ 2575.970207] R13: ffff888019cce000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2575.971974]  _copy_to_user+0x13d/0x180
[ 2575.972921]  pagemap_read+0x333/0x590
[ 2575.973846]  ? clear_refs_write+0x780/0x780
[ 2575.974896]  ? iov_iter_advance+0x1b1/0xec0
[ 2575.975952]  do_iter_read+0x4fa/0x760
[ 2575.976877]  ? import_iovec+0x83/0xb0
[ 2575.977802]  vfs_readv+0xe5/0x160
[ 2575.978646]  ? vfs_iter_read+0xa0/0xa0
[ 2575.979583]  ? __fdget_pos+0xf1/0x190
[ 2575.980503]  ? lock_downgrade+0x6d0/0x6d0
[ 2575.981512]  ? ksys_write+0x12d/0x260
[ 2575.982442]  ? __fget_files+0x2f8/0x520
[ 2575.983436]  do_readv+0x139/0x300
[ 2575.984277]  ? vfs_readv+0x160/0x160
[ 2575.985183]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2575.986446]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2575.987687]  do_syscall_64+0x33/0x40
[ 2575.988575]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2575.989796] RIP: 0033:0x7fad0dc79b19
[ 2575.990693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
11:37:06 executing program 7:
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x4, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @timestamp, @timestamp, @sack_perm, @sack_perm, @timestamp, @window={0x3, 0xff9, 0x3}, @sack_perm], 0x8)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f0000000140)={0x3f, 0x8, '\x00', 0x0, &(0x7f00000000c0)=[0x0]})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
openat(r3, &(0x7f0000000080)='./file0\x00', 0x42000, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x8004, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, '/proc/tty/ldiscs\x00'}}, {@version_9p2000}, {@dfltuid={'dfltuid', 0x3d, 0xee01}}, {@version_L}, {@access_any}], [{@dont_appraise}]}})

[ 2575.995075] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2575.997087] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2575.998793] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2576.000489] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2576.002184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2576.003895] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:37:06 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x7, 'syzkaller0\x00', {0x7}, 0x7})
ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000040)='ip6gre0\x00')

11:37:06 executing program 6:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, r1, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r4 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x80000000)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r8}}, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r9, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:37:06 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x56000}], 0x2)

11:37:06 executing program 2:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x2c)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r0, 0x0, &(0x7f0000000140)="9d851240dc631eb1af54303e95995bf59d1f893185b07212e223165f5076bf9505caaeb0553d3ea68cc11ee083efaf8b09fbc36eef889f8b2ac477b0fda5477fd61be5ec916718d5a9e11afc0edfeda29e5c398bfe89caccd622f1fca8b79d2276de6b5f72438957ad54d065bfbad60ae6c9a539beb410162755deae290e1354596ba36936db013cbd3a0c568f94d92b9504ed5248993b0701620ef2c24d0cd52425c0d2e63df201e9", 0xa9, 0x44080, 0x0, {0x0, r3}}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r4, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x52000}], 0x2)

11:37:06 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xab000}], 0x2)

11:37:06 executing program 1:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x2c)
r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80000000)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
r5 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1000)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x80000000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r10, 0x80, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x1}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r11, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2)

11:37:06 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 73)

11:37:07 executing program 3:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x8, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)

[ 2576.404203] FAULT_INJECTION: forcing a failure.
[ 2576.404203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2576.406268] CPU: 1 PID: 11344 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2576.407365] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2576.408652] Call Trace:
[ 2576.409060]  dump_stack+0x107/0x167
[ 2576.409634]  should_fail.cold+0x5/0xa
[ 2576.410234]  _copy_to_user+0x2e/0x180
[ 2576.410842]  pagemap_read+0x333/0x590
[ 2576.411442]  ? clear_refs_write+0x780/0x780
[ 2576.412112]  ? iov_iter_advance+0x1b1/0xec0
[ 2576.412797]  do_iter_read+0x4fa/0x760
[ 2576.413386]  ? import_iovec+0x83/0xb0
[ 2576.413981]  vfs_readv+0xe5/0x160
[ 2576.414521]  ? vfs_iter_read+0xa0/0xa0
[ 2576.415135]  ? __fdget_pos+0xf1/0x190
[ 2576.415735]  ? lock_downgrade+0x6d0/0x6d0
[ 2576.416392]  ? ksys_write+0x12d/0x260
[ 2576.416995]  ? __fget_files+0x2f8/0x520
[ 2576.417640]  do_readv+0x139/0x300
[ 2576.418177]  ? vfs_readv+0x160/0x160
[ 2576.418764]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2576.419587]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2576.420383]  do_syscall_64+0x33/0x40
[ 2576.420965]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2576.421756] RIP: 0033:0x7fad0dc79b19
[ 2576.422332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2576.425158] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2576.426320] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2576.427421] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2576.428513] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2576.429619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2576.430726] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000
11:37:07 executing program 4:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f00000015c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0)
syz_io_uring_submit(r0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r1, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x57000}], 0x2)

11:37:07 executing program 5:
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@llc={0x1a, 0x30e, 0x81, 0xff, 0x1, 0x80, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)}, {0x0}, {0x0}], 0x19}}, 0x80000000)
syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0, 0x44080}, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r2, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 74)

11:37:07 executing program 3:
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x1000, 0x1)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x942, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
signalfd(r1, &(0x7f0000000040)={[0xfffffffffffffff7]}, 0x8)

11:37:07 executing program 0:
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x1000)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0xed59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00')
readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xac000}], 0x2)

[ 2576.625396] FAULT_INJECTION: forcing a failure.
[ 2576.625396] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2576.628435] CPU: 0 PID: 11355 Comm: syz-executor.5 Not tainted 5.10.235 #1
[ 2576.630043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2576.631838] Call Trace:
[ 2576.632409]  dump_stack+0x107/0x167
[ 2576.633195]  should_fail.cold+0x5/0xa
[ 2576.634018]  __alloc_pages_nodemask+0x182/0x600
[ 2576.635035]  ? add_mm_counter_fast+0x220/0x220
[ 2576.636020]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 2576.637315]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 2576.638442]  ? lock_downgrade+0x6d0/0x6d0
[ 2576.639337]  ? mark_held_locks+0x9e/0xe0
[ 2576.640217]  alloc_pages_vma+0xbb/0x410
[ 2576.641079]  handle_mm_fault+0x152f/0x3500
[ 2576.641999]  ? __pmd_alloc+0x5e0/0x5e0
[ 2576.642852]  ? vmacache_find+0x55/0x2a0
[ 2576.643719]  do_user_addr_fault+0x56e/0xc60
[ 2576.644661]  exc_page_fault+0xa2/0x1a0
[ 2576.645504]  asm_exc_page_fault+0x1e/0x30
[ 2576.646401] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 2576.647571] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 63 8f 1d 02 0f 1f 00 0f 01
[ 2576.651531] RSP: 0018:ffff888008977b50 EFLAGS: 00050246
[ 2576.652679] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed
[ 2576.654216] RDX: 0000000000000000 RSI: ffff8880462cc898 RDI: 0000000020023000
[ 2576.655761] RBP: 0000000020022768 R08: 0000000000000000 R09: ffff8880462ccfff
[ 2576.657297] R10: ffffed1008c599ff R11: 0000000000000001 R12: 0000000020023768
[ 2576.658843] R13: ffff8880462cc000 R14: 00007ffffffff000 R15: 0000000000000000
[ 2576.660407]  _copy_to_user+0x13d/0x180
[ 2576.661249]  pagemap_read+0x333/0x590
[ 2576.662076]  ? clear_refs_write+0x780/0x780
[ 2576.663010]  ? iov_iter_advance+0x1b1/0xec0
[ 2576.663952]  do_iter_read+0x4fa/0x760
[ 2576.664781]  ? import_iovec+0x83/0xb0
[ 2576.665608]  vfs_readv+0xe5/0x160
[ 2576.666356]  ? vfs_iter_read+0xa0/0xa0
[ 2576.667200]  ? __fdget_pos+0xf1/0x190
[ 2576.668019]  ? lock_downgrade+0x6d0/0x6d0
[ 2576.668918]  ? ksys_write+0x12d/0x260
[ 2576.669743]  ? __fget_files+0x2f8/0x520
[ 2576.670625]  do_readv+0x139/0x300
[ 2576.671375]  ? vfs_readv+0x160/0x160
[ 2576.672182]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2576.673309]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2576.674419]  do_syscall_64+0x33/0x40
[ 2576.675232]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2576.676335] RIP: 0033:0x7fad0dc79b19
[ 2576.677137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2576.681111] RSP: 002b:00007fad0b1ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 2576.682757] RAX: ffffffffffffffda RBX: 00007fad0dd8cf60 RCX: 00007fad0dc79b19
[ 2576.684297] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000007
[ 2576.685837] RBP: 00007fad0b1ef1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2576.687381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2576.688925] R13: 00007ffd4ffbb31f R14: 00007fad0b1ef300 R15: 0000000000022000

VM DIAGNOSIS:
11:42:15  Registers:
info registers vcpu 0
RAX=ffffffff83e8ce00 RBX=0000000000000000 RCX=ffffffff83e749ac RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e8d408 RBP=0000000000000000 RSP=ffffffff84e07e38
R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001
R12=0000000000000000 R13=ffffffff85678e48 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e8ce0e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005589b0bb1678 CR3=000000000ce1e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000007000000050000000200000000
XMM02=7a7a75662063657865090a0100010101 XMM03=00657a696d696e696d20636578650d00
XMM04=6578650e006873616d7320636578650a XMM05=6578650b006574616469646e61632063
XMM06=6820636578650a006567616972742063 XMM07=736465657320636578650a0073746e69
XMM08=696e696d20636578650d007a7a756620 XMM09=6873616d7320636578650a00657a696d
XMM10=6574616469646e616320636578650e00 XMM11=650a0065676169727420636578650b00
XMM12=20636578650a0073746e696820636578 XMM13=61746f7420636578650a007364656573
XMM14=7473657220726f74756365786511006c XMM15=00006e65672063657865080073747261
info registers vcpu 1
RAX=ffffffff83e8ce00 RBX=0000000000000001 RCX=ffffffff83e749ac RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e8d408 RBP=0000000000000001 RSP=ffff888008987e70
R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001
R12=0000000000000001 R13=ffffffff85678e48 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e8ce0e RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4510b6b010 CR3=000000000ce1e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=0000000000000000414d919400000000 XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000