[ 2532.711981] FAULT_INJECTION: forcing a failure.
[ 2532.711981] name failslab, interval 1, probability 0, space 0, times 0
[ 2532.714335] CPU: 0 PID: 13224 Comm: syz-executor.4 Not tainted 5.10.178 #1
[ 2532.715717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2532.717380] Call Trace:
[ 2532.717930]  dump_stack+0x107/0x167
[ 2532.718664]  should_fail.cold+0x5/0xa
[ 2532.719432]  ? create_object.isra.0+0x3a/0xa20
[ 2532.720345]  should_failslab+0x5/0x20
[ 2532.721126]  kmem_cache_alloc+0x5b/0x310
[ 2532.721953]  ? mark_held_locks+0x9e/0xe0
[ 2532.722767]  create_object.isra.0+0x3a/0xa20
[ 2532.723646]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2532.724666]  kmem_cache_alloc_bulk+0x168/0x320
[ 2532.725599]  io_submit_sqes+0x6f76/0x85c0
[ 2532.726608]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2532.727605]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2532.728571]  ? lock_downgrade+0x6d0/0x6d0
[ 2532.729394]  ? find_held_lock+0x2c/0x110
[ 2532.730223]  ? io_submit_sqes+0x85c0/0x85c0
[ 2532.731092]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2532.732061]  ? wait_for_completion_io+0x270/0x270
[ 2532.733028]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2532.733977]  ? vfs_write+0x354/0xa70
[ 2532.734727]  ? fput_many+0x2f/0x1a0
[ 2532.735451]  ? ksys_write+0x1a9/0x260
[ 2532.736225]  ? __ia32_sys_read+0xb0/0xb0
[ 2532.737057]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2532.738131]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2532.739180]  do_syscall_64+0x33/0x40
[ 2532.739936]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2532.740971] RIP: 0033:0x7fb9cdbbbb19
[ 2532.741735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2532.745473] RSP: 002b:00007fb9cb131188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2532.747024] RAX: ffffffffffffffda RBX: 00007fb9cdccef60 RCX: 00007fb9cdbbbb19
[ 2532.748465] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2532.749913] RBP: 00007fb9cb1311d0 R08: 0000000000000000 R09: 0000000000000000
[ 2532.751359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2532.752807] R13: 00007ffecbc9e90f R14: 00007fb9cb131300 R15: 0000000000022000
18:05:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e21, 0x10000, @remote, 0x6}}, 0x0, 0x0, 0x49, 0x0, "352d5126c161f583c7cb86aa6a66b1a36c76803260e496ea50e0ac73ffb3381401ae84127a5626cf7e5a8b1176b9a99fb537e27f84375ec947fecc9eddcc04bf12feb5c1f27d536fee45d6df46fc71c2"}, 0xd8)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x100058af, 0x4, 0x1, 0x0, 0x0)

18:05:08 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0)

18:05:08 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
sendmsg$inet6(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0xa, 0x4e21, 0x5ae, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x101}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000180)="163b5d73bb10a0df9e0e9f49ddd3de480909742ff94ad011c46604aa482cf2d0de3fac6d39eb940209fbd7f4c43c642f8edd3d8b0198ad721e8976395f9aec646967df01fd", 0x45}, {&(0x7f0000000240)="7d2bae4ffec5701bc0077d53248b85366e8c6897f4a42359", 0x18}], 0x2}, 0x40040)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:08 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
r5 = getpid()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6, 0x1}, r5, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0xa0411, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x1, 0x7}, 0x0, 0x0, 0x101, 0x3, 0x0, 0x0, 0xfff, 0x0, 0x7}, r5, 0xffffffffffffffff, r3, 0xa)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(0xffffffffffffffff, 0x1)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0xc]}, 0x8, 0x80800)

[ 2532.778996] FAULT_INJECTION: forcing a failure.
[ 2532.778996] name failslab, interval 1, probability 0, space 0, times 0
[ 2532.781651] CPU: 0 PID: 13232 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2532.783051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2532.784707] Call Trace:
[ 2532.785254]  dump_stack+0x107/0x167
[ 2532.785995]  should_fail.cold+0x5/0xa
[ 2532.786760]  ? create_object.isra.0+0x3a/0xa20
[ 2532.787674]  should_failslab+0x5/0x20
[ 2532.788446]  kmem_cache_alloc+0x5b/0x310
[ 2532.789257]  ? mark_held_locks+0x9e/0xe0
[ 2532.790084]  create_object.isra.0+0x3a/0xa20
[ 2532.790962]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2532.792002]  kmem_cache_alloc_bulk+0x168/0x320
[ 2532.792920]  io_submit_sqes+0x6f76/0x85c0
[ 2532.793808]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2532.794799]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2532.795760]  ? lock_downgrade+0x6d0/0x6d0
[ 2532.796584]  ? find_held_lock+0x2c/0x110
[ 2532.797399]  ? io_submit_sqes+0x85c0/0x85c0
[ 2532.798277]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2532.799242]  ? wait_for_completion_io+0x270/0x270
[ 2532.800204]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2532.801127]  ? vfs_write+0x354/0xa70
[ 2532.801881]  ? fput_many+0x2f/0x1a0
[ 2532.802606]  ? ksys_write+0x1a9/0x260
[ 2532.803366]  ? __ia32_sys_read+0xb0/0xb0
[ 2532.804183]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2532.805229]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2532.806278]  do_syscall_64+0x33/0x40
[ 2532.807027]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2532.808056] RIP: 0033:0x7fd673b8db19
[ 2532.808800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2532.812470] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2532.814010] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2532.815428] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2532.816853] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2532.818280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2532.819697] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:05:08 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
syz_io_uring_setup(0x1, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0xffffffff}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r8, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0x208, 0x33, 0x200, 0x70bd25, 0x25dfdbfb, {0x1a}, [@nested={0x10e, 0x36, 0x0, 0x1, [@typed={0x4, 0x71}, @generic="45e1decda45174e1b659b487bd86e14f6589157421c9c8", @typed={0x4, 0x7b}, @typed={0x5, 0x58, 0x0, 0x0, @str='\x00'}, @typed={0xc, 0xe, 0x0, 0x0, @u64=0x3}, @typed={0xe, 0x6a, 0x0, 0x0, @str='/dev/full\x00'}, @typed={0x8, 0x19, 0x0, 0x0, @ipv4=@loopback}, @generic="74959757bd654543d4042f82600ff71efcdf74e1e8c8c13f29a6c97799cbde68a348665828618ff6d11ce19ef1674a180f6c38e43622f478e1316ba2982e654f38823bb1b173e4dd51267045eafc49a5e9599d30c42a1e82920bc08716cf5623766113556497561daec06e79225b2f3ed50dc20984be76fc5e92575478d0ccf1cc2dc4932169a2133bd868e03dfd13bf6306885443c897a3442a4863d14d48fcaaef6ddd373ba12701ee61ac126089cbecd5a7b50fa020c8bc3d4299d83534"]}, @typed={0x8, 0x73, 0x0, 0x0, @fd=r8}, @generic="99348b71bed8cf94b87287def8327f7353f11a50c65fb98071ff2bfd6959b09c1ce685bd1505c33f4c86d0a496cbf31e84ed6feda809f281083363d957c708c9e089f454d43530a4d0ec7caf7e6ab92c8e4f0a7a29316c478c29a4af1be3bf73adcfb09da26674071b4d81de0c350035af8b524c4c2a311355251c6d69f40490c1cdf12b8cc0a3fbc8d9ec93d4d3988345e14539dbfef9fdb22849fad479df827c762bdc3b491b1a85429de9d66a753b729f96b1178212ae2bc0c3e0cd2e9a65bb189b85b16e5da8f0f270de9220db222477e27e036396940777c793"]}, 0x208}, 0x1, 0x0, 0x0, 0xc0}, 0x80)

18:05:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)

18:05:08 executing program 3:
r0 = syz_io_uring_setup(0x7585, &(0x7f00000002c0)={0x0, 0x201, 0x2, 0x2, 0x21d8}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x7f}, 0x1c)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
ioctl$int_in(r7, 0x5452, &(0x7f0000000180)=0xc2f3)

18:05:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 95)

[ 2533.139640] FAULT_INJECTION: forcing a failure.
[ 2533.139640] name failslab, interval 1, probability 0, space 0, times 0
[ 2533.141967] CPU: 1 PID: 13255 Comm: syz-executor.4 Not tainted 5.10.178 #1
[ 2533.143362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2533.145031] Call Trace:
[ 2533.145592]  dump_stack+0x107/0x167
[ 2533.146334]  should_fail.cold+0x5/0xa
[ 2533.147105]  ? create_object.isra.0+0x3a/0xa20
[ 2533.148028]  should_failslab+0x5/0x20
[ 2533.148806]  kmem_cache_alloc+0x5b/0x310
[ 2533.149632]  ? mark_held_locks+0x9e/0xe0
[ 2533.150447]  create_object.isra.0+0x3a/0xa20
[ 2533.151322]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2533.152361]  kmem_cache_alloc_bulk+0x168/0x320
[ 2533.153278]  io_submit_sqes+0x6f76/0x85c0
[ 2533.154163]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2533.155156]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2533.156118]  ? lock_downgrade+0x6d0/0x6d0
[ 2533.156963]  ? find_held_lock+0x2c/0x110
[ 2533.157791]  ? io_submit_sqes+0x85c0/0x85c0
[ 2533.158686]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2533.159654]  ? wait_for_completion_io+0x270/0x270
[ 2533.160627]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2533.161568]  ? vfs_write+0x354/0xa70
[ 2533.162315]  ? fput_many+0x2f/0x1a0
[ 2533.163040]  ? ksys_write+0x1a9/0x260
[ 2533.163798]  ? __ia32_sys_read+0xb0/0xb0
[ 2533.164613]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2533.165664]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2533.166697]  do_syscall_64+0x33/0x40
[ 2533.167445]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2533.168461] RIP: 0033:0x7fb9cdbbbb19
[ 2533.169205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2533.172862] RSP: 002b:00007fb9cb131188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2533.174384] RAX: ffffffffffffffda RBX: 00007fb9cdccef60 RCX: 00007fb9cdbbbb19
[ 2533.175798] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2533.177214] RBP: 00007fb9cb1311d0 R08: 0000000000000000 R09: 0000000000000000
[ 2533.178658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2533.180076] R13: 00007ffecbc9e90f R14: 00007fb9cb131300 R15: 0000000000022000
18:05:08 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)

[ 2533.406567] FAULT_INJECTION: forcing a failure.
[ 2533.406567] name failslab, interval 1, probability 0, space 0, times 0
[ 2533.409122] CPU: 1 PID: 13262 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2533.410535] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2533.412196] Call Trace:
[ 2533.412735]  dump_stack+0x107/0x167
[ 2533.413485]  should_fail.cold+0x5/0xa
[ 2533.414267]  ? create_object.isra.0+0x3a/0xa20
[ 2533.415193]  should_failslab+0x5/0x20
[ 2533.415960]  kmem_cache_alloc+0x5b/0x310
[ 2533.416785]  ? mark_held_locks+0x9e/0xe0
[ 2533.417614]  create_object.isra.0+0x3a/0xa20
[ 2533.418500]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2533.419526]  kmem_cache_alloc_bulk+0x168/0x320
[ 2533.420450]  io_submit_sqes+0x6f76/0x85c0
[ 2533.421310]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2533.422339]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2533.423312]  ? lock_downgrade+0x6d0/0x6d0
[ 2533.424141]  ? find_held_lock+0x2c/0x110
[ 2533.424962]  ? io_submit_sqes+0x85c0/0x85c0
[ 2533.425844]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2533.426814]  ? wait_for_completion_io+0x270/0x270
[ 2533.427782]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2533.428707]  ? vfs_write+0x354/0xa70
[ 2533.429451]  ? fput_many+0x2f/0x1a0
[ 2533.430183]  ? ksys_write+0x1a9/0x260
[ 2533.430941]  ? __ia32_sys_read+0xb0/0xb0
[ 2533.431751]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2533.432793]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2533.433841]  do_syscall_64+0x33/0x40
[ 2533.434590]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2533.435607] RIP: 0033:0x7fd673b8db19
[ 2533.436348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2533.440004] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2533.441516] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2533.442957] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2533.444374] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2533.445800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2533.447224] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:05:09 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r7 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000000180)=""/36, 0x24}, {&(0x7f0000000340)=""/230, 0xe6}, {&(0x7f00000001c0)=""/57, 0x39}, {&(0x7f0000000440)=""/191, 0xbf}, {&(0x7f0000000500)=""/129, 0x81}], 0x5, 0x3ff, 0x7)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_io_uring_submit(0x0, r2, &(0x7f00000008c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000840)={0x20100, 0x2, 0x4}, &(0x7f0000000880)='./file0\x00', 0x18, 0x0, 0x12345}, 0x8)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r9 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r10 = pidfd_getfd(r6, r5, 0x0)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600), 0x58005, &(0x7f0000000640)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r10, @ANYBLOB='<wfdno=', @ANYRESHEX=r9, @ANYBLOB=',access=user,cachE=loose,mask=MAY_READ,apo\x00\x00\x00se,permit_dirRctio,ludit,\x00'])

18:05:09 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xff00000000000000, 0x0, 0x0)

18:05:09 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 96)

[ 2533.670555] FAULT_INJECTION: forcing a failure.
[ 2533.670555] name failslab, interval 1, probability 0, space 0, times 0
[ 2533.672753] CPU: 1 PID: 13275 Comm: syz-executor.4 Not tainted 5.10.178 #1
[ 2533.674173] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2533.675780] Call Trace:
[ 2533.676291]  dump_stack+0x107/0x167
[ 2533.676998]  should_fail.cold+0x5/0xa
[ 2533.677754]  ? create_object.isra.0+0x3a/0xa20
[ 2533.678639]  should_failslab+0x5/0x20
[ 2533.679366]  kmem_cache_alloc+0x5b/0x310
[ 2533.680136]  ? mark_held_locks+0x9e/0xe0
[ 2533.680900]  create_object.isra.0+0x3a/0xa20
[ 2533.681733]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2533.682687]  kmem_cache_alloc_bulk+0x168/0x320
[ 2533.683548]  io_submit_sqes+0x6f76/0x85c0
[ 2533.684349]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2533.685279]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2533.686196]  ? lock_downgrade+0x6d0/0x6d0
[ 2533.686969]  ? find_held_lock+0x2c/0x110
[ 2533.687747]  ? io_submit_sqes+0x85c0/0x85c0
[ 2533.688565]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2533.689489]  ? wait_for_completion_io+0x270/0x270
[ 2533.690411]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2533.691282]  ? vfs_write+0x354/0xa70
[ 2533.691983]  ? fput_many+0x2f/0x1a0
[ 2533.692661]  ? ksys_write+0x1a9/0x260
[ 2533.693372]  ? __ia32_sys_read+0xb0/0xb0
[ 2533.694146]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2533.695117]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2533.696076]  do_syscall_64+0x33/0x40
[ 2533.696768]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2533.697737] RIP: 0033:0x7fb9cdbbbb19
[ 2533.698430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2533.701847] RSP: 002b:00007fb9cb131188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2533.703258] RAX: ffffffffffffffda RBX: 00007fb9cdccef60 RCX: 00007fb9cdbbbb19
[ 2533.704572] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2533.705904] RBP: 00007fb9cb1311d0 R08: 0000000000000000 R09: 0000000000000000
[ 2533.707220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2533.708535] R13: 00007ffecbc9e90f R14: 00007fb9cb131300 R15: 0000000000022000
18:05:09 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000006c0), 0x2000, 0x0)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x20, 0x100000, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000700)=<r3=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x80000009, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff3000/0xb000)=nil, 0xb000, 0x2000000, 0x10, r1, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
fcntl$dupfd(r5, 0x0, r4)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x62400)
openat2(r7, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000680)={0x4040, 0x101, 0xa}, 0x18)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r5, 0xc058671e, &(0x7f0000000240)={{}, {0x3}, 0x16b, 0x0, 0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000340)="655778f4ff2ce580b0db92d299a6bf0f1093b971401af3a270bc45c874f84779bd25b930f671567a84c8eeebcc614e299a33827fb99de9d67060f9ebd4baf1233c88fc194aa1ff6a9a9874668471d3a73ac228c8e733d8afc2fbe837faaad33ca21b8a22dbdbfa902f6b063c29b61d54b651f812d786403dd1e178256d35bd2b360057e500c7c5d01e0d351f2534e6ea427001e7704755898c1640107ecb2c40d5643e715332e214f0150b5f65f8f9002ae9f9cc1bbfc781", 0xb8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="020000006d010000000000000cf9000000832591a20a6bd1aa464dede619717b8a9132b3728ea17afbe3c46accfd7a22e10cc5e2ec9eeba19f0025474e4166fa9c664a9a6434e394862f2a24f2f8b547d05af355b3260148d0b965473c35e3f7bca5c9f54247951c025d427e189234912efaac9dbac78796990f6c109be783b67ce9942cf0fcad0584c0902226d8eea284bc3f72309f1a9955701361d4789ed94c6c197b18884f1a3d0077233775af6a1baf8a8ea8df8386b3c9cb82844a4fea8af99a6ca06052089b4ddec0adf7ece1b0a5406da09105b2af5f46a67eae5830a6d5442524043d5e22abe01ed9c3385b00113a817099c8c490637d0000000be024e7a878578636ea4944df8a9157496b8d6574f748d92816127f50438fb714a3c504f3c458572c03cec13e9793c91d9d6978a221ad0c2137eb911d2ea55436c6178070176744844a4c12b7e7c7d63dfa0ef1be87ef8daec0f7fcd2d8f11ed7f3db236d6b5ae100000077019cfc0441ad632e6c49aad03c555ff62600c318544bb8365e681510258606c1ec708ea23c55297dca10d1b40817ee8317888fa94e725dffada462e913064ca5346d1f5ee95c00d2ec59a343bdaebcbdecac6df6e4d9d543bf9e50d9003491b96d50ac9d13242d1ceb5afe3cdf0badd7ab81b1dd05ed2d3d87ea32041d4af8bb0c03202cd8e1986ced0b37150ee5a7c955d36d0b97a22cc5a44b74c255c0cf3fa43597413c5fca50980e708981b06b097db7a14a90abf8a0bf29ddd8506e50c5d639d7acee36345a3f9d4a244bcaaed3da9c6995b87885ec7d7569cda60d44b100"/602], 0x25a})
syz_io_uring_submit(r6, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:23 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000)

18:05:23 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}, 0x0)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r7}}, 0x0)
close(r6)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x171e, 0x526d, 0x2, &(0x7f00000000c0), 0x8)

18:05:23 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
copy_file_range(r6, 0x0, r4, &(0x7f0000000180)=0x9, 0x5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
fcntl$setpipe(r5, 0x407, 0x7)

18:05:23 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
close(0xffffffffffffffff)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
io_uring_enter(r4, 0x4af5, 0xaa2c, 0x1, &(0x7f0000000180)={[0x4]}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_enter(r3, 0x799, 0x45f8, 0x1, &(0x7f00000000c0)={[0x3]}, 0x8)
syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:23 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)

18:05:23 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x529800, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f00000000c0)={0x2, 0x1, 0x0, 0x2, 0x9})
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:23 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e23, 0x7ff, @remote}, 0x1c)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:23 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 97)

[ 2548.296149] FAULT_INJECTION: forcing a failure.
[ 2548.296149] name failslab, interval 1, probability 0, space 0, times 0
[ 2548.298590] CPU: 0 PID: 13294 Comm: syz-executor.4 Not tainted 5.10.178 #1
[ 2548.300033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2548.301782] Call Trace:
[ 2548.302339]  dump_stack+0x107/0x167
[ 2548.303089]  should_fail.cold+0x5/0xa
[ 2548.303880]  ? create_object.isra.0+0x3a/0xa20
[ 2548.304825]  should_failslab+0x5/0x20
[ 2548.305627]  kmem_cache_alloc+0x5b/0x310
[ 2548.306485]  ? mark_held_locks+0x9e/0xe0
[ 2548.307323]  create_object.isra.0+0x3a/0xa20
[ 2548.308235]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2548.309294]  kmem_cache_alloc_bulk+0x168/0x320
[ 2548.310269]  io_submit_sqes+0x6f76/0x85c0
[ 2548.311172]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.312193]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.313188]  ? lock_downgrade+0x6d0/0x6d0
[ 2548.314064]  ? find_held_lock+0x2c/0x110
[ 2548.314914]  ? io_submit_sqes+0x85c0/0x85c0
[ 2548.315817]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2548.316839]  ? wait_for_completion_io+0x270/0x270
[ 2548.317855]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2548.318814]  ? vfs_write+0x354/0xa70
[ 2548.319576]  ? fput_many+0x2f/0x1a0
[ 2548.320316]  ? ksys_write+0x1a9/0x260
[ 2548.321095]  ? __ia32_sys_read+0xb0/0xb0
[ 2548.321947]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2548.323027]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2548.324094]  do_syscall_64+0x33/0x40
[ 2548.324872]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2548.325929] RIP: 0033:0x7fb9cdbbbb19
[ 2548.326696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2548.330471] RSP: 002b:00007fb9cb131188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2548.332234] RAX: ffffffffffffffda RBX: 00007fb9cdccef60 RCX: 00007fb9cdbbbb19
[ 2548.334079] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2548.336156] RBP: 00007fb9cb1311d0 R08: 0000000000000000 R09: 0000000000000000
[ 2548.338223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2548.340266] R13: 00007ffecbc9e90f R14: 00007fb9cb131300 R15: 0000000000022000
[ 2548.381649] FAULT_INJECTION: forcing a failure.
[ 2548.381649] name failslab, interval 1, probability 0, space 0, times 0
[ 2548.384738] CPU: 0 PID: 13302 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2548.386397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2548.388323] Call Trace:
[ 2548.388951]  dump_stack+0x107/0x167
[ 2548.389823]  should_fail.cold+0x5/0xa
[ 2548.390734]  ? create_object.isra.0+0x3a/0xa20
[ 2548.391808]  should_failslab+0x5/0x20
[ 2548.392702]  kmem_cache_alloc+0x5b/0x310
[ 2548.393663]  ? mark_held_locks+0x9e/0xe0
[ 2548.394629]  create_object.isra.0+0x3a/0xa20
[ 2548.395659]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2548.396835]  kmem_cache_alloc_bulk+0x168/0x320
[ 2548.397925]  io_submit_sqes+0x6f76/0x85c0
[ 2548.398923]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.400081]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.401293]  ? io_submit_sqes+0x85c0/0x85c0
[ 2548.402354]  ? recalibrate_cpu_khz+0x10/0x10
[ 2548.403386]  ? ktime_get+0x158/0x1f0
[ 2548.404269]  ? lapic_timer_set_periodic+0x60/0x60
[ 2548.405423]  ? clockevents_program_event+0x131/0x360
[ 2548.406651]  ? tick_program_event+0xa8/0x140
[ 2548.407665]  ? hrtimer_interrupt+0x771/0x9b0
[ 2548.408698]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2548.409971]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2548.411143]  do_syscall_64+0x33/0x40
[ 2548.411987]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2548.413145] RIP: 0033:0x7fd673b8db19
[ 2548.414014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2548.418219] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2548.419950] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2548.421568] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2548.423189] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2548.424791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2548.426427] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:05:24 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
sendmmsg(r4, &(0x7f00000022c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000240)="34a0f0ff1a4b429c41dc5ee54f71254470f52a63d04a00e7c041bc9e9456ea84ae025ba1e99c754bf804286d4f4a546ed3b3cc8cad09cdb7498725b4b4a00800c4", 0x41}, {&(0x7f00000000c0)="7b6e517be6dbda851cddcc7d5b64d37a10591d3960a3db59235ea7e0b658f3292da10c313df0663b2bc2c823197699474a36623cfe2994540e5a", 0x3a}, {&(0x7f0000000340)="35f77b20352f7aa271cf91ae709ffef09e84b2998e68340d91ef6266a2bcca20ca79267a3305966fd2fac4e0802adaf4e229c82f88c63c242d4090036c3eca374cacab245ab30e7a7625dfb16d22917c5b2f7d1df5168941339857787b87130c9283147e60a7ed075a3fbbdb44d5aa1abdc890478c74c23166aeb41bb7d72739572e6a36967e7d1e4e980a3de822628c026925cbf785dcad6b0ef2d3f3511e1c43a05ae47970725ce14ade3fe6b4a22f6d8f6f9fad3bfc04fb580bb1ec9d1d6809", 0xc1}, {&(0x7f0000000440)="2201a72aeb62c550e93512ec1c39247af3654e740eee9cb81340c3e6acc7ab91c300eac80ef78e1bf73aaf7c8847c56dde050fe7b2c6f7453409b0061c637a9ba93669955dfe9848ead68c9eb1dfdb5c0d997cc7a4e3eddda230c99faa95db5537d54a32a5bad66413b2101ed53234cb1c715d82fa5235b30527e5d9c3e4614b7851147f6fd33182253388aafdf0808eec275c89441c0a7350a46a601ee5d87b11c062f9812cf5190879a9a53eea0a8ca40c9eb5c8dc3f76d37d2997b13cf0d5759bda7962c09b9ed7b15e247551077424af1a428dd774ea56525edbed6fad25d5c166adee0b73748df8893cf16c53968634d1ffb3a0ef26e9382e14", 0xfc}, {&(0x7f0000000540)="0b0df269363b9473dd942d74c1e610e11e33cb4196c824ff4e912b6ab3dd1c546fbc90a62bd2f43e0ede58b0b8110f97f691aac12c85ad8be5067ce9b2d7293062e329fd130f20164199a2dd63d2a81184686180f1bb12b23951eb9b09cbec5b4aae897f58a12affcbaa1f8c2d7325a634737036ed0efede340cf3686912fe5fd5d84eaf4ee9357ef87b29415b720a2f98adb5503d13c4e28cb3ccf5bda17911b6bd67c9ce59d6cb7a134e9409e4d07f67e3", 0xb2}, {&(0x7f0000000600)="e8e49398d5d399741f65643d913a7b70b08dbdc0a1ad720bc1796c799bb2bf08baf3c408dda2e9aad020756228322991686c89e20de8cfba0a6b8ca23b5f029a454684eefca0051cc005ebb33d733b2b3f6e7b33fc9352ecdd0a6b3f80cf23cfe5f0af2bb5bc67ccf05047789cb1e98f2ed262e771f3b76c1c02e74bf5993e1239c5c7325ffc75f3596cf310660406a37763ec7199a8ab574146c9dd9ddf2df96c1bd103dfb60be6e1f4a534850f8b6c5480629b6e64d8b842f0674faffcfd8d473ee2130b6e0538f51eb669355d3945e59c19d56fbb6ff0b0d76c3edbe7356215e07ab2022b305dbfeda6d8cf174aae3bac0d", 0xf3}, {&(0x7f0000000700)="6ba69d7dd61e4f3a2e6eb147b36dabdcee3f9fc026b63d2d7873aebe48a64ae6f16fa6533181aeefbd76c3e540c3e7868735f022c5e5cbb0312fdbeb75e93c", 0x3f}, {&(0x7f0000000740)="9a51ae628984bb6ead72e0d9867848ed9fe3e69e639d5884c63b5f8c68a6454306ca9290bfdc2904087ee54fb0252a0329cddfe0da5a498690818f87dc13e0dc1ef8c56b28b7f37767a3bdb83acfcea4dbc927bd0d5b462c1eac39542ae9396660ac0279443804b944668ad5a9c7bd257af452d6d00615698de0f966315478f1f7c213d8ffc7a6539053cef4c6d817b5d5975f23df5627d082854cc06bbb2717478c154813f78abff270812051586e4719e0394f67d8fb45822c221455df8f0206d1720e394f0906c0eee55eb9fe483792f8c784a8cf92d098b1125e8c370a616445f5992773", 0xe6}], 0x8, &(0x7f00000008c0)=ANY=[@ANYBLOB="e0000000000000000c0100006600d5f1a2a84500005e3ea7ab41ddbcec29e2fae356f214da25d9ec3f1fbb729a1bed45f3be7828b63123ef5fab076cc95353154479edf4271a812dbe1e4acae4319141697ad33560011a64a96b0723cb3b4dd992c63e86fc2330eb7d95477b929962037a54896c29c6bdb1fd935aed9e52485ce4f085caa0098ad910686c621c10f58c72a29b36f52f05f96b4c6040ed80644328c0998669fcb49a30e533d2a6f3d6fb593d0bae22992069423e3baf89e957d426f23b3fe77e4533b7bde255bd1e69619549b7acbde0ae80833b9c7b4c5a9a0122dfe21bc8fdafaf8de2bed72e08010000000000000801000080000000ab05f71ec5bb5d86238953c391b78b27f9477681a55cda0f7bc51dcc9270ff801aae2bf761b801238b61621009a3ffdbda4404f105c0538826f4dfe81c87a1e7e5f88a8ae5ca29f1018bdb6821d7c06c35ca56a6f8c1045cf8e698d0155a20eee4d588f85da43f00b1011d1b5171c0b8daecb61388b111bfd289260c8458200e427a122bc4c83eefef3ec5d177ac5803abf6e3725ac0f6cfc5ca0b42e9f729dc3b720bc3fddc201c16856cc20d0f4aac9300dd680fc50e2def79667ce8c4e8c203b62321fddf7aefb0034a870dcf9de295f7470f2d85b4e1b4e3039651d4df00a0000000000000000100000001800000de44ff5f4859ba61554352bc330a8304bfc5184cb15517502cda468c22871d27cda876de5f5b3b30d8f4a9b88c9563c2228120ab72a5abb3bb7f51bde0152aacddec4b427faa3b49bf771f8d7259f432da94eb8a17d66044dab1586ab833ba722539c85ab66e5773d0da77be66e37dfdfb14e316cbf3069bd06a55dfc6e1e4bd145230"], 0x288}}, {{&(0x7f0000000b80)=@generic={0x26, "f6f4660c040a18c037c56f056fbcb9f226c417b54806c1eb0092b6fd169a068f05f6a01b76ca21a75b6af0173201940c6edc7f7e72af8b58a88ff3f4bb0554eeae80b572d2bbf548b5afd944b0fcae4b7f998f338a694296ffa690bd2aa80593119af0b35b8dc5a2621894fd9f02341e889720530fd7b35f82b440589d54"}, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000c00)="95fb6eba0ded17993f3fec94ffcf720efe4905dcda45360a0c281708f91187742cf32811afddbd83438b54c074b16a2fdea09fec5941af54ac97afac06aa84e71738775113f795f171aea12a23d5913d806400aa3b188213d7d57b8b240540daf7d9140e755eb41506a12d5517a5746a30ba0ae6d5c3d4a5b884477d7793d790667e395440f9f842fabd87438116cdb5d242cf61beb8f9cacbfe5654890880e505991e8eb948a5d1b6af18b722", 0xad}], 0x1, &(0x7f0000000d00)=[{0xb8, 0xff, 0x2a, "90c6fd8dc1edc1b61d70cde3e3f9ca26655bd9b81ec89f67a276a6a80a7a07f13576c34b2a9039420b9462578f5aabe2ce84a5b3b137ade2b9e884570bae4ce0b289748863d5e6e04ffc1bbc40613ccbe170b50f9da5d2218a4ed61122ea61a4b5f2940bddc4f48cde90be17dbc6f99df05896a1b2a80ac500b19cebf041e0a3fad494d3bf592dcb9e400f9c055211024afd401a21bc7c11d810e2a2c6c6f257fe"}, {0xf8, 0x0, 0x0, "8e61733311ac6418aff8668c3cd731f67f6087ab4de11096f6324a46e5b6c3c20e172562bf903ceeb26502c0736c2ed4e58359d11dcc1d326f386e06fc4187f78053803a55c925647f3e4be9171b8acd2bbb9da9b6b4888c36567e3ada209587606bce4d793278900e5f3e577701efcf272dca4bfceec11bcb68ddc33688d72d127b1665c36c2eb54c2c0b52eb7b3ad5c29279f196e9b1d86ea01c7ed2df084ca900b7589fbabbbd3107e738ee2e8e6f42f0d6c2954feb4b97e387ca93ee88d16493860dd136e13d44261e75205bf4326f4de8c0e1590b37e00cf22f784b6ddd95ae3bed"}, {0x90, 0x1, 0x200, "de99acf00e2f0b78f7933c89dcca6928724f218f5bc5c1c90c1b6865e35c6caeee9a898b3b0abeec8cdcec8f9decb4ee79c2ecdc6cc1927bc5d5d3e9323ef87217baaed50ec63bc0d6c99d7a128763c4c65631fafc41a2af6ff09c6eb1375a0a0b5728fcc579cf653f76175ff88c7a3fe2325dcbffcd59fcf667118820b0e3"}, {0xf0, 0x113, 0x81, "78abb7fbe71122eb518e7d048fd09eaaac24f540d0f7de796cba4c74ae9a52c529e1a4c4dfa6784291a9b8ca2790c7967fff081016c859ea7380404a81babfc9d4f9a44bff3d26d3cf8dbcb547244f02506afb91fe780d9d0015c26b57019051afaf62678995c6dd426cc3278fdd94bd29dc5a045562edb9e93a0512f3afa38b79915208ab9b9bda0d2dd9117c2d0630e15cfe55b8fe83720bf1ff7bb45d18f92c5a703bfd6c05765085d8fb17822e8e949a62ed668a64b32dbd0fbc671098952c17fddc3981b4c000e610103801f1eb5af6235f74a6691df8ec533fbf"}, {0x90, 0x111, 0x4, "8b39a92a917e5ea50354372983faa06adeaaac0f63502f40adf63fe373f181527bafa506e078b5233551e4da8ce06a6bf3091eacb074c73fa5a6eeabedc1237818cf35dfb1f3ede53bdd456b72ef9a4421f8453244017e0e01719f9590718196a664a6f9d059e1f91740d6e974722c0771d0bd4ed780af021339d94128a3"}, {0x20, 0x10e, 0x2, "e23c2be938291c0eb8732c1d"}, {0x1010, 0x104, 0x80, "4559a4f5c243fb96db7aa71fc24b9c715e6f5d1924a85fb5d1c3d0e4cfb94c85914341d23dc0da7b8e19874ea3aa4b54c558a99010db23745d07df07408215c652d98d274ad78fb44307e6c77dbbd32ea5ce30f28908cb3d7bc824604cd2c3c7f878beae1d4cda3534db7a02d70984f509c64467161e5b4a35a040ec18fdbc8c474a6c3f8b2826022ae03538568bac30288a75e1c6b642539d47d8489e52379c66ef4ac05b1f6463ad56de48b5f8194b74de480544f06a0445336ac0ab5522f80f20c59f2f3b698f97212283ffbd8a70ab70556c49f1cebf71c2f7d1d185941759004ec2dea81f5aae372e1a111f81f4fb2cade1f212094a36c3e1efc9dea15ea0622cf7442c5dc678139819fc6f08408cc69aef777d03c46ad51ff31e00717040eb2b126049f862063cbe61e347c7e985a705ad2a3e502c2a3d7ceed838712897311bd11fed70e09e3a61e45da26fcfb08cde9f1afa7a1b2ed45aee731857ad3cd2a8426fb70ffc1fd7c679184b5635d3e97839627a64d4628e4bb5ff440ffa458e9f3f7e994ceadfcf032d52a26270b9045a28a69bc0bb2f41de1272d83f6c310e9b8619c8a72ead936b38bc45bb55945343897f29ef5c814280fa322177a4851e08d984a3966d597c5dedba4bbf01a2bb3028f05e7c1685d705967481100520517735e4fe140310569d84b23cf1882077acfe37a5e7c4009de31cdb34989ac3300b5fd5dff745277c2f54df6422c257e69471f8c23a5e3718a8288a7d05afa432bf6b4958771a0540bf93664a07e340fe3a0393104b0b9bdf7de7055ed6394af2eb7c65ae4b33685527b417f447299cc34fb8674fe68470a7200992b2bbb5285481a1e315905695d6f31d390f89b51d99eccdeacf6de1c0efbc953365d0e77815bbb5fa3df6f2edeaddee604a99d552ef1faf1ba20daaf1bfd643b06768b449462ba5ff365003c315085ccd4506e43b6201248ee50522f6d2f3b70a800db3cd530160d65a5f2337fb455804b617816bca851ff8dfeecc0e996875eb77d7074c0ffabb501760a6f7ba0f5b2121b2389095323dec2751b14be89e3bd6ead957786b38081e9c08941bdfe69914f4800d780c36505040e43d79923cdaa9015c32e31c85c3ac6252d2805a9ba8e614eeb120fa9f095c1717e8ddfc129019fb6261e38fc118abb26afa42c9f98e078653d166f8d4dd8e6ff881f74a45f193b953e78bc8ba93e5c5155f9709c01c799bf2487cc344f81fe6dafb2cb4c9111dab7fcaa149ac4c16e231731d7f519fddfa4e568f7ec2e6f44b6921306ad9b527d17330076ec03e9c8c83ace553a333e52036194028e645a07a517ed71d047b7425f242b7e3a470dc9ee225fabd4c0c0260b5e09c468d63da3a2ec2b283b1449c13b05d100a0904b845c9cd9b11c6bb184de8910ba637a15710d290e8d5cc8233608ee3472b1c4c059455ff45b6205a81923f6daabbf5b8320ef88ad79bd918bb8c99062b81e6baf4e7ad3dbad680f7256902ffee144576212978d7a985f0102af61a0e0397308308711b273f7a81c5cc0a8483d9908ef8be92766a9726e5d4c39f2117027257aabd86b420fd269e2455b67caacd1f3ab35620234c7740324a9a7f4a977b3c2e8d519601df3ceb48305c258ebfc9db4c405c62eecc529a6656feb43499487bfa28943f7ed277581ef1aa6efa0ff45627288d8310f353065c36e6a0d55f6dc2cac95b31d1e754cb3a3e8bfeda10dca4b08f3f497fa214b6538071d3482ef658fc87a0d12d1cac8f71128f36e9034c2fb925a7c6efbb8d72557722810132d8364c37d7a71496a5f1319ac73a45c9464950aa320bb74cd1396e2bda8e450dc1ab1ccb13913230861cf4ddced20d04d0b0a0de99e2b3bcd6234c6b6efd704e0ee8d0958d82cf7092b9e11131dc2eaaa435d41cab5a226610ddb657b0a561fcef1298ad94c727924a7dbffac944ac992338c3a8eaa1c32db23a014825b2e85fc753e3e715a9f2a4a712e9185f88306a921a458aa5687fdedc4f7b612bbf86714f8af4f8f2c65c31964b296ddc51859a911d5989978dc1751dbc49b2aafe5686d8afea0ceda2e2a8fd1422d5d1d9e95122b2bbe9b0352cfd9b1edd58e90ac97b5989f0c77271bc9d216556307ac029d7acb93ef0d20af35e87854599e30266f0720d6d56b12a72d50e31a63a97599a425abe7cecb12826ecb3a96da6bfba7cfdadebba2c491430b10a1e46708b906ee2534e0ff7064253e4b3386190f17f301e0edab5582363af4ece9dde64b8578e7bf5468a27a66012b8465f3b1572bfc076d6c082dab00059681d303837e9ef130bb8e4cacabb8d51ff2d23957b87634ad71a09f2b78f98de7e04323127b128b1d6730cca05108e819b2a9723130f79963301c29d4dfcc08fbe595d14486baf426001dd83b28b6931f4577c20ed0cfd68870de9c716104badbf9cbbe09e6826a924a61262412c11ef5ae92f5fbc541c71648e503f0c7fb21569e8e34e397d77ca9257a5c94d29603d0e3787bb54e4af5a7253a7e1d32f51dc6ab6a577f008de125b479935fbd9c21ec6db6a678cdb6db808042588d71d820f7bb7eee7f8a59aca59a15e7afa76c9b645675d9eb843d4bf653b4fd5b0c8345f0074254af0c6db827c4dc8ff5c1e131e3dc1231401e5ba8966b2427d61cfbbf6b8a978fa034fb88907bf266bb4e6674d2ba18b5b13c52ffdd5b7d4afde5cedbdd71c2101644e95671a88bbe88c994254b5a1509ea0242277c0bf44a25787dffe13540ba854f03e243a69d6df48a81e279f9b0fb5c5eecdac32729a8a1879b2fb7c711777e931b8978bc0d091b1b7d47960f99d0406515186707789f978ea1fb5966dd348be458586037ed3dbe474ff91f1b864457af804e9191d4c9ebc148691d35961f498a66a49ec8fac317860f1c6f927ff5821ee5e65ea0a31a6229ebc6b1bdbfe403966c4bfdababf0e390d4a80ab9a9446d1026e1524e29225ed6b3266d7abbe8e19796cac6c1e7940a8babb92e686babe2df32dcbf589bb1eb18791e92c6e675eac5a80fce4252f2e2f8af6a7aa62161eb9beccb536f27953b4c816195749e7fce7a334125123c6cbb620b0d2710f7db2f3e37eb376f53e130bef499122537fb556f7b29d6c06496b49b89a98447390211b14b0b4fafbebb09049018645d0d3479fb502d965163d6545a5cbb2299f0792fe4c7c8fb295b387204996527d932bc5b62f0227fa7d418f0a066bbbdf2e90e75738dbb988c61c21d7a504bdea4fcdadb02a3b64ebf6a0ff2925467ae94f794f01960ef256d557c242c40eb063b5089ec04897820bfd6d73d3338e17544b3abb9556d7294d2bf9cc8eeb22b3688fe9cec349cc016dcaabe04f4da8409e5f671273c8d3deff14ff4d70f99626488cfdaac70c0589138ebeb6f873a557c497d6f43a1913880109ad064cb29a715f994a0ec354882557946d73c97d7e5b81b5e89f3fbc63994da1f97694ea7fb046965a6e79ce66fb003ff49a321f0e86524668809b10811950af83ab3b04ae5241bd6d9370d39db87421669f96f8972c28d02ce60cceb2d79039c61bc23363a3ce4ba16be093b497186d7d3f20639e4cf3ce31cce9d8a6c2e73e1f9916e9057f10ebd7e5d7955c16225ea565c9f6cda458fa04929b7ed76dd68680b979dc21c2ec00c66380b92e9ab22767087a163d6ea901b90fef11ce08fa95f7e55df2e825842893f9001bdcdaa72107de408d7c146bcdd463c7c732e51fba6867f4d6df7c9a0053ffb9dd12bf6eab4678ad61bf904e48e41e992671ef934535e155b5dfc133c2d80f5afed9ee42c117e6149632460bf4df1b11326aad07e9ba5adffbe356073f430118ac68cfb8c7e1a131507c653601548761a79a5b84bb5ea522c3083bf4b9a414db1b0d653e7fddb33631ac59b457db27513d88d3aaed741a68ad11ef760fcd148a41e103fa57057c3b7205d4b34cfd944e5e472b8c5681892f69f4c19f738488c49c7613c831aa6851b1814af3a00cf2f9884a57120e0f36afcb7d12752c41a3479d583c8414ebc65f448e4a62f393c5b0fd49e13065ae88521168bb01d5c66f3ef139c9853c2401ecc9adc853140feb32dcd464a1c443de84444a6663387a858e032c1edbbfb9918d3a50c8cb144f5596c8cf6995c56d883cbb11234656e6a46731a97ced00b80814e3cc330c6d7e6e65312826193b8da5d2374a9ad5f4c3a364dd33d777b3c90aa7873c82b56e52b6c9ec8b67e3b714519ac876c5f133ac1c946630ade943725719c71bcdd3caadde2eeea30e6eec862a65d0a30bf2ff669f7bda62e06817613e98e60992a45eaf0dd0edda2fa5f3ce9966bb234c6b0dba7763b459476a80f1b4a93df0460707f41f9945b6c6c24cdce56d0003c30761337dc59640be7878aea62e47f7a5e3a1134d72f974e8764a2faef9c2e75c95035f73596494614faea5cfebf15d5c8a32a1b048e5b42107a4d53bebf249beb32bfae6808ff3f7c3462a0cd551e9a36168ca1503657103a45c78326daefc3cc89278d00ec5638290fccee89e792abb24ff66d6b63639a312e4e616fafd08505ba0677e89420cd048211acd334e4cb667a9588a6b97c35292df1abee08703d782096e0b94dbabfa132a30c2b35a58c50ed55245420556c3f21e24c70cf8894e90abda07dd07dce5d086d29bc09716af00d11a78d1e68769ca2371413a7c3d10d1e85fc8b938bd92f68694ffe9e320594dbf951c1efd10de03c8261378b179e4ffab1ccf3aa6aaf446a0ff12161959b81be38885ba4e6aeaaced93165340366eb5b0b69e8e53fd6f407bc66b20fe979ba89398aed2a08f20b8d038d438dfb2fccf0ebb654cbef87d52b20d27ec6d3d3c5ec01df36fcbe60506d27dd9d852645ed0a20b12b35ba1f5179022d777fbf95f305c5828cd58a693e83e8420f907352b90eb6fa4c8f0ffbfe037e5d3dfa8c55c656b8c9a5a5ea7ad948b009e127db5afeee22fe68d97b59f124b71a7f8304fcfecd15e04d3644441bf81b26c7ec47d9e1bf57aba77eb8243c4ab2739aad82c96bc0e194039052ef6215d2ca5d20b32eca3c3757f5505bdff1c942d19c876fef27e249f29b445a0a14a0bd82ec760a8128df9db29834eabfa22751f40db947e4cafad8a4abddeb519e0ccca65e3ba254cb78282045f1d2fd3020e2b2bfd5dd2dbcc65bd868b6982a2620e152d26434b02a8630afc632ce8f9a1a985e1122926b904c32d54ab0284bbca2f977a27f030459d923de38aaf895f7db478ab20d0f84800e3f07e0b2844183f463e1b9a5f588e638fcfb18c61baf5418d0d70115664bf5e329bb8897c110763b572d1c5296679875f510d294d566af4be98d5f0fb211618b9f7324cfe9a5afb8b7edf56f56d186265a16dc936e7d53d8d6950e6a87fa29e81cb31f0b18e9428abc12236b3298836248ca38246d676173c2b5ff41fc19a96fc4ee017195750df37520da0cc4e80fbec2f3305603fb3cb7acd8b892025b7e8e03f1e2eda129e19473d2c3964e20ff789b568529ac385a0b3678bfcfa69251ed2fa54eae787f9f6744f65a73a6da4c42c2d77bf49fc7929f70eff10469d98c23d7f29fa730bebc2c8bdfd938c0e2565209368fa55f7cb5bca42ae9481a94b282617f832f49a354c10cbcbeb573eadf8b6817fd20997859306b15e1a32fa0022fb3da2521c8272c67a62464fc35333cd1998e77682fa64b971dd5f3e0365c539a553c0d810525d3c72987028545af1b923ccab8eedf3b1ea1e63f5da4f549e74ba8d6fc570cacf13"}, {0xb8, 0x91, 0x3, "cbfc0f8ff3c3bee70229f46a0217da3ddda9cfb07cc5e3db78ccb86a9b50df4b3ef09c3b525af103984aa1ff347de64c5006bf41ac629bb709b01ed7494080e80566fa9f1d11c9ee6e8191e5e2cc583a962ee60de993525059a8e6a48d238d17dca62decc86356e2bd5fea46840126d660b9592b929e660277a56d2d61e209989112d8bdd3ef6b5146b06fd897252f2568b9cd61cdab2b771561c79c43773bc929"}, {0xa8, 0x115, 0x7ff, "a934d8a26535a2632df8a0cf3a16241c4b5b756f767d57f7fb6d43eafb3dc49351ec054f6e4802577788dd70616fd012b41db940209c5ad5a9a2d7d3d30533f82839fe5433deb72e446c1ad180650c5d2132c0b9bcda324228c6b01032f7d4243ddf44ca327597ef45d0e8345994e9299aedcb39ffc0e76a74f82fda1227b4f51a2f3540ab09ffa0f3c7bb3a7f1fdf8c9dcecd"}, {0x58, 0x11, 0x401, "830a62b79b2eef31c4a9b54c3544f7a9210e2c4c5a57c97c0937736969b0f8c5dbdf312ee42b2729d9f8975b42fc13b5c1528daff68670410cd2bc95dd8a4386759e0e43fd74"}], 0x15a8}}], 0x2, 0x20004004)

18:05:24 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x8000000, 0x80}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x9b)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x7, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345}, 0x7)
fcntl$setstatus(r6, 0x4, 0x22000)
io_uring_enter(r6, 0xe, 0xcdb1, 0x0, &(0x7f00000000c0)={[0x6]}, 0x8)

18:05:24 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
perf_event_open$cgroup(&(0x7f0000000880)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:24 executing program 3:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x7a542, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r4, 0x0}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000001, 0x13, r3, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r3, 0x0, &(0x7f0000001e00)="18775884eb5c6977d4b53a8e05090a20fedda575ba163bb05f2820793685182ac27e0287889efc55b0f2cd87fd52e79677d4b65481f3223793d21e0f2183e2736605919fdcc2d1661f4d3ea0fede6a5bc0af5f97df55a88ebcde4e13ddd63ae09997f2b61ec9635325fb1d86e223a50900833db44dbb881eaf968d6cbee0cb15a9ae9c167708f6708af369e5012aadf3efc6c391b6295915ca98e37655ca8d8006f0bb6d19ab61d94408b46c45249f3d5f985882cb6160a23d71137b82d48376f8c531539b136bc6fe63d8ac8bdd2b4c6e2db3d17f03906f8ca0ab6f9342745e61ea9e7cf60252e5e79e792f23786fe4eac12f361b654c472cc9ff0feb9a0a21fb9a9a98b56ac9808f2b93cafd3a2d2dc3f6eb076b414dacdb682293a2b678948baeb1592201e9136acc75339424ecc29904b5144df9291c3ad6dcecad2f36e310af836f6c7cb4b0ccdec02883819f2132b2e589bb0810b03f0740ba12a9f030aa3c37703975ade5df4665620e4809a1df62ece0c8d6975322650952f448bb80c5011e05bea782d3981580f83f13229335296ddf06922c6c85c497071ceab854019cba0c231c9510998f23228d11188102bdb343eb2b23367c8fd0297564a43f9fe13a891679212b81a01df9fb1277939d2bb7781f45e83724f17e73df5c1cfe0a7b387f889580ccb59cd34c525714ec4eb1fa8c7104e2e03018033ff3a89da52d8dd4547ac53c7793299442617bfacbeaff6c567031c32275d61f77230255ef7ac755b18842dd2acf0cd40a55ba52566aa31a50e3c23ec4eedc906f8f830a64ef41dd160d63a45b158a5c3e9c1cfc115707b34b4c56b53bd597a6fcfc6954b7998b37d0e5247fe5667a9645c41dc9ee0e50b2f28674260c0effbf9be82773cb20e2ea757ec42c4745efec06a5dbde33547b559ff8e0df16a5b725a27b21878999c7c84aa1d8f84cb9c36495e58746780360349962ccaa52eee7a200f8c7f1b118f473d20d4e7e48329915b24d1a6ea4c2dd9687449e98d1c10f0cdcdac72820423a422e8015b5722a8ed6809e8d4f0bc5cd0cefa9e1aa4b6498122817e0d71bdc091f1438d3de27e8e585486392e6fd3e860fa0b5db6879e9a7a41717e4f2f2911c53076adcf7c1854d82ab544e4fc31d2e98d4b518b26acb7b7c674cc918b340081f105336a72562670cb3e7ff68f4261e77f97c59aad124149948d8a63ef7acf1a068b515d645666861a436299717ae8593a21233d05b4d880d39fc3cb1549cc0a9d5f3708890d9833354bfd5e90cd0d5f6376ea8e1661e21dc9a36dbbfefe3d7eac11bac91acf465dfa8231b43b93c7e508453b2883854fa7e773ed5b7f0b43bd06d0f0fb28998544ab1490268d11404d43ca9a4a2a0ae3bec0afa099a33a5e1e2552fc77230e742074ceffc5b5e49af1949c0ad823b36c195f26a56e150a87fd9300b3ff243db87bba03a3061d9d8904d0b3f5b0a5ab6b80efaad08d186df780f251ad606e91a06a0a02a8e77901e4894724d52131cb304c16207714d593e55ad216936e467069ec8cebf61b567653b9590153516d83e65a6ff5c85a59582fa73f2bfb9d13efab957fbc4d37229f71848109a79384c1c86df85a78b1911de03361be5ef5ea068219262f34e921cf8b7118d973234776c69f3c2d8ca39d94daeeb039b1303f6f17a6078b732ec17f696233718d1e866439b62dc1277d2dc44734e36a9d397eeb2ea3f439408c3c641662d57e2351bc08958ef33d8bcce88b3ff795201d6ebe7909a4291e5d93ceeaefb81db350edd17e80ce4826e7785f52512faba21b9fa3cff9b577a79b0cfe4b1dc193bfdb691e12b7e88b4672ce279cd4c625a5abda43cf4cc6a5c141bad9463750054c4b2a7c8f827e27a6852afb9ca6077158803c43daa898560f0567d12264b4457031482490019c7e0af977c9271854fce64f45cffbdc4ae0a924382e31c929a28cd2733bae69fd16edfb6c603454b20b2ec923bbe999f3134d4f64f364077d8ec3397592a1ce489df2c0c01d22517c864c43f5897de781ddbc140bf60f8c5a8685d46e4280b8ac3391ff52a980996ffd94def174ecea5409806a98f8162d716606a7a2ee577bf233b7f465d6086eb3b21c86bc5f444bdadaf08c2c89f5eaa36e8fae23c09096c35786da5c81fc699bd9d88c6bbd27dc7b4089db130c27376974e6ca9f24e367d12965031a1841f824a294aaf402a35762fd1b6d0fdf67ea2890cfefc5e5277e1d66565af4f537646cb2f1c36e38e0b0073d277c3b1f969e3a938c30a3efbfe3f7cefb6d2a72592ff7c5096f5575dd1bbb9011011705422be908f2a6e4e13b7ccbf5b1264c9615c2cb7b5ffd4114dc18640fbfd5746e44cdabe6d05ffaeeec25b0139a5214f8d8cee99422318ff60c9e5b34940e274670dbba8dd9adb1796fc8578796166d6415a6bb767212f85dee26286870c921f21b151a69952853b33d5ae2ae72420bb6e8499f3fb50c91a960609221789116255189779d353fde2325d387f8579429b164d49add2fbfed92d8469e5ecaa5abcbeb6ead0d56f702dfe6edfa4c680708e7535c2ac40210497a43975c0a69e14f7e2eb4dd92c5e656fca8324aa088e8559b0f5f8f58ae2eae4efedba73bc3ea19efe4ef722013efa4dcb9bef82e149fdb8d70b649ecaf1be463d9655baf5a086b65802ab3a790627d683db5970212df38a3ea18418eb4dceaa43df2229d477c0f82dd75c807c67a79d0a74a301a84eac111045c3f04670ca3d587747bbf28f233376d9d1459c56a561ff7990c562e0bc74e5ec5d890cd1f6dad55bab8f0abce34af2d3f593858f54e96b7eb3d1653ed296646cd104932b8d43d5d307e2fedd7356fbe65d852693aaf3377b90e94f248be4886de0fc3d13ab94c1ab7a1441c539a293dbf6b10b18e026e4b848a305e1d4f3c554b5c31dc486bffba3ae77aa700ff1f04d4c2316ba50e90f645db140edfb757ecd276ea298245ab48730d4b3ca5724b75a2ce1ef6d1ff3ee5c2232e06106c165970b94aac8f9cccb934ff820937abf2c4da2b20b74e30c7cbba8ec0a27410ad6da4cd4842847520cfa0b2b26f22be909e12a9016e7ab212224b5878e83c7136f74a28b9db24a35a80ae876796cffa57af4effbb450aec53b98f33772c43648c6755521db92ae0332bb3392d673511196a37decb37b200a92a21a07a26e8545a61e8baa925aa1a2aaf2beaecfbd84b7e23f2a3e0993da7b0530d44088202d01e3e9809fa83e920bbd1d2ed9293199f3f24315be96192a42914623f475a89c7afdff935ed33a9dbe08473fcfaf9701f6a417fb4f16a2ffba94aace959cca2b7e7689404774dfd5e6f01987753b524f508d1646fac29f7b57b8ec07b54ef5666d710108feddee474d7858410fdd3a1ec5784f68e1041bf5f83baa3716789021eff5eff9e3d40f0c8846f27c4f8a1f1f24f524b47933ea9811d531a413b9ab4cdcdf01d6b47300cc9b0fdc9771c53022c5616696a3ca970015d1988dcabf7625d6b1df92b9ed7297ec5c9152e9d8f87b8f4b72b0ce28036932df8c2b54c0c9fe90b21bbb6839822564e9b4cbef7e6267b31c039f071139f7ac174ef366fc7cce95fca52f71afd4d032f34decc7cfab54a3dab42f1df64ea092844ee291bae6a67edf50cd22908df3009e3cd52eb159f38e4ef39218ed2824083cbb19a40d822d6563751b8f7ba4e5d48d9c8ccd730f212765d40f67db1ed30c628102d699c636d7be6d12840d6e333c023300487b8798fa4968b31417bd152b06c0fb47f0b22ee4192e1285a58adbf19ce922e2868882123d4112109d24f81beca3a3bc3c85949df21c92561258454c98050557de11d003360ce3c62292f4baf7320f78d3ccf1875c6dfb416bc464cba82090ad5d3a36512454929d2ed17f13a7057d5d101a02516a984735f76f56752ceab75246ecb30871ddacd250e5a448899f3b5a734576d627bf8f3cb95c6fa0b6ffc46cd3fc224989eba1e3c15d990ccbe7855e8b06f41a182fd60bafa551d24eb7e0b9050bf83c225d3c809eb19786a3b943789d379e9aadd99d25738fcacefbfb6ae861923a10a58db425225520eb0562dc14eea0100411e574b7a66e299029905a2b0833b9291bd32ca89d38b0c482252875f1170296f9dcc6864eb47c1d734590aadef2a8d2fb157d2927a545709b6a7fbeacb106f99b7d8987f0720be9347318de0e8cd622b4381755f68daffe389fbb534d447f42053f0bc0b469df6d123941ecb3f1916ad6c44eff5d61bc9f75e036093e7f292b401e3766ad3a59c5062354087c2f3ef7761f127a208f812ba6d1fe71fe92c8930947921fd31c80b4242010018a950bd73dbe6259d4ba71403844ca84e3f8d2d4281ca58f56594af69d1dd05d5606963f8cc9feff0f19d7305e7a0ca182039cab58ddc67603c415813a6fa8c2da04eaba9d4ce1af5e6a3be11dee616664302736b5d4ff63f9f2881338f229acc04243ebb940026a054600aede0c221511aeb19979e8f6bc3691394f015854d9cee4a650898cf5b4ae72bdb8d98ce99e2d0c570c4817a5f8cd0d7ad30c2838f2cdced86ccdaae564a6c47f6d6a3649b2a545649490c6bc25c329c9b13138e837dbe63fc8aab853227dc995e52e0d80329fe1d5ab98e94af48a3852588898c2bd91c191676c532ed58ba5554669a9e0918e11cd3014087624d265db1931ac28dc82ce96ff9fed0db4b2c8d778e63499e3ce7c1d684539ffce1d38851a61c9f228be1949f628babad360d56cf1fb1b7be177595801d7d4fef56f658f031b16cd538d360b0d8804b0165ba70c9f2076c91b0850db11792c899b0bce0af2e1e25b34628679b12257b8c0c193ff53fabe50b5b3b45d5c1a8f4bb20f57194f66bfc527210aead3f7b669946dcd17dc0844d0f1106c7e532a27b168437941b8b443754b30671cfc9afc3cc74eedf97f36e83d2692ded2e95141628bd2cf54a9fec46252e55e6e7f68bc6f5a5d74ee4cd759aeda4edd7d38a4703fa2d7fae7092abeb85f2448b3d1c115137299d0a8edc307566f6e98ba2de4f5da1f48968e8ab98188ef1e653381692b5e6cb2826313b9ecff762101109c3eabadc21e9135e9b128204cd55fe6f42d94395c2fdad7fbfa97d231a8e8448a146021670eba9a73155024f710b551ce20ea4e1e84f09036d41988cce656c915551a248433dc5c31bf307853b1132819cfdc855e557d0f4336ab673f2c355ba1cec8e60e190b899d71cb1ba7bc4af4ea26198e5acbe68778ca7261482abdb543b1bd2c6c59834e524bb007abf6fa271ba00bd710d37f5a5fa715aad97c589ed2d1996036bad60132716095fd69d6c98b2a54ac68d1d37e33b520da730097f8e8685f79a5eb97c3efa42b327cbef42e07c49a24ee1595b3c095145ce56c7c54fbe8660ee08013a3b416fbf9243d470488d8c95980e3c703f8c003342d3482f9c348265021957c33954ca223db5d61cabb5491cd2b8cb47763f6315abf2dab0b7edd7788c39581326093bd5564f23a4fb1de4336ad0d6400041cf6e2b209dee665d7960e2184600ac1e2fdf60a9a7c55690263cfd64c0a544265591446cfce7b6e53cfaba396da98700d29d42558762b835c889c47e486fd85b9ecac9200144bcbbe240efdbf5beaa38e97c5ef7f36ca3d4762d4881465226ec914cc0ffcd10ca1482aa7e3dede723c41034a0c60f50ac12a8a5921c9b92afbf0c21548b1c633e41b7506bbbfea23e4f37b47fb7eeb6aef9ed1f4e6730373cb34751d43e93d48582e", 0x1000, 0x40}, 0x7)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r1}}, 0x0)
close(r0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x20010, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0xb7, 0x0, 0x0, 0x5e, 0x80028, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x42cb8f59}, 0x80200, 0x4b9961d4, 0xffffffff, 0x0, 0x8857, 0x0, 0x5}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x8, 0x80000000)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x5, 0x0, 0x0, 0x6, &(0x7f0000000280), 0x1, 0x1, 0x0, {0x0, r1}}, 0x8001)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:24 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)

[ 2548.669681] FAULT_INJECTION: forcing a failure.
[ 2548.669681] name failslab, interval 1, probability 0, space 0, times 0
[ 2548.671195] CPU: 0 PID: 13325 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2548.671961] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2548.672872] Call Trace:
[ 2548.673167]  dump_stack+0x107/0x167
[ 2548.673575]  should_fail.cold+0x5/0xa
[ 2548.673992]  ? create_object.isra.0+0x3a/0xa20
[ 2548.674506]  should_failslab+0x5/0x20
[ 2548.674917]  kmem_cache_alloc+0x5b/0x310
[ 2548.675370]  ? mark_held_locks+0x9e/0xe0
[ 2548.675813]  create_object.isra.0+0x3a/0xa20
[ 2548.676308]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2548.676865]  kmem_cache_alloc_bulk+0x168/0x320
[ 2548.677380]  io_submit_sqes+0x6f76/0x85c0
[ 2548.677848]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.678397]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.678914]  ? lock_downgrade+0x6d0/0x6d0
[ 2548.679371]  ? find_held_lock+0x2c/0x110
[ 2548.679808]  ? io_submit_sqes+0x85c0/0x85c0
[ 2548.680289]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2548.680809]  ? wait_for_completion_io+0x270/0x270
[ 2548.681345]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2548.681853]  ? vfs_write+0x354/0xa70
[ 2548.682266]  ? fput_many+0x2f/0x1a0
[ 2548.682661]  ? ksys_write+0x1a9/0x260
[ 2548.683082]  ? __ia32_sys_read+0xb0/0xb0
[ 2548.683515]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2548.684096]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2548.684649]  do_syscall_64+0x33/0x40
[ 2548.685062]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2548.685608] RIP: 0033:0x7fd673b8db19
[ 2548.686036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2548.688078] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2548.688897] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2548.689699] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2548.690502] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2548.691296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2548.692088] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:05:24 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x8, 0x10, r0, 0x8000000)
syz_io_uring_setup(0x3af8, &(0x7f0000000180)={0x0, 0xd10a, 0x10, 0x3, 0x211, 0x0, r7}, &(0x7f0000de6000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000240)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000280)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3, r4}}, 0x3)
io_uring_register$IORING_REGISTER_PROBE(r7, 0x8, &(0x7f0000000340)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x23)

18:05:24 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 98)

[ 2548.767396] FAULT_INJECTION: forcing a failure.
[ 2548.767396] name failslab, interval 1, probability 0, space 0, times 0
[ 2548.768729] CPU: 0 PID: 13335 Comm: syz-executor.4 Not tainted 5.10.178 #1
[ 2548.769495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2548.770430] Call Trace:
[ 2548.770735]  dump_stack+0x107/0x167
[ 2548.771151]  should_fail.cold+0x5/0xa
[ 2548.771585]  ? create_object.isra.0+0x3a/0xa20
[ 2548.772100]  should_failslab+0x5/0x20
[ 2548.772538]  kmem_cache_alloc+0x5b/0x310
[ 2548.773001]  ? mark_held_locks+0x9e/0xe0
[ 2548.773452]  create_object.isra.0+0x3a/0xa20
[ 2548.773953]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2548.774525]  kmem_cache_alloc_bulk+0x168/0x320
[ 2548.775012]  io_submit_sqes+0x6f76/0x85c0
[ 2548.775487]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.776035]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2548.776576]  ? lock_downgrade+0x6d0/0x6d0
[ 2548.777041]  ? find_held_lock+0x2c/0x110
[ 2548.777489]  ? io_submit_sqes+0x85c0/0x85c0
[ 2548.777961]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2548.778501]  ? wait_for_completion_io+0x270/0x270
[ 2548.779042]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2548.779558]  ? vfs_write+0x354/0xa70
[ 2548.779970]  ? fput_many+0x2f/0x1a0
[ 2548.780384]  ? ksys_write+0x1a9/0x260
[ 2548.780820]  ? __ia32_sys_read+0xb0/0xb0
[ 2548.781278]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2548.781889]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2548.782446]  do_syscall_64+0x33/0x40
[ 2548.782861]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2548.783427] RIP: 0033:0x7fb9cdbbbb19
[ 2548.783835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2548.785893] RSP: 002b:00007fb9cb131188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2548.786737] RAX: ffffffffffffffda RBX: 00007fb9cdccef60 RCX: 00007fb9cdbbbb19
[ 2548.787517] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2548.788303] RBP: 00007fb9cb1311d0 R08: 0000000000000000 R09: 0000000000000000
[ 2548.789088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2548.789900] R13: 00007ffecbc9e90f R14: 00007fb9cb131300 R15: 0000000000022000
18:05:24 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xff00)

18:05:24 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
io_uring_enter(r6, 0x74b4, 0x6a36, 0x0, &(0x7f00000000c0)={[0x6]}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0xfffffffffffffffd, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd(0xffffffffffffffff, &(0x7f0000000180)={[0x1]}, 0x8)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:24 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x200000, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000240)=[0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff, r3, r0, r0, r6], 0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000440)=0x80, &(0x7f0000000480)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x0, 0x80000, 0x1}, 0x0)
close(0xffffffffffffffff)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:44 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)

18:05:44 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/psched\x00')
io_uring_enter(r3, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:44 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000480), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
setsockopt$inet6_tcp_int(r3, 0x6, 0x8, &(0x7f00000000c0)=0x10000, 0x4)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x30, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000005c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x3, 0x2004, @fd=r7, 0x4, &(0x7f0000000300)=[{&(0x7f0000000500)="8061bdeb1a445f9351e11d130ca50382cfe4d5099c43e61473a668c5f4c33dff275d8eb0b5c7b5c48eb1cffd81e7dc8a4231fd3d22cf9ed737380f2979e8aa57acf3de7b680219189c8de0b578d07c52557f73f3b0d38d239ecaa22d5de4e3b61c697323214b51b1f4a2709bba5218fac99bb127ce0d8162490e8c54cdfc", 0x7e}], 0x1, 0x5, 0x1}, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/188, 0xbc}], 0x1, &(0x7f0000000240)=""/118, 0x76}, 0x0, 0x40000003, 0x1, {0x0, r4}}, 0x401)
syz_open_dev$tty1(0xc, 0x4, 0x2)
openat(r5, &(0x7f0000000180)='./file0\x00', 0x200, 0x20)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x69, 0x0, 0x0, 0x5e, 0x6a102, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7fffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x7fa21cfd, 0xffffffff, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, r8, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:44 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000)

18:05:44 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000340), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x2010, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}, 0x0)
syz_io_uring_submit(0x0, r8, &(0x7f00000000c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0x6)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x8, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
syz_io_uring_submit(r4, r8, &(0x7f0000000100)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000240), r3, 0x1, 0x0, 0x1}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r10 = fsmount(r5, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r10, 0x54a2)

18:05:44 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000180)={0x9737e4a7e1120f27, 0x80, 0x5f, 0x1, 0x1, 0xff, 0x0, 0x4, 0x10008, 0xb, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_config_ext={0x5, 0x8}, 0x40, 0x2, 0x6, 0x1, 0xb1, 0x3990, 0x7, 0x0, 0xad, 0x0, 0x20}, 0x0, 0xc, r5, 0x1)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:44 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r0, 0x6, 0x2e)
ftruncate(r0, 0x1000003)
fcntl$setstatus(r0, 0x4, 0x22000)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r6, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r9=>r8, {r7}}, './file0\x00'})
[ 2568.744190] FAULT_INJECTION: forcing a failure.
ioctl$BTRFS_IOC_SPACE_INFO(r9, 0xc0109414, &(0x7f0000016e40)=ANY=[@ANYBLOB="000e0000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d90e281d8d7dd51f06d86b1619267bf100"/86048])
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:44 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 99)

[ 2568.744190] name failslab, interval 1, probability 0, space 0, times 0
[ 2568.745888] CPU: 1 PID: 13365 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2568.746719] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2568.747696] Call Trace:
[ 2568.748035]  dump_stack+0x107/0x167
[ 2568.748480]  should_fail.cold+0x5/0xa
[ 2568.748942]  ? create_object.isra.0+0x3a/0xa20
[ 2568.749514]  should_failslab+0x5/0x20
[ 2568.749998]  kmem_cache_alloc+0x5b/0x310
[ 2568.750499]  ? mark_held_locks+0x9e/0xe0
[ 2568.751019]  create_object.isra.0+0x3a/0xa20
[ 2568.751577]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2568.752218]  kmem_cache_alloc_bulk+0x168/0x320
[ 2568.752785]  io_submit_sqes+0x6f76/0x85c0
[ 2568.753304]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2568.753897]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2568.754489]  ? lock_downgrade+0x6d0/0x6d0
[ 2568.755012]  ? find_held_lock+0x2c/0x110
[ 2568.755530]  ? io_submit_sqes+0x85c0/0x85c0
[ 2568.756077]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2568.756684]  ? wait_for_completion_io+0x270/0x270
[ 2568.757290]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2568.757880]  ? vfs_write+0x354/0xa70
[ 2568.758348]  ? fput_many+0x2f/0x1a0
[ 2568.758803]  ? ksys_write+0x1a9/0x260
[ 2568.759258]  ? __ia32_sys_read+0xb0/0xb0
[ 2568.759774]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2568.760418]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2568.761047]  do_syscall_64+0x33/0x40
[ 2568.761507]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2568.762158] RIP: 0033:0x7fd673b8db19
[ 2568.762626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2568.764931] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2568.765874] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2568.766768] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2568.767628] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2568.768464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2568.769307] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
[ 2568.776418] FAULT_INJECTION: forcing a failure.
[ 2568.776418] name failslab, interval 1, probability 0, space 0, times 0
[ 2568.778958] CPU: 0 PID: 13370 Comm: syz-executor.4 Not tainted 5.10.178 #1
[ 2568.780403] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2568.782145] Call Trace:
[ 2568.782696]  dump_stack+0x107/0x167
[ 2568.783455]  should_fail.cold+0x5/0xa
[ 2568.784248]  ? create_object.isra.0+0x3a/0xa20
[ 2568.785193]  should_failslab+0x5/0x20
[ 2568.785981]  kmem_cache_alloc+0x5b/0x310
[ 2568.786844]  ? mark_held_locks+0x9e/0xe0
[ 2568.787690]  create_object.isra.0+0x3a/0xa20
[ 2568.788599]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2568.789653]  kmem_cache_alloc_bulk+0x168/0x320
[ 2568.790612]  io_submit_sqes+0x6f76/0x85c0
[ 2568.791501]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2568.792532]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2568.793533]  ? lock_downgrade+0x6d0/0x6d0
[ 2568.794396]  ? find_held_lock+0x2c/0x110
[ 2568.795240]  ? io_submit_sqes+0x85c0/0x85c0
[ 2568.796139]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2568.797139]  ? wait_for_completion_io+0x270/0x270
[ 2568.798152]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2568.799111]  ? vfs_write+0x354/0xa70
[ 2568.799885]  ? fput_many+0x2f/0x1a0
[ 2568.800639]  ? ksys_write+0x1a9/0x260
[ 2568.801425]  ? __ia32_sys_read+0xb0/0xb0
[ 2568.802280]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2568.803362]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2568.804430]  do_syscall_64+0x33/0x40
[ 2568.805202]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2568.806277] RIP: 0033:0x7fb9cdbbbb19
[ 2568.807041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2568.810941] RSP: 002b:00007fb9cb131188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2568.812740] RAX: ffffffffffffffda RBX: 00007fb9cdccef60 RCX: 00007fb9cdbbbb19
[ 2568.814235] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2568.815704] RBP: 00007fb9cb1311d0 R08: 0000000000000000 R09: 0000000000000000
[ 2568.817168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2568.818643] R13: 00007ffecbc9e90f R14: 00007fb9cb131300 R15: 0000000000022000
18:05:44 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000180)='./file0\x00', 0x0)
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00')
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000180)={0x8020})
close(r4)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:44 executing program 3:
r0 = syz_io_uring_setup(0x4da9, &(0x7f00000002c0)={0x0, 0x0, 0x10, 0xfffffffd, 0x5c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r6, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r8=>r0, {0x68b9}}, './file0\x00'})
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x5, 0x0, r8, 0x0, &(0x7f0000000340)="9ffce31b8c54534ae7ee02149bd5b31ddb37960cf3cb4c2ff2289d1f55f3b7012634baff6280b9e059db07436537b8693cb410c88921e3baf03a647f3214f7d2ed300b0740b25ecdeb306ea1603d144ae273ed6b567e3156d760dba9c496d287e5911b4de59d7a33ca6d92a087240bccd706a9fdcd17d15a6c98f1f907130ee6035fca214ca365", 0x87, 0x10041, 0x1, {0x0, r9}}, 0x8)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:05:44 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 100)

18:05:44 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r7 = signalfd(r5, &(0x7f0000000140)={[0x8]}, 0x8)
mmap$usbmon(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000001, 0x4000010, r7, 0x100000001)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2568.964881] FAULT_INJECTION: forcing a failure.
[ 2568.964881] name failslab, interval 1, probability 0, space 0, times 0
[ 2568.966466] CPU: 1 PID: 13385 Comm: syz-executor.4 Not tainted 5.10.178 #1
[ 2568.967396] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2568.968503] Call Trace:
[ 2568.968822]  dump_stack+0x107/0x167
[ 2568.969313]  should_fail.cold+0x5/0xa
[ 2568.969830]  should_failslab+0x5/0x20
[ 2568.970344]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2568.970940]  io_submit_sqes+0x6f76/0x85c0
[ 2568.971503]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2568.972166]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2568.972811]  ? lock_downgrade+0x6d0/0x6d0
[ 2568.973360]  ? find_held_lock+0x2c/0x110
[ 2568.973821]  ? io_submit_sqes+0x85c0/0x85c0
[ 2568.974410]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2568.975051]  ? wait_for_completion_io+0x270/0x270
[ 2568.975694]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2568.976308]  ? vfs_write+0x354/0xa70
[ 2568.976802]  ? fput_many+0x2f/0x1a0
[ 2568.977284]  ? ksys_write+0x1a9/0x260
[ 2568.977784]  ? __ia32_sys_read+0xb0/0xb0
[ 2568.978341]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2568.979038]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2568.979726]  do_syscall_64+0x33/0x40
[ 2568.980145]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2568.980831] RIP: 0033:0x7fb9cdbbbb19
[ 2568.981325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2568.983365] RSP: 002b:00007fb9cb131188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2568.984173] RAX: ffffffffffffffda RBX: 00007fb9cdccef60 RCX: 00007fb9cdbbbb19
[ 2568.984901] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2568.985629] RBP: 00007fb9cb1311d0 R08: 0000000000000000 R09: 0000000000000000
[ 2568.986367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[ 2568.987314] R13: 00007ffecbc9e90f R14: 00007fb9cb131300 R15: 0000000000022000
18:05:44 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x0, 0xa9, 0x7f, 0x8, 0x0, 0x7, 0xa002b, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0x9b}, 0x2d0, 0xa9, 0x7fffffff, 0x6, 0x81, 0x6, 0x40, 0x0, 0x7b5f, 0x0, 0x5}, 0x0, 0xb, 0xffffffffffffffff, 0x1)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r5, 0x4018f50b, &(0x7f0000000240)={0x0, 0x0, 0x2})
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e20, 0x5cf5, @mcast2, 0x2}, 0x1c)

18:05:44 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)

[ 2569.188147] FAULT_INJECTION: forcing a failure.
18:05:44 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000)

[ 2569.188147] name failslab, interval 1, probability 0, space 0, times 0
[ 2569.191051] CPU: 0 PID: 13395 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2569.192509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2569.194271] Call Trace:
[ 2569.194837]  dump_stack+0x107/0x167
[ 2569.195612]  should_fail.cold+0x5/0xa
[ 2569.196418]  ? create_object.isra.0+0x3a/0xa20
[ 2569.197384]  should_failslab+0x5/0x20
[ 2569.198198]  kmem_cache_alloc+0x5b/0x310
[ 2569.199050]  ? mark_held_locks+0x9e/0xe0
[ 2569.199905]  create_object.isra.0+0x3a/0xa20
[ 2569.200827]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2569.201898]  kmem_cache_alloc_bulk+0x168/0x320
[ 2569.202926]  io_submit_sqes+0x6f76/0x85c0
[ 2569.203851]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2569.204922]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2569.205962]  ? lock_downgrade+0x6d0/0x6d0
[ 2569.206860]  ? find_held_lock+0x2c/0x110
[ 2569.207737]  ? io_submit_sqes+0x85c0/0x85c0
[ 2569.208677]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2569.209738]  ? wait_for_completion_io+0x270/0x270
[ 2569.210804]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2569.211807]  ? vfs_write+0x354/0xa70
[ 2569.212626]  ? fput_many+0x2f/0x1a0
[ 2569.213412]  ? ksys_write+0x1a9/0x260
[ 2569.214260]  ? __ia32_sys_read+0xb0/0xb0
[ 2569.215137]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2569.216283]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2569.217400]  do_syscall_64+0x33/0x40
[ 2569.218227]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2569.219354] RIP: 0033:0x7fd673b8db19
[ 2569.220178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2569.224220] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2569.225844] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2569.227412] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2569.228932] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2569.230495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2569.232047] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:01 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 3:
r0 = syz_io_uring_setup(0xc08, &(0x7f0000000180), &(0x7f0000fee000/0x12000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f00000000c0)={0x90000014})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x4010, r7, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x8010, r6, 0x0)

18:06:01 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000)

18:06:01 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_setup(0x21da, &(0x7f0000000340)={0x0, 0x8f58, 0x0, 0x1, 0x163, 0x0, r3}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000003c0), &(0x7f0000000400)=<r4=>0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
syz_io_uring_submit(r5, r4, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x60}, 0x1}, 0x0)
close(0xffffffffffffffff)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r9=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_io_uring_setup(0x18a5, &(0x7f0000000180)={0x0, 0x219f, 0x20, 0x0, 0x1a0, 0x0, r3}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000240)=<r10=>0x0)
syz_io_uring_submit(r8, r10, &(0x7f0000000280)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x3)
fcntl$setpipe(r9, 0x407, 0x101)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x7, 0x0, r3, &(0x7f0000000340), &(0x7f00000000c0)='./file0\x00', 0x8, 0x2000, 0x1}, 0x5)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
sendmsg$unix(r7, &(0x7f00000005c0)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000440)="135851707804a1fa7e0c36cd5be0d69954dcd3df26f9f170b35a72aff7d067b701360f0e2be31293f6e3e8e9a9975d395df0d884b212e228360c20953efdd79a911763a4526d5a438a709a8f852dc3c6f480e9cd3619e326341de084f70fa370775f8ad9f40852e52fb474f39c513ee6ed530f96f24ce73dc7563036366d1c17de75cde45d862e8dd01b454ea211ebc9b37e453a6e9e091b8552da816c218a0237af8dabff0131dc4beda5257bfee46950ad052b823ac60514ed16a3c1e1ccf18a543d1dcfdca464c91fbb0cd1b18c6fe50d9eceac1b9066", 0xd8}, {&(0x7f0000000540)="dacd27b379135d48b7aca26ec5648871289f973c312fd70ff41303b7b33d459f9960194c5a68a68a4ab8b871cd4adab222833f28b7b988ef48cca167c328f60a8cbcd6615a9a", 0x46}], 0x2, 0x0, 0x0, 0x80}, 0x801)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)

18:06:01 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x45de, &(0x7f0000000180)={0x0, 0x5a0, 0x4, 0x3, 0x62, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000240))
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2585.514729] FAULT_INJECTION: forcing a failure.
[ 2585.514729] name failslab, interval 1, probability 0, space 0, times 0
[ 2585.517333] CPU: 1 PID: 13429 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2585.518761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2585.520438] Call Trace:
[ 2585.520987]  dump_stack+0x107/0x167
[ 2585.521728]  should_fail.cold+0x5/0xa
[ 2585.522525]  ? create_object.isra.0+0x3a/0xa20
[ 2585.523455]  should_failslab+0x5/0x20
[ 2585.524223]  kmem_cache_alloc+0x5b/0x310
[ 2585.525048]  ? mark_held_locks+0x9e/0xe0
[ 2585.525870]  create_object.isra.0+0x3a/0xa20
[ 2585.526777]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2585.527798]  kmem_cache_alloc_bulk+0x168/0x320
[ 2585.528715]  io_submit_sqes+0x6f76/0x85c0
[ 2585.529569]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2585.530577]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2585.531555]  ? io_submit_sqes+0x85c0/0x85c0
[ 2585.532426]  ? recalibrate_cpu_khz+0x10/0x10
[ 2585.533340]  ? ktime_get+0x158/0x1f0
[ 2585.534100]  ? lapic_timer_set_periodic+0x60/0x60
[ 2585.535123]  ? clockevents_program_event+0x131/0x360
[ 2585.536144]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2585.537231]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2585.538323]  ? trace_hardirqs_on+0x5b/0x180
[ 2585.539188]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2585.540275]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2585.541302]  do_syscall_64+0x33/0x40
[ 2585.542081]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2585.543117] RIP: 0033:0x7fd673b8db19
[ 2585.543860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2585.547513] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2585.549050] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2585.550477] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2585.551901] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2585.553317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2585.554763] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:01 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000180))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, 0x100010, r3, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r3, 0x4141, 0x1ace, 0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 1:
r0 = syz_io_uring_setup(0x4d53, &(0x7f0000000280)={0x0, 0xe44a, 0x0, 0x0, 0x1de}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0xc8804)
syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x1, 0x0, r3, 0x0, 0x0, 0x0, 0x2000, 0x0, {0x1}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000500), 0x1}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000100)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x2004, @fd, 0x2c, &(0x7f00000004c0)=[{&(0x7f0000000400)=""/187, 0xbb}], 0x1, 0x0, 0x0, {0x0, r2}}, 0x7fff)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x220003, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
setsockopt$inet6_tcp_int(r5, 0x6, 0x0, &(0x7f00000000c0), 0x4)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:01 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)

[ 2586.067791] FAULT_INJECTION: forcing a failure.
[ 2586.067791] name failslab, interval 1, probability 0, space 0, times 0
[ 2586.070207] CPU: 1 PID: 13450 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2586.071580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2586.073157] Call Trace:
[ 2586.073675]  dump_stack+0x107/0x167
[ 2586.074380]  should_fail.cold+0x5/0xa
[ 2586.075109]  ? create_object.isra.0+0x3a/0xa20
[ 2586.075977]  should_failslab+0x5/0x20
[ 2586.076693]  kmem_cache_alloc+0x5b/0x310
[ 2586.077464]  ? mark_held_locks+0x9e/0xe0
[ 2586.078212]  create_object.isra.0+0x3a/0xa20
[ 2586.079036]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2586.079985]  kmem_cache_alloc_bulk+0x168/0x320
[ 2586.080839]  io_submit_sqes+0x6f76/0x85c0
[ 2586.081646]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2586.082592]  __do_sys_io_uring_enter+0x6b5/0x1730
18:06:01 executing program 1:
r0 = syz_io_uring_setup(0x4d4d, &(0x7f0000000740)={0x0, 0xdc44, 0x0, 0xffdffffc, 0x82}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000240)={0x0, 0x40, 0x4})
ioctl$BTRFS_IOC_SCRUB(r4, 0xc400941b, &(0x7f0000000340)={0x0, 0x1})
syz_open_dev$tty1(0xc, 0x4, 0x1)
epoll_create(0x9)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000b40)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})
ioctl$sock_inet6_tcp_SIOCOUTQ(r5, 0x5411, &(0x7f00000000c0))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2586.083484]  ? lock_downgrade+0x6d0/0x6d0
[ 2586.084444]  ? find_held_lock+0x2c/0x110
[ 2586.085211]  ? io_submit_sqes+0x85c0/0x85c0
[ 2586.086028]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2586.086953]  ? wait_for_completion_io+0x270/0x270
[ 2586.087862]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2586.088730]  ? vfs_write+0x354/0xa70
[ 2586.089423]  ? fput_many+0x2f/0x1a0
[ 2586.090098]  ? ksys_write+0x1a9/0x260
[ 2586.090821]  ? __ia32_sys_read+0xb0/0xb0
[ 2586.091587]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2586.092539]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2586.093478]  do_syscall_64+0x33/0x40
[ 2586.094149]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2586.095097] RIP: 0033:0x7fd673b8db19
[ 2586.095789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2586.099108] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2586.100496] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2586.101783] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2586.103081] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2586.104384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2586.105670] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:15 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xff000000)

18:06:15 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0xea, 0x0, 0x0, 0x0)

18:06:15 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:15 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
ioctl$KIOCSOUND(r3, 0x4b2f, 0x4)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x67, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x1000, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:15 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)

18:06:15 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x2010, 0xffffffffffffffff, 0x8000000)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r8, 0x6, 0x2e)
ftruncate(r8, 0x1000003)
fcntl$setstatus(r8, 0x4, 0x22000)
syz_io_uring_submit(r7, r2, &(0x7f00000000c0)=@IORING_OP_SPLICE={0x1e, 0x1, 0x0, @fd_index=0x8, 0x0, {0x0, r4}, 0x7fff, 0x4, 0x0, {0x0, 0x0, r8}}, 0xd4b)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:15 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = syz_mount_image$nfs4(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x100000000, 0x4, &(0x7f0000000500)=[{&(0x7f0000000240)="0dd87d83810a62533bea21dace7ae96606043b55760fb30e39c2fe552c8f1c48be2ddffc2114affff6aea1909fa631b98c4518158fd57ecd86fd4ed3c1aee53e968c878e6b5b116c0c1fce93983b", 0x4e, 0xd175}, {&(0x7f0000000340)="4d41440874af9394f8db7fa390be3ccce259319e2bb09706a79ca45153da1e530a75bf4c753a0dde126c555e01204ca48455bf2f1d514e4205685f426a5b8dba191e99a7fdf79f8b20729fa475407245302bd3d4f39fe55da05b5f58ce5aca2097f27c1c909ded02ee616c", 0x6b, 0x81}, {&(0x7f00000003c0)="cfdf87ec06fd5c7e2c6708c808e49207b4be2dbd50a66b8e96d78dd650065e1528a49d6820a0221934e3b89233dd79b7b67aac2124752fa3271bbb82c5dc177bc8c5bee419cc48d0b0fd8bf15b401491cfa11d200666bb0f57688e167c28350e96cbd15887b600dfdc04e96475e0b588719461c59386cb745dc1af3c285e8be80b90582b01e305c0c2327248b6e364651f2090b08a8cb161053f1fb80cd4654fd54cb53d92c6f251fefd572ec5e96d3f842f10", 0xb3, 0x2}, {&(0x7f0000000480)="ba8f4b587ca501085b1ce0ab04c52610d156466f813dc1c47c632059bcefa4d5bd558906647838bcc76585adf20f69bd428bb8db471b70fae77e881e82884d923b2d79300c24b2d13abb1cc2b9d88509625a94bafb21c0240db75f7a58706724444ad2151ab6b1fa69e7cfa281fb", 0x6e, 0x6}], 0x90002, &(0x7f0000000580)={[{'\xdf\xc8'}, {'!/'}, {'\x00'}, {}, {'/dev/full\x00'}, {'-.#!]-%/!}&R^}\\J'}, {'\x00'}], [{@euid_lt={'euid<', 0xffffffffffffffff}}, {@permit_directio}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@subj_type={'subj_type', 0x3d, '/dev/full\x00'}}]})
getdents64(r7, &(0x7f00000001c0)=""/3, 0x3)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:15 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0xfb5f, 0x10, 0x2}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f00000000c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2600.071954] FAULT_INJECTION: forcing a failure.
[ 2600.071954] name failslab, interval 1, probability 0, space 0, times 0
[ 2600.073492] CPU: 0 PID: 13477 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2600.074244] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2600.075138] Call Trace:
[ 2600.075435]  dump_stack+0x107/0x167
[ 2600.075830]  should_fail.cold+0x5/0xa
[ 2600.076250]  ? create_object.isra.0+0x3a/0xa20
[ 2600.076736]  should_failslab+0x5/0x20
[ 2600.077152]  kmem_cache_alloc+0x5b/0x310
[ 2600.077601]  create_object.isra.0+0x3a/0xa20
[ 2600.078069]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2600.078642]  kmem_cache_alloc_bulk+0x168/0x320
[ 2600.079141]  io_submit_sqes+0x6f76/0x85c0
[ 2600.079620]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2600.080157]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2600.080686]  ? lock_downgrade+0x6d0/0x6d0
[ 2600.081137]  ? find_held_lock+0x2c/0x110
[ 2600.081578]  ? io_submit_sqes+0x85c0/0x85c0
[ 2600.082068]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2600.082602]  ? wait_for_completion_io+0x270/0x270
[ 2600.083119]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2600.083631]  ? vfs_write+0x354/0xa70
[ 2600.084030]  ? fput_many+0x2f/0x1a0
[ 2600.084440]  ? ksys_write+0x1a9/0x260
[ 2600.084848]  ? __ia32_sys_read+0xb0/0xb0
[ 2600.085294]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2600.085856]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2600.086446]  do_syscall_64+0x33/0x40
[ 2600.086858]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2600.087435] RIP: 0033:0x7fd673b8db19
[ 2600.087856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2600.089907] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2600.090774] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2600.091571] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2600.092372] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2600.093164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2600.093971] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x400000, 0x20)
readahead(r0, 0x6, 0x2e)
ftruncate(r0, 0x1000003)
fcntl$setstatus(r0, 0x4, 0x22000)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x40001, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:15 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0)

18:06:15 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)

[ 2600.358177] FAULT_INJECTION: forcing a failure.
[ 2600.358177] name failslab, interval 1, probability 0, space 0, times 0
[ 2600.359593] CPU: 0 PID: 13494 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2600.360339] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2600.361229] Call Trace:
[ 2600.361529]  dump_stack+0x107/0x167
[ 2600.361920]  should_fail.cold+0x5/0xa
[ 2600.362331]  ? create_object.isra.0+0x3a/0xa20
[ 2600.362844]  should_failslab+0x5/0x20
[ 2600.363276]  kmem_cache_alloc+0x5b/0x310
[ 2600.363729]  ? mark_held_locks+0x9e/0xe0
[ 2600.364163]  create_object.isra.0+0x3a/0xa20
[ 2600.364641]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2600.365191]  kmem_cache_alloc_bulk+0x168/0x320
[ 2600.365686]  io_submit_sqes+0x6f76/0x85c0
[ 2600.366149]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2600.366722]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2600.367241]  ? lock_downgrade+0x6d0/0x6d0
[ 2600.367682]  ? find_held_lock+0x2c/0x110
[ 2600.368122]  ? io_submit_sqes+0x85c0/0x85c0
[ 2600.368607]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2600.369129]  ? wait_for_completion_io+0x270/0x270
[ 2600.369645]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2600.370142]  ? vfs_write+0x354/0xa70
[ 2600.370571]  ? fput_many+0x2f/0x1a0
[ 2600.370969]  ? ksys_write+0x1a9/0x260
[ 2600.371383]  ? __ia32_sys_read+0xb0/0xb0
[ 2600.371831]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2600.372386]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2600.372960]  do_syscall_64+0x33/0x40
[ 2600.373366]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2600.373915] RIP: 0033:0x7fd673b8db19
[ 2600.374316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2600.376277] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2600.377106] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2600.377889] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2600.378653] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2600.379416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2600.380162] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:16 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0xfffffffe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:16 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0xeaff, 0x0, 0x0, 0x0)

18:06:16 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000)

18:06:16 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)

18:06:16 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000c, 0x10010, r5, 0x10000000)
syz_io_uring_submit(r6, r8, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$CDROMMULTISESSION(r7, 0x5310, &(0x7f0000000180)={@lba=0x10001, 0x1, 0x1})

[ 2600.649752] FAULT_INJECTION: forcing a failure.
[ 2600.649752] name failslab, interval 1, probability 0, space 0, times 0
[ 2600.651052] CPU: 0 PID: 13512 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2600.651799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2600.652700] Call Trace:
[ 2600.652998]  dump_stack+0x107/0x167
[ 2600.653394]  should_fail.cold+0x5/0xa
[ 2600.653818]  should_failslab+0x5/0x20
[ 2600.654224]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2600.654730]  io_submit_sqes+0x6f76/0x85c0
[ 2600.655204]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2600.655749]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2600.656281]  ? lock_downgrade+0x6d0/0x6d0
[ 2600.656738]  ? find_held_lock+0x2c/0x110
[ 2600.657176]  ? io_submit_sqes+0x85c0/0x85c0
[ 2600.657651]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2600.658171]  ? wait_for_completion_io+0x270/0x270
[ 2600.658710]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2600.659225]  ? vfs_write+0x354/0xa70
[ 2600.659647]  ? fput_many+0x2f/0x1a0
[ 2600.660032]  ? ksys_write+0x1a9/0x260
[ 2600.660457]  ? __ia32_sys_read+0xb0/0xb0
[ 2600.660894]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2600.661459]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2600.662011]  do_syscall_64+0x33/0x40
[ 2600.662422]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2600.662984] RIP: 0033:0x7fd673b8db19
[ 2600.663394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2600.665367] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2600.666174] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2600.666959] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2600.667740] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2600.668506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2600.669264] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:29 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x100000000000000)

18:06:29 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0xffea, 0x0, 0x0, 0x0)

18:06:29 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r5, 0xd0009411, &(0x7f0000000340)={{<r8=>0x0, 0x5, 0x0, 0x19, 0x3, 0x3, 0x3f, 0x0, 0x4, 0x0, 0x9, 0x2, 0x2, 0x3, 0x8001}})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r7, 0xc0709411, &(0x7f0000000240)={{r8, 0x1, 0x7ff, 0x8, 0x9, 0x5ea, 0x2, 0xffffffff, 0x5, 0x8, 0x4, 0xff, 0x8, 0x4, 0x1f}, 0x8, [0x0]})
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x81, 0x0, 0x0, 0x5e, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x100000000, 0x7fffffff}, 0x10006, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f0000000080)=0x800, 0x4)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:29 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = dup2(r4, 0xffffffffffffffff)
r6 = syz_genetlink_get_family_id$batadv(0x0, r5)
sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000001400)={&(0x7f0000001340), 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x2c, r6, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4051}, 0x4824)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x4c, r6, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x4823}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xff}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8010}, 0x40000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r7}}, 0x0)
close(0xffffffffffffffff)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:29 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)

18:06:29 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x7, 0x400, 0x1, 0x0, 0xe})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:29 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x338100, 0x64)
openat2(r6, &(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)={0x591002, 0x4}, 0x18)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
readv(r5, &(0x7f0000001640)=[{&(0x7f0000000400)=""/137, 0x89}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/154, 0x9a}, {&(0x7f0000000180)=""/94, 0x5e}, {&(0x7f0000000240)=""/121, 0x79}, {&(0x7f0000001580)=""/163, 0xa3}], 0x6)
io_uring_enter(r3, 0x58ab, 0xfffffffc, 0x1, 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000008d00000017000000000000000ab90000000000000700000000000000fb1600000000000000000000000000000000000000000000000000000000000008000000000000001f00000000000000010000000000000009000000000000001a060000000000000000001b00"/192])

18:06:29 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r8=>0xffffffffffffffff})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000052d40)={0x0, ""/256, <r9=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r8, 0x81f8943c, &(0x7f0000052f40)={0x0, ""/256, 0x0, <r10=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000053140)={0x0, ""/256, 0x0, <r11=>0x0})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r8, 0xc0709411, &(0x7f0000053340)=ANY=[@ANYRES64=<r12=>0x0, @ANYBLOB="0900000000000900070000000000000007000000000000000500000000000000b14500000000000000000000000000009bc7000003000000008000000200000000010000000000000300000000000000070000000000000000000080ffffffff2800"/144])
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000053400)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {}, {0x0, r10}, {}, {}, {0x0, r11}, {r12}], 0xb, "6336d71b6d799c"})
syz_open_dev$tty1(0xc, 0x4, 0x2)
r13 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd=r13, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2614.109137] FAULT_INJECTION: forcing a failure.
[ 2614.109137] name failslab, interval 1, probability 0, space 0, times 0
[ 2614.110440] CPU: 1 PID: 13542 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2614.111197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2614.112089] Call Trace:
[ 2614.112389]  dump_stack+0x107/0x167
[ 2614.112783]  should_fail.cold+0x5/0xa
[ 2614.113193]  ? create_object.isra.0+0x3a/0xa20
[ 2614.113687]  should_failslab+0x5/0x20
[ 2614.114104]  kmem_cache_alloc+0x5b/0x310
[ 2614.114545]  ? mark_held_locks+0x9e/0xe0
[ 2614.114992]  create_object.isra.0+0x3a/0xa20
[ 2614.115475]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2614.116031]  kmem_cache_alloc_bulk+0x168/0x320
[ 2614.116534]  io_submit_sqes+0x6f76/0x85c0
[ 2614.116999]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2614.117538]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2614.118065]  ? lock_downgrade+0x6d0/0x6d0
[ 2614.118509]  ? find_held_lock+0x2c/0x110
[ 2614.118970]  ? io_submit_sqes+0x85c0/0x85c0
[ 2614.119439]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2614.119965]  ? wait_for_completion_io+0x270/0x270
[ 2614.120493]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2614.121000]  ? vfs_write+0x354/0xa70
[ 2614.121413]  ? fput_many+0x2f/0x1a0
[ 2614.121810]  ? ksys_write+0x1a9/0x260
[ 2614.122236]  ? __ia32_sys_read+0xb0/0xb0
[ 2614.122689]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2614.123264]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2614.123835]  do_syscall_64+0x33/0x40
[ 2614.124235]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2614.124809] RIP: 0033:0x7fd673b8db19
[ 2614.125223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2614.127232] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2614.128064] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2614.128834] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2614.129649] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2614.130412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2614.131253] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:29 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0)

18:06:29 executing program 6:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0}, 0x0)
r1 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x5, 0x0, r2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=@ethernet={0x92b7e05cd8af63bb, @local}, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="58000000000000000a01000005000000295c0c363fe7a462470689f101f4fddd2ab00bb859eaa6f6902f35077f733bc50018a1eb5efc7e151f63c0e77cb08fff03000000000000e3d5dcbc7a46f214a2d30e31f4a8f3bcdd03854d285065fbe6c307e0994b1ad0cc34ff9ecc4cd33650809853f039404fc1f50c6dd18978269a71a6f6c39c6b0d85aadf000000000000000000"], 0x58}, 0x0, 0x80, 0x1, {0x0, r2}}, 0x6)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:29 executing program 0:
r0 = syz_io_uring_setup(0x3c98, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
fsetxattr$security_selinux(r4, &(0x7f00000000c0), &(0x7f0000000180)='system_u:object_r:klogd_var_run_t:s0\x00', 0x25, 0x3)
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f00000001c0)={0x0, 0x0, 0x10, 0x11, 0x1de, &(0x7f0000000340)="0ea30b60a86b5d01a2580a40d7a144d838706a4171c28d7924bb24affc5bf6fe643d279b3f06250c36d9c26b783afcd7aab84e1d4486cc71cb469c16a51b459801adcbbee2604ca15c6d36f5cdf2451e26bbe9ea04753ce830e680d3e7e7121efa333c577704e13118b181da3657690e8515546b53c6b748ae163485c983436adaf39571639f119e231f512aa657aa6ab10a0ec081f2fff78108c07a41bd063c24542ccf5afa7ff2cfb8066c9d91cd94e6365936f56578d681ad4368b8eef9cfd987593ef2e891ad4123b6d480643677c5b784e09adf1730b4481c8264b27ee5dd6316b5314c67e3fa0e7960421cf2b4c05e4ec66ba0b42b0fac04d4551b6d5dd5b9d50d22323db40ec91b8584bfc4e7240debfe82cebaf7f9b353e1884997e43a8f383806da76928d31f774eeb99a80849313370e10d1d54c080679b0f2e0476ed9baac1a18fa2936bff382b93fe3f5b9c2af10ee5fce538f306d128166fda9a7e79eb6dd5938aaa6206e8f645232009669a966650536350607c70bb85b67f8a048813cdb09d09b808a0e8ae4e863e5ca886fb4b2b5a72ebd27e375bd2a513577f84e1b6743aa485eb0ad71393fe12aed4afec7295e0c2e577016e65ceaf2db7682becd3c59ea89e5ed28e9da9c12ea41cee8463b0d092caac41ed9612a9baa1a981932ca08066a81b8dac60ffdf3582303b2d6341a18ce5296a3562bce94ac88e169426e8c5d69e71454d5012a475da672db8724be7f4316a50170454de2433826d15f77b21c01cf44abb82240cd68542c54af0ff7e581ecfd97569cd758dbae70caac6bdc9d7405111b7fa7e77454bff0b1ab4800bc065d4d4dc16f48a4f199c523577c4b6170ab997045b4c53e3619122910796ad35d65cad06beb5b50973ebd04e96d8a126c0ec9734046b43211b0ef65c5c2a77b9be21ca0b4a52a80659296465115fe57039bf31db168024878f061e25390a32cda2fde8495584c5ddc5e2aa275cc0b9025dfd94a4d3ec5f878f0cbed1294f4a198a01a72f26d1d07ecded63f4ce64dac2d4bfcefc5300b944db428589b25c9ff877342321b83163917ac50d20dd1b40ce787590340e8f9637be2e1185ea7e762df162a7d0dc3faf920e400b0cd6fb66cc066cc7981d57bc5a8fbbd076c3e8fe2d04aecc70f6aa026abcc6ae286fc77dae08f655eda728e8c1939fc36364d1f07ac2109e6719a1544490e94fed4de86b5cad079d3d281332fc9fe85c3a52636435a24fe7bf98e4baa79c6524a30eaf0fd608e5c3fbf2485dbd52a51f513fa3e605f751543243226fca1ea6b9b80ddbdd0b25ad69f59f388203a2842a735b0e451e63309069e1765acf05f8f18c0acc94ed2fb9e6ee8e78b4cf3460891077a0241962ca7e403a8a5be99c07107c81c64902222afa457dad103d2744d8bf1028d7b69542f71acef82410c"})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2614.312426] audit: type=1400 audit(1682618789.988:34): avc:  denied  { relabelfrom } for  pid=13558 comm="syz-executor.0" name="" dev="pipefs" ino=55072 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1
18:06:30 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)

[ 2614.468737] FAULT_INJECTION: forcing a failure.
[ 2614.468737] name failslab, interval 1, probability 0, space 0, times 0
[ 2614.471618] CPU: 0 PID: 13572 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2614.473128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2614.474944] Call Trace:
[ 2614.475529]  dump_stack+0x107/0x167
[ 2614.476328]  should_fail.cold+0x5/0xa
[ 2614.477165]  ? create_object.isra.0+0x3a/0xa20
[ 2614.478167]  should_failslab+0x5/0x20
[ 2614.479016]  kmem_cache_alloc+0x5b/0x310
[ 2614.479894]  ? mark_held_locks+0x9e/0xe0
[ 2614.480773]  create_object.isra.0+0x3a/0xa20
[ 2614.481723]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2614.482826]  kmem_cache_alloc_bulk+0x168/0x320
[ 2614.483820]  io_submit_sqes+0x6f76/0x85c0
[ 2614.484752]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2614.485831]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2614.486885]  ? lock_downgrade+0x6d0/0x6d0
[ 2614.487780]  ? find_held_lock+0x2c/0x110
[ 2614.488665]  ? io_submit_sqes+0x85c0/0x85c0
[ 2614.489607]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2614.490673]  ? wait_for_completion_io+0x270/0x270
[ 2614.491720]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2614.492721]  ? vfs_write+0x354/0xa70
[ 2614.493528]  ? fput_many+0x2f/0x1a0
[ 2614.494315]  ? ksys_write+0x1a9/0x260
[ 2614.495144]  ? __ia32_sys_read+0xb0/0xb0
[ 2614.496025]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2614.497157]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2614.498272]  do_syscall_64+0x33/0x40
[ 2614.499095]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2614.500199] RIP: 0033:0x7fd673b8db19
[ 2614.501006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2614.504965] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2614.506611] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2614.508143] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2614.509678] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2614.511228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2614.512765] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:30 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x3019)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = open_tree(r5, &(0x7f00000000c0)='./file0\x00', 0x0)
getsockopt$inet6_buf(r7, 0x29, 0x44, &(0x7f0000000340)=""/238, &(0x7f0000000180)=0xee)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x7e, 0x2, 0xff, 0xb, 0x7, 0xa6b}, 0x20)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:30 executing program 6:
r0 = syz_io_uring_setup(0x1db6, &(0x7f00000002c0)={0x0, 0xfc5c, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x4000010, r0, 0x8000000)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
syz_io_uring_submit(r4, r6, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0)={0xc0, 0xa4}, &(0x7f0000000180)='./file0\x00', 0x18, 0x0, 0x12345}, 0xffffffff)
connect$unix(r7, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x3, 0x6000, @fd, 0x10000, &(0x7f0000000540)=[{&(0x7f0000000380)=""/11, 0xb}, {&(0x7f0000000d40)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/255, 0xff}, {&(0x7f00000004c0)=""/109, 0x6d}], 0x4, 0xc}, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:30 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0)

18:06:30 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(0xffffffffffffffff, 0x40189429, &(0x7f00000000c0)={0x1, 0x0, 0x6})
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
dup(r6)

18:06:43 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000)

18:06:43 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0xf957, 0x20}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r5, 0xc018620b, &(0x7f00000000c0)={0x1})
r6 = open$dir(&(0x7f0000000180)='./file0\x00', 0x10042, 0x2)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r6, 0x8010661b, &(0x7f00000001c0))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:43 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)

18:06:43 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0)

18:06:43 executing program 1:
r0 = syz_io_uring_setup(0x4667, &(0x7f00000002c0)={0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x110, r4, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(0xffffffffffffffff, 0x1)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
fstatfs(0xffffffffffffffff, &(0x7f00000000c0)=""/7)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x80000, 0x1000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:43 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r3, 0x69d2, 0x8d73, 0x1, &(0x7f00000000c0)={[0x3]}, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:43 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x4007, @fd_index=0x9, 0x6, 0x0, 0x0, 0x6, 0x0, {0x1}}, 0x0)
close(0xffffffffffffffff)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f00000000c0)={0x0, 0x1, 0xf, 0x11, 0x1dd, &(0x7f0000000340)="d27445f9648824b2d60c5ef84aae7e4117a014452d7633bc89a9063b15faa23ea4c2ab89efc176dee79be172ebbce91c22935dc9cb6fd1ea1820647768efd0e43b574238129fcfb79d3a5cb4fea61a015a27cf72e95e25b3db977d618945f4fe60ef97b365709195ea0ba77bbb919c16e48199c42effa8980ea1987ab9004b9a23811255fd80a44eba64569cc603889f922b7f26b49dcb09594338228ab14bf1ff928d6f4f60a0e72ab7dab76e882637c9709700723ec26349815a369668bb9fa0ef5990175c71e1d9af38fa316d2857d4640aaa413cbcb60cb7b8429f510421e407fc02c23da1ea7d252453c4a5ebb444495a2a10613e308175b1c2c4112e192c3987a62e13754ad6e641bedb0898af159c74cd6da6ba4036ec4675a59a818c12cbadfbcd867974a5820c811df71201e68b248aa0193e83a2e2940257eb6cb78bd9ff1d3098e952bf94e50c7225f63c22ca3a1383ff66df223e6007806889a0fdd102b0024fbc00256a23969b867c2a4b80f744d56f57022f0050f089508f71f46b376494a7d27b1941d161793fc4f1c05ac46c79fcfc9ddd050ed062184db98a8228e0b511dc8a2edf1e0d4cdca65eec3df2ece465a3c51a51b37ba2d924a7148741495b48de1c56d2a2955ed80ff050844140c4216310f93f5c295ac086e8039eb2dda5dfaba49d9703ac89a7e20c9ce648932f6a22a49223e3bd1436acb4d0a9d97c4dbf06960b53788336129c201cbab5f1fb5e85213a59274d04df4c598ee4aed2058f5a269a9c2d6cd850b27df8efae12536ac6d99f8057e67fbfa767b978fc6c57de2e962d78c7cff12532599305bc16a3b63ec4fe30bbc54d8716c9b167c49f9ba7b13cec8037abb6ffa9a04112172f26350b46a92ca539903ec520edf609e6054b4e3e9e11733bac726cb204523503d36591eb9c7eb83a514a23ff490393d70b48b39ad739ba0d767d1aa7e05af4113edbc4b721ab41a85341da074e84f1585c75fa8ed0c1cc6f0d3ef00929ae4b704803e0ecbeef4d5c95aa72337262d93ec1686f1d7550db222ce360181483c5667a71e905e8d6b98e5dd499e19e295698f3d0514d5c6dda52463b6d752467a94cbb10224f1766890eecf2b13d10754bcd4d6d3f5fd1735459bb2c3620bd998fef0fc14566dd53deccbddd729685f4f27050f45543ffc3d41c8b6a74ebb014a30cce960fb00bde3a8ce11f3e5f921aabeb2a180115ab3fee96cde6372b652634324656e7e72932f6dc46378cbb6cef0de4b6a0a9b1c9b5aec331a33fabac1181a90044cef0203314ca27192af88b0470659bbdb7517f828b2b60488645ca831616d67128d5d938413b75ff1e1879e30af660fbdbea224541dc2ecf6c258746c9c6c7b4782a8e21b256bf9dafe5746012e0181b7ffa2d9051c69b599c338e36cf523bbe054d2384203d3b7a9ceb"})

[ 2628.356874] FAULT_INJECTION: forcing a failure.
[ 2628.356874] name failslab, interval 1, probability 0, space 0, times 0
[ 2628.359613] CPU: 1 PID: 13610 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2628.361072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2628.362804] Call Trace:
[ 2628.363368]  dump_stack+0x107/0x167
[ 2628.364140]  should_fail.cold+0x5/0xa
[ 2628.364937]  ? create_object.isra.0+0x3a/0xa20
[ 2628.365892]  should_failslab+0x5/0x20
[ 2628.366693]  kmem_cache_alloc+0x5b/0x310
[ 2628.367554]  ? mark_held_locks+0x9e/0xe0
[ 2628.368400]  create_object.isra.0+0x3a/0xa20
[ 2628.369321]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2628.370396]  kmem_cache_alloc_bulk+0x168/0x320
[ 2628.371369]  io_submit_sqes+0x6f76/0x85c0
[ 2628.372280]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2628.373300]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2628.374300]  ? lock_downgrade+0x6d0/0x6d0
[ 2628.375163]  ? find_held_lock+0x2c/0x110
[ 2628.376030]  ? io_submit_sqes+0x85c0/0x85c0
[ 2628.376932]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2628.377938]  ? wait_for_completion_io+0x270/0x270
[ 2628.378957]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2628.379940]  ? vfs_write+0x354/0xa70
[ 2628.380723]  ? fput_many+0x2f/0x1a0
[ 2628.381504]  ? ksys_write+0x1a9/0x260
[ 2628.382281]  ? __ia32_sys_read+0xb0/0xb0
[ 2628.383149]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2628.384266]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2628.385336]  do_syscall_64+0x33/0x40
[ 2628.386118]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2628.387182] RIP: 0033:0x7fd673b8db19
[ 2628.387957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2628.391736] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2628.393345] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2628.394810] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2628.396267] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2628.397722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2628.399190] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:44 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r5 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r5, 0x1)
ioctl$FS_IOC_FSSETXATTR(r5, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f0000000340))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f0000000080), 0xe}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:44 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x5, 0x0, 0x0, 0x1, &(0x7f0000000340)="60e79d950b9299838d0968d492e01c3a129ede65912f8160577e636f6ecee2a68eeb46fdb0ac6d2c51d0ad4d0daa1c66dff023933eb3a996c15f95a9d43a548a918070ed75c6b75aa9b31c845834360a5be754bb18bc631542c930f553efcdc49765d2ede534f00e792f00a1dce6dc66b44b220c8209d8787527820ee4b4872cb1a7bd39e4ec621522712e15e2b87ed270f5843dbf10d3f7f57bd0f6a7a60efbbcd1d0e52a43f2e1136a16f2c24dc10e47", 0x2, 0x0, 0x1, {0x3}}, 0x8ef9)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=<r8=>0x0, &(0x7f0000002a40)=<r9=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0xfffffffffffffffb, 0x400004}, 0x0)
io_uring_enter(r7, 0x76d3, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:44 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0xeaffffff, 0x0, 0x0, 0x0)

18:06:44 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:44 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x386}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0xed, 0x5, 0x1, 0x7, 0x0, 0x5, 0xc0000, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x6, 0x1, @perf_config_ext={0x100, 0x8001}, 0x8, 0x4, 0x9, 0x8, 0x9, 0xb766, 0x7fff, 0x0, 0x2, 0x0, 0x4}, 0x0, 0xf, r5, 0x12)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
fstatfs(r3, &(0x7f0000000340)=""/166)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0xbb, 0x0, 0x7, 0x3, 0x0, 0x4, 0x80080, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1000, 0x2, @perf_config_ext={0x8, 0x7f}, 0x102, 0x0, 0x8001, 0x8, 0x3, 0xd4, 0x8c7d, 0x0, 0x9e, 0x0, 0x2}, 0x0, 0xe, r6, 0x9)

18:06:44 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
ioctl$FIONCLEX(r3, 0x5450)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:44 executing program 1:
r0 = syz_io_uring_setup(0x7a09, &(0x7f00000002c0)={0x0, 0x8, 0x0, 0x0, 0x1a}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x3031c0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = openat(r6, &(0x7f0000000080)='./file0\x00', 0x2100, 0x124)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
ioctl$CDROMSETSPINDOWN(r7, 0x531e, &(0x7f0000000180)=0x4)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=@pptp={0x18, 0x2, {0x0, @dev}}, 0x80, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/14, 0xe}, {&(0x7f0000000340)=""/194, 0xc2}, {&(0x7f0000000440)=""/159, 0x9f}, {&(0x7f0000000500)}, {&(0x7f0000000540)=""/146, 0x92}], 0x5, &(0x7f0000000680)=""/126, 0x7e}, 0x0, 0x42, 0x0, {0x0, r4}}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:44 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)

18:06:44 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0xffffffea, 0x0, 0x0, 0x0)

[ 2628.845882] FAULT_INJECTION: forcing a failure.
[ 2628.845882] name failslab, interval 1, probability 0, space 0, times 0
[ 2628.848431] CPU: 0 PID: 13640 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2628.849829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2628.851540] Call Trace:
[ 2628.852081]  dump_stack+0x107/0x167
[ 2628.852827]  should_fail.cold+0x5/0xa
[ 2628.853600]  ? create_object.isra.0+0x3a/0xa20
[ 2628.854525]  should_failslab+0x5/0x20
[ 2628.855298]  kmem_cache_alloc+0x5b/0x310
[ 2628.856143]  ? mark_held_locks+0x9e/0xe0
[ 2628.856992]  create_object.isra.0+0x3a/0xa20
[ 2628.857888]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2628.858948]  kmem_cache_alloc_bulk+0x168/0x320
[ 2628.859889]  io_submit_sqes+0x6f76/0x85c0
[ 2628.860773]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2628.861795]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2628.862800]  ? lock_downgrade+0x6d0/0x6d0
[ 2628.863654]  ? find_held_lock+0x2c/0x110
[ 2628.864479]  ? io_submit_sqes+0x85c0/0x85c0
[ 2628.865369]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2628.866366]  ? wait_for_completion_io+0x270/0x270
[ 2628.867369]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2628.868306]  ? vfs_write+0x354/0xa70
[ 2628.869062]  ? fput_many+0x2f/0x1a0
[ 2628.869816]  ? ksys_write+0x1a9/0x260
[ 2628.870599]  ? __ia32_sys_read+0xb0/0xb0
[ 2628.871446]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2628.872515]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2628.873558]  do_syscall_64+0x33/0x40
[ 2628.874326]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2628.875387] RIP: 0033:0x7fd673b8db19
[ 2628.876150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2628.879867] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2628.881426] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2628.882882] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2628.884338] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2628.885789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2628.887257] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:44 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xff00000000000000)

18:06:44 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = getpid()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6}, r5, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080), 0x3}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000240), 0x880, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x8, 0x75, 0x7, 0x56, 0x0, 0x8, 0x6a041, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x10000, 0x4d4eb402c3b25f3e, @perf_bp={&(0x7f00000000c0)}, 0x2, 0xdf9c, 0x101, 0x4, 0xfffffffffffffffd, 0x0, 0x6, 0x0, 0x1, 0x0, 0x6}, 0x0, 0x1, r6, 0x3)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:44 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>r3, {0x5}}, './file0\x00'})
ioctl$SNDRV_TIMER_IOCTL_GINFO(r6, 0xc0f85403, &(0x7f0000000340)={{0xffffffffffffffff, 0x2, 0x1, 0x2, 0x80000000}, 0x10001, 0xffff, 'id0\x00', 'timer0\x00', 0x0, 0x1, 0xa7f4, 0x6, 0xfff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:44 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0xffffffff, 0x0, 0x0, 0x0)

18:06:45 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)

18:06:45 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2629.478693] FAULT_INJECTION: forcing a failure.
[ 2629.478693] name failslab, interval 1, probability 0, space 0, times 0
[ 2629.480463] CPU: 0 PID: 13664 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2629.481481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2629.482711] Call Trace:
[ 2629.483117]  dump_stack+0x107/0x167
[ 2629.483661]  should_fail.cold+0x5/0xa
[ 2629.484223]  ? create_object.isra.0+0x3a/0xa20
[ 2629.484908]  should_failslab+0x5/0x20
[ 2629.485469]  kmem_cache_alloc+0x5b/0x310
[ 2629.486073]  ? mark_held_locks+0x9e/0xe0
[ 2629.486675]  create_object.isra.0+0x3a/0xa20
[ 2629.487346]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2629.488118]  kmem_cache_alloc_bulk+0x168/0x320
[ 2629.488795]  io_submit_sqes+0x6f76/0x85c0
[ 2629.489431]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2629.490170]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2629.490896]  ? lock_downgrade+0x6d0/0x6d0
[ 2629.491523]  ? find_held_lock+0x2c/0x110
[ 2629.492135]  ? io_submit_sqes+0x85c0/0x85c0
[ 2629.492783]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2629.493504]  ? wait_for_completion_io+0x270/0x270
[ 2629.494232]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2629.494918]  ? vfs_write+0x354/0xa70
[ 2629.495463]  ? fput_many+0x2f/0x1a0
[ 2629.496000]  ? ksys_write+0x1a9/0x260
[ 2629.496558]  ? __ia32_sys_read+0xb0/0xb0
[ 2629.497151]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2629.497915]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2629.498668]  do_syscall_64+0x33/0x40
[ 2629.499246]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2629.499987] RIP: 0033:0x7fd673b8db19
[ 2629.500532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2629.503229] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2629.504344] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2629.505392] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2629.506417] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2629.507470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2629.508495] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:45 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e24, 0x8001, @empty, 0x101}}, 0x0, 0x0, 0x3d, 0x0, "c821f4713c165c848d0386c2657f00e2f3e5a6adbc5abf810829ce985cc51c0e98e443c9267e452fcfaf547a714a279212a202ec457efb2afe9897ed58c3d6ba86a8891f43d7eab1a8cd795203ff7c2f"}, 0xd8)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x1, 0x0, 0x0)

18:06:45 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xea, 0x0, 0x0)

18:06:45 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0)

18:06:58 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x5, 0x0, r5)
syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x5, 0x2, &(0x7f0000000340)="e7504b1c2f7cc7628202c7bd51b7425eda20a2d49755ad0872a0f5ddb932093737dc041a054d51785753ae4dd24c7c8597aeb55ddc2a010ab345e3f9c74568353b792cb440b11403b14000c8d5708264bbc3947f5ec368d8625843e372eafa2ecdb80f4d596709cbc3cee5876b553f17df6cedf4e2206fe1f37b4f98a350bb2270d1c67befd94d5b2a77429808610b9221ee0b21f5", 0x9, 0x0, 0x0, {0x2, r5}}, 0x37)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
pwritev2(r4, &(0x7f0000000500)=[{&(0x7f0000000400)="54f66efbdabec6a1cca962f2218bb299eaf53645408fad05faa2fdf17d52fbaf99492872fee022b93d692f6e265ac2ce6a8b3703f080c5ad85862a3d45261c1fba7cc7e6feb529ada82a80cf147447dbcc8006f1cb17c176be8eb1f84b5e5bb13135f3fbd7341d77eef506b71827f9c3e176664b2be998baf3c1665fe565197dd65080224e9452ff1d9c57a1d5912cd72a6555d2bfdc1ce4144acaad332424f39d3d5eaaa212538c1ccdf9f08f02ff4053c167dfa7f95e799dbd7396f40ec18b466c3f53e5da83f195", 0xc9}, {&(0x7f0000000180)="64b04bee96e406a2c2972528d16510cc39d6f62df1991dac017ffa81246a3b6a3d2380713f82f96a1e1c81ccc497043f46895d10a4fb02b3a718309645d0a6990fd8bc51b34d0b768e1b5f3bbbcdea3e20c7828d386f2a338a7b937e6d56d11ff99c968dc4800c57e38650b0191e", 0x6e}, {&(0x7f0000000240)="0156a11cb067a02be6a02d4c0d312605ea1c3876ee5647a60410ed4ae2c3b59419a04d9045fa03885096824b5c7dccc549dcf19ad24b67365d0f314f93e14807a14ac90cce429567f5c559c93f3a6ab829cd528aa3fde570824069caeb74a38f408530e905291d92939c5cc8d55c084588390a", 0x73}], 0x3, 0x8000, 0x9, 0x1)

18:06:58 executing program 1:
r0 = syz_io_uring_setup(0x3a3e, &(0x7f00000002c0)={0x0, 0x0, 0x4f16fb2173764e88, 0x0, 0x6f}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000180)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, 0x1}, 0x80000001)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0xfffffffffffffffd, 0x1, &(0x7f0000000280)=[{&(0x7f0000000340)="cccb53631fd06369ac5c6aa4085b9f45eec25ce339b7217ec3d7f9fba770a2dc982531ad8fea4a04ce515da63c4f88d031aa3615c8547c382b2597bcc0ac25950a86c006a3d771fa503d668ef3ab31a569e6ace0bae4ea06fcb72d2074166c1bd37bb2dad38927016b0e2a4d681100412e77a37b1390b9834d792ec793650272c148d750ca72ed67823c7c520072", 0x8e, 0x7f}], 0x3170080, &(0x7f0000000400)={[{@utf8}, {@nonumtail}], [{@permit_directio}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}]})
fcntl$setpipe(r0, 0x407, 0x7)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r6}}, 0x0)
close(0xffffffffffffffff)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x1, 0x0, 0x0)

18:06:58 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x2000, @fd_index, 0x7, &(0x7f0000001700)=[{&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000001640)=""/150, 0x96}], 0x2, 0x1}, 0x0)
close(0xffffffffffffffff)
syz_io_uring_setup(0x4eb8, &(0x7f0000000180)={0x0, 0x64ab, 0x0, 0x2, 0x37d}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000240)=<r3=>0x0)
r4 = syz_mount_image$iso9660(&(0x7f0000000280), &(0x7f0000000340)='./file0\x00', 0x1000, 0x3, &(0x7f00000014c0)=[{&(0x7f0000000380)="62780cc465b4f75310d7e63b4cd3b194171d877e210e671fec868216ad525056382cca529ab6834d8c1084700a903d1a1e1ed349e6ae09e657890d5f76184b9ffb66869478a339992f919738e649d35f0236ca2d5edd9e4b0642ae06b89365d1a3e32d8eee07689503f31da825d5d9b815ef468759bc91f13354d3c012e883d0f6a8e423cca482b526fab5be4d0de93a40447affe03765e806cd65ca1397fe0b3e11cb48449937009ef46280ae1505107d5d6395d316a8ce04c76f67354beed1eb8ee0fec7e3cbe3e10fa7da2a5fdfb5bbd75ca92c1fee9e8fe449807df7861e0787f24e39f8efa59b269c20f7c88006283f56b8df9d3ab442c87878dae52b9fa28a83cb8f011c800823b6e99a693c060c1466c43bf71c0f45102ad78da175e6c97357238dc9eb86349c1711ae4357407d38372e80f5f77729330f02905394e824b06240f1190178733907d172b0b227faaa1f3510a4353344e834fa2ccdee2083e7b15f77cf26efe28065712b746c64dae0ea16fce7ea2547a8ea855c80cf9bc9fb4089539cc6762daaaceaab7ceaf1646ec0bee68d5ae7827d136b9115ea973baff53a934ef31c6047ef513049c692a1a499666179981396cb7fa9961b991d5b1dfc79fb12f33c5f354715cc0820a1b4ae0f6bb12ec1941be8331c3270fd02a3654f9dee4b844aff9021ca44aaa04814de364f492e51d4081f46dfebe3266859fc62f96356baeef2dbd2045b35c29f13efa6dd7224099316b3c707cdcc37fece99083553b39b15c7711c528c4c086f59e4b1fad806535e8eca318b2729faa8d5b0aee515a61c9c28a315c9900ab04eef600849969f3b870a78c8dace9223149f076f84ea08f8460a2a2380cddd61063d0a66d36edfee1276649613c37ccaa591a43284cd7f347635cc18f516999bedba9d4426375c831e003a092203f61ce657eb0239611f268a7919b6f9b46574eccd06dc54173199f95f0f4da8e4951b6a76ce32876eca0f9b07b474a47f6fd3ae0ca1a556358d03269033f559fd4fd8174999d1dc0f34e3e88fd0a780291caa3e471d642fd553338b17655b346243b5de5ae0267ae9812ff0c96ba0f4f5f1f3a4c6bc9136100b25bfb56142074f4907ad2df3ee6ec13e07eba3bd8df267ac82f3d62b42345541522afa10f19949136a10f74b33eaf3c8abee852beb2954a73022e72b688d83505b5f64a01befafbbaa52d8732b974bb32044abc16263440a98302905cbab7c06183d563402b02242c32b7a952ef49d596523af8d7645561abc48dec9d2b37ac4f75daa45cea848aa82bf9e1cde353f39d5f657070c7cd3b51d1690762113dd96536b72ad13e3c7a386f8d47f6654233d217b7ac580791d51faf54a60e52f6e58ef5744f23ad1254f0b9da94c2af8f2fc0330d03c1ea0d6e7403d850a57b8696a1b6565a33b399613b4e6ed3c57f87ec87093d207b68b7d29d65783f34688f48194c6bc481536108e0e4ec1c3368d48034785f4fd770f0f70ebbc5c3d5fa09c82d222d3d6d9c06264ae255825c93080d98b52ba1bdb3643ea5b7fee2d9b7c19449cb40ecb0ad60d7b10891f4925cbe43d3e4d3a36a47625715abe427f519ebb544736f873c92f2f7b0967c9313a1f5e171cdfaf72878ffd2ab21d0f2b8f07faf1b7f3eee1199d6e51c292f88caee85a96601f00c00f5fb3f9f97220a66675d47bc1e06f1fe2da0ef7cabd1dfffb0b1cd5dc5d96962ee0c129aac3033b53d433115097e010d843f5e7f78b9a7de5b2afa2cf25235ce7516ac03dc53aee736255761b036bda5f2197f2cd98288843b8d890f5957e1c9df09f0bff81edca906f2918c2cfa220b09b2199944c26b57bb452031d9c7b31ec95a6e43d1bf066196c1b4c2ad8b8ea56745fe88735552e196ed4806a62f27b5703dc0da3f642bd559e84b464a3b8154f3e7af9c8b55f14a885fd48356520aebf00c8011fd646b18035d70afdf3af7d3ef4c02d1f88b130ee12dcc33feaf4856530dbb16edf930b669060b14116f0a00cd1a2673aaa68421582cfa6df3d1fd90b6e459e73aabd611a3138b5f6c4c01bb0be1b5e4cd1e54c3eb128f5c06ca1d18226e5a727f3c2e9aa7812341332929947502385542559312ff02d9835ff2556552f5eb130d5546d306076a7ff796bf20530fbed80dbe21923b29c2a6d720b775633d7b4085e0f499b214e2bfb684292ff64942503d301531fb3ac4b933c942399cded1b8edfad0be5ea0d415a618eb60212e4b181e7681b5f0c691f7dfa14d68b2c5ca0250c40ace683d9f0e5d0052eb5ee1690f391329ab5d366f44836aa6fa1cd6850514ba9a59d9c07920ff1ae35e5d08ed750e09a7c3ec9391e8ff2f0268c4e64abe97bc511d18a95afe613c1ce45c7958ad6c7045c3ce669ec03fc31cbd74fbbfee728d704bf2ec76b5bee082aaf18e9552893f4e32dff6f760330fb6592d530761c8e5136eaf906702bb8df6a00b2a2ee0ff125fd0809902e13c2a51928447bd6a26450e9392ae2e58c23e13ff4c4802143296203558af6d7c600397a51b929f45fa182488ef82e5d0bdc92ed52652aa272265d0a55b8f72b8892fe7173c08e3fe9070f542852c5fde2744c6c678eb5e4a7295c93be948ddc677ebe76076dd32176bcd5dc7db4838422e8d474f7221f29384e948365be13ce8564eda31f54f91612e15bc309dfeb28c3eb575a0bc266fc9d7701255aefa0242f8a229bca8bb4cbf34047b3e95a1563f647dc479beb37ece13ea9df80a50b0012d88f19d122d43880198459fbc09bcd8fbc12810a514984b4463d8089bd77fcd17b9dc82a7819082c6f44741804096c6ab2ad3a5953024ffecebf3f48c7bd455a203d449bdc6311cea3fd8b8d69bad2450363b1eacbacb5800aa6656c08d0c122acfcecad3963f4cb018a7c358e3fed9b871ce9386c1875c644edc0fab7edeec9acad1514370c52953410088368ec0b5e1a2b45c29745e36443393e4555ebfbfd08cba29bc540e5b9fb968cf3353b8d55d270c4a7035a53fd59d6f88f19dff0f72e5f2ba7cfd72787479830a5b4ea0f36c8f7ec07b479fdea13347b77b62a7f65570ef027f8ddf5dc4b83e60f6831fa85bd4025adaf3c36b25c5ba7c05279925d0b1e6774f78b5cf821eb90625996f1d018074407e8b2c8c9b3b3392c62b5e3043a2bb34f72a29acf5eecdb1d904f86ed7fb08298b84f69e9c6ec833e5123985e5bd93a88befeeccac4df90cadd76a3591cee830c30663ad8d2ff3972f755bece76cf3b01a5c993de580e669434742cb02bd6ac05968f8b87c0e4b77ca405431d97ecafbe68e33404177bd7ba002719a7a917adc8b7261c43bb3218121396ffce033454893d6de747b52c7268273b781ede47bf661ce6830e1cffeb17ea0c028d8e4cc17ed0f8baf47fa264f1bd77eacc891bb290d271494ee552ede89ddf73a2353a6aad96f46304f9675cce3db40cf3b1c4757edcdc851f38de427a9d4499784433479280d0b3f38838d95c43d69c7a328016899320c3aa8da5504e76271c56bdbb279800fec5a92576bd18188b78ce5b943676b66f3f12d18347cabdb47f10101b7b0d4d8442aa317ad5dd53b41ae03ba37425bfaae02a74a35f36d5dd897ce835c0a6e169e7535d2cfbfa0dc4e57ae1f8d98c4a2a7eda1cd898230b3045a74df300251f9fbbfbcc34fdbc85116ff6cbd14602c1b8e103c456c49e77468239e5eeb2892bc8f5bf4047c082cce5db0331b51e1f36f3eef2ed1b997a39e95d241bcbf4f8ca11b2859999347a57d7a889aa77852e9646beffe2409c1bdfac4097799f30e99d24077e5eeed555d5a83e8ecd7bfd01f27959a63d37adb2ba38b114be54603abfc29680b5c5d177b62a9a6be908db4aedd4cd0cc980c7f33b33cecada5d27e561baa80b43be4a0539855ee44daac3db12fee9d8dea1ee744397f0d0dc4bbc2e54ac4b8b95b793affcb83a3c5135c82a4983379e06d83b2756e61225fea2176bb11ca301160406b9cdc6aea1832d3ca859a9339b0796595daff1c920a695484c2fe4f9dcc7f7f62873921ec558cf8bb974898881e74f724edf1e70cbcf055a0500ae83a6e25421a2151b9f9e2768fae3f066a1c8bf7ab9b8d88bb452d36cb6c4e9c9d1460153afcdee659989fac8d18b87569872695115d97f9af540765936ee11ca4bd67ab9fb9d42f853eaaf2767e710b968c2b17700e8ecd57641c222043a6fdac00ed2afa0d4ee3257905c7ebb7c2143d1b27fa1dcbc84b8b828b7ab86ac42a8c94dae2d72856a260057e68ceef956aa098e5d30a7e8e5ac27941fb85759d07502e2403b6f2b28508ba19452ca990bd9cb8469d83231f495317e7099c849fbfd76bfd7df357efef36145a5152caa8c75c731a667537ce1e91c6c5cabc53da71e535912c5af71e827bf24b4dc0bfebc6ff7ca600ec2b3ddf2a22fe1d3dcd83db733bafbbc2dc603f9ffab6e442b1aafe1d8f74a428bf6809e9788d3e80edb4cd8bafef4ba74c77cbd06964badf900ee67a4ed1f9a77bbfe340de67cfaedf02a435165a7670d9bebef90c011bc5bf8a6f3ce0f2d3e5872e3c43238d862b093b00579a80971f9cdcec8d8a8f6e1423a2e5dcdae296c2adabe4c57725b5177858dd3c86a4bb41b33932c4262a03dda1cf201a7ab8d4b495132abbe79f716768b1e5e28677c32867c90233af50f1cba4ad2291c401aeeee2963da654af6f48d895ba159804a3b4fe85b8e011a874be3b61ec80a40409ed371b2ccbd3ca3cdfa8d6435800aeff16c8c023fce6a171f87d83b90f631fa0039f209d8f79c70710b5faa08fa8c82f4bebe6b182ff465a9fe265c7555399336e484ad161ffd4e85b0dc3653e2effc50fb59bd2f401ab5109067858073c1954e1823b846ddac2b93f929e5e8446be515c2ea4d1dfa65b508b46179b3c438b41ab6ecb95bba60c66cc15ca62a9ab1644ee16e8e836359a1d345a1f952ce3923c329d158831bab15aca52b0400a4cf02d939183f57d5513a2cdcffdb264632bc608d9acd896cb9bbd72bece73ed7216588e88c4a85956da05efe87458620d9de7d1b73510765fc18145729259338eff0bbc2dc5cba6ac1c8b171aecc2c53d92126f7d4a114b7b8c50df7265ee816b96eb2243d97b224a3c891c751376ec4de3b96d952392ad4ed226f79574e3d73376d692b6242947a8cee3b0a1638758d6365b425b2549c969f8d2df3f924d3342d19c8b5e3770e5bc4137a2f3d52fe8488564fccdc42da9b9cc57b4d3886d8d9858645c0004b776b92893691b698dcb3a47aa7c9a0ddf04cdb3992e0f119ac6ec0f5e1e0b9e6b80729a4f186713d7f22e4f3f044610c250b3642b0af927ab450c2f4978aa68e5f1966580fad9493a8eec3697994374d4c3e514c281d07422d8ced99cafb798a5e4a7e7617d0d2dfb54d0560bdfbcb517cbe6ecf51f2af8dbe2f2a4bd74aea3b2ab05cdd5a4f8587f241615b1a958128b32dc6123f37ff8295979e8e3d5a8b01e47657f69f2aea280693a305b70456e8562c1bba3f1ce5af60d54110c1136975731fe30adcb94c816a7d8e255b938e3ca7de70817bc466b792f6d79fb59c814155b71deb71e411c22e1374cbec3968af344afe920e089472d2087379c3dccf1c1144b3bc4d5388c97c0ad386c038c9d94314db0394963cbf92693599386635b80ce5b18537b83d676ee601f7da668ed005b655af55cebdc51f6e1e34ef4902904c40c047d3183412ed75e6110cbb42ed6c0b45fa5238927dd714d3d92c64e25447b2f459008a96bb07654007", 0x1000, 0x7}, {&(0x7f0000001380)="eb387377fd7966b153412c894fb4d660", 0x10, 0x6}, {&(0x7f00000013c0)="52ed75a9a36d57d5c508838653862bc1433b9433d5d8fd0468f2ef3e1226c9c753ff1cd828156e9d322f228b11280027f92ced444fdc7ec3cd7ab9c6626bd03ab4be2c346471da7038f76106dedfb9596d49e837ef49a669a722f22a91920a6c18fd96893d95f80e7c2be39843f9d8e88227ef29d11bd4d81390595f400337b1430a531515f9f1ff672236a4a2c53db4773db1227a5e54cf02160eaacfb24cf6cee9beebbad24fab72df7830dc109b9cffcaadbddd9c2bcac9d0df9221bb49a8c56e01cc8cdc2ce9063b940b9e0deb73fc2bd10d06ba58ff957c8c08d06e307c8e7aa2cc41d3a123eb863af2a34329c85b22e8099d6ddc", 0xf7, 0x22}], 0x42, &(0x7f0000001540)=ANY=[@ANYBLOB="686964652c7574af3362b90c67b5a8674f4c4943d975434845434b2c00"])
syz_io_uring_submit(r1, r3, &(0x7f0000001600)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r4, &(0x7f0000001580)={0x2000, 0x31, 0x8}, &(0x7f00000015c0)='./file0\x00', 0x18, 0x0, 0x12345}, 0x5)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000006, 0x10, r6, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:58 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
getsockopt$inet6_udp_int(r5, 0x11, 0x67, &(0x7f00000000c0), &(0x7f0000000180)=0x4)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, 0x50, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100)={<r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x30, r7, 0x0)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x8, &(0x7f0000000340)=0x1, 0x4)
syz_io_uring_submit(r8, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x1, 0x2004, @fd_index=0x4, 0x5, &(0x7f0000000240)=""/126, 0x7e, 0x9, 0x0, {0x0, r4}}, 0xffffffff)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:58 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xeaff, 0x0, 0x0)

18:06:58 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f00000000c0)={0x0, 0x0, 0x10, 0x10, 0x1e8, &(0x7f0000000340)="461f43b38d397933288d538965192b1061a9610d87ab59a8e764a88c40438b1d430d6f6f3bd33e9f1ba9629c503ca5266f14839ef0ce345b073fdcb0dbc137d6a1b01ee87113af8715afaca1bdaa56380fe4038a7989049c1e30f9e53a6a04b8209be7ec6fb8e6ebd814c25b101158ed924b4546793ae87c6d98ef25c66c31bb47728c0656bafa4aa172a72229f46670c9256e8ba6b7e5cbd14ff668d0e25b7abf8fe9aed83450e88c5958d67ade7c8900f60aa92e7f7272343a0e5325daca4f3e606076887937f8d2a1f13ea7217eac76866114a3cced95cb1698c77c09bd5d26f005153dcb0854680535042b5b651f124cc95c54fbaeb6fe2ca242c4315039084935a84da9de60908b814deb2f81d4e7bb8cc4018f21bc4bd048b268c72418f5f32ee303c27dfcaebce1d89992932f27529fe91cb8d4f7d8527830be227fc1b61a7f169ade6a9a3baae2417d95437674d1323f50128fbe3ec939cee97da07e7f245a052fa6bda865ce2ddf343f28bea7bf72f316abaf9019719c2eb8e6a10292396458d54e627a1c7cf56bf40c3dff7e5c16ad882fb4aaee966ad30459b7215e340b0564b56097b80d7aebd80d7891395df53e35fd0d2faa0cc63334aad1f72a3a68527fc589e0b5194e282fa1ff3c687cb3adc20d03a049736a6bf20fa370310a376e2dcc03c83e245206ac985de02646071f18806cd7b89b0fd20fa24af794d517215db3601ba61bf67dcd947afee112cbdce167f85e913e37bb9c016102881417faaf398ab5c9790d42c1f1916a0b55e48189d0736363bd8aa45637424b19fad6a0e61ed875c04e9f979c08dee1a0935c4105e241d9d8f82340406b478995b885c079ca45b84c91529ee7148d0227e032e1b1894fa40d0d5b6e23c05c6ccb172fadc6554bcb397c0eec6a5e0d111616d8552709aa69baf92dd02c2ce2deaf9c4487c137b6c95a9a37277e5a91c60561bf848e69517ec7b1f3b555ddc5982d204965f71be9e5436c67d6448c9764426f81e28d6841f779a53f1495605d47aef4820968bd57a413f196946058806c959f96de261397d417358d22e908121c6f10f4df546868f83010728ab08b2c4bed9f7f45a1cf269555b56f1b5798e3b85e41885355185fcbff827cdfdd1badd889ea28bac69ccf56cc61408a4b7e4fb75b116a214c9225db6899c2b5ffbb575598e2572a9c94d4d7a2639064c9ed42e72bd53ba9eae443d2655a450f70c1402f45227c874f9a8691889544ba650c2d83f555c435a42f86fd61efe6f400b6f083be6a004b669b4c231eb2accc0fea1fc42b952d723391a3e5139c3aaa6670a257b0e2dc959951f6f592936920a51fd911eb5f67ef2b4b11b64df59128f47e9b6d589f135f10a6ac0257e09b20bde68e2a9da7c85630f0e25e736f103320d260dba3c5a20a381c68463b7dc59bed187ade"})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:58 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0xce}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
pwritev2(r3, &(0x7f00000000c0)=[{&(0x7f0000000340)="4679722d13b2eef72b50454adf3bcdf034f906ea500f6531ef14d7d9bc85bb2d06a6509d6471c361b929916f75c9fe6e46e7a4907f3f348885a7d4dcab767e20bc3841d3ce4070ffd8554c967b124ef4d3eec8c7318813aa0ced4484b9aa05fcccdad77f2d322712f283a74a545b833fd05d13cc1758c87fae6349cc27206914a163a5fb2f09d9413aff19958c2320fd1904c3afcd818ed4459f4d985ee3bee32cc1ed6ab80b50805b64521bf4c64b94b1e42a08bee816c16dda4734ed52895f173ef68f6e005e6e0b30aaacd4ce15", 0xcf}], 0x1, 0x6510, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:06:58 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)

[ 2642.616772] FAULT_INJECTION: forcing a failure.
[ 2642.616772] name failslab, interval 1, probability 0, space 0, times 0
[ 2642.618632] CPU: 0 PID: 13704 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2642.619585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2642.620703] Call Trace:
[ 2642.621071]  dump_stack+0x107/0x167
[ 2642.621563]  should_fail.cold+0x5/0xa
[ 2642.622097]  should_failslab+0x5/0x20
[ 2642.622627]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2642.623253]  io_submit_sqes+0x6f76/0x85c0
[ 2642.623841]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2642.624512]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2642.625161]  ? lock_downgrade+0x6d0/0x6d0
[ 2642.625732]  ? find_held_lock+0x2c/0x110
[ 2642.626291]  ? io_submit_sqes+0x85c0/0x85c0
[ 2642.626872]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2642.627541]  ? wait_for_completion_io+0x270/0x270
[ 2642.628198]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2642.628833]  ? vfs_write+0x354/0xa70
[ 2642.629339]  ? fput_many+0x2f/0x1a0
[ 2642.629821]  ? ksys_write+0x1a9/0x260
[ 2642.630334]  ? __ia32_sys_read+0xb0/0xb0
[ 2642.630892]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2642.631613]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2642.632308]  do_syscall_64+0x33/0x40
[ 2642.632811]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2642.633496] RIP: 0033:0x7fd673b8db19
[ 2642.634006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2642.636524] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2642.637554] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2642.638525] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2642.639512] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2642.640470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2642.641439] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:06:58 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xffea, 0x0, 0x0)

18:07:10 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x30, r0, 0x8000000)
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x48010, r3, 0x10000000)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x0, 0x0, r3, &(0x7f0000000180)={0x2001}, r0, 0x3, 0x0, 0x0, {0x0, r7}}, 0xfff)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f00000000c0)={<r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:10 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:10 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0)={0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, r4}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
r8 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x5, 0x0, r9)
syz_io_uring_submit(r5, r2, &(0x7f0000000180)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd_index=0x5, 0x1, &(0x7f00000000c0)="93198dd51fcd3188", 0x8, 0x18, 0x0, {0x0, r9}}, 0x5)
r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000004, 0x1010, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:10 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x81, @mcast2, 0x6}, 0x1c)

18:07:10 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = syz_open_dev$loop(&(0x7f00000000c0), 0x2, 0x100280)
sendfile(r4, r5, &(0x7f0000000180)=0x6, 0x6)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x40a080, 0x0)
ioctl$VT_DISALLOCATE(r7, 0x5608)

18:07:10 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0)

18:07:10 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)

18:07:10 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
creat(&(0x7f00000000c0)='./file0\x00', 0x90)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2654.950789] FAULT_INJECTION: forcing a failure.
[ 2654.950789] name failslab, interval 1, probability 0, space 0, times 0
[ 2654.952196] CPU: 1 PID: 13740 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2654.952959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2654.953853] Call Trace:
[ 2654.954154]  dump_stack+0x107/0x167
[ 2654.954549]  should_fail.cold+0x5/0xa
[ 2654.954958]  ? create_object.isra.0+0x3a/0xa20
[ 2654.956026]  should_failslab+0x5/0x20
[ 2654.956939]  kmem_cache_alloc+0x5b/0x310
[ 2654.957923]  create_object.isra.0+0x3a/0xa20
[ 2654.958970]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2654.960215]  kmem_cache_alloc_bulk+0x168/0x320
[ 2654.961319]  io_submit_sqes+0x6f76/0x85c0
[ 2654.962344]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2654.963549]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2654.964710]  ? lock_downgrade+0x6d0/0x6d0
[ 2654.965716]  ? find_held_lock+0x2c/0x110
[ 2654.966691]  ? io_submit_sqes+0x85c0/0x85c0
[ 2654.967759]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2654.968816]  ? wait_for_completion_io+0x270/0x270
[ 2654.969858]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2654.970869]  ? vfs_write+0x354/0xa70
[ 2654.971632]  ? fput_many+0x2f/0x1a0
[ 2654.972410]  ? ksys_write+0x1a9/0x260
[ 2654.973230]  ? __ia32_sys_read+0xb0/0xb0
[ 2654.974105]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2654.975249]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2654.976381]  do_syscall_64+0x33/0x40
[ 2654.977174]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2654.978276] RIP: 0033:0x7fd673b8db19
[ 2654.979091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2654.983010] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2654.984698] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2654.986185] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2654.987749] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2654.989310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2654.990765] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:10 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0)

18:07:10 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmmsg$unix(r4, &(0x7f0000000ec0)=[{{&(0x7f0000000180), 0x6e, &(0x7f00000000c0)=[{&(0x7f0000000340)=""/182, 0xb6}], 0x1, &(0x7f0000000400)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe8}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000500)=""/139, 0x8b}, {&(0x7f00000005c0)=""/196, 0xc4}, {&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f00000006c0)=""/137, 0x89}, {&(0x7f0000000780)=""/133, 0x85}, {&(0x7f0000000840)=""/41, 0x29}], 0x6, &(0x7f0000000900)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe8}}, {{&(0x7f0000000a00)=@abs, 0x6e, &(0x7f0000000a80), 0x0, &(0x7f0000000ac0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x90}}, {{&(0x7f0000000b80), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000c00)=""/182, 0xb6}, {&(0x7f0000000cc0)=""/103, 0x67}, {&(0x7f0000000d40)=""/142, 0x8e}], 0x3, &(0x7f0000000e40)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x50}}], 0x4, 0x20, 0x0)
r8 = accept(r6, &(0x7f0000000fc0)=@hci, &(0x7f0000001040)=0x80)
connect(r7, &(0x7f0000001080)=@pppol2tp={0x18, 0x1, {0x0, r8, {0x2, 0x4e24, @multicast1}, 0x0, 0x4, 0x4, 0x1}}, 0x80)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:10 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000140)=<r9=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r10, 0x0}, 0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r11}}, 0x10001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:10 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
io_uring_enter(r6, 0x5749, 0x23d9, 0x7, &(0x7f00000000c0)={[0xc2]}, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:10 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0)

18:07:11 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)

18:07:11 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffff, 0x0, 0x0)

[ 2655.528051] FAULT_INJECTION: forcing a failure.
[ 2655.528051] name failslab, interval 1, probability 0, space 0, times 0
[ 2655.530987] CPU: 0 PID: 13770 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2655.532575] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2655.534471] Call Trace:
[ 2655.535086]  dump_stack+0x107/0x167
[ 2655.535937]  should_fail.cold+0x5/0xa
[ 2655.536814]  ? create_object.isra.0+0x3a/0xa20
[ 2655.537867]  should_failslab+0x5/0x20
[ 2655.538741]  kmem_cache_alloc+0x5b/0x310
[ 2655.539691]  ? mark_held_locks+0x9e/0xe0
[ 2655.540624]  create_object.isra.0+0x3a/0xa20
[ 2655.541665]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2655.542841]  kmem_cache_alloc_bulk+0x168/0x320
[ 2655.543904]  io_submit_sqes+0x6f76/0x85c0
[ 2655.544885]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2655.546031]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2655.547172]  ? lock_downgrade+0x6d0/0x6d0
[ 2655.548126]  ? find_held_lock+0x2c/0x110
[ 2655.549070]  ? io_submit_sqes+0x85c0/0x85c0
[ 2655.550075]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2655.551204]  ? wait_for_completion_io+0x270/0x270
[ 2655.552324]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2655.553401]  ? vfs_write+0x354/0xa70
[ 2655.554271]  ? fput_many+0x2f/0x1a0
[ 2655.555137]  ? ksys_write+0x1a9/0x260
[ 2655.556022]  ? __ia32_sys_read+0xb0/0xb0
[ 2655.556962]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2655.558178]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2655.559397]  do_syscall_64+0x33/0x40
[ 2655.560271]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2655.561467] RIP: 0033:0x7fd673b8db19
[ 2655.562351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2655.566602] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2655.568373] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2655.570024] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2655.571691] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
18:07:11 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x40080, 0x0, 0xffffffff, 0x0, 0x0, 0x80000, 0x1000, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r5=>0x0})
r6 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000001280)=@getpolicy={0x108, 0x15, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@multicast1, @in6=@remote, 0x4e20, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x87, r5, r6}, 0x6e6bb9, 0x2}, [@algo_aead={0x8c, 0x12, {{'rfc7539esp(cbc-aes-ce,sha224-ce)\x00'}, 0x200, 0x60, "a3f5e69e83c849545068c65e8c08ba2cf68cc0d1cad9a68aea4dea38ab91bac99be493041d0aaa8671adcb31f510f7adb3f57611cf1a30e3d9564f44757ee210"}}, @encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e21, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, @tfcpad={0x8, 0x16, 0x5}, @extra_flags={0x8}]}, 0x108}, 0x1, 0x0, 0x0, 0x24000000}, 0x20040000)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x4488, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@fscache}], [{@measure}, {@smackfsfloor={'smackfsfloor', 0x3d, '\x004?\x9f~\xc5\x9d\xc3P\v\x9c\xa2\x0f}N\xfb\"\xe2QB\xf0o\x03\xf5\xdbV\xbeu\xd6\x04t \n\xa7G\x7f\xc7\x8f\x82B'}}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@dont_measure}, {@hash}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@fowner_eq={'fowner', 0x3d, r6}}, {@smackfsdef={'smackfsdef', 0x3d, '*$-'}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}})
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2655.573336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2655.575088] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:11 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xffffffea, 0x0, 0x0)

18:07:11 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r7=>0x0})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r8=>r6, {0x4}}, './file0\x00'})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000280)={'nr0\x00'})
r9 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000001280)=@getpolicy={0x108, 0x15, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@multicast1, @in6=@remote, 0x4e20, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x87, r7, r9}, 0x6e6bb9, 0x2}, [@algo_aead={0x8c, 0x12, {{'rfc7539esp(cbc-aes-ce,sha224-ce)\x00'}, 0x200, 0x60, "a3f5e69e83c849545068c65e8c08ba2cf68cc0d1cad9a68aea4dea38ab91bac99be493041d0aaa8671adcb31f510f7adb3f57611cf1a30e3d9564f44757ee210"}}, @encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e21, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, @tfcpad={0x8, 0x16, 0x5}, @extra_flags={0x8}]}, 0x108}, 0x1, 0x0, 0x0, 0x24000000}, 0x20040000)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0xb4, 0x0, 0x112, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:11 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r7 = open(&(0x7f00000000c0)='./file0\x00', 0x10040, 0xc8)
ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f00000001c0)={0x5, &(0x7f0000000180)=[{0x8, 0xb8}, {0xff, 0x6}, {0x7, 0x2}, {0x2, 0x3}, {}]})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000240)=""/22, &(0x7f0000000280)=0x16)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:11 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x0, 0x10000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000140)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:11 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)

18:07:11 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x1000000000000, 0x0, 0x0)

[ 2656.083022] FAULT_INJECTION: forcing a failure.
[ 2656.083022] name failslab, interval 1, probability 0, space 0, times 0
[ 2656.085710] CPU: 1 PID: 13796 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2656.087153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2656.088880] Call Trace:
[ 2656.089433]  dump_stack+0x107/0x167
[ 2656.090186]  should_fail.cold+0x5/0xa
[ 2656.090971]  ? create_object.isra.0+0x3a/0xa20
[ 2656.091940]  should_failslab+0x5/0x20
[ 2656.092736]  kmem_cache_alloc+0x5b/0x310
[ 2656.093579]  ? mark_held_locks+0x9e/0xe0
[ 2656.094440]  create_object.isra.0+0x3a/0xa20
[ 2656.095361]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2656.096431]  kmem_cache_alloc_bulk+0x168/0x320
[ 2656.097397]  io_submit_sqes+0x6f76/0x85c0
[ 2656.098294]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2656.099363]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2656.100377]  ? lock_downgrade+0x6d0/0x6d0
[ 2656.101242]  ? find_held_lock+0x2c/0x110
[ 2656.102098]  ? io_submit_sqes+0x85c0/0x85c0
[ 2656.103011]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2656.104025]  ? wait_for_completion_io+0x270/0x270
[ 2656.105042]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2656.106018]  ? vfs_write+0x354/0xa70
[ 2656.106802]  ? fput_many+0x2f/0x1a0
[ 2656.107590]  ? ksys_write+0x1a9/0x260
[ 2656.108383]  ? __ia32_sys_read+0xb0/0xb0
[ 2656.109239]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2656.110337]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2656.111425]  do_syscall_64+0x33/0x40
[ 2656.112204]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2656.113274] RIP: 0033:0x7fd673b8db19
[ 2656.114057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2656.117905] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2656.119500] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2656.120982] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2656.122467] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2656.123956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2656.125433] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:11 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:11 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x80000000000000, 0x0, 0x0)

18:07:11 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0xffffffff}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
modify_ldt$write(0x1, &(0x7f0000001540)={0x400, 0x1000, 0x3000}, 0x10)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:25 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000280)={0x2, 0x2, 0xfffffffe, 0x2, 0xdffffffd})
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_setup(0x79de, &(0x7f0000000380)={0x0, 0xc095, 0x1, 0xffffffff, 0x190, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000240))
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x5, 0xfff, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
io_uring_enter(r6, 0x57f7, 0x641c, 0x1, &(0x7f0000000340)={[0x3f]}, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:25 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
r4 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x5, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readahead(0xffffffffffffffff, 0x6, 0x2e)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
ioctl$KDGKBLED(0xffffffffffffffff, 0x4b64, &(0x7f0000000180))
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f00000000c0)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd, 0x8000, {0x0, r4}, 0x5, 0xc, 0x0, {0x0, 0x0, r3}}, 0x8)

18:07:25 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x120)

18:07:25 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x5, 0x0, r6)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x10400)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_SPLICE={0x1e, 0x4, 0x0, @fd_index=0x8, 0x4, {}, 0x0, 0xb, 0x1, {0x0, r6, r7}}, 0x1)
openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:25 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x100000000000000, 0x0, 0x0)

18:07:25 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)

18:07:25 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, r3, r0, r5], 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:25 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
recvmsg$unix(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1, &(0x7f0000000180)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r5=>0x0}}}], 0x40}, 0x0)
syz_open_procfs(r5, &(0x7f0000000240)='net/snmp\x00')
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x40010, r4, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2669.933847] FAULT_INJECTION: forcing a failure.
[ 2669.933847] name failslab, interval 1, probability 0, space 0, times 0
[ 2669.935193] CPU: 0 PID: 13842 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2669.935962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2669.936873] Call Trace:
[ 2669.937175]  dump_stack+0x107/0x167
[ 2669.937583]  should_fail.cold+0x5/0xa
[ 2669.937998]  ? create_object.isra.0+0x3a/0xa20
[ 2669.938506]  should_failslab+0x5/0x20
[ 2669.938916]  kmem_cache_alloc+0x5b/0x310
[ 2669.939364]  ? mark_held_locks+0x9e/0xe0
[ 2669.939809]  create_object.isra.0+0x3a/0xa20
[ 2669.940279]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2669.940837]  kmem_cache_alloc_bulk+0x168/0x320
[ 2669.941332]  io_submit_sqes+0x6f76/0x85c0
[ 2669.941797]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2669.942339]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2669.942866]  ? lock_downgrade+0x6d0/0x6d0
[ 2669.943329]  ? find_held_lock+0x2c/0x110
[ 2669.943772]  ? io_submit_sqes+0x85c0/0x85c0
[ 2669.944250]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2669.944781]  ? wait_for_completion_io+0x270/0x270
[ 2669.945312]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2669.945812]  ? vfs_write+0x354/0xa70
[ 2669.946226]  ? fput_many+0x2f/0x1a0
[ 2669.946632]  ? ksys_write+0x1a9/0x260
[ 2669.947043]  ? __ia32_sys_read+0xb0/0xb0
[ 2669.947505]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2669.948078]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2669.948639]  do_syscall_64+0x33/0x40
[ 2669.949054]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2669.949605] RIP: 0033:0x7fd673b8db19
[ 2669.950014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2669.952015] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2669.952849] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2669.953631] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2669.954392] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2669.955154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2669.955952] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:39 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0)

18:07:39 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
io_uring_enter(r4, 0x7661, 0x299e, 0x3, &(0x7f00000000c0)={[0xd9d3]}, 0x8)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:39 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f00000000c0)=0x31d3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000180))
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:39 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x8010, r0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
syz_io_uring_submit(r5, r2, 0x0, 0x80000)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000d40)="ce42865d8cb5857b79009f7cd4efdacd6a9d38724082ce28cf729cabc9b08b31ce9a3472b90f0f1969274f12429169ffb3f1732f45394f85b0638d6cbe4f3c50dcbc7a54883093ccf418f8f3a9739b73956f0992af19d759fb4489994dac09a7f9505efa9fd53692c5047e2dfdf48b249d5d44da97a88322c39019a7c6623603441bd4aac7fb7cea28db75a518adfd09caca4be5c77acc6bed2144a1deedd151ca100ff28a0c84a66020e1fdabb3e66dee283b86b36d7e2ff2e6c840f4666b01dd8c0f3801b90a439068bf845a16c5cd7912b7ddac15c437d75d31317f7ece73810a602a829097b4c7b4cec563112ad657ced5d2bb20c02509edcff8dc1a5fa3c1bf6b58d8c68a6956a238b493f8e6fd05b994dfe42e5c01bc7208d34bda4987efb5f423db78913637b4382d4378a4645c079ac99992258678faaa3706b494c49bfe07d6c012e65baee8f7c87f9987b0b0faa354a39ee14d93ac603b9994f471f3f525dff29f69c88000a0462023f41a584a5f08c55c2e57675f0c804705332a18798c0a7a9a39f4d44a075e31f6abe2230220b35f501b3629e9f4c6fdc1036e714b85498bbada0549110299f737153327fb63c587308b1eb73e416b2727a7eeeb65d602ae608dea1be368f8f4be25fddaed0971e2bf4f542b1951466346c8a029a3e8c47fff9ebbfbad1b383220e728ac640553fb71e6a3b667efb6f9e40162d0bf8563a369160bf655cb9c6a37d1a7c6af31ac50774d6dc0e3d31d9ef8010324eecb28131dfe1d9f7740ce3ca9e058609c31ae6646832132ac4831b7f4d276d27671476cd5458dbe7950235333a4cc650bb3f251ab0b74278f34e179626955f236572f0928195a4d3228342a74625e0f2c686561c0c8393a1cab69f6ab54c2b58cbd1817d475977fb7714f11b105e61c8ba9d144c920e95861b7c6ae6e46889e9d57a8e3f21c0f4f21dd9d39983598de7bde35636214d64ad2aa4f4601de0e8385f5039abec35022366c3f60b34c454c2f406daa3282507a358b2f5b2ac16918af98d16d5eaa772fa0bf6af36150936a7488af3e4c6b8bdc3f4ef9260472b138bb568f5f7f1747c397649a69df51f08b0b4538d0219808f1be95c003d539af34d6e832655abaded680672e3463c57a15dccb773dd754d67bd0a8bf4c0a1c6163c0c6b33ffdfb4ad60172ab43e2cb2945a8482d682dfa4f7b8e722d3eb2d6658bd0638bb9dc1462176043c7da5f606e0f86163b5e662ad6cc5606730f74fc5213034f44ddf2f7ffed724aeee29b10b0ca505656ab3c5aed9229ee7803a675a1e5236269e42a25cfd14f2a3760351ef68242f2fa46c53fb0bbaf5c77322d09288e035ad0d4cc2a95d6ea18ca723a1c3759e38eba5fc9162baf2fb7b44594de64bed83abb08e426579b8194bc25060de56c3962f7218895d3612467bc2cf7d0c2dff0bd136a1952b49dded846313b3799ad9c80ddc0eb9dcf8605038cc211ce3d55610ef3995e0bb4ec59b78a7e28d3139d3d47caf2b5aee5f727c6cb75fc04ef1dfda04a77db9250839609dbe03432c9c66814c12525a0b1b1c5b76b9044459be8ca0cec967e38f1a4472adc650f5a9d15bd7cb302064ad546eb7ee1bfdb63845ddbaf29595d83c94d0d25421defcd5cee45b1b58b60142aab36a402e3b411e2263b97c32cf0ca1967e24c42aba872dbac9915b414ef9f4d5f0631a499c98b112dda72fb2260208de2e4e387eb948c1954f768bc919c0565b282540f76c7fcd2c416fca58fd56095e2217ec9654a7bfaf068aa7e8528cd7fb85347422a6c8eac83c3e246ea3e97e5f53ec1a154618fae3dbd2620767fef9c87482e1e48104abb1fa39f1b9c833bbf06f24464400e561a6c96ceb9261caf85e9778912b44092ecc3350eb4299c2cde86b791b92dc5906f63a6adde96e3676f90d1902fdf52e66b851cf873413d6c64491660214be135d0a72d03dd0d2f8729af3a082eb29ebf8e73fdefe20dbde42055ad19b245855678602853ec00ad33fe9af5cc724d3950301db5f9f1b386abea2b1de1e7e4afde568b6f69fff0273f45a7da0f8bf5820dfeab0f25ce902951b6ada2cd0b03fa389b984416d0614d36ede4e958f2fce7e6a01ca43c46af889cf3d8fd7136aa8678c7221b6da7e2e9c3f2bed199826fdbec601d52d18ea9aaf89fcee38aa778496311ee75bd290c29ee539451b5f3cf5e8a1eb1988efaeda114c686a012a0596448a39ead5dffe4b2afebeebda78af81e7315f3a751d69d4c734b077d33ae19c226fe25262c303cbf708e02ed73bdb0fd886f5f21ba17f7e897044e6818c16b16ec930706fab85fdf0cf36a4ca32232191e8b32b6219c3c19e4738367c5865685b25cccbbc8e297bca3dc471b798fae497474760173cac893fdb694a3d0aca68003179931771e1654385cafe289722c294ac620985b007e2818e48dd2b6759b4f1f23bb28c227d5dbfe97a12b848de7677f9576476e6f2de51784fa092b75e2ca44d5e6ce5ac7a7c3b247297cff54ebbb699e03bade9998ac032bd50b14452be1b698f93306e67e48f757a5ff872471035a90ec6071e0892cb7d13878d9a1885b78df161a551f97f207c748daaf896756360cb99a53edd44547920d6d860dd47318637d9e25d6ff6acb2c9f4ec05e1ba86ea9c2076c176ed4a465ccc48ec81f40acc62c85423197e6851f4c7c8760d2b5d20c36a622963c9b9e13e6afb1e33188348b21006f47b9eb9ecdea0d7979c7e9717591db6ff27fc49b2993d9d4a6553fb8d81b23df0aae2f028d8824d3b0ff8ceb883391a5b85b83b881731003d55361faf2f42375692f0552c81f950169135ade9320ab0ad0e5bafb5345bbdec9133ddfe0bec9346f1c61e4b17ac77c78af33fa618adfbf0e4e52aede650b64e303c911f40e6cb9cfc1d8f2ab05e59609c738df62a71e019710cfffa5fa730b8b1ea99ef3d50231d32ec0199bba906bd6896efc9483526105a833e6dfc4b9115a0fdf1d5928274236d797370663a7f0f6e8c1d336b64f2ccf80f70a9a0f29f638a77eb95d1f803079415d2739b782b85e27a95e5e5eba802fd2acac0cc05f1ce1c41b5871ba94a50748eb868dd08d39a902a49e283372d70d942c37a54b1ebb923ceee7979bbe0bacb1ef529e17079785a4ddae18f9d53bd6f3463451f6a0e63ec6eb1ff38e2e4a0497687723ce163336ee72ed2ca816c0b1821378d62fe41c58eec6b6ab4fe98ea28d8997436fbf4a8d1388b156e13194fc021a1779554b7422f8b24a939301fed66286af5dc0ef7d900d4e90328c6a6c37f7dabc807dbb5a3159e75c9b8b6a46d7720f67a0d17f01f2f29e3f153a43725fb9454413a5e5054da0ce44e263de1a08c95b7b0f5cc30dfc16787e201306c1dae3dac20d1278ec1bd79f59cd69bc36ab17784faf99974e673c020fa6bd9160baa5f82e60b1902440b99f887578b4da1822d973f5e670e98437fb27120b0d817a4c907d94fb579a0e1c1a081bc65848d7786059d6f40c7cd73aaa98aa9e08d57a8056541f62a6cfb7c550a3db9e3c06d2bd786581cd7e01b9f399f75699b0c4879f367b5dd280fa64bf23fe0e2d185e799d21e163e3a95ee341603c4786bedc0d6628b32b1d4466a0cccb61cd79c03b422c05a8a09e28fb73afe43b7d2539ba5a5a1b08236ec4c4d1f20740855602d39c3d4aa2dc157f246e8b377b7c46963b2c926e63ad5caf481430d27efdde6eb28fc09df6beda215eb4809a2fcec222ec695b7739e11bc0a711c6286d8d8ccdd582b2d685c7f2a981b354b70201ec6b54467b171e4923a5226d11dbf5e4a9ef648f7abf94e9f01c67aeafb6330cc8d9b9834b08b938aef8caf86454554f394d4358128497e13beb4d83cff051be6af328c9cf82fa6900eb452455f407b72ace8116d7a88f0ba21b04f76024ae02961f6bd97f6a8425e1ea5fc5d44c0ab1ea3fb80d7326c44cea0b29fd095d4c31800525f2a6d5c72d819f3c9bd229f7d705916b8dfcb9c6ca32b5c90a7d7ae45aa2b5962e8861569f418567c25fcfd7c9ab703d51c3d13ed73aa1fbb344df34e99b17b456b0b620d2c131d7133442e3ca66d438c8b529b2d26ca63c5c9de2285f2f726bb5a9d8164c0a4f445666ca2ec3cfc1f94ff00bd5fad09851b460565afaf7f905cd5c6f5603834cdbdb9bb0538d6c3242c755e2b7efc82497140b51f030271b4e1dd4bfd23acef56a077cf39897ebe3e283dec71815fcbcf4e071e3746956fa282733d491a9592806252328beba7ba09e40411e3294004e528126649bc5488b89270f0608409cc65bbe96e99927b670378db3f35f6b96ca6f97c1fc5e16bf6cba049ef1bbbfa4851a46181279128ac9dc9d5300abbb3afe7677456ad396e0da0bece351d82970026c8e5b20558297a98854a6ede2241d423e5b5b5625717a70f7dd883f2e11573506bad742ee6201fa9152779219037b1f1518747089698842e29ff16854cf16d2460827feafa2206ab598ba5278b47405c2f33aa14854fc8a1c536af92e43be956a43bca1dcb1fccb964217ff4b6b82a8bb6712162d9923a75fd435b890139e1139c7e6894fce9fdaaa0ebacb7ead5c2da9eaa2abc25bb9d84c3efa18a833d5a3cebb08de7001372c7cdbfdb89c8452dbdb5bdd252aaa25d0e71a575f68553922bb645c1c4944b4ad1a03e6a3eff85d04740b74caf6620170f383966c2b0d6360c2d3eb174c976403c5cc8935d3f7abf209e93769d0e406b392ab204d69aba67f22cb6c4d22fd6562f1e394735c7a4475f9cdb30923eba1028207be2b13c30e7d0813a7650810b0337e6a044c8b191d81320f1823746f6726ed37273ec09ba2b8bae7416b488efaf4d0de59b7338784dfddc4830b595157b7993df911f1ba39dcc721c3126bf4c43adbdf25a9d069e5b949ae23f18a78c8b12146f837d10d9c59bcefa9f5e0936e5c7014fee78bfcbadb6dd6a90fe97e410a8f54e6d11788fca08410b5d16f921cb3273c4ad01279cc26582e1263d968fb3cfad94a53bc20d02db6770b30b396dd68973dfc0e4f3179d137c7b54c4c715f02caeec3b9debeeec70cf0ff0d61e245e3f3d24aae8127ca584134b76080a3918c2af8a11ade2c1fb2172c12f5234c84a5f3d4c952e169faf900493007136a88ee8900e99db3f9419f338fb74d30d95cd99036fa1d96a98e7e14ca0f057bc87c6b371c5cc00c309e37c74a219136ff3843c44037d2fafa99192f00511502296906e0b42f31e1a389f16e38e5d98ef0fbe00b402bdb350ffc78372278e883e664bb18631e54ba289eeb7420f112538b72590398d9123b4d2cb2723060325f69d650fc627d52b7a2cf01e395d558b109e9f6a24aa65f868c8dbf94bfb2fd256b1c380791357813d10f366a14cfee14d634917f11d896be3fc98b94c98d38cad73e3c3cccf68d22ee43b3981e50051beb4b0a1185ba42673aeb98b2ae9cc1681bba9122eeeaf3e257cb98134a132861b7cf0e6728b03d9f3108fb0df5523ca0481c6cbf4a3432a71b8cb65e5d667a4bc717a3f270a4d99611fdb6aba85aadaf324a505c26a2262bfa0a515200e15b9ddfcc4137c0522fb7b722a821ffb3f2753db2cbeee48da17ea079bce59b4e7312678b5ae975278cac251982be224108c430f37ee8c96b3f9f448c048bde8881f93419e3261cb0aa6dd8a9d0fa8c446581bab25f912ad799adde05e79ab39ca9c1595da62f5519b0d93c82acc566a12faa09c082339b5b9819c06855e057d11ef1eaa5f7182c3a06e1f88a58e48e065966dd", 0x1000}, {&(0x7f0000000340)="7849a9a35b98857b3dbf6ecb3833ae513bb4818addc9b089422d3a835cf6da5ff856d1cb64db6fa867800b5384cee1ce6cbefc6daf7d23c725adec915df4c9e7b27b6d5d6f5fbf72182505d27db0b3a9bc58846321ecc47d14aab3ebabcae291b529829784d909a6aab5bb8ff4153d22a7d5244ef5524b85096061ff2e6cf73ad8db315bd66a3ad433f4d63efae2a5a0b8376f0a799a7a0615a361de9b55155bd312db86eec54c12756f72e1210983b4e3e702e82ec2a1ce9be40449769f51ff82dcbcda0c0f711a1c1e7a65b9fe769fc9fdd19347f735e8", 0xd8}, {&(0x7f0000000440)="d22b603e5a5f87fb54632df0e5ab40301fa5eacbc35e7791a71638a0785940540456a6bd5b3680f52e80e3ff78d5a059e5d9368beeb28a84f7d00d0ab6dc701ed8a2892f10cf8e6b2359deac465f9bdf436c5398250657dc5e59236f2e5a65a6776fbdd57204e5d1cd7ce5e8389614c2c2c5ef73dbbf483aac27fbf3880051efdd10baed809f497b72a6d484e3ce19c59e37b6dc674bf890bd821d8cb843", 0x9e}, {&(0x7f0000000500)="4985382b0c9bb87b198e66969831c219ce3dd41fea167a6264d1772f266f951f5b66a2efd5eade8a972ff9d76c90ef29f63e4785ffaca9ec84a470f46c231ea42c7165a9570a12fcf37f14a1b0f781e415b8d61251b19474fcb43070ce0f93b71885ed5b2d6a7c720c04dcd0375fdb055e864ab381ec34206de6ec1227b304601224d2952f9e17d6331ac47e01da39881e39ccda0be1eecdd850de8cbc3b21149739c7b5c54b3863fcb8a8be528532783548b9842a7f68a8a506a413e88e46e804ef8634809e719dc7ae04c7ff7956901d67d502ad0ac7", 0xd7}], 0x4)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
syz_open_dev$tty1(0xc, 0x4, 0x3)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:39 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r5, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}, 0x0)
syz_io_uring_submit(r5, r8, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x3, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x1, 0x1, 0x0, {0x0, r3}}, 0x6)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={&(0x7f0000000080), 0x5}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x321b62ef}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:39 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)

18:07:39 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
write$binfmt_script(r5, &(0x7f0000000340)={'#! ', './file0', [{0x20, '\x00'}, {0x20, '-*\'.'}, {0x20, '+{'}], 0xa, "1924ff3dce8f969e08a97d5e0634a4943accceade0e81add7b4ac1b6e9e143ad25fa2d0984ac4183b8e65ad9edd383fec6664b68d26ab2c291ed83a245fe2ed9deca10e11c6d7972aabdd96dd3dcaf2b88f69d451c63af3494da3595ca1013d44ecfc6737f2d1f06311d84d12df75f21df4fadd8d07d335be1875062faab9e67cc8523e1211f5b6f077559d8b1f9352bee526a7a59f989bb812a40e7be9b4997643bf6ff67a4bcf54402b279a4fd"}, 0xc3)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x9, 0x15}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, r4, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:39 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = getpid()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6}, r7, 0x0, 0xffffffffffffffff, 0x0)
kcmp(r7, 0x0, 0x6, r5, r0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2684.232783] FAULT_INJECTION: forcing a failure.
[ 2684.232783] name failslab, interval 1, probability 0, space 0, times 0
[ 2684.234093] CPU: 1 PID: 13864 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2684.234835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2684.235736] Call Trace:
[ 2684.236023]  dump_stack+0x107/0x167
[ 2684.236414]  should_fail.cold+0x5/0xa
[ 2684.236819]  ? create_object.isra.0+0x3a/0xa20
[ 2684.237312]  should_failslab+0x5/0x20
[ 2684.237716]  kmem_cache_alloc+0x5b/0x310
[ 2684.238149]  ? mark_held_locks+0x9e/0xe0
[ 2684.238589]  create_object.isra.0+0x3a/0xa20
[ 2684.239063]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2684.239614]  kmem_cache_alloc_bulk+0x168/0x320
[ 2684.240112]  io_submit_sqes+0x6f76/0x85c0
[ 2684.240578]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2684.241101]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2684.241616]  ? lock_downgrade+0x6d0/0x6d0
[ 2684.242056]  ? find_held_lock+0x2c/0x110
[ 2684.242497]  ? io_submit_sqes+0x85c0/0x85c0
[ 2684.242962]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2684.243479]  ? wait_for_completion_io+0x270/0x270
[ 2684.244006]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2684.244508]  ? vfs_write+0x354/0xa70
[ 2684.244909]  ? fput_many+0x2f/0x1a0
[ 2684.245297]  ? ksys_write+0x1a9/0x260
[ 2684.245710]  ? __ia32_sys_read+0xb0/0xb0
[ 2684.246146]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2684.246724]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2684.247297]  do_syscall_64+0x33/0x40
[ 2684.247730]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2684.248294] RIP: 0033:0x7fd673b8db19
[ 2684.248710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2684.250730] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2684.251590] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2684.252361] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2684.253125] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2684.253887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2684.254678] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:40 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r6, 0xc0189375, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r7=>r4}, './file0\x00'})
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000180)='illinois\x00', 0x9)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080), 0x7}, 0x40000, 0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r8, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000440)=@IORING_OP_WRITE={0x17, 0x4, 0x2007, @fd=r8, 0x7f, &(0x7f0000000380)="855e159d71b73ac61c787cdedb643609c1511c2f7941056cea2848cc989f47cb5727234f27c12fb6b5d2947e3d389ff2a85edcc11f9d6d3cdcc8211321d5d7fc3ad4de23b3c963d66616bbe261ffc532682d074fee06c9b737c61e683a1bd0d90cff8e6655706e170876b32555a0169d7b88368006b9fb09c2b6b219bd6b5fe9075d", 0x82, 0x18, 0x0, {0x0, r9}}, 0x7)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:40 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
statx(r5, &(0x7f00000001c0)='./file0\x00', 0x800, 0x80, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r10=>0x0})
r11 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000001280)=@getpolicy={0x108, 0x15, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@multicast1, @in=@dev={0xac, 0x14, 0x14, 0x26}, 0x4e20, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x87, r10, r11}, 0x6e6bb9, 0x2}, [@algo_aead={0x8c, 0x12, {{'rfc7539esp(cbc-aes-ce,sha224-ce)\x00'}, 0x200, 0x60, "a3f5e69e83c849545068c65e8c08ba2cf68cc0d1cad9a68aea4dea38ab91bac99be493041d0aaa8671adcb31f510f7adb3f57611cf1a30e3d9564f44757ee210"}}, @encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e24, @in6=@initdev={0xfe, 0x88, '\x00', 0x2, 0x0}}}, @tfcpad={0x8, 0x16, 0x5}, @extra_flags={0x8}]}, 0x108}, 0x1, 0x0, 0x0, 0x24000000}, 0x20040000)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x4000, &(0x7f0000000440)=ANY=[@ANYBLOB="7472616e739f16baab91e0109a6f50", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',posixacl,msize=0xfffffffffffffffc,uname=/dev/full\x00,posixacl,access=', @ANYRESDEC=r8, @ANYBLOB=',aname=\x00,access=', @ANYRESDEC=r11, @ANYBLOB="2c66736d616769633d3078303030303030303030303030303036312c61707072616973652c61756469742c646f6e745f6d6561737572652c7063723d30303030303030303030303030303030303031362c7375626a5f747970653d4327eb2c6f626a5f726f6c653d242c61756469742c00"])
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:40 executing program 3:
r0 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x2000, 0xa5)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x7, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000180)=<r3=>0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x8011, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r4)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100)={<r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_register$IORING_UNREGISTER_EVENTFD(r1, 0x5, 0x0, 0x0)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)
recvfrom$packet(r7, &(0x7f0000000340)=""/227, 0xe3, 0x40010021, &(0x7f0000000140)={0x11, 0xab18e806d0bb7e85, 0x0, 0x1, 0x1, 0x6, @link_local}, 0x14)

18:07:40 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f00000000c0)={0x8, 0xfffffffffffffff9})
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:40 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)

18:07:40 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r4 = openat2(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x20000, 0x8e, 0x14}, 0x18)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8983, &(0x7f00000001c0)={0x3, 'team_slave_0\x00', {0xba}, 0xbb71})
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2684.532698] FAULT_INJECTION: forcing a failure.
[ 2684.532698] name failslab, interval 1, probability 0, space 0, times 0
[ 2684.534228] CPU: 1 PID: 13895 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2684.534975] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2684.535852] Call Trace:
[ 2684.536145]  dump_stack+0x107/0x167
[ 2684.536537]  should_fail.cold+0x5/0xa
[ 2684.536949]  ? create_object.isra.0+0x3a/0xa20
[ 2684.537437]  should_failslab+0x5/0x20
[ 2684.537844]  kmem_cache_alloc+0x5b/0x310
[ 2684.538269]  ? mark_held_locks+0x9e/0xe0
[ 2684.538715]  create_object.isra.0+0x3a/0xa20
[ 2684.539186]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2684.539773]  kmem_cache_alloc_bulk+0x168/0x320
[ 2684.540268]  io_submit_sqes+0x6f76/0x85c0
[ 2684.540719]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2684.541283]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2684.541818]  ? lock_downgrade+0x6d0/0x6d0
[ 2684.542286]  ? find_held_lock+0x2c/0x110
[ 2684.542743]  ? io_submit_sqes+0x85c0/0x85c0
[ 2684.543269]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2684.543825]  ? wait_for_completion_io+0x270/0x270
[ 2684.544368]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2684.544890]  ? vfs_write+0x354/0xa70
[ 2684.545305]  ? fput_many+0x2f/0x1a0
[ 2684.545714]  ? ksys_write+0x1a9/0x260
[ 2684.546134]  ? __ia32_sys_read+0xb0/0xb0
[ 2684.546593]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2684.547175]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2684.547759]  do_syscall_64+0x33/0x40
[ 2684.548177]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2684.548761] RIP: 0033:0x7fd673b8db19
[ 2684.549185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2684.551249] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2684.552122] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2684.552950] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2684.553759] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2684.554566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2684.555388] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:40 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffffffffffff, 0x0, 0x0)

18:07:52 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0xffffffffffffffea, 0x0, 0x0)

18:07:52 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r7, 0xc018937d, &(0x7f0000001940)={{0x1, 0x1, 0x18, <r9=>r8, {0xe23}}, './file0\x00'})
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index, 0x4, {0x0, r0}, 0x0, 0xb, 0x1, {0x0, r10}}, 0x9)
clock_gettime(0x0, &(0x7f0000001f40)={<r11=>0x0, <r12=>0x0})
recvmmsg$unix(r9, &(0x7f0000001f00)=[{{&(0x7f0000001980)=@abs, 0x6e, &(0x7f0000001e40)=[{&(0x7f0000001a00)=""/106, 0x6a}, {&(0x7f0000001a80)=""/231, 0xe7}, {&(0x7f0000001b80)=""/63, 0x3f}, {&(0x7f0000001bc0)=""/31, 0x1f}, {&(0x7f0000001c00)=""/100, 0x64}, {&(0x7f0000001c80)=""/93, 0x5d}, {&(0x7f0000001d00)=""/85, 0x55}, {&(0x7f0000001e00)=""/38, 0x26}], 0x8, &(0x7f0000001ec0)}}], 0x1, 0x100, &(0x7f0000001f80)={r11, r12+10000000})

18:07:52 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x1, 0x0, 0xfffffffc}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000a00)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000340)=""/210, 0xd2}, {&(0x7f0000000180)=""/88, 0x58}, {&(0x7f0000000440)=""/157, 0x9d}, {&(0x7f0000000500)=""/244, 0xf4}, {&(0x7f0000000600)=""/240, 0xf0}, {&(0x7f0000000700)=""/187, 0xbb}, {&(0x7f00000007c0)=""/190, 0xbe}, {&(0x7f0000000880)=""/206, 0xce}], 0x8, 0x80000001, 0xc8df)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000980), &(0x7f00000009c0)='./file0\x00', 0x8, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = inotify_init1(0x80800)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xf, 0x80010, r3, 0x10000000)
fcntl$setflags(r5, 0x2, 0x1)
syz_io_uring_submit(r1, r7, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x6)
ftruncate(r6, 0x7fffffff)

18:07:52 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r8, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
syz_io_uring_submit(0x0, r4, &(0x7f00000000c0)=@IORING_OP_CLOSE={0x13, 0x5, 0x0, r8}, 0x1)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x8, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:52 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)

18:07:52 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x20}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
ioctl$KDSKBENT(r7, 0x4b47, &(0x7f00000000c0)={0xd8, 0x0, 0x2})

18:07:52 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
r7 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000140)=<r9=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r10, 0x0}, 0x0)
r11 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e, 0x0, r3})
r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r11, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r11, 0x5, 0x0, r12)
syz_io_uring_submit(r8, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd=r7, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r12}}, 0x6)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_SENDMSG={0x9, 0x5, 0x0, r6, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@pptp={0x18, 0x2, {0x3, @rand_addr=0x64010101}}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000340)="796f77affbee0f073a1b57ad74167b77703ec18d70b66b1227e5be26ee4a327c96dd78c19fd950bc0f4edf8490ae59537e03a0a1d598cf96dc773281e4d9209325d573c1819a43f17f8337bc2c8fd6e1de4a0028f7a73e5cc50cebdf3eeb1a6d0367f377856d2e63dc1e594168bf75f327d6a5ce129724ec6363796043b5ebfef25cf616af8492da3509dea198e996b0ba4678cfa659ebc3517098fc54ee2e", 0x9f}, {&(0x7f0000000840)="b54aa659e1c811b9cc4a4c4930db6ad748743c609e6b84c5511d43c600cfd9dc7482d218ef8f76cbc2a8b11eda95dd701cad4362c6f82365cc7cd82bad84b3eb1b9e3e6b9779437575b72941efdc33a5b018cf8ddb23635d3a9d3bc7bc08c94162d32c3d02c647c90eb50dd1a24fb5ed2465bf2ad26f7ba4725158072856207fa4b43ddf32d905581e8eb78dcad2208c", 0x90}, {&(0x7f00000004c0)="b36ad3052fd8adcc62138019ab0434df5c52b2e375ad4ee91abb49b92b65e51a7a5a469a04a0f80520a0a4ed92ca07c3064654a59017cde894a5bf222034a4bb3d44a1aa90524cdcfda2240a3d3ba51c726d378cf7327da412707b211de0231e9e4401c89f6479ab6589a8fe3e7dd4", 0x6f}, {&(0x7f0000000540)="e85558b21cd349f37a5125d0a3711019a2fa0f9dfc39181f5429cd562dabbcec9ff52498610203e52109720672be915d05d921e5e97773d59f25c5874b39dc9c6db07c91ff84cf49ada5af226f7e5e09a898a30e4e00760e48ce512afb0384d6cb98e9e5361c4d40a64656b5ade68f4378a4926a33cdb4abb8a80109d1ccd2d552661b573e25740e039acc3ce990ba8c43f4baa5318dfa14fea3aad596e6c3bca5e27d0350c8b75148ec73f5cf4a15914b7d806ac1d30c5e9aadf4aaa82b4419d4b612b49ce61528dac044403e1e3e7db793661d878453a6cda4e04622efedb9db7e2351f2252dbab173e9c1cc5376c5eb3b2d99081574a9", 0xf8}, {&(0x7f0000000640)="9ec5fd3f316ad73c60e513ee57092c35faaa63b804d6325681aac312a5b8873d050f8f8c7d1c0aee862369687cfc73820ebfed20b013769bf3aaf826ef498483d24928aa8f5062cf37946e094d0aa903671f35", 0x53}], 0x5, &(0x7f0000000740)=ANY=[@ANYBLOB="50000000000000001101000009000000eeb5a8e23f20019b9b7645336040a3e05d2296bab9c56c9874f973e65f1c5518143d4bbd4421846aa9bbf0a768b2c283c99ba0eb6c3200"/80], 0x50}, 0x0, 0x4000000, 0x1}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:52 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_io_uring_setup(0x7a58, &(0x7f0000000180)={0x0, 0xf0ff, 0x4, 0x0, 0x303, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000280)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x2, r5}}, 0x4)
r6 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r8}}, 0x0)
recvmsg(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000340)=""/147, 0x93}, {&(0x7f0000000400)=""/30, 0x1e}, {&(0x7f0000000440)=""/213, 0xd5}, {&(0x7f0000000540)=""/12, 0xc}], 0x4, &(0x7f00000005c0)=""/8, 0x8}, 0x2)
close(0xffffffffffffffff)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0xa, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f0000000640))
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2697.098967] FAULT_INJECTION: forcing a failure.
[ 2697.098967] name failslab, interval 1, probability 0, space 0, times 0
[ 2697.100553] CPU: 0 PID: 13926 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2697.101269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2697.102128] Call Trace:
[ 2697.102414]  dump_stack+0x107/0x167
[ 2697.102788]  should_fail.cold+0x5/0xa
[ 2697.103185]  ? create_object.isra.0+0x3a/0xa20
[ 2697.103657]  should_failslab+0x5/0x20
[ 2697.104067]  kmem_cache_alloc+0x5b/0x310
[ 2697.104500]  ? mark_held_locks+0x9e/0xe0
[ 2697.104921]  create_object.isra.0+0x3a/0xa20
[ 2697.105374]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2697.105898]  kmem_cache_alloc_bulk+0x168/0x320
[ 2697.106378]  io_submit_sqes+0x6f76/0x85c0
[ 2697.106817]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2697.107333]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2697.107851]  ? lock_downgrade+0x6d0/0x6d0
[ 2697.108269]  ? find_held_lock+0x2c/0x110
[ 2697.108719]  ? io_submit_sqes+0x85c0/0x85c0
[ 2697.109202]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2697.109727]  ? wait_for_completion_io+0x270/0x270
[ 2697.110255]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2697.110758]  ? vfs_write+0x354/0xa70
[ 2697.111144]  ? fput_many+0x2f/0x1a0
[ 2697.111538]  ? ksys_write+0x1a9/0x260
[ 2697.111971]  ? __ia32_sys_read+0xb0/0xb0
[ 2697.112420]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2697.112997]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2697.113569]  do_syscall_64+0x33/0x40
[ 2697.113974]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2697.114534] RIP: 0033:0x7fd673b8db19
[ 2697.114942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2697.116917] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2697.117727] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2697.118480] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2697.119231] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2697.119991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2697.120740] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:52 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xea)

18:07:52 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r5 = syz_mount_image$nfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0xcaf, 0x8, &(0x7f00000017c0)=[{&(0x7f0000000340)="cbc87f12ec89c9c5c7c1692858cddeac5df33adb1bd8cf18715a151f4700c62f4b7752a3b4a1d773d90906e94b98ca3ede2c8ee0c29b16ff168a", 0x3a, 0x3ff}, {&(0x7f0000000380)="66846e9f35d256d799bcb678a1dd39d93fa28ec59ad0e29f5dc914d6620045bd11ba4579d59864f656ce2747ce8a36cf63708b958bf0fc0b0046dc71bbe43cd185ecf59f473c96e707b7b7cd6dd7125a6c9e1b61e465b9569384de1dfaa10d4cae822de9d27c4139c513dcacd3e4ab4968f786dbe60b9db659ced6f7eca28063b6c3a77f3e35c98a5ff9f81ab6afc49173ae2cae26202567b3f120ca54f10c408b44258e128785af89d49540d4911ee54f8649c59ddd2df6f5e30a4b57ace5603fd53aea5c709441a738e1744f3fc4aa49350c9ebcbdcd7542189d622545594624dce4e0b01b98381168ff6a57d33b7ce7adfff4862e112371196ec57492893ec8cd48eb3eb34fd2c88ac3c8a281e64512cda6cdbaaa0a39830d38848f574bad4277c70ed1bb621af72a8c06d7a725e5e0cf20b5e26fa1d16a0d180ac57209df29a6700b0ac659163464d51951427da17e2787599c840b408f599f2babd413aa3adc414e4d59d632b964b8208118de6e1f3fd9d98ad79260873ad89c7b2aed151fdc369f14298a55398cf409435b6a9f8617c304393df4f8a330eb9989d598f2f5e5d98333be5c79ec66333702aeee51e5310362b69f5ab7115eaaf82d7d9f1751a6d19648ceadc88194941a7e6ae02dce632fe00fe1ec24ecc2a3ee63e2466a69671afa091204d06aa9a1cfc705e88894b4bffa2fe2050d892ea0b99184b230e174b48c1e3be81fbc268950b11e186c399fbf62bd033bbf94b101fe946a00f9319b976c947c14329151ece5e2829127c91a47e0802cd08162f7f1bc514ef9c99a82a7948feb758b1d03d756e9f200eaa2c4bc70219405cd4a58c71f457075e426edc6bc2cf35ba4fd45d14109e4ae534cc9a2dc1f2ff934fbce3b1b20c7d6f02864b8af72efcee92faf81a727b1fa5085ab71c19011358b9c16fdb0ed7f2cef8b7bb70b41cf25fbb05afe59719b2f04901146bee9ec14effdcb832dd810fb9dd4121bd5dff7d820caee0b7eddd8c7080fd882b7a1e6850697578b81bdfecd96f076e26e16d86b4b1ee5dc5a9e2773b9189516401a2f79b8c18b74f6c0d34574ccba43d182b5928ee11f6f754baf6a02b72a3a51694c32de02c771e1fd977f5842748a1cd35145e2f87525503e59154a2e3d3a532a61f1564b2fb3112a3bc8b603aefbf7fb1864e2ea626149908dcbe17699762dc3a00fe7a58bc84ce87330c8b7eab0fa237067ce570e2169a12cb588b1ccba8167372cdeb235ca60985492f0ca14d87497824af05f88d412c346acb6bf491a9a1f13c038f647ba4719319123f6f6b67b88e9286af0712f4ff36b21ab1712d5548f4c0fb4555086a92d84456ae1d2609418c01ece53b6ec0545b67f1adcaeeba5ad7258605aa38a86a8caeee7e5457797e12b3bbf938b61cedc279d53aeb47b1bab0ad10e7c097e662f3619699ef21949ff77a8661ff4c277a4af252ba5cf1cf971dc6ca3ed8c189cf3ebc7bba889c082201614b37297e2f04bddc44dbb72549afdbf7631a59c64883284c37eb1493843662e325c00ecff7a1613c45d6bc3a92bd90025ed118b1cf3cd42bead562a259468abc0cb0e2fdb7a6a01df6a68774d6dfd5f30fc7f580cb6d4a225e72448384ffe7b69be2f9e1aade32a7c5c0b11f458a06703ace851452661bd0f473866dea986959fdd3bcd9ea3391a1b33e8b266d7108eb672c3b79175bf684f4799dece0247ebf10dfa26918f8edcd7923384ae7fc411f4199c8fd20dcc1ca6a87e945d5d957b5b870fdc4ab237a21a7392560707a816b7d7d5913b4e4e091729cf65c0bcead10681697a62ef025f3baa7be5b102351467a632a3229b879f4cf93dc1a5fbf149fc3791f80af575baf3d7942b416268a61dab0bfd199fef1974b5c49ee06b73690b941682f602b0a63ddc14c78a5272dfe7f3e875e3c04e5c879017ae942be16b8f070d800067a3384476d7907c8fe09b89c3928010d811e95a22def39321bf43412972a4a94a0fe9ec54255e9c62b1f0d2b5ede2af45e9ace17f0a0709ef70044aee0e4a9ad5b42d9e86e1ae93a14a957c4569041987166ae3d21e98ac8a48785c0e81e42032a175f101145460363973c9a343c5872ae420cca2a70cf846010e0254a271a1955379d266f2982f7d7156b451cfc92463e3c9c6106a48d28ff1d180a74904e02eba6fb52e3ca4b94f09fa855bd2ef24907447c91d7cdb7ac9c353e2bb5c1ea8685207b928a72966526d49a957da1c7eb2bf63a1d81d0cc2228da465b1366cccf6c68d6d226940b98c754478879e95e82639c910dcce2d1189c91b4606e8aaec876f73872d5f33a806074d0f7d93251cf3526af3ed0098139ca6f54efc5a75705bb5d6371595328d91e03575e6c5d62ddbcfd3679e9d5da20291e34dd3a2ec5dc658ad094c42b332e3f096f25b792a3d681772daf5b00743fc4c0a618a74447e8488f6d44b496c06aaea7974db678e9bf4d4c75c154a4ca35eb1a332f9415e726b54607cd8b49b6498ae05bbeaa5e798025263c10bccd041b6121134f01f6d6d5e7dfefcaec3d120e31da844445eda7a9f9709b74e0d0ba6003bfb088082637fb26c4bdafda12b5b3edab76d7f4a2e2b7584f8af38bd0586fbcec8d1b93425ceb655dad7332f24146b39447b3a4272bb1bffdeb63c882afda45d7cc6e1020185ea8574738bc28030469d30c178a90a467427bb6dc4ee042e994f0485a1759e1b91ae4642881841fa7c42c4a059fa73145f74298bfcb4759d01faebc98c69bbd9dd820daf7b6627af15e278d6354885acab22df3d20fbd7de144e809effdb7a92e0a05ce9b2862c972497d6cdf40a851d906ee219b23fdd8dc5ee2ba2e68010d9aaddc11b8274e6af544f84581fdcf1a35b1736e087dfbd8ad59cf8f3ca3440bc4c30f1e9a2ba60718b4c8e569df439f483c960d11b46705c685b79b6c5297e0c1b15880bcba26d41e074049e4b450a8d64d239ee810a99715c4ddc0c0ff0ebc47fef565ea2d0ed83f851831aa1835888b27f1bea417c02b4053cbaebc53f22a1758bb40df2e1417a069fe3d898d12691f9324f91f0673c49f39980eb1d965272987be1e415ee54579ce3f95b60bdf451daf4501f5f94db648821a876d7c5c669dbece24cf53c6d0213457373682151e112a792ea7ea977b07930287ebee0340c1c1fa90c9c54a4dde6625efd3225f86ee54b9449e94a99c93e19e6d228697be0d266a6f8aee5cd6e6efa631267bcaeeca87e455fb8df16e940379c58fa0c39b7fc082082233a12a07b6b8f546df572a8d4bf0ae69aa9fd5dbe96ae19cbe173be7d7a9dac1b884d1b46e2d0551d53c472e1e3729e551745ccf383a6fedfa9b775e2c54f11a21d6e321f6108c7b1f688ee16e2b0622b7212a3950a86733a0ef0b706b07ccaae129ce6d1ae80fe499fb9c2387f42031afe8842b502a7635bfc51d9fe450d4d321bc27a24ab07ff354cc2c7f6912b19a21b75502665b5b38f858caba6b4cc844f83a8469dcd9de2b84981e269b9a31ed41f39125f900c557569a63b67861b1eacfed9bd4eaaf2a128c926a934d88c6efaa1833e2deae7ff73d041891c2b8d1d612a45160b02ba40cc9b7edb55fcf1a2ac2383ce6959c4ef7b22958b6eb52dc1c6e08f2bcbb90ed1a17fb9e4dadb45417efa1926effb098f2fe887534930a8bc6dc64122f59463a22450fe042c609350ecf81612097284b6d62e2d6f50a3fef4123cc79a1b78dbc6dad14d138c18a6d6f160a843ce1855d2fcf1b2d51e08cc521c8ce49ef02460236873037380678298111e6e04414b644627c8acd5d7c18a0da5873f68b7baa0f3a96689b6ab38338e57cc8d1ec801b716ef211041b74df0cdea8f9e6da2a97f5636e80e3e2bc29f0d005137ae8257b96222dbebf66d1ec79600159940b14369a4279bfb9f6db6180b85e848cc57ce9510377b3bbf2415bda25c4ff81f21274648bc68211b7e6c4bedb13d8fce37b3799106930559c83849e7df1a259714dccc2c11cd04a833009fac6a3d91085cf437cdb1d58cd60383e8e29622d800884df83cb428566c9fde79910706907f3cdb678b0c9f31d16ad3594136b966840d6c85eb73841ad5ed9502b7d3282508d2b7d0d5d31388491cad9bc911030023af5e6cc3c86e9a869429ef66fc1ae9a2349e3d2b04dc3181ee1e149d215e39b5e612a1829aec3b8db8495fe025eb5332eb5db8809c60db6c7bfb4ad6acc6feac80d0c8690c7810272367af1b3ffc333477281cb965269f15efa78c4d209c37095c03560201db9d2475af21e19488584e4259a6c4a07874fae47a044b2747636c785ecdcb5cf94231504f2e5fbdd1a01e84d7dad6ce4913c8d04af19a705a832c9bd49631db87766e136b561d06192c852820324295b7086b2e4e1f4caa43fae0b24f956096d87fc0ae90f2e383196006eb6f4c6c0cf5b272982dfbdbbc4d1d9b81f61c33278a7a87ce5c760565ba88d0ded15c000e0910888b1b56c8986254f1c1e18871558df7622562ef19c42b29f01fb9ed9cab4fc2e4b73de55c2d3d3cdf369841617b03e05ee2816e0095377142276bc877b1c75b8b30b73d721cec856eaac7249251e974688421d23b365409cdc5d6a3c55bbf4e2e30f0bacba8239b2358d84b852d699a1f7c71409e6c8fa17955c1497dcbadb175e500bcc669d3f10f09e34c502a2a2e203218095b17b4662b6e2f74bded6d3bfa7f401c18ee5c3f43c7042d10bedc883e8b7058f1eca80906845436b90dc67de38cda025633a059dec991c559de915776224759a435f31052ae485fcddbd297a3d66b324f337c39812d31b809d42e1131dfe31aad184b1b544ffb8822c72ce443bf174455208b529cadabfe6dce13b143892bc7c106296bb1e5f8af3a47e163fbe60e44853b9c2bb13d17f5a2c401bc61c230cfed63bdbc78bb9d244d01add54a313bc2a5b9fcbc7eafac573cfccb9d4821336f119b42f458267b9cf8a5da3390161feae43e3778b92b31996b33f546e3571f56b6e692c5cfc2960450615feb883d900f61fca544888cf744e36a063b6abf45e0e1b2bd06dc6dc163e8b00696aa1c7ceeb6211661e7fc37998135fd945f612e5b5c152290b76ce4be92375df177e617be788e24b26609da573895abeaf292adbb97df8bef9c37705666d2538b3cf1269281ec985f89b07c14bcc71e04e7f304cbf021d49bbd5908078652e8f6e27bd07e8b079c78b729e62c63a93d9bf7ae15354b6e4c107abcdfed9425d77ee092a877710500091d007b594513c6a2128bd9f2c89e9ba316218a8401987674558ebd0c8c3a80593e6fd7d14bd87c34a3a7a741276041cc9a500bad66450d54286378fc0774f033b539aeecf2859d3c58f20538af0f6727977219cd45bbf5d9fd203d7c84f42271fc6803f8805441bdcd0aac90a4996de86bf4556ff5aac5926c21fdb8fcce372cb0a39253b5d2256f1bcbefb7240a2be326bea0fcf441832cc44f1bfa0480b046e88fb869ebfcd27d6ee927b52a07309d0727535823e54620d0f24f74256ad09bf87f83c080900074bd54fb82aa3553c4cdb92539012902188327101dba4c601763c28619c662da278152d4c26a3311a2fc0b5f9f3a2a262027d1b16c68ebc82ad90b8138cb257c4ea127ec4dac641652b86660483418aa69787ebd282545d71dd048d9935830aaa75439a86a25d856d5a939f7f99878bcbff3bbebfd61b3b2dd79464e787b79f650dd542a3a0231dfa119aee8e933d3e9982366378b744c3b1964af68bb924778579c2ef02adf41", 0x1000, 0xac1a}, {&(0x7f0000001380)="08cc524aa155ec97174b916bc0470eb49f900e533fc290522b408af98f06b6853bb6d3f55b82e40f58580c2fe9876684e4a6d2e1964680087e9308ca4ae75bbbfff888b2cf4cb82afe6c36c22921b0e016d33126e271ad08b9e26c718627ab903a43b1a3c0963ac10452a76ffebe6179b2836c33dcdc1784478019502454520d99114c508ee577acd7639734e51519b3d58d484cf4db64614961e70b1eb0b93fc7b96d3a45c49f03347a1c0f531c925d7d49ae49fae09576d8505fe640268c2325b73372c1500dfe8f665ba2d613b36e09f0366badc32d9a5933e29e52f8d6e386cb9c3f033afda294072efcfa75fc", 0xef, 0xc0b8}, {&(0x7f0000001480)="6a5309bbcee5593a7c64609af00b046bd8297661cd349649f4b28c6df03ca3c5b1d6781470722d9c9882437277c90018321096", 0x33, 0x1}, {&(0x7f00000014c0)="5d82195728269dc825c38487c1602ac7030742e80c77145d0c08b46667909d2120b8b7ac7f6e61e188bc8dd1ddced0ff5e0e22519a0d983f96f542767ff167bccfa4bdf9620146e8f32a83b195ad87ede422c5a73cb16c1523a1c33c344f3b54802ced9fff30867d7b05e50c034ab3b31c8fd4e3e409e2780c926e0e3b4964a28e0a9258296e7b45126b9fba6d9b03faaa114358fdf116c2c167a8dff7e7216783634d185d2fa085c8f63b851f76592233d89d391b92ff081ba099fecfd478015556f36302dc3c46a664ed7ae1247e45022dc09a14838b9afdb010078dc45f54ba3543", 0xe3, 0x40}, {&(0x7f0000001e00)="1f93aaa7656ae7368b1c402bcdc9f2c49d679fc962e48b26b2ea4c06f92fefc5e016e8b11f76e7c9bfe4b8e4417c5fb277eb406c789f34dc745e70418698f7bd33bada3e760c4fcff810d9222996712d62ec220fc1ee604e91250727454c7b7e2d53e7c33fb3b415516e31306f5aae6757688e1d33642b433b457bb6fc7f5dc235bd020ba03956ec0b36f3b09f2be6fcdf34709524ca988dc6517b699fb723a851eded2539c9cc97aad0de7a0373e5513dd9cee0d6c1968ad816423b17147541f04438af4dfb10257cf564859ae2aa111368c24dfe983ae79b039d1eb8d4e061b73c0ebec6f45a28de1eec8f6239c16bc48f6e782597a399eb7469ccc08ad435bec13621a5c733d3915e9fda6499a45e7956ff586b920440696dba9323a4ac79903aa6a2045f871f2ee1e6467bf653eb1ddf40f8a171b1d7fc2937c1a00f62b9edf450a00669aa38484c87e7a254cc8e06276c67ac6649f294aae752379a099ecafb6f658139b86166c4359ef3a3f506f293364446580bdc3bee3756f4f4e270c8822f9125764d37bb4fa288beb1e5c452d3df22c358e6d55a6d187b6c2cfdc3cbaf33cea4471b329b5e90115fe22ea399b9a9bcc9f6c22e98f1b8d2a587257bfec5c7b3029b69d23c442c66dcda50aa902b99b9db3b9a0f550273df8b80eead5bc61bdfddd27b1ff17d7ba9b026e21cab1cde9cc8594d83965a64fefb02f32e06c88a188a68efa08b01372b346869cc1cdf28b984f3e0910331e468d1a01fc3d4d279333109cb20d26875d534bca27b4d083bfcf9f7c289fc6a278dab697135109c254225610cc55a88c33572b016f07d4d490bd54a93ad354c9d6e1cf7dcec22b1cfd1d1949cd40ed5d5b51c295fa60569c4d14a0d5f6a4cb3ca2fcde268d51dda4455ba2e22cac1f4d378d354a75a5c08eea8315953c2952b912920b56e187e2d11562f1228dfe6348f4112de5a60afedbff5bd0595ad58a286d55dda605bf6817de8707e0b139dc921282d54ee7de38de3fa182edfa517b7fb28e63a9d866793373af23227a64648b2120b717dcee2cc5b40a9756042706ce71b60d4cf34099841176594f0f85375d46872e1543108d5a860da20f3c8b7ce3d4e3fa9aa5a10558f76b594185d8667b77f4b7bb1322c972077cb6bf066236f862ea9141e5ab85cc602f0531fa1a8e8fa8ac66cd535c57e144adac9faf739c35484c047e5d4b1b36eefd3091d240cd5270108c1565642210a3b64d6d40642c968f859c8a2efe0ac0bc830d12d8d4b32f9462520ce86b55ed2e6c76b051ef4f9b67387350d944eaca9f511db929b0f1d13337ded437540eb95bebc7805bc89cd87c7dc1b7c245b1e53402e7567fb718d40797953e153ef2dc5c3417b5b4701d420151c0fc4b6ff121f087065659af5b93fbadaccfef05947b5fa93d90782135ec31f3e0935497e159a0087c4a8fba1007e46fd8e7769edb3550b0e27c389e90b477aef975c52f6cf88abfc43f22f0de334192990533b86aa0e6ab14fa46d5ffa47430039290df94776fd49478ae2e39f1937558c31c97697f98f5b3ed6b6fb0ce7f68cb99bdbfe4f969fb3ca6a85f970ef88ed2a1302b4da6df3e2b49a2156f03ef8a227852b28bc543b452ff6a76fb79e9cb5fc44f0f81ca804c0f35b29f873c0a4b09656df22daa1f847d4315fa6b82e29249e258be298b87f3fa589c8e8ac8b2f2b59d9662610bd6653594d14925e82a3f13bc1828d20ef9d4e8edfb3ae3cbc0e5ce228ff2d348380f263461c3cd44cf469c36920bfedbb5062c428fbc686e2607048e57d1d6b9de40dbbb8edb7a3a0d5fd996ae5363d0b57051c71009e27d5dc215eea6eea6a9cc5891a3b60520b3374cede1440e0d9caa0d9dce909e7080c1b54c616bbcebde4019dd9f5eab5120c53b57d070bd955881f73a989fa4fcaba790c24c13b62b7af5f244b362a2bcf7559d7e0eba3b0a6b070bfa693215436bf2f329784245743502288fa1121880e6f8974535ab1c249331fa636951a17f6e648b1d356fd4cbf1e9958df940312f3fd861185cc1b5d37247cc142cc6a23fb3cef700a73d73f50878b885dca959d10ae93f182b01c87304c213d27608fdefa56dc6c942ba12e99e9206f7b1c2be6a883e22f2b68dd5d001a4bebf7823b15f248d42a7758b8cd68e2cd2cf4603719d9b95f4db4bd2669b3295a5d137841bb3e6a7cf17abdc604897e3acd6c18e38edfa14f2f03b1da9caf2ede41e4613c357321508492941452ffe23b063f77dec327c2e6e752b66f0283b877daa45b084979324b5deac6862174550fe41ca52bfbcd11b808838daeeeb8c2bd86e8d51f36734964f13433e1733952adb4b2d6a0058850e8c086d20acf66ae01722c67711bd0516fc39d6153f938477c67301879b9302e3bd5e29dcd94454f79d72e968f10f9e98a40ac61ca6bf3d6d7462cc7c5db13842a19840d27b1ad43693f237e2185dc0851bb76add9d8dc6b915033cfd0477c970bd8b08423bed79ea913caa4149ea64d3479850a8bb7fff9611f1d5729f3441b6d724f023a5185e72272b5bc49e4a409e5b9261ae43627197cb4aa280aa03de15bb7b2fc4ae6f427ccc8ac1fc7204bedfe315702df0e1f2f204288009d1182678b14edb354010e4f45ff2e3a3e64a688322fcdd0d4daa068c532939212ace94f30e4c7d0fdc32ccb5a2c551d4353d1a93216f3f278198b7d4bd7c149282b69e81842057413bb3dd92b899dbcbda911a4a4afd642a0c8b3674bdb67171d84282306edcaa93aa88157ba26f02b674473aa3a60961e008543a473c50d58c25f8552c16b2b5012711b64967eda4d1bfc9b42b7c19da8646a02d0cb645145072ff5657ca515276f220bfc12c7e64ee6c62dc549df2eadd1e3dc70f689a7cdb6089c2d5fba46a067c2db7bbaa3eb887a2430338c77e627418bd811707f3d4b5a599338fb686943a114834857a414390604f6194df0e2542be4cf149647e5d80570a42e1d2a993460df286a1b18c4c315905a5692026ca681bde4db7b3a5f6554181e05d5e7ecf33a8704fac5d8aad54d50166540aaa28dd487416699c64539ab23f520d835c8cd8e284869bf3039fe7e9b4cba6cabd719c7139e79e06b007b7fe56bf88cf765464524802b42f036706096b67380f1b450cbaefd903cd6cb1c2734552cb2bdee450cb847002b5b9b2d8e35a9ea43f59f0dc44bc4c81848547a53a44d83023d94a877cb190442f8cbc260d78064281a066920a769886343e05f0717f4699a2c7dfc4216325648251f37deaff1276e0c1c110c5b99b3c2e66bb1638da95a4c10850dd9eecf425193fe5ed13661e4f37115421b7e8014998b74e481839c02f1fe7406120282782860ecf976acbed8a7a23425ec5fd88a8a386fedb759acc8c9e205a7f707a4074e31f7a84af82203bffc01d12a61a181ae7001b5758b32721df3a6ed74c8ae0d2f45e60c5af611f3512f38a7dbad5768ac4730d7100003d8ce5a5e2b1bd562e3780ea63fdf256d9e2759c83a21e58d465ed583491c4ae6e65848c1b114f77a58bd91f40f6ff8de8842a6b0665e983593d8eda4c359f81ec12d496ab3c80125f052b60412236449f232d97f35702b3264dfaa10e94689fb8652f3c44012a1ff24ae546e47a47bc12ec9304a7d8185bba51c567ee1966302b392995c2e8227c02f329c3487aeffd0601ceab9ea78dbbe9ba6a2d8058dc69cde8909988565277a93dc80d95babae48e5e220ac45e9ef727802cf2ea20212d91d93ed439ce8c8da932d75c0ea12e88d383faf094733cf1815868c7d5101dd311d6c293fa2e6adaaf826c3aa07b96ca57f620047d1d143dd4455141dec7dfe242e1deb64988704187380710b46676a5795db3b00e0e800b1de1dd874fa57fd2b4385144c02c125df521e09abd19a33b02790fad69638555e131f02cb9f326518b6bd0b733e8ea602f5c311ec235fa6b38a6c046232c6677a055b533184f88f5dd5ea981fc45af1577455161b7180fdfc7b7806448fee10323bfb7a70967cf9a774ecb7765735c985e601b7830d173f4d45a931a7207947f0d9788617872cfc82d39eb09231b591e00193726539dc0e2bc4f98f73b82ccfafddd6bce0e172a018e2115f1dee5c1c45bb9e21060c52f3394729afff4ff8817b9d7a99272478bc43d949c5bde23602126aa885ea4e8863c1258e816c5b2066c144839aa82b8a566e977dd6065ad353bc05a5410e94983bd7ccd0521050f7608ea2acf05fc29f13322177e0e2f7e78d07ff101481bef37901eb3f86e5766363a78ec220be205ccca5cd1a37e74a5fe6638e59060f259643586ae6f6b24febe60fae3cf4e8fc23627e81e4cb307e07284af314019211aa652e842fb2d340aae737b54ad85f38bb66e354c439b858876968efcdef89e08e5a81ea1b9c1ed4ef6b5d5dd4a67bdc0535017b8f13e570229f37428f7d993bec75eeb5ac1de6035de7f5bfaba35bacc2d8957db8bdd0855a2cf35e324503845d34cee1135cdc9e7317c262111c039d7054a6cce185dd8277b8b1ad3aaf21d523481d5fc302af35bef59db90d818a781424424a2f2606d1829bf99dc45df553d9d23b50b8291cf04946ccbed5d3e410a772586aba14eef918d2f4bb186dda72aa2c4c72d1812716c7ffa28e8b8d66839b24966d147f29cb230e5bcd526c27788c024c08cd6109b88e3c2bb9a277f28c24ba7276554b8e3a53045a901f483a50677bf859bce5ab197eb90768cb89fbe90fd6a9b4997cb594668a3956bff5a9fa6b6b8d744e9acff0aee57c88f2998ebc45a7113ff58edbac7bf160216fc0c9da82b9c06e7ff145abd79da49296c10191ca494bd94ecce240f4b45c4ad5c715dca9bf540d84fc4dbf958c68eed9a3db807d05a9bb9989b31167f9fec31a94291addbe9a50fe88a657c96792293451374dd1a61cbb10563464c69ef6312b72bb678740e93bdaa2df33a03279d059a43e68f3f1b54db0d518780d8f016ae0dcdf3704e1b9811ab963e77a94706f553f92532eee0695378e635e19da694b1376dbeee75d4924ef80da4a32e552df67fa98b2cefb99c9dfd4bbdd0c4a42d0fbb10b8bc7fb8742c9669b869ae1a706817e0ada64999c70399fdd92a785b9177c4d47ee6311c1e83b7ff219f80d18fc767d1606c61139a8ac36e42ed71273d58e01bf24009e11f835a8dec7938b9f9d1558bced3c013aa539b0704dd42190b99328d3acf7f9ce7a8c210d8c272c6aa72335ffd0428d1418473c55d428fe7c36de63836adbffefc458b75ea27dc556d26995712f50df392963e3f9c8f600aa22a7ce8c23c3c05cc8d9f65a914bbc5ea2d5871f7e401cbea1f9aa2839609390ab155d289b9cc2d3c9a98c738b90cff11386e3794f8cabad9b07f83bdaa02c42aa1e7615b59c4b4dca98e7c32253b79376cd9eeff01229a8794bf6525ce52c83163c5d4e72850a4c51f3fbc50524d80917a3dfc1b3fe20664157b85fb4598f9dbf735bf0b506b00c6ef161b6a5924a1344a5e2d0e313fa7ed668644b162754db6a699ef6a30812190709b5ee726b02cb164d818ee3df72156743c4e331cbed1bbfe54fa82368355af78be5caee06db8a5c428f12e282a0ad68f741b673166182299dcc2f6a3cd00263b3162d04baa4866ecf6c1fc911ed3fe5523364da93dde6c693336ff4e8114db81ba98fd0669b9240e4a85f576d0f9aaa94bb374f45a8073469ea63c93d942a429e4769bec5c9826a4ef1dea6a0457e6c535c9edb848e920ca7b0fe570d26fbac24ae4f0442", 0x1000, 0x5}, {&(0x7f00000015c0)="5cb8075e20cc4b8ac049e8bfe988067630fc65821b2a29f28f5ffdddbb7bc642643b57fc260b74d3942643e9f38316c694b8a280fbbb9fda49c9fef3ff06af1fa40d4644fc55bfcf7ffc9527bb81d1b7415d1f6e5742af7dfc793343650150c49fa1dcf8dbc593fabdadd3c6c7580c56df67b5decedf4a7e1372f39c3df0290cbd05a5949768787174bff306a98a7e76f34489e8e7e95aae812f5df9a7b3d3f67c7578ae99974504162e7a15708f91206823e5758e31faf765337bfb1e5020acf523b687698bf763f2f6552669b75457503b8a26cba2485e7baf4f2a6968bba65652ac717ef31b", 0xe7, 0x1}, {&(0x7f00000016c0)="5bb9a69009d724b2fe1ca1db61fca119df4e3647505e8f1d774605ec55fd45887987a8b881e0557b5d97461eebbe4608074693ee9d5f2d44638a86200a123be3176304370400899a9704a28639cacd6dd3a2714253a97937963f078b741c6915bb4b6af1d7de2bc0771386137263c5ab72e4e1e9d66a64a99f95aa808f70a0b374d5cfebf2d0f4a1cbb7d3c6c577a6890c0a7645a90c962e93a40db13267f82ea630bcca7397f54d0d0abb880499e97a6d9170721af14d320081025c9ac7979d57db09957c8264880ab107e244c796fe7271", 0xd2, 0x2ec4}], 0x1000004, &(0x7f0000001880)=ANY=[@ANYBLOB='\x00,appraise_type=imaer=\x00,appraise,\x00'])
dup3(r3, r5, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:52 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r3, 0xc0189377, &(0x7f00000000c0)=ANY=[@ANYBLOB="010900000100000018000000", @ANYRES32=<r8=>r6, @ANYBLOB="ea070000000001002e2f66696c653000"])
io_uring_enter(r8, 0x2f48, 0xb661, 0x3, &(0x7f0000000180)={[0x6]}, 0x8)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000001c0)=@gcm_128={{0x304}, "4fccd992e9211cf9", "81b065f484fc48390a55ee9ae19a419a", "66747c1f", "9cfe703779760438"}, 0x28)

18:07:52 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xffffffff}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x100, 0x7, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000140)=<r9=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r10, 0x0}, 0x0)
syz_io_uring_submit(r6, r9, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r7, 0x0}, 0x3f)
r11 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x10010, r5, 0x8000000)
r12 = mmap$IORING_OFF_SQES(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x2000000, 0x4d704968e40f44d7, r0, 0x10000000)
syz_io_uring_submit(r11, r12, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x5, 0x0, 0x0, 0x7, &(0x7f0000000180)={0x0, 0x989680}, 0x1, 0x1, 0x1, {0x0, r3}}, 0x405)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000040601000000000000000c00000605000100070000000500010007000000056ea81c82946787fe00010007000000b9e29bfc79db82d07515faf55a9836998cc6fdf6c46ae275f279b586f85f387732b4dc2dc79765a268f211329da550e234a38f265fb718d6f598198d1fd7f19213297fa0a571e31778e4cd5d03661e72bee244c0e6e7671dc6660691d208370ea1e71cb18637e874783d5ecc1bb8"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x40)

18:07:52 executing program 2:
setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000000c0)=0x400, 0x4)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:52 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)

18:07:52 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000)

18:07:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000001280)=@getpolicy={0x108, 0x15, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@multicast1, @in6=@remote, 0x4e20, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x87, 0x0, r7}, 0x6e6bb9, 0x2}, [@algo_aead={0x8c, 0x12, {{'rfc7539esp(cbc-aes-ce,sha224-ce)\x00'}, 0x200, 0x60, "a3f5e69e83c849545068c65e8c08ba2cf68cc0d1cad9a68aea4dea38ab91bac99be493041d0aaa8671adcb31f510f7adb3f57611cf1a30e3d9564f44757ee210"}}, @encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e21, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, @tfcpad={0x8, 0x16, 0x5}, @extra_flags={0x8}]}, 0x108}, 0x1, 0x0, 0x0, 0x24000000}, 0x20040000)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r9=>0x0})
r10 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000001280)=@getpolicy={0x108, 0x15, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@multicast1, @in6=@remote, 0x4e20, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x87, r9, r10}, 0x6e6bb9, 0x2}, [@algo_aead={0x8c, 0x12, {{'rfc7539esp(cbc-aes-ce,sha224-ce)\x00'}, 0x200, 0x60, "a3f5e69e83c849545068c65e8c08ba2cf68cc0d1cad9a68aea4dea38ab91bac99be493041d0aaa8671adcb31f510f7adb3f57611cf1a30e3d9564f44757ee210"}}, @encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e21, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, @tfcpad={0x8, 0x16, 0x5}, @extra_flags={0x8}]}, 0x108}, 0x1, 0x0, 0x0, 0x24000000}, 0x20040000)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x78, 0x0, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xdbcb73d95ff2adff}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x54}, 0x40010)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2697.355010] FAULT_INJECTION: forcing a failure.
[ 2697.355010] name failslab, interval 1, probability 0, space 0, times 0
[ 2697.356543] CPU: 1 PID: 13964 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2697.357293] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2697.358188] Call Trace:
[ 2697.358486]  dump_stack+0x107/0x167
[ 2697.358893]  should_fail.cold+0x5/0xa
[ 2697.359320]  should_failslab+0x5/0x20
[ 2697.359751]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2697.360238]  io_submit_sqes+0x6f76/0x85c0
[ 2697.360693]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2697.361242]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2697.361777]  ? lock_downgrade+0x6d0/0x6d0
[ 2697.362221]  ? find_held_lock+0x2c/0x110
[ 2697.362670]  ? io_submit_sqes+0x85c0/0x85c0
[ 2697.363142]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2697.363686]  ? wait_for_completion_io+0x270/0x270
[ 2697.364203]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2697.364719]  ? vfs_write+0x354/0xa70
[ 2697.365125]  ? fput_many+0x2f/0x1a0
[ 2697.365515]  ? ksys_write+0x1a9/0x260
[ 2697.365941]  ? __ia32_sys_read+0xb0/0xb0
[ 2697.366390]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2697.366959]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2697.367536]  do_syscall_64+0x33/0x40
[ 2697.367954]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2697.368525] RIP: 0033:0x7fd673b8db19
[ 2697.368930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2697.370921] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2697.371770] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2697.372552] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2697.373318] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2697.374089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2697.374855] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:07:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xeaff)

18:07:53 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)

18:07:53 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x80010, r4, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f00000000c0)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xe, 0x1, {0x0, r3}}, 0x2d)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:53 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x100000, 0x0, 0x0, 0xab}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f00000000c0)=""/57, &(0x7f0000000180)=0x39)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:07:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffea)

18:07:53 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_WRITEV={0x2, 0x0, 0x2007, @fd_index=0xa, 0x3, &(0x7f0000000240)=[{&(0x7f00000000c0)="555c38bc2772d81452", 0x9}, {&(0x7f0000000340)="478e1afd76499a84fc7d78be59643d10a61bc48200d3927ab29e7dc0e4eea459775eecbeb9bf19910095a102331d76d10affc100e09b75318537ce1847d2d0eb009311e5fc016ab51f391ab1f670ffa2d74d9dd407aabad7c8cb482f264f4846a0680584b534865a18de901479db3cf2e32afe2c8e5f5c0ddf3ab999003345e4dcb947b1848448a0d457ebdbd78368581c0be640ca3c1669a84982bcbda5306674529c28009829de0aac9f7a0316805440203340dd4874e9b31b444ac8532a8513e0cac3ca64f6717c333ce70d693f107c20066bed0d7a6652f40bd25caf7222c9c168475de3b813cfaccbd309308478a3a22643ac369949e7d7221f0b211ae4554f5a803103cb1a6b66b322463a00c9a09d60de4bb95a72f62b17f160083e9e2954d8fb52abcbc48a4a666352c9cc7e525214d0bd326a8dfbb4e4dcb58541cc614105974b838414155d0792275d6b0bcce4d43788802df4b78e177d9a5940e6c5a4a1a5ed80fcd267d505deb318b0734f0f8114c313cb201e286013f3cef5077d6dcda4735d78ad04cf99c42844b0b5ec743a111b4ef730b48996c0caf7312ebd15e344d904922192ce31492800b9df537dc705a97ff8c9684e8b114752c660b888e0aad9b80e0551900b2e49de37b3155938b7dbcab7fc32b2c31607b08228f2416c71a6dcf68834b9154732de728575e335ab2dbb0f9a9453c49a31525a41c65e4ccb2f2fccdf0472c7a1bbcd745b303f010f76772210b34e24503f8959df758f5b5e6cfda7a328a3a30c8767b7b7da1e2bb66256b7f2662b48c40230ad75f33e1079e4e492e77cb3b64aa989766c31b84a5bf48440ab87ed7259b97c23b399e6e24b8122052a72304c71e2d869e7028927a1797ffbae71e596eacc577227d13bcd3bd4dca4ccb6bf2b9431699fff063e6ead3fe88efee5d3e7e097f82fb049fe5a371386041669cf3b8d30ca99087c5ae9ebef93dc5aecdafe58987046594858027c3930d910a7f86204ed8444a98ab6b46f0a35c6ee3f0a2a0c618fc3136c5d0abc3c246b8b541d8e9a996f099e33d98236aebd459ed1b675d3ed6245e7d7110c3643569a194633cdc7b0b2a69b61f99e2a14a31880fa49bc8ff5e552883cfa03cc736ce89e43f03531ba7f99d6007bfb486ce664fa983476ffbcfa8981784265889a1a6a879e31ff52f487a850181a82bcaf7e2d79bf9ed2c26cc46ecbbc8b387c5ebf9eac123b0fb894b945c351fac52d04db95fb558921ad792076933bdb85794d444385f9d748e8b399d5c579e50c8b6d3e6a9f819a9ce01a733600400cd6ba31c4fda45bed660f3d0203fc941d35e2b8417bbba5804dd6e671b15ead1effd76beb66442ff1b8b17049e39669c96dc5900550f739080c56d2e28bc217575a28cc82e3cbbdd8cf52511245af88a76f260a33541f15eade5891ca9ec6b4171d5b3b40ded76d03ff9dd3a74298659e16b5b53c1f0268d245151977135e2342a478e222a86a110678066d2c9868e174b2de962b691b5107073de23ca78c186ceda125636f98b3ad7ba8dd2e7fff64aeee9344a9b5feda63cb31a44fc86eae65e5b1eb7c5e32eb86408d8fe11f9e0bbe9aaff380cf52fa368c4f42ee99ba53ac58312bab7ebe9ff896a91431d751b16691e7d00536a9b1429b4b19600ec903895ff070ff25e65337e5466a90df68b98b67ca3e716f8592cd471f8b61b69ce37769b605bd6bedecf1f22fae5058b3e7d4c07856669ad729c6db8508e270b5d2370541a234d206b7649d3dc072e29101850599105b80c99ea5b8664b80c38eaee2de83ac0e4abdef50770e232bd31b209d020cef189bcab26b5b980e1a008af1671b50e58f4cc7fbcbd632995d209e14d8b1aeada910e8743c13da95303f05c5ec30ee0201b6bd38dfa1a1adebdbdb669aa39c5e6b01404e2981680a2315561070e432e9dec3fb32a72a7ce44aea2a684c8ff95503fc597ca8153573e2695b980e8b0e1bdc1f1343306746cedcc59a364ef5c5188fa617f215f752a39db2509417ef2b023b8cd5dbb09490d2c1b026e385450e6f9d79e58525fa510ad85c9cf4f207c689dc1d82c1a286dcd9d1240797a8a46d919ab9c1760e9e6c4f25e3938e6c4e0dbc9aec93af71ae8f1edea7ea9bdec272800cd453a15445b7b0f673229dd740365e0e00dbb604b4f6694e7d58ace3c596c427caef3e3d275e80d48a813920756df8555ccbbc6b1ccce1f1b16a545e2dab56368785d00721a915242038f66f007e309174cdc0438f64ecdae0c7ad34123b225721cca81738336c4bb28ff383f6dedd3d426f434dc6540f4dbb7af52725996e09e12cce77bd44f3f7a80d6d0cc5721cfe6d0e5ff4ae83620c4a4ad04aed223985f7711a4a6d4a837668dd0624f01a2887275ac46dbdd581239c16fe82aa33d5b73a6638a6e238df9b305f8cc937308acdd0646bc5b389322976675b8fa1fa47592f17b84df1c8ca738c78b4efdacf19105859b90db8b39d277795fa20541f12f3449dd64abcc7ef2da8ab73facf3272a6f3278a869aaf47905e2dae05a27ea7cd9492a9fd2440571feb60cf159aca543014b7e1306cd5afd8887255f998cbd4922d859197f125af51a783a159a0d0e0283d3eea6d44e11cf7b621befb0911dab15a137279a9dae4b0698eaa8bb7be4a6c14111d20255c5f4067d32df590e5f67807f5da9fe6d56f10d7ade210780b28bad1ddf7a4aa56a21495bde61fba721b2de6e24a72cf44b4a11110370139f023f0423051bcec1a365f52ce78aac04f852ac8768345d6c8f8977aad86e3b5941298b36c0e6323c683c9c599ac1bc38d3487274c0d81fb276c9b850f76e69dbdd7676d72482094c0a5900dc2c6a9b5f25fbf274a6eb1605c504f770bace94c565a9fc81f4e6adb8f89a0548c31b9083ed0eb8b784d85d7a488a42d5320b6cb2c5bc54f553430d9fe117c27820973822c650df18bc5809cbcfb936c17dea4075566c025dcf740271004563b426264cc20dcb47bde932f25f5d88f1a53f8fe31671fda8d101727701329620816726f227ce5155c534e447ea631e9c1a1f3a263883b5343c460f76bc7c6207b2c0b10bcce42af40a2e4194ebf7bc24c8b2ce69deb038ffaa726d9d7bc1f9469be44493c5b4745bceb478af05866e8ee45526e899d8cc8990cc44a9ae616b4126fd5ac7c239ef4c481e4cba717bd2bd733a5718ddf8ba2958641bb055d33b7e6555a6308d642ced888bdb56a17370e6d14e7b6c4dd7a8619ecb82c87e17fed65758e571d210e940501c630a3bb2abaffe05568ea930ca050f73e000e0acdff0b88e2c1b112858add08a225f9a4719df4dc72e3439c3cbd66ab997d3339e37228673733c31a48aa5efc27b408163dad02af3c31973fc6d0dc06652ddf6c8537bcc8599b7cd935b36c370d3c67c83214c2d72b0c3a76acfacc3d83bb1a2d7eb95b179b8c6e381b68d8d55c511c1a196ea31d86ace09cf77fee2b1029fb6ab631e30b8736f7789d5da26d20d0b4bb6c8823144afc0887c75b57d90b6de64f98cebb1c3be354801594be74abaa1f09f7ed62f5804db8a5de70d1bc268e224a2b53e9bd5260e4a80c7185e0f91000b9ff45c71d5693532cc685fe2945aad0a17789dce5bea7054a0842fc9c328ff58079f99bec5943eb30bac1011464eaf72685f053acfc18f51e1a33ed5e793a287ba5530f826f7f7f8879f3fd252937e69e347f60bb8528d5a25b6408d55cf9d984895a7ed551838a1eb911caac66024391b7923933694570672b5248298b3dd16810b28adc7e24c7d79f8509a067e73a79445a97cb4bae389f849d8691be207715c0ebd03abba2e1d4f84144cf158361217155b0058153ccbd51725e815b351ed4f9d085dc09b89d17522a6eba9590e3dd1e749e95836c78ee9c24aea61d8a1317385a6fafbe9e6c8fd359581e6b1772e629721a6e053d1cfa551f13b6d6744d9d0c78df16a4f04ce8380718abbad0cd1f4d69040c6793ef9a72837045b43602378966ce2f5448459113a24ec0e6cc750b348b697199d5678a247f43e6df0b01b5525c23f91d89f881c1b0ba2e197e985b328ca869e67856c156527cbbdb944f1daca29447714a054f297551c002e4db5972eed00d2c6ea498b2bf1291dd0abd6e4cb6728e9c53d87c087c49862a9a479f671c3b6d9e2f374d627c8dabc6608bac1639360aae8f4a755ceb481f0ff15a5b88e952086d7ebc2a7f563d6b831d999fce7404ed371992938d2d78c3ae3aa2a40bb699de788692d2cbbe617cf7fc5816f2e04ccaa1bee325e86861326138b792d094710a3b2dd687f7ab2eb47088328b54cd8fa01ae5da137a444a23dfd1df04cff083664c9c68e946db75397b6e8c39a8707d4e096f1ab7f6c95c7bb39a859b0545820913a8c85a26d116f96b06d66df99680e9bf517b45faf63b697402552c083b1a7659013205f34691b43f193797a1f9aafffd39a41d46557cc165ac35c6a6898853ef77950e922612834ff76454520edb2950189f5f5ab4d3767bd430425ea0626ea79272f3aff6dac2c15215edf2769faaed1db7b1415fa2b7e3acfec02c77f4bc328432a6da65c0a518e976e3b607bea38bf79c763b4a03a46ec7af503107a76d32a781bee6d557040180a3b356969318033f5d3158d45fc86331769d7089ac9878da5d67c36efa2053d94e787da1ce2cad1c01cfc93b7a4337d2aaa3e005d311f3e7a32b86d9c5a559fea5d9d555cd8d1fe9b4ba13b4950aca5f4cabae470601bb815db7dba56f7a05c6b1bef574f441a880379bb37ef08211ddec00df13048626db4cd1640dac11dec2a062a5e851bf66a6e96a0c0bf24c840c398501a5061192ecd417a0b79b30f768e3be2c75b9dc9b3409a8b0e0e7f950c50399dfbb7f74ffb7a2c3de9d9ab3827c89839f829980f8a01333a46a24f44059ae48799be0852243df0e04bd1b7d4b32caaa62c0bf660738d45c1b2b25c289f342e9d28714eb1230904f354ddbe0ae2c35fb07a39643c10b23893a2f5c819e48200ad0920332473a8dc0aee5802528efde8dd7a7945b27c350ba530b8d0912ad35d662cfa93bab6a47812606a7fe60d1717818e5f20a2a867a3059fe9c74dffca3b1906e334513b2bc807975308d0723753e8bfa11a8bf9fa746203dd8d1b2bd588252677f2f6e7f082e46e232600b436840ce6fb41f6c00efc715ae318ce3bdc76f53294f9d5bce8f2f4582456ebb1146e1f67ef40f80ada3cbe1fc324eca7d03e804ae7fcc85638f2f7ac7da52ff2732fc3060a53ec67bfd9dba1a070fb5d8a992bebaf9f3822aa5067a351e640e78f14f41239addbfc7602564807e802a80f87033ea13aedd9c4666822eaf75baee4894f7adb16504b18fea0408c457b5df6e949b6a123ed633ffd37f15f21dd3b43512816f3cf050ffecce20509d63d227af0a04cb63c7e05a692a1f13b1a6f28890ebde2172353348e083cb29aa15c50f21a280bf5225b2ab446106b0039ef582affa472386368571e41454d93d93be7dc0e5c738938a821d076ab51a5d2bab0036d52320932c4c704ed16ac1256a32b5e74945a180a8060f2c75a0da538a8b88969cc420b66e871089a3e4db8d0fcd07bcf428fc7fb091de647f70517638157c3bf95df8f0274dbcfe43ae6a49eb30eb27121035e6cc1a134c61ab662be6d2553b4f7b10795f996b94b2126d82a37147fef2f547342dca93df01dcffb176e80d3f25e6ecc7aee2e644f7476a27ff3abd8728507621b01da7746e889fbb46d43f620e1735ea0a", 0x1000}, {&(0x7f0000000180)="a33da409337782fcaeae61f45f342f0ef08b3bcee8969cd111cbc3316affb5b6845645d63b9a34716372f20d8465c49815d1a60a5841fa0b294617031431d5357f906231a2e6158d7f8c4b56ce71123292fad5ff66829d0a978c5c94ba4dd3d75a7643246fd8e0", 0x67}, {&(0x7f0000001340)="cd5c3f9694f275d711c0863ba42dff2e38acab2e813f85743d4f33862e39260af866ca214490021814689532434548ef3aa43f50382484bc492229f66dfe8e60dc285ea755eb4525e0ca542e982cf581c45452cd09da610fdcf30fa399c58e78caadd52d289bda3458db3db5b828f471ea57b5da6e5ec0fd0f4e7cf3ecf643d365b94c127216bebf21bc26276db9b788f5b4e82c1a442e8890af701f7dd220c910286c3584", 0xa5}], 0x4, 0x1c, 0x0, {0x1}}, 0xfffffffb)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2697.773662] FAULT_INJECTION: forcing a failure.
[ 2697.773662] name failslab, interval 1, probability 0, space 0, times 0
[ 2697.776552] CPU: 1 PID: 13989 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2697.778082] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2697.779938] Call Trace:
[ 2697.780537]  dump_stack+0x107/0x167
[ 2697.781366]  should_fail.cold+0x5/0xa
[ 2697.782237]  should_failslab+0x5/0x20
[ 2697.783093]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2697.784121]  io_submit_sqes+0x6f76/0x85c0
[ 2697.785082]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2697.786200]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2697.787286]  ? lock_downgrade+0x6d0/0x6d0
[ 2697.788228]  ? find_held_lock+0x2c/0x110
[ 2697.789150]  ? io_submit_sqes+0x85c0/0x85c0
[ 2697.790091]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2697.791149]  ? wait_for_completion_io+0x270/0x270
[ 2697.792228]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2697.793277]  ? vfs_write+0x354/0xa70
[ 2697.794107]  ? fput_many+0x2f/0x1a0
[ 2697.794922]  ? ksys_write+0x1a9/0x260
[ 2697.795836]  ? __ia32_sys_read+0xb0/0xb0
[ 2697.796761]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2697.797942]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2697.799114]  do_syscall_64+0x33/0x40
[ 2697.799967]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2697.801124] RIP: 0033:0x7fd673b8db19
[ 2697.801974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2697.806140] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2697.807869] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2697.809476] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2697.811085] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2697.812709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2697.814328] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:08 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r6 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x3510, 0x20, 0x0, 0x36b})
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0x5, 0x0, r7)
r8 = inotify_init()
r9 = dup2(r5, r0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000001a00)=[0xffffffffffffffff, r3, 0xffffffffffffffff, r0, r8, r4, r9, r0], 0x8)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x1, 0x6000, @fd=r9, 0x1, 0x0, 0x0, 0x1c, 0x1, {0x0, r7}}, 0x0)
close(0xffffffffffffffff)
r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x9}, 0x10000, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r11, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r12=>r4, {0xee00, 0xffffffffffffffff}}, './file0\x00'})
pread64(r12, &(0x7f0000000240)=""/101, 0x65, 0x4)

18:08:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000)

18:08:08 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:08 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x100}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000340)={0x0, 0x40, 0x0, 'queue1\x00', 0x2})

18:08:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)

18:08:08 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
r4 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r4, 0x1)
ioctl$FS_IOC_FSSETXATTR(r4, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd, 0x400, {}, 0x5, 0x4, 0x0, {0x0, 0x0, r3}}, 0xfffffffc)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0xda, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x1f}, 0x210, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xa, 0xffffffffffffffff, 0x8)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:08 executing program 3:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r4, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CLOSE={0x13, 0x4, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_FALLOCATE={0x11, 0x5, 0x0, @fd, 0x7, 0x0, 0x4, 0x0, 0x0, {0x0, r1}}, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r1}}, 0x0)
close(r0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x3, 0x6}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x3dc, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2712.508514] FAULT_INJECTION: forcing a failure.
[ 2712.508514] name failslab, interval 1, probability 0, space 0, times 0
[ 2712.510368] CPU: 0 PID: 14019 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2712.511408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2712.512666] Call Trace:
[ 2712.513070]  dump_stack+0x107/0x167
[ 2712.513617]  should_fail.cold+0x5/0xa
[ 2712.514186]  ? create_object.isra.0+0x3a/0xa20
[ 2712.514869]  should_failslab+0x5/0x20
[ 2712.515444]  kmem_cache_alloc+0x5b/0x310
[ 2712.516055]  create_object.isra.0+0x3a/0xa20
[ 2712.516716]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2712.517475]  kmem_cache_alloc_bulk+0x168/0x320
[ 2712.518165]  io_submit_sqes+0x6f76/0x85c0
[ 2712.518806]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2712.519539]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2712.520279]  ? lock_downgrade+0x6d0/0x6d0
[ 2712.520880]  ? find_held_lock+0x2c/0x110
[ 2712.521480]  ? io_submit_sqes+0x85c0/0x85c0
[ 2712.522135]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2712.522861]  ? wait_for_completion_io+0x270/0x270
[ 2712.523585]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2712.524292]  ? vfs_write+0x354/0xa70
[ 2712.524847]  ? fput_many+0x2f/0x1a0
[ 2712.525390]  ? ksys_write+0x1a9/0x260
[ 2712.525952]  ? __ia32_sys_read+0xb0/0xb0
[ 2712.526533]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2712.527280]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2712.528035]  do_syscall_64+0x33/0x40
[ 2712.528567]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2712.529293] RIP: 0033:0x7fd673b8db19
[ 2712.529848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2712.532467] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2712.533565] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2712.534613] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2712.535632] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2712.536674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2712.537703] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000001e00)={{0x14}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x101, 0x0, 0x0, {0x7}, @NFT_OBJECT_CT_HELPER=@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}}, @NFT_MSG_DELCHAIN={0x28, 0x5, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_CHAIN_FLAGS={0x8}]}, @NFT_MSG_NEWSETELEM={0x4d0c, 0xc, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x2614, 0x3, 0x0, 0x1, [{0x11ec, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x48}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x156bc82}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x6}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x6}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_KEY_END={0x1194, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x1004, 0x1, "2cf790a0854c3ef45c9f8c3d19a2f3ed8d70b5cbada9f01f575d1fcc94eba65d3929c7c516c945818b7007cf94a81a6f663f2db264dacebd8a0991aca039a8d6b0345636b01fae62e5e93dcfe2a13da53200291a9a559b09df0136c7410df361dfe4a8d503b597b4c087dc05e5129f80b67f12ce73ebc48a84b0090ab701f531a165c28b1265e563e321dbc52f4d0f64cb969843f0f56aab816cd8fb240616a34d4a9c3338d00085211182cc93bbb96a3f64d17ac597ca2d29c0d1b99df7c1506ba197f96fa6689ae088b38115035b9356bb073e472fab8ba822da50362df7aac1068416f9db265bd02b9d9fea3ede19f6347c83a7691145a9ec6dc5f81e3c1c3682f00fa52ab1998ebda82e8ce25aca5c59f72b1e7021196cb4db0a8f11b61bf6a4738ced1bc891cc4a2f86f4f84f43029a4b8667175d0df92cfa9aede50e49ada844ed3f219e2ac6c39a6beaa1d34c7c69ab4675055de397db8c8f89fd5737b832d4e3abd6afb0bd011258f1134758cc3bd92c05a0dab32ac789d391fe1499da0a12560e9b34361c35f1752cb72eb3aa1ae047b202d327eb969dd4c01131f514971280cc4d9c720958bdcfe40c6a852ab9f461c8962b2ebde7b51775407507037852c3f5a873b514429c8d83c8f968acc5f7c423cd93163fcaed55eabb68a96dbb329e5c9ed0f9ee5d94b2421be9f468f5e4652afc1096a9c1d83f863c815f49a37dbd94170f6ed6bfcb5f9ca18684aaed9c96f5248ad33934612b01d6b7a8e568593e0a9c76fb3c70b7c6b80b0f30b54b3a2df3ce1aa96c9d45fbbd2fea05b976a9b895c67a2a4db1388332bda8308eb0638d156536b222b640fc60c67fff430d0a3093b3faba822419a6317ceae5a86efd818c9bf5070dddcea744977081819400eff54b21652432971d7bac6e7bd907bc7731dd58bf3faee191aed58ddee7005091676164b91029667f76feb763f63db2acd567567c73401ffeddd76e4a69d38ff717604bebb69aed9a2a14c12b861646c6afb932f7651d4d538e78f99bcd6f510a2a083077371a8f1ca3f91f333f06fe2393c7495166c759b9b858be373f05291c362b8131a72c8d6cfb40a6c0c41b1e43545f44392fa77969575df2f12541e70c3c5ebe6b5cedb6772f5c690d64eda6a16db6281f1d17c0eef4afb5d0373a6233091a2aead5093d2f3a9c48e13936f95122a60c2317ba7630a16ed9dfb27ec009b8c6fec46fcbe4cddebb90db583a3828a1b5cd676e5d2ea8b7e898e1891bfaeb9d552cc2523d63c29f94da731bcc1b680653581b911ecd84038af61b231df4fb99cf081e82da19cc3282210a489347c696c544fc959db8ef7dcd356f96ca215d838418147d86981112252f3b8542009598f21376b33f6d7f993fae9b36996c5561e3f04f2d5793790abd2ba4b5aeb7040dfe301c0dd5ee502ed4ef34ca5186ca70303953a923973dc523dee9f13367f1b3615a3f185d4402ad7148aa3916de13ecc714597bcb34fc3150c69eb71d060ad9d074fd354942a0329705d7c9968b033f3eaf177cb2c90309dea41ec61ca08c2f19b0d4acad49c46cbcfb9285b7f38d683215e2e3e21a12d228f383cc4f15b52d439a38f9d1f7e6a396647644b27843c518b109d72623e6b3c7194d2dc449eebab7fe9960973821f1899994e9c585b02e817ea6ccc9a1ff42acba84cc87ab0960cf812ad4c2d77a93b281641752c3db7a907fc720ae43ea6c68b2ddde934cadf8788b26f24c2ddda883a7b1cf8632f6e0ba5738a84b5de92b07bb88a2f2119e33b9a230fd0ee9424e989c13a5063f1e6572b741467455644ee538e5717dfd5c32c7acac93c9227515346d48bc802b7e51ff4d10d906f76f176e9dcfc07fdc8ecd1ebf7a77c81ec3752aec930e082730120a47ac17c566e69951cb44ddc7b91fca888f15dfd66b825cc815e323ef39d6b8b14b57013a1a4504137dc0ada3fa47edad6b448a5c4b716fc41a18c5b35b5113ecaef625af4826430da4c863eb53e6faee37cf2197141896699851888ff75208e4a2d4a29ec773be3a6bd2cae317a8573ba4956143fa436e1b8b6c038c9064cf5f94f1f6b990b636248eda9f507b659147f7ed244f56fbd304493cf9d97fe903253bdd63560ecc7183f6c37eebef394939d5e95675d061732223dea697edaa6d3bd8250a17db1cc470a3e5a6edccd5e3aa6e4ddeff63d2328455ceb093da80e14adc2a322cda349a456ff38bbd15c37065750150468591afc60ad3682dd53e71bd6eecd10a422981a0cfa242c50c342f43265581061595bb8985969664922a5004db3939761331a53ab106168ae1ec3812f063b5463dc7b64cbdb6d68bb7e60e0106e60fbf587dc23663d135cbbe342288e9e440684f7bbe49e56d5fefee9224a905b481ea9b1ef63a885e6d281c276bb8b94e82ec62342fb9ccf089bd7180da6d1d87787b55cd6b629f58bc1842bea769978dc2eda0344c9a9ad28c1894407d4251cf1348360ac2ec52770042c739a101be9c759c77ff560a18e088039c1ebac7dfa2b2f775120e2da6f06552a04e79ee66ade8e2916ece45d5ba376ac8476663728ffb21e9d03be5623462fc41d3f96c70ce76600983b741f63f7abdb3f67dc89d1e4cad2fb0996a4fadc579cb08f714ed6cfaba4c90c21db474a981e472a7e7846dc9d76b647bf36ef71393c0c4f1fdb16f035beb286613826e87420932ec8522c96aadb55536531b7e35b31a8405cd7b7eaf2e83cea8afca71da5dfcd03f693401aaa74ee9cc898ec234190fb91ab4bfe48bed6df7e60b1eab4da6ffd4d9b610ba899c316647ac79799484055e2d45b1a8e3c4edc591857a640c176a56aa5560bc3c0b14e341f063febddfff8e2eb51272662861cc745a3dda06f895d01e44d6613a3d0f353ac1dde2c49fabf3595e5d41e5ad3ae42e999aaa7df6b670ae0edf5c677898c7935c20740bb2d05a8e5e5097df521dbcd485215b0de2e644f9354ad424842c7b07ae04742a69f6fc2f53b1f3941d0fa2d3bd49f544b3243943d039f883d6d6100165025b617557c81d1534626c2da99ee8d0c21e8aed14a10fce27e39bde8f866ed5060d2b9c057a9861867310ef3e651b402684ac0bf18b4273b94c88f157046f77510c37e7922b1366beb608bf3c0972521f2426c6435fbdf6eef85b9e1f1231971234362f9338e6ca1ac501c663e8b3056350054b6a145f342cc1673c41affbf457b030ca4c8dde933aa0258c86d32d275dc2edac7224373469935d02465706fcb9ab03221f0088d892584e9c723fef06b267a03520866077e6d6bd3b7ba646cef256c3bfb45dda459ba24a07ace4622d2eac8d9ff34d9ddf2d64e0155ddfa926fc229ed41b8845b8d1c0709c8482861f8f8d78c687b0c40ef564eb09301dd079adaf47e5029d27a97d21da1545a456d61f3ac62abdbd2b90a5308456fde5834a05241bcbc10d0e809c9e43a56147c7641580cbde9383433680d32040a0d8d06aedecfe7813e9a030dfb406d582192123ebfa8d1b59391398d3888d7324b7fde14a33b7e78b345c6e66f15346c78526b405997740627fbd09948472b71b9a3bcf8499041fcf6fe1dbb2dbefea0be95ec666310e2d9b8bf61295e4487476535dbbea91dbfd668dd8f718f581caf92c6324a8075103f7f9b799931cf48003b9ec698046eba6944ecc121fca9aaa000c2cc133fe6e2e155fb33a02d8ad5febeed4c52cec8c8c2d2202af52948c41e1d23ae701021a33a43acc1c1a0bfe7fd2be446302532d24bae10f2250da1226ee5eb66a242aa5fd55b0ab0706e49a72ddd801764a2aed96844b1b7b278482a113d26aa5a61207010fba425954c123702069f6ccd93fe9c1dbc2d6f42a14f02fe27395196032a022b257b9d928638bdde6837e247f4d70e5e3774f47fa40b537120c88c0ffd420cc889a03845201d0e3cc355b2cc130367cbafae1447ca473b11c37da625431a4f6ab12e39b273bcc46ef7a61b0d29e18a159aff1b5c99da4857ee9a57cdf10581e5c2384c7ef7493a1dd2bc37559df36e43bddc3d25e94e25868b6bf4fba869155baf382f8d38707dc5afc01837263c8bbbbf3f3eddb27653432181532881999feb065566c43af96d298e8cef39205253a342d125f7468a770bec2c5f6caa3894dab1b58f6f80d158dcc352da9c1e7ea5a5b30f647a950ec46573f062f23d8cae0e3212b48e00799e081bdf966c845e722895572141ac55ea7f3a688855951067172a0d1cb59151e204db3ec43c8a717a2c0d90037fb0378d0823c599e5e45772da30f07f5777e96b31c95578de51aa0e1d9961b9f2296a7312b949a70ac8d0fc9fffe3161189de41389eca2c84e52aab7e04b42c3502e104e60109e4cab60b972da6c47c53e5611c83d7bcaefb097f8e353b992eab943ba5b2703dfc90ed11f9864f9e75756d14bfdf2a48644e8bfa661c59ccf35d4c27212c6b9c268b580916346b10688d2249bdb878fd4ffc36417ff8c895c6f61c47a8ffffb0d77fae3081c34ebc7a57b69e9ab2aab2b453cb5491d9b772d77c192b7169af9f660a72f15ffb90e6bf81f57b0d7352c05321cb064f702e6d07ddc6d487bb2bca4fa69e3788c5d55718c1f18443066370a8bd98676c05382c221a56b3c0c7f041e116e6ea56d536ce1061c957655a883b3a4c94bdbfb79be8a2e79fa20aa85863bfea0ec1caf9c1cf06f614507c89a216073b0964eea8bd5f25b7509cdc7861f0602fbef755c0e9a256a26db0cf6d2df341d991b459dea2ab34105f38d23d5c53bc9c4d063807d563ee4eb89278791822fa1fa444dda93453d63fbca826835cd06da758cb65273a938f670a109618d276a9506ce21ea133867d02677a919c42d0cb3101b83742210504ce3f56657bbc270675630c844faf7be253a5dc15261e9fae6ccce0b04111e7000ffc86f12139b7d68c470ead0f3acfc4620848be2f04a5e8d4cb5af145d5953132c733fe16381af36008f1eadba70b4e6f5c78803f22b2ed42f63d421dbab78bb2ebbf90941acaddff858c8009d49b38b5708dccd95afb3d67c932cbf1da4076b3613dba1677eed0443870ea6050e300a34bfedfa6f23a7b9c5b708c18a5ca14b7193291a7a7362ceaa129135360fd1206e9fac8e332b7e93631149e8acf11f2bc09ca7aab92d5320e464b23d1798f6617b93ba521b2bf3dc2e090e4dd8c4a65601e0de0c54d796552c2044969db56c892581f06a712b7415f5c041fc575afea526373fe6958e1cbc4b08fed72db5fa09909e508d5b9a8b7f3876c92c3de14e15f7855bb4f6e72ee2a5722fd0a0e05345c371db35cbd60332e855d43182fa35ce6abc601372c44a22f263b43b9eb9c9b4d8a6023edd71f8aa1a08ac52988116304fdf72b3ae1e716a8a79806f990923394ee6d19302380c540f0e58820e0842d2e307df11f99be1cf86e08b2ea6ee22e4d87f8f8d5d0b7956e7bc146cfb779b502279f0533279af80403b775b434d7e47b7ada0a91e9985d03c4f80e5a11816edb6e4f55511e6d048de3f0dc2a737209925e0462c31f52bf30c00144e5a080858a6825b55747b9ea4737df49923cb201c5fcea7652b5ada9144a17c5331c32093653177c24aa6490e313a5e2b260a9c0399b45b15acd158e18daf897c2d6c9ae692b825e2108b3c85c485505d727b454adf79ed9082fdc1a46f5cc4a279d9d7c4e6cdd2685c356b0a010a40e76aeaca5b4613d624407e785b3e75d7d74bee06acaa3efebd014ed84fdbe34ca74956a7508d1031d49da9043d3895"}, @NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0xe8, 0x1, "145d5307bc08ac02b0b6e256cb787e2905501d2f54a36df692b18b04c4bd4cdb0aff2a67afa357ad0182adab1ef96e7b1ba7195d8a123d17947dca791b35645b7c3e7ff6c41791b089e822d98e2984a4d6d6b36203e38e3211c0abeec83aac1f7a230a1d46365c9f405f1442fff23c4640eca11524cd15794d0a400d04676a8fd2d3282119d1462abe8642681853eec4b3f26258e662fd45d7374494d04b60ca42069741688ff19285fa6cb35d3bc4643d4c058c46f8974bfbcc59588dcd10c5a4108a89986b9ed6e9c527bccb8baab068661e73e14ecd94ddf2c4bb32b28926992c6246"}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}]}, {0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}]}, {0x4}, {0x1410, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x13ac, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xfc, 0x1, "da35b708e8af43299c75a0d3d781cc740bce3f513207bc5e5f66d424bc78cb78f09a722866d192be1019ec2c3dca423de05c3de66d900a6df3ff3d5a8f46a91d7d7398d4a37fbcaca8dbe8836cf6f442363015d224b19d42aa9890410724257879c72ebd9a82ebddde7c9b286d2da2dd6c29a6ee9ba63d0b3ec873eeb97a71262c8a4f70dddce49413929615018205cee24b18c37a48257e6ffb07750adff74ba5359a66464efa263cb4936680964c10be1fcef6dcc2db0d02b8906910bc82a8fe581af418588b3c57933fcf39a158f6436ebda15ffcd5062e046ed5f71100664df8148cb97239ba33e5826cccb56a76d57ff55fa600034f"}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0xd1, 0x1, "6fe6e72d24b36b964f0bec24eb57a57ae5948e5dbf9319ae03dc6f1be474ecd1bc5b9408159f1d9af1100457260262ba0bd4e6bafdf5fd40c7c64e6e67f46a270906acd8ef68884a258afef6be338a74d83a0c6a0502dda530478408608fcf9e3e3ca5d85ab1eae04cffa264693e239bd7150d0a9e06e260786c33affad763c55a48eb0cd2aada1f458707f69afdc2ffdc0251a5c8628f1f16d166f5dc6e9d027a3f4953e64e70e6594d1c384f59c23ac495195783c81bc761b0df6cd4f36bf24f33e2d6065175a5ec445a7faf"}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0xfb, 0x1, "cf46eb7494a5a55621ee3f95ae58349bfa7d4061eb59db6a5fe50df4830a342cb4e2c3b04debf3bd6909f283685df4f55cbdd1cfd9512b9439535e90712f0e616bcbec9f4b3e24e507ffa38705e5acf1129cf1c5e2473767b0d82fa8cfd7c5d91338ec04b15c9f2d9b722bdfc0e218a379d53fc1fb475b3e772a348976c8553577f2d8950d4b992f85df97a739ed1cb2d47a7cd96d978928e726d1603266d1082adf2e50a3250b10fc74b61efddb3f2177a9a75596b8fdc1223064c8a0a06c06a83f416ea09a5ddf4554af56dfc32f058fba30c33305f9ebe4323ad15f911c10adddd2cbed99365db85477b3ebb69885ce481d554b9be2"}, @NFTA_DATA_VALUE={0x20, 0x1, "23d863feeb13399749a937fa0f64a8399a12a411c45e4300d1fc3895"}, @NFTA_DATA_VALUE={0x4}, @NFTA_DATA_VALUE={0x1004, 0x1, "f188e0d934dd1ff5e9582c40409c35e9081fd840d6d6a8eddf3274ebbb63d2d32865450e5da3202f8d09f9f5a1fb8a8d46dd7fcc9b5d08dbf36f9fd2478759d5754fb7f1aefe0fe6a5f8d3590a6b75d7e6392799bfb416ac2fc9ffd19d88aa574a5348626282d9035c5de3923786f1441028094b69538478f648b1bae91999745fa78e7f0e29331a3e3ab8c228d52c906aec597e6469204506e2ecfa66122f9fbb43fbb8e164ef3c78da7971ad421e14d1e2e2e8a5e47ef51dffd4dde96b1ba37f059c504e705d6d36a6291b4be3b42c66066a0cb22cda7945fe8491a1f3f8749122e99772bec245f9262a09c64ea258ae1b0f2cd77d01abb4da5cf7f713cf2a591f1970e44aea1bb339b5fadb64f80399a2674dad284811441d3a03479111dad54c7958efa5e9c2310f28ab62789f7952920c98fa1495347c84d83fe016902f339cff6d0c310c600f8f691c13a973b2b1e0af9dfea281191ad1acb51cbab960caa3a3318c421d74a12525bca26d61fb83de8c9cc0f3f30911bec8af7ed7d23068f62f08eef1586a25e75b4dabaffce0abc65766afb6f80ae0174ef0ae2d86892f9887ccaa432a035daa5cc139270d76fbfaba26ed6adab891ae526c49434f6aad0167c1804d1d6b11cfd34f5ac2d8b22da7edc221aea3c33f3ed1094a9c87da377603dfc2d029b6b966762d38f689b072534519fb3a5e62b2ffce6a4a35ef3db68d6064dc2d5cc4dab9691628bb46d42345034baab6a97b38c4e792cca6529239f65abcc46113feaac9eb83209cddacbd7624395835c10d9b950e14bf9b0fe823898d1bfca24e2f4721969d9e2416612c6b32f095ed1fb0fcb2e704f94fe0653a91b9e47a1d986b724712ed5151a4c180a3e479083430fca71510e12075418a61c8edea3fe12380120bb36aaa0864180ee8c2ca66f7cc4cd9c4baa2d50584713063b70665bf9d9e02b370585c24046dc257314680c0f05acd5d7bfa49e37f58ca445c1ca8c76d3715754089f23b886092b74cd11504c513b4c28abd68f436385abc27fbeb55c8e1fef800f9de762cf2c690f56748e3162f99a560dc3f689645f46e0c267deb77d73d2b707cac6949c01f997606485a237ac4af975282435ec5d9bf9552bc0823df2262df327681d3b899a3020de89fda58fd2e5b8d7718116fcfa60d97f81a7bba33c59ed56362f4be0333b66498fd4d020aa4188eb06d4e708046dc173a7f09d3eab1adc369f2527a08a1de660cc22fdc88ac4a5a7f622c7a0ef9fbd31ef2f7610ccfc17259bfef941d6d60e7ffd4169f05eb4b94813b3898b50e56cefc7257dcdb43e1cd4c49b73551df00b6a8e6d8b770af698c131585cf116588bd899e34917ff2191e67abdf023656e01d109cd07ff5de25bf60c46cf156c2bf3ac26d6eebfb0f10366c65d5e2feb222d7b2e45fa8f94ce8af2765005b8b4d5c9fab73e673d9f6679a044cdf923fae94f99058a309858f97babffcd3f7c1875af65366c6354a98fef1155bf68c6dc681b70060cc631df36b29cefe5c0a2e9c82c5dd115694bf735b948301c983c215c008d2567d2dba0230e90a529faa4b64979292f5c228bc73bb4149f74172b6849187cde3fa4197d1447a6abb848c70635da3c71fc1daa673306af65c0fe9f033335308e0ff92f71ae3800e69a8121daa895d8a4d045ec09c89e9b9979d6504e7feebbc1b23538ec347da1d2caef2c70bc37ad441514afe829cbadeb8d70573f5df91f2b99bdba790d43993a93641cb24411fff331ce38aa949d0c7c5dc7bd9198d26318fba48afb6b2e63cf1d60545b5b888964f82625c6aa545d32cd3c2b3bc94dd5f9bcdb3d055f0b07e83a4a9d69ccb3dc0fe8fb97fc6198af5475d66ae0d596ffb197a7bf8d55667e64c93504995c26d0cc941ca5b1ded4aa0fbf1229a2304cba9f341f039204f9afd1a46bdf2ce3b3ef34a2ebb592b7edd525413bf43c16bdfedb66f86d753c63d85a8bd1b314bd64d90f1c31da37704bbfc3d731d3073704642a278be080201a78308cbdf90fdcb2b6e849b335895ef46e20227ac45d40f215bd8500e02d92a3a5608081dabe0fe386bc5ef0e053c87b1cc6fa7b694a671cf3d041ddaf749dc1c1d0b32e5fe6fc8fe83ea1ba7ab68032df9823d53af2b0c40f415d322ced53eca0b005d918930e88999896b968b9084fe2ff32728e4456c616f6f07f212c5f7b85a58fbe4283c7a1d7c942d4ca6ea73585c5e86db00b6badcd9917e8597a485794e6239b4286e481bdd6a04758b080bc3ccbb2e91026b6d74516b723b1744cd14b0a0577c6ff7c2af3f8f671be6a0ba54e7dcac866c86c8cc979754b44af1e53dd9264bd5469eb8be45b4ebba1fd645dc987b352ae2b303d7ad5d54e0100fa0d3b95847a2bab3394d5799363732649684a84d8b8ef450069e82ecb25635887ffa9981ad7311dc66a1171d000d82bd1a7431987abea23d68cb1c660786e049b6f16c51fc1719f24939efffdec44d27b4d3782df4231932c2d1de837d12c28ee91197a2945bfe3889968df97393be58bff762a8666279881ca4a4bcddfa5ad36ba12bdee6ee34a8c040a2c1ba0575ae80d670315e6ed907cd6cd71770d4dd7a240701939f51ff41d6b910f674082ee1744d3f2bdd13cdb5947aab98b2b42c3def47b4a3c17447bbf403c4d4cecea6bc89a04083630a3803d5224a0c433870d65139d78b86822338c489cb2650d37a647bdb85368cfae29f0eb3d8bf2fe38f753d2c282bcc7ec0a4200fa0ef28b0fefe5941cfaa7ae2c6be7fe2419989705782ff949fef0b7d5c308ffae8b0a70b81b465d24eac41f1347cbc545887a4d76148fba01ceeb4ac0a798af8bddf83aafde504b22fe06e2d8b89388cdb68bee7c64fcf37db440c8521e45d31567ab7d5a8b2d5cb14be4eda2f0d5ae46ede07756de99216ff6ac6114277c0876a94cbe236e1843811d2947a94a578fe44c09bb14e52ca9ee1a3175ddda2055157f3be1b3de0a81e893fe64f7d0c81cacee31943de6cab7f4d9dbc6743b63e2d03162f3e44b03c1e3bdbcba5bab31c6373cbc6e0949d74e4f93c678c46b32151b77859ea22e42eae975d678738dd149e1a49abe878ffdeca3ebfeab5682bbbec1ddd35baec9b3809e757bdcfea2d19727b122b3ff4cb1309e12626eada886dbe72a8b46f1112d6e6704b75770425fd26923c65f2fd67f23ff99a81878fed3b01084341c4aea624941c5119965f0d50385611c093b99eb9be0a778229e0c5d7902512a0f04b5dd4778567d201d62882e01d08d0ed5e28ac6f4dc1315fb796af71026eeb8a33885dc3ae7a29684fab43dded711aab2cecd3f0890deaae6cdedf67fd2284e8d9022643cbd6c6318fa074e4d4d40580aa26f23fc01e9ae58806a20fc34277d79c9d630e27b3ff35ef5f5be3eae0118911b05268fd21caff4e7bf4be242dd03c8f1473e51557ab41931420f868274d366447eb304137af67c80f9724948f52dac9ec4c1df51bd2b86bfda56685d09161f8dce3ecada8cb058ade31dd4649e1d1fb7d6c548d45305feeafabb8cbb6e02546624bad72f7ce99b0c9aec84de210df5679437876869564279ea013c13827d139ebd34dc0e8d0da3b801cf1287ec1bf9213df8868855948e75fa81929af82f7724af1736690e52f3265236b90c51452a1c4fafb1b8eb266db73ea07f8a7464cd32f287ab2632634e2d9a400bd701c1890309f02d1f83b7638a56abbd0bb094b37a83a0188d85be716edd2ca5f8ba9ae337ff206fe0ef9caf3e2eb11eecbb8e4c12eb46379eec542adb0e7c577b5c3476b96e8633a919c5fa5c679387ebfdf1f8e5ab254892db489e3996577eb27428a160d65756f28862c734ad96608aed33146746c9abbb282156ea92ba97db40fd61234fb1fc8784e86b8a641a5a90d29766e70616590f4d177120f00623024a003097411e20bd97e0776c567c912f8ca88de34438137613bfe90e38bbef1f7f3146c71f5baa47db8ba0855f3980453bdb68ba51cc1ae8f6f33d1551e1bc1de1f930a483162bfdc08ea552f8cb5a8f6b711ba9303f3969d1642531674f34b3a6bf4f3f8c344cbcbfa86413212fa127e04d5b649eea97953211b3c103590cd70ac55a80c20bf695bda311098cdf0d22f7808d6dfee40c8306db060a254ee80da56ec6c1ef262dea25714edf08dd5379261ef333e8772712540083e852e775b02a8b922b49e7e2b4f5f442a577d3a4bf1a7ecb1094d25940a0d0f33165a9da87f866fcfaa82944ebae87275c98d158a8e3e2086649cf84193789c01ad6465d27949b98be25677bd3c35658b3208698a7d5b054af5a4521aba4046160ee9fc5864d293742b52399c0919a6fb354a108f8259ebf0505ea26370824299393339e1e524b933f7f9aa06dfef5ee37d0de9d1a20465f655f6a3598d75b8b303f8d997b8d50d8bfd0b79792b023ee1f42a362b720ba5e0c645842d9ca536075e233b78d33d97e896d2572fd39c087be4295f4050681e9f9a7f87504e8b0c9733045eb5e6821accd1db0acf7b9749234aaa4d95c726291b9598a4c604d639ee91f14b4653abf220d241586aac9c78ada840fe33654de0625db6265686377531fd21dcc5f5a0da6ca40f4b338dd400f21e2748686063479e830efb8214fc95225c8f05cb4dd6aab76ec8d78addf31e627be6e324b299d7133e37dfa571c519fef1aaf490cc087213af6a147aa0e7b491f074f1aa2c951908e0c50deb1f1e885026dfc8c59e586b20eb6f261bb1f73be9dadfdc470b5c932a955d8a9ed856016ee4df3e0d72a60eda0738027dd795ec7d1bcc0ad26140b442cf7e42dbb52992226cb31b2d1e877816d681ea01e557ad8bfaf6278e3689c93c055780e69f076d5e99ffeb3e5fe47267d1fc3e635838e03c24e8ac546df83cadd0c571a8e6bdeb60983df58701bc1a21dfd96470c08b186b018c03c94b29623c0f7cbbab8cc8d889e3390e6edfbaf6ec821d1f8231b8470efeedf30c3efd76ba5be4d77ca13d34a3460ca722be4dd06590e6ec9ed929ea86b032c6982c3d09e93ee039fdcae631a390f341e5cc6bbc8cb1bc622f04b6f0707c2bf5e538b9ba7b60d4fe1e88b01acaeb8d1d71309c65c38b7514c7d3919451de3c695703bfded0bde3b1ba944ef8e94e40b15690c4e775810d1ac6d43de234764d6abc6978f1037f5a52bdbd1eabfa6717256fa5f5b5df94081b4bf45c25c86c7c429e870a77c87478e45b8427f0e7be34d80db3f0bdc136b05e5fd5fdeaea6b82d08d42c5dac85d7455ccd811ece435fd7f64297a843ab84a3f9daa249edf8bce696893a69ce16763060016f692778f3c05d707e212f80e66ac8e489543bcb243795ed6fe5a906b096d6e0d3d507a125da3da8f58ca489665b35213ea607f4d93a26e49e86865fe34acf07512187c78fb781a431e5ddc2a964be6994394dae48f26a733accd1942d813e96779e7ed9259f1ea8612255e8aac088cf288a239f134f67ed4783ae8d187f728c468b4f1e0e307b72dae764d98956e8eadb2b074cf316463ef68d825ad61b38c8ced3cd3de6add36c4db8ba06e93d5f3a471af9b6f59c25205befd96a5a1f33b6a7cac4ca73541e1f6f32a63389b949652c011cbc69a7be369471a531ec04e36b6d76bcfcaaa904334509fe2005ff12d61c58f07b03fd0e1a5debd53b8fa25f4c73d460b93a6fc88ef0bbd73635165ec57c4828c6eb7cb3b61d01e18508e4d4b96b5f3dcbc9d81d84249652b8ca96dc6a7ee7a7463beb110d3cc069a0d080d9910ff4b"}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}, @NFTA_SET_ELEM_KEY_END={0x14, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}, @NFTA_SET_ELEM_USERDATA={0x32, 0x6, 0x1, 0x0, "d2923875df564167111731cfacf48ae10f91b8427d5db9ffd45015f07f56ec756db25da3bf3c9b288ccaf3ee6a82"}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x9}]}]}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x26dc, 0x3, 0x0, 0x1, [{0x58c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x14c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xac, 0x1, "51bd9b6139872274990ce21c3466f9bb25541f3c521caf4b0cbff61fd6af75d65bbd515cd4461950ed05b387d544839267d431eb47acea1448ac40c047c47f2c1e9255c8aeee234981a05f5f8d2bc49e1d11c3a0e27646d794d2b072e223db8b5706bee44ca5b8beafded6c826abae4ac74570ab4563bb640d060e560e53cca5559e68d405758a6df12f7ebb8d51d404bcba045aa4d06882f32a9a437e60f689b14563e6f7b43c94"}, @NFTA_DATA_VALUE={0xc, 0x1, "a09d3409dcff7bae"}, @NFTA_DATA_VALUE={0x63, 0x1, "9bc1bf525213c24b7ab82c7b09b93ad08db84ade9cc53662f5f9f8312a6af013f0bed72815dde1987ef9a4e645f92dcf1e0b9f6b2852541003e22e3081f0af6e90c8b9f317235c7cb57803da94be799070dce07381766afd14c61410b16deb"}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}, @NFTA_SET_ELEM_DATA={0x214, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xb5, 0x1, "1616e5a4fab4506b09f0d05f153eff11239110d70b669b83f043c3c9b948aabfb909416df505ba727dc4af9ab9073aa8c21031bb7fe69a74c52249b49dc46eeff721510b4060ceeb1b3c66941e69e847aec76a7856fd688d59f48e33c28f4c526bf491c53cdf2364bc978d3304a77c483ea4e82a29628335e3245f0565acbf6da88d52679e4881cc2dce931a7577edfc98bd399ba8b91045767a20a6d3f6962143c227c3cc122e3fc626d3d74449f32111"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x60, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x7}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_KEY={0xc8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xc4, 0x1, "d2b89e0a8744af18a9160f044d17cbe73b6af79b6ba6b343f28048529e6d4d7386fe33fc5e7f5d7d753871880ccbba2a0a552f7a8a67efc7bb413f710b6e00008b475d9f15f653862e026f349721c86f27835608ce158ec7adba54f6eedfe8b1b24a0cabf2e4670b9bbfd24b2d114caa0162578bfaae9d8253ed6e16da8e56a3b0ba8f94a8a20bfffdbffecd9a07a6ce6ea66b169f0396e6b968bc45e0304d848a3f4fdd4bc91f48a71542b041501a3afb19a8a8ac9d1e344689623688073ae1"}]}, @NFTA_SET_ELEM_DATA={0x148, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe3, 0x1, "35f2da38c05ee033d2a437fc8cea8dc9c9f40cb5c329582027b9e279bf13c102bf77290f0be27cb8f761ad48520a3339a36cc671a9bd3b9c11d74843b501ca188796649785eafb1b223f6a690e1d0fc2cf71f6a51d4fdab279689974475d67f7354f372a860f2fb84341d4f97e23492e08a94f8de1edd6675db9518dc39eff8b32921da4d434696643b36ce017431f8e3b86c530b65d0ab42c2e59bc30733a225f4e686db4ba43b87817b282776646eb05875d76bb9382bfef5cb6c9729972a5cc13f8eb6d80601f175766171b570efaa2df912b4f8fb7fbf0358ad0deba39"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x1d, 0x1, "5ce3493406610c5a2d60c19e02bebde3ff92f1fa5eb639df56"}]}]}, {0xfc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_USERDATA={0xdb, 0x6, 0x1, 0x0, "1ef9315552fc62b0898dfc1430af2507f8d1222b8cfc82a159137814d763e414bedda8a879b6c21818df3497727df0a050429e030d9705aa6a287b628885c2478c9eda4af408e1205335a94db0252edd768dd373ee8762848a2d5224db5352ad6c2055a620d3e29cafb0bc8cc0cd9bdbf4b3ed4016f7742ff7afd8cff7d141878110c2fc4a564c7d84b4d9e3b03a13f877b5dd00340daaec461dc64391c4a70152d2e6c0c905c4527d980f2fda7f017c80d1eb7339cab1f7d5c9a678acb1395092beed6adeb4008890c53d80db8a93bfb818026d45b17d"}, @NFTA_SET_ELEM_EXPR={0x4}]}, {0x155c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_USERDATA={0xa1, 0x6, 0x1, 0x0, "134c167c39ad9385a9757ad18f0676327f62db4837f5975202f00571a1cdcb868f0eed56c04f61e285ad9db3896c32070ae8e565d805f5d0c3f90f8be7dd4108e418a83d17fdcf615c2f822cd9e1f30e9c8dfb83cdfa9564badf58b59e611fce4ef66c05c73aeb213d4c97221e4d31e415bcb3c872a8f5b258f171a299f02295d1f970fc46d3cf0eb94829f917a8f2dbf7f822ea246c3182ebf1f25341"}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x118}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7fffffff}, @NFTA_SET_ELEM_USERDATA={0xb7, 0x6, 0x1, 0x0, "a0edc13066ac02c957f45e5f5c8612ef22c2f4c6b7bb6e7d42edb636c48a638beb4d285e1cb4acff0a27f5e4147eddc7957d7322026a0994d375013f19371ac5abc8982b01b31db1ba4c52416fd562ae362ea201b4f45f1d68e1d4f5448093de71e27f4efd0fa662d910be71271bfafa583fc7d4dca2ca08a2976c60305d5ed2b77ba619b717868feb541cecc7e560233085981249a4c0419bd51306f450dd259386a946f1ca113bb0e9aa487272606836e5f8"}, @NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_DATA={0x2a0, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xf1, 0x1, "d5241f327de1091db485eb9e34f235f94b851baec8867ae5b74da4ef4c85d1d260092eaf1a6fcb984864882779c888965c1bcfa366653c8fecc14fa26c2998bc3744c5d1f030a4ab5675015409a9162577ef838a87561c05617eb502a6e6d1bf71a582447c3c191ee26a2404a15bff1b45d836ecac7e4192a905a711c83313120227fbe61b44a8ccedb71d196c276f980fb6f14444e158bc9e24272f9f677289ab3b10e3cfde1ee461a6e1b8b95e8f68b848f575bc579c29a27c5f92faaefae1cf8d115d7d549c624f84639ea30f508b6d5f938940a7939c0bf65e3f91bee77800a0d14d42d38eb2514cb387d6"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0xcc, 0x1, "1df607629a88c811dfa51f594f8d02a8528411602efab9894d742074343c0806d655868c4df26f86b61665f3dd6507017ec8c76516232e8667075ce92390faced23ecd0d1431c97562f40e9cd6b71cfbab3a1ec12a664f63f77f6112ccd51b26304543a5acb8c7d4fda275c67f910eb7fa3c598f2c6e04d2f71bf151ca9ea269bc7e634fd8e9b66f13b03afbf3e5dd7bccc1edc8ec8a79b594316aaab562a896cd476648691a5b5549f3cad7a15cfd5afd38031da22010333c5b1fc40f6f29ad33126ab88e3c3a58"}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}]}, @NFTA_SET_ELEM_KEY_END={0x1134, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0xa, 0x1, "fc22dce8e433"}, @NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0x1004, 0x1, "a5d2e7e7a0a8b3579293b8920a04aa6b295f5198c58a99640f898f16088a4e87a5f6b1216351cb054b660043d95cecf8e7feff72ad2290bab0bb265ff38d4cd622bb44fc9bcde1b7bf74c2e8dd3a8904a9eb177d23281c1af62d05d3fedb9ff6ae36f28698e857028cfcfad3894c974d22dffd703a36adb7dee6155947c263d39bb96938abe54fc399a2afa530693fd64ad481e21870417654cabc62d6261be846be3731c8ef0af61ee1b32892ffb0b983c6ef6ea48a2e9dd2d849177f22926794678f00a3faeb0e5e255a084224f32a3f826dfb9d00f11f4399b8a3df885510b24eeb3a255947c8e7efb739b41595b15eee362f784614269dfe1c5f2a157e90288690d0b6fd0716fb832a198528ff5036ba04b05d029cc2f4684ad48eb53ec92d53c6a1fcbc09fa76dc5eab3c39cf912c52ae78f561f341cbcbf70ffbd4994687146c0345a53e810b7b5ac9c8b00baf25faa4fb6bae7e1cb3b35a9f63a9fb77cc95769133b85987c5ab8fad6acc23063e18514edce1dc21d92e59f72d86859a6bc4ff0ea37692cc7bee553f077bd5ce8c29f5a39022fd31e876898befa3544375c758d7b1f093e0c9d67ce47af64fb6cd751dd221cdeb6865bf88c3b61bbe367b9d6793053af011eaaf4a57e251abb5af2cb3e3fe2c0bc4ce81c83867a976db679c677be05da81db982a0934a77265ef3e5dcef215ec12cb5f46c58cbe265b4c08197446ea36390c720c842b6cd006fef4ad4f8c50f553f1790fd3015a805e735694624fd5cede7ed95a080a58c075fbaaeefd274a430c576a78a9eeb670b70d5ed433f75b60a13f824f38ec5c39708b429430203feb79e1a2a33af894bd9b0820de144a31e0610af6b4564a40e1424d71e2e3b1bcc1c691154c29837b953c9fcf039b49fa7e62788da7132541a7e6c996a36ad3033314287a24d49cc5351f789d025917072dabda6ab5e66c579a7fd2f8d457cffce0a8a0dceaa7bc01aecfdecbffcb5ba78cf78655f9212104d68e016790ea1c9b2f1cef80009921a4624466f18645ec84eefa4667d27f8a1a780c0b0e87e7feb22d3fce875e576ba66606d1d2b16a5de2c54e00d681dff587b9ce97ab0ef3bce9d40366911384765483594d77e4b78f3b11db3657198405408d34569a265e424ee7c3080a6398009fa9dbaada5e8142bbb6d18b52ee03fb48119695e0b1cbc8589dca81114841ea34354c08f44fafaff0a14b3214544b8d8899c0f6b86be3f4740e1fb79f93fd31ae3d842789ebf2af825c793457000ffd1074b7f1baa682e1592e8b2f37fea6d06ed610681056e7b526eb53cbee16b15f9d70377f22ecb9040ef8e8d70014ac210c1f07493a51f78345956cf359d7c1447e3202b163d0ed896969aa9a6be56c09895e8d4a51587b1185c7e6dbc4d3f110df014b17065bbf581c67fd81aef09169bf6eaf68808c02f707f029cd2655a606d091c2de33afe3872c994ba9f962bd31a16b21886e243f475bfaf2ae5b3691b9910fee4c08b6249a4fe75ec342daa00eacbe43ae1d11d4541cc0c36b3213984f73059919f8a940a72ece7220c2286ac221935daeaf54f8b5fe919a3c9da573beba3b3440b643dc009544a2c431f755961dd70d178b2abbb9c3527ce90197ae560224292f0677034ce29eb3d3acf0eec67dd77206c5fe9dde420a6e1d7e70daf309ef61530c408717a0a0ccf67f191f561d2888585d4736faf46ff3ef9b566efd024e6c892c1e13b4551c26724f836b3cd9aac1c1b4ff2ad807dbe228418f1abda1702813fdcc3b8e5499e050f0a970c645ee89e8196f62c685b8326837956cf8f42f31a83cd84c0fe7a09106b7ce11a7b5a0709ede0efb8b04241f91932a83b2083f7c89194830da6678da72bef458361be576efc25e92a9793a3dc6a5b264ca76a8c95235f51096715c8f5ab9998f3ea579d76bcb62f7236c7ccf58b2921de28be02b08ada311d289f1f83b50122bc8421388bc356dc31712707af9edc60ca623522da73de96cfaa1866a874ca9984e0fddcf037d97b9cf03c41a06c1b0fc26d8046d62b891b6f67c0c9b8f65c05b1f2855f855a2bbf077c8fbd2e15abaa697efde2f30c4313bbb091417937398980d2a9665e6652ecd9600ce408d725f708bb181ac8c7837e083f692fb1a26e85f8983b1d8387ad5715279a865ce77b2091e368d6dacd4d27361bf6e9f327cd3b669080b687bfa346b819544a3faee79029fe9b851d46fbb8864f4bece8b870f241d109579dde19469c6924d54af56a005373766fc7d3b81a6bf1176cbdcc7372c1429260149de38fc1886ab29b5a05fa05fd078581b1baeea13ccb816c8bb7fd3bf5dbd68992cecfa7ddd8ca05361e1cbccd8205f916259f8130e6143cdd49dd4a95477003ab9124d89cb74e19caae4e91b4398e7c7acbe4ee88d75e4ec2f2c731dca35a31cc7b157b58816492924d97f154a6c96be997ebc85cc6bc014e8a050c47efce5ba6b7ffaff0d85fd292b21eeaa3153b57c5d686bb034c4a1ed7e6115fe532388627b0616228e64a0798af1eb6978e514e488f1fd21f346aee4e797081636cee5bae41bdd77d1b34e2a98dbd0c8b77484949a0de8c0adbbb6f37e49b5ec4abb8a16c38a939030e6e7000aa1bcc58d38a9779a1d12be6082ae4558c7665b25c15f15ecae582c6743def372242020436ade4e221a38d3b917b1d173b20755f04107361a0739fe37ec59b9e34f31ebfeda3681d16db750f6a7ff5f47ca27d7a24f1021e00503715d3c27e98039585b421dc9363fd9b8cee65acfab362a239e952b04b32a93e1bb655cde978e4d1f0f0df53e40bfd983e1b78041a93b50a1b128d318cc1c6c95cf064765adeae54684169ca42393d87aac85681d49d2c36fee87f057330417276f744ecb63ae7a97edf2c086410431fc823f29e40639e61103bf614ab7907979c62dd637f99f8e2ef7e4660fa9fc2fc6e68bf956c1b330e90b5f2d6ae9b357a3f98eee493942fed5676de737f25ea40e9a233c010df86a2b40876571244d1b7f8c56d651260751d5acd8836e33f85000179af6865bd7289d383bbbd6c8729dabde186d12904a8641e10e521566f1a26c3ebcf667d0b9075c427168a828163b3459ae4b57460f4d016f4eaecc4ba396b414e81918ff10ac5d71715367977f2be23f6a00006ffad689f406ed36106214a7be637c259a07520c6cbc668e6b2dba57516e67d3b38af71d79e178647b26147f94304a053a4bbf8eaafb16d75d35d15236116704b83ebbeeb3877fc7f3e1430fb4e5592afa9011886213a5dd4df25be78498884318efa8fb5b70561fe4264d0f4621edfb10a9f0429df4ca106b19f72ec47c892281f3a1db1a5f1499b8522f07e8be30dbb7aa58ed289af659a2f874d69cfed3a59c0fd3c3a4359c59fa264a3d72d305bb38bd1f681c6bbe4e524fc5d7e1dae9112f37a7f144acc04060d66b5e4999df5080e9f0628c9c9878d8f18542ad159406727275dce98b2ad0324538f994dc5c90b01d75a82720adb4a8ea0bc31b68c70c8b1340dca0ec4f9199b1b7ffab571bd17422023c7a350e2350179c02ef9abd3608d9394dfb46f2f86fc8e50b4e095db72b8da2decfc8f1aa54802985ccd068238573940ad0c8b45d0726eea04880e1124ad2524a73de8c32f297d2fe6511c3f0a947af20865751f69d27863d9f04ea217e69816a143e89223c40cc1c058d879bd5f5f074593a98fdb4338493a43c89d2f5456380631ab6479ddf898e8c2789a47a323246efe921475dd4f4f715b6d2e9df7210e783057043ea6390005b490aff5ac6ec074c827b584a8206bc53db21bad45010a3506207aa03b88a54ed37d318937fbf67d073c48ac78d002f65d926a1fedcadb6645efc4f2d4db4c5407b3d729801f32270aa8ed1ad08fa135e11ff22d3b3a079085cb31814275d86180869bc2c0a63e33adc5a7514f283dabfe6029def10358bbf53ef1b1e9b0d3eb98960a3c6788f022d6e854d4deb344e7dd5e9574431c1158c34305bcc23192e0a4891411d116c565151049c95073f8161e1375df80b441bdcfcd5cd14477ee7abf6e89dbc75870b5b9ca3044840c0504c5f82c1d785849b6f7001f6339595cab51b313201a1241707d2d2ba38e0ef3e73d55284349bbaa46a85c67f49b9bc899f9df9ebc9886d7c57d925647a3772d63249341b994b0979fc1692d67231a0db28dcfda3ae763b3b0264fbc00c22c073131e039ac2fc6ce7f2d6cd67834c539d1e498eb2a1c29041ec00a8e665778b27985626763fa76a1f8e2ef8e11172d0dbee47331e5a7ba4f525c8ad13fe7f75a71ff758ea962c6cf08fd3453366aa3530f053fc751054fd2f06ea3421504784921b161a10c13c10a632cb233e3759be5fb744e2647a951e61f1dbc5ca1d8422b475262a15731f4dd69b5f8464b4310a2f2c1f17403731493f52cfe535860952ccf0f9be141b6f5446c44d36f78471d69d20a48318357b90656423cd192d2235de5b962d7c1463fb97f58405c5421bef545037d60bcbd3bc30fbcc7c5396cff75b8e79cf78555af271aae0fb61b536537853c9d51a1189cf62b485044709f6c54517a2afe2f912069e45c8ac99af85b14c9a9cb28dcd05334cd1141e2b4c88436953e1236e34b2ba13575c54935a0587e6709345813d1bbeb69209873363282f34b70ff2076e7b2ef5573d72a0dc88c452eef31ffc6a55844d64445e1cb076c9ab1a16f5eb41be0b617df339616f150cd50d5888a222b45e9150b19cc037316d0c61a667b6282b0e26ceb4f3e9e17b1a4abceed2561fd6f288b2e5d49957380bca152ead06506cbd089331eaf3d093480c4661ad849c9a7171b5599a84e2b8b054731a0bc75a06811c99948f994c36403026ece73a9d70ba4cf90a209adc81ad41358795ce171fff892dd18990ab15b7935277177bfddc564e1e5de533b275969fc7e69bbc9fa6252ed2c68b37dcafc18a5058e4b1942d290e712872e58a8ec43521fd20f71977a9adc2a78367d50901d3075ddcecf6923f01fc8cb0decaccebba2fa4beeedc4695aacd34dff96504035811b4a3908da9a6316a52fd8ed3acfbe770f28dd2f8d74d871421bbd1590403d7e4a8d997bde20ff76216e9aed8fa3ca52b33cec8598cd3ecb04992ae33181d4b43a4b4c231cd1033ff7bc8e25967123a4215d978728cd7725bf8194b439c78fc1e0193bd5b5d8bb3e2d7534b4b6525632260826ec0ad40a43cd887d1dea1186799558e765c787882e86f5e9d1d7eeac56640f25a49eb5745ac7d6ed4dbe6b0c9605cc7cd0f504f425913171f99fdd2a89d108b22eb42232a9b455579a59912c7444b0ed128200b9952afdfa85a127e1d107dc509159fc52e9276fdc4f179d3147cf808fcdad5b8956a4efb2a27dc54805cc6c62247e913e9f2e7fe66152e454f8404bec0789ba94a3fc18be9f03a491afab1a79ca28437fbfa16fcad0494e9968433704ad83c142eab325cf8599c7d67c918070e5a78056743b6ba33a450d0ad4870c50bd4083365e6478d05d6624cc44b35ac233d60c27761722ca57b2dca012d621243de06ca3bc6ba14c9b21d47831313fce57b66bf09b71c38c260584a32bbab12a5131f4e9165d998cf033bad8a0df11ba6916a9f4737dc59400827c9a7a4489712314c740a2b8116c61cd7a0c5e81d532839bc68e2844416f7a2e20a290a3a9517cd5cc3d87425ca482265ed95d1501268e7b94ca52de2392bdeaa5294f9f7b86279dfecbe28b311ca469ecb18ac02c6100cca5ee676e3df964"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x21, 0x1, "9e6c63e9a32015b7f74b5a6050d909979f1f4048584f0901b0051f75f9"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}]}, {0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, {0x210, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x20c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xc1, 0x1, "71076f12ec2c35d73b19e9eb300cea2b72a520bcd8dc1199f08bed00244cc6a5285d3ced78bdabe75b5704bb9e79f525cc8452c899c9955c50e0100a0fc0798e94acd76eb5fc67ed1503c25148c7f469ac96fb8e5fc51f25dd115893b8797eda0f7582b7563cfc5704c0cb7f98df3799412880cd782972e0621c8c2678d41d13a0e73026834f0e98e72272d1be063537b07ced52738e888cb7efa25200231fde11eed37039c91f56f7b173435b168c20e65ebdc4b8bd84ce6b4737ce9e"}, @NFTA_DATA_VALUE={0xfe, 0x1, "f0510c7c83ceba3f2c226a0312c52f4b510109b88be04df8c43b70c05953c0d997e63f61d473f4a3910ba7ae50a5b2dce3432eb0622ccf2a1d7dac46f628d4a35e63b864764655cf246680e5e4e23e4c236dae5f0be46290000dfa649d0713b8f6defc19f105944758a270e7e779a18f6d2c471462534bf2767e2a9ffaa970b00d79c31bc7503af66da49cb0ac486c4db78070667e9709774016ddc877e547113f17d0e833ed1eb410a524da4c551cd4048d89bf971d92e90fc1085965b9e3b92377caa548aca0a3cf831c57437179454527aadd8a2cb27550f551c31fdcd9cc8dcdfab6258a83d22e841cc888cbc279949c9acaecfce619e280"}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x5}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x17, 0x1, "ea90dc89f11260077bafc7c4089dfd36439308"}]}]}, {0x1e0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x19c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}, @NFTA_DATA_VALUE={0x80, 0x1, "8775a083808825dc11d04b2d44072f36ef1dfe8b0e5cc2f2aa2faecbabe37a1f81594ec346cc634d38e7f38d17355efb822f4568ca80c818b4b0863a381028a6f5225921b4b87e39e3b547a19880f5a74d01083b1d0603e91b2969d9bfda1fd95c6bca02aa92094dc139711bee214e8789b72d26e90bac52ed0c27f6"}, @NFTA_DATA_VERDICT={0x6c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x7}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x7}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0xa7, 0x1, "1b1b613918d1c27d46e75dde63b3e2f56cb965b3dd0ae6d43b6555bc1d07cfae22c561b6f4c8617301319a8d93107f30adf2c92bce50e09a4551a281e78b8765b2cbda27e5c95b2b7a3dcc6aa7b076524ce7f3a9320b0321bf4e7586c730a9f37522b0a77ce949205c4252dba7c9266e3d6dde2cd11827cc9008348f26db063c5f01dbebe843c02b04288102a1b19f104ed5fce1e6351a6e6d0733c149445344a33900"}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x3ff}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x10001}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}]}, {0x6d0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x2cc, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VALUE={0x58, 0x1, "48d5119792e790f1fa6b9af23613516ce5ebe6ca75e546dd4fb792c2374011c19c7f3ada2ab6757855235daa1fa036587c606e8b2d5b46c6fbdd390f95f5342056f0358ff4b2917259f43a84a343ed4baeb9b0a4"}, @NFTA_DATA_VALUE={0xb6, 0x1, "899da33942f084bc04c75f86c585ddecbc33700432335e711fa03dad6c11c8a7109400c651e826b51a980799100787381d8862b3f9c5dc1bfcf7917c575fb2cdd69c440d8859c52071a9615dacd777e51db24aa5b1f2ac7d1ba41c7fa6bab132a96414e0e7d1c551287a84fadefe201240caac1f30b01c60dee74207b44cbfa93238faed2fabe19d84abcda228378c1ff2f67c131b913c39274685e8a3e413fb1c52622f3018a3bee5f1033afa32b51f9b3f"}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0xfc, 0x1, "053d1777f2284dbc9cf8a47487d841ca30d5c6111142ff026a38e88ae5726b478c2d1152a0adc2b6185feb41fe9e052195f38a9560bafbb314b6c015c66feee5c48c7cbcc0ae032267a9bff54ca084e42266cee9368b84e6fd68d415bce9ebfb77e6c05e88c35f28dede4fce32f44e2fbab46b54a39c9867c4d381e81a930f957bbe2833de33b5e8dc8f1300c97cce8990bfdaa1cd72d5b307b02b0c59fa31dc2d9f25df29a0f7c8002679184cabd81a89e73cb0ba640f363e5f151b25d55240353ef70e4c3a0eafcc4ed8398248c026aba8f3b23b65495cabd153ee5fde50510a32f0535ae5f08439be2abe33978702c4f6fa2e7b06e43c"}]}, @NFTA_SET_ELEM_DATA={0x48, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x3d, 0x1, "8063adc781de039e24a35fed0b8aedcd08715dc33ff2b04a105a72bf0b40161ba360c8d4c139aa49aa2765ac467243a28aa7c40a6dd6b99644"}, @NFTA_DATA_VERDICT={0x4}]}, @NFTA_SET_ELEM_KEY_END={0x180, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0xfb, 0x1, "143885d1796bdb3e8b4bfd570ebeaa13a6d76bc4c9c77c37088df762ed0e734a1f46e6e176fdccc4301cf52f5f7ad95cec7f8955e227a768b25d3f71e59882569900ffd0fc63fc1ead5a28df79d7e7004cdabbfb6dbece87ad99df417722379f1d9d41215d5c240e8bf76b35824907f881adbf2badedee5ed06d0c41ca452392b302a160cacb12ac02939c355b7b665e7abba3a614f7d6c3b815793b15ba2a953c412b7b9e735c11e907e5ca6a2614ee186574bcdfafaabaf2ee101862718581691f1de2e5d081fdc352bf2719eb7f5a72c1903606c17ae06c504cf3fe2b97f384240f2132c4aae1f7fd813718fdc1e2299fecd8fcb673"}]}, @NFTA_SET_ELEM_KEY_END={0x234, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x89, 0x1, "d57a61c89b2ce9f64dc5d88146dacc2af56ebd75e3c2feead3c0b7379c8862740a6012f98230a25d3193fa55d247cc07617af00c798aed64fb29e44856686fed4806246cb86742532ab147999f3282a65af902d9909b448d84c9d742d80d7a652667d38748b5c45e544450ae6196b538c316749d9162069944a544321555d1ba2f08ebd398"}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0xb7, 0x1, "88fcda242aa41ce9f6e34c33bd82f6f810fe6c025189c9e36f2dc3149b1b478fc02b2346cbcd0a0aa37d7a91ea5108e745c846fe637d1429dccc8ac5dcd9ce1035dbfa0b7d8691c56e5c70d0e16e4526483f4ad07f99e4a1ad750166ea521f7a7c4127be5c6c3616312898a98f591d1f137a2293e6f149ca2c7fea87c57e7ca8c6fab991b46a0777d365de171ce741e4938782557fe5e529f02e4fbf5143bbc14252c4f980dc9b1a39144162c27ffcc8a4201e"}, @NFTA_DATA_VALUE={0x16, 0x1, "30933c4af491f38f0a0d7d8af5e5725ee3ae"}, @NFTA_DATA_VALUE={0x6b, 0x1, "5a0ce0010044345cf9fc9f69669d2707a257f2c435ffdc3efed2b95051b6a0eddc99e586c54d68b6c198490a05943c2ab3fe3417376dda455bb49e132ab59b0e0463399ee647c2feedb910ebd2fc320dca29013e92b44482e38ad5fea30012fae640115f3142c7"}]}, @NFTA_SET_ELEM_EXPR={0x4}]}]}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSET={0x38, 0x9, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x19}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_FLAGS={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWOBJ={0x64, 0x12, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x4}, @NFT_OBJECT_LIMIT=@NFTA_OBJ_DATA={0x50, 0x4, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x8001}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3f}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x5cf}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0xfffffff8}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_LIMIT_FLAGS={0x8}]}}, @NFT_MSG_NEWFLOWTABLE={0xcc, 0x16, 0xa, 0x1788f9206e540d46, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x7c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'bond_slave_0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vxcan1\x00'}, {0x14, 0x1, 'team_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x4f04}, 0x1, 0x0, 0x0, 0x1000}, 0x1)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:08 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000)

18:08:08 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = open(&(0x7f00000000c0)='./file0\x00', 0xa0002, 0x2)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x40, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x8)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)

18:08:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000)

[ 2712.890137] FAULT_INJECTION: forcing a failure.
[ 2712.890137] name failslab, interval 1, probability 0, space 0, times 0
[ 2712.892709] CPU: 0 PID: 14043 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2712.894100] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2712.895823] Call Trace:
[ 2712.896401]  dump_stack+0x107/0x167
[ 2712.897156]  should_fail.cold+0x5/0xa
[ 2712.897948]  ? create_object.isra.0+0x3a/0xa20
[ 2712.898899]  should_failslab+0x5/0x20
[ 2712.899700]  kmem_cache_alloc+0x5b/0x310
[ 2712.900570]  ? mark_held_locks+0x9e/0xe0
[ 2712.901427]  create_object.isra.0+0x3a/0xa20
[ 2712.902351]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2712.903397]  kmem_cache_alloc_bulk+0x168/0x320
[ 2712.904331]  io_submit_sqes+0x6f76/0x85c0
[ 2712.905220]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2712.906276]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2712.907269]  ? lock_downgrade+0x6d0/0x6d0
[ 2712.908144]  ? find_held_lock+0x2c/0x110
[ 2712.908974]  ? io_submit_sqes+0x85c0/0x85c0
[ 2712.909886]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2712.910906]  ? wait_for_completion_io+0x270/0x270
[ 2712.911935]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2712.912893]  ? vfs_write+0x354/0xa70
[ 2712.913660]  ? fput_many+0x2f/0x1a0
[ 2712.914415]  ? ksys_write+0x1a9/0x260
[ 2712.915192]  ? __ia32_sys_read+0xb0/0xb0
[ 2712.916040]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2712.917145]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2712.918229]  do_syscall_64+0x33/0x40
[ 2712.919013]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2712.920122] RIP: 0033:0x7fd673b8db19
[ 2712.920888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2712.924677] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2712.926267] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2712.927752] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2712.929271] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2712.930750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2712.932275] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xeaffffff)

18:08:09 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)

[ 2713.415834] FAULT_INJECTION: forcing a failure.
[ 2713.415834] name failslab, interval 1, probability 0, space 0, times 0
[ 2713.418509] CPU: 1 PID: 14057 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2713.419926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2713.421613] Call Trace:
[ 2713.422152]  dump_stack+0x107/0x167
[ 2713.422890]  should_fail.cold+0x5/0xa
[ 2713.423662]  ? create_object.isra.0+0x3a/0xa20
[ 2713.424592]  should_failslab+0x5/0x20
[ 2713.425370]  kmem_cache_alloc+0x5b/0x310
[ 2713.426210]  ? mark_held_locks+0x9e/0xe0
[ 2713.427049]  create_object.isra.0+0x3a/0xa20
[ 2713.427976]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2713.429027]  kmem_cache_alloc_bulk+0x168/0x320
[ 2713.429970]  io_submit_sqes+0x6f76/0x85c0
[ 2713.430847]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2713.431871]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2713.432873]  ? lock_downgrade+0x6d0/0x6d0
[ 2713.433726]  ? find_held_lock+0x2c/0x110
[ 2713.434572]  ? io_submit_sqes+0x85c0/0x85c0
[ 2713.435464]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2713.436467]  ? wait_for_completion_io+0x270/0x270
[ 2713.437458]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2713.438412]  ? vfs_write+0x354/0xa70
[ 2713.439178]  ? fput_many+0x2f/0x1a0
[ 2713.439942]  ? ksys_write+0x1a9/0x260
[ 2713.440726]  ? __ia32_sys_read+0xb0/0xb0
[ 2713.441566]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2713.442648]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2713.443716]  do_syscall_64+0x33/0x40
[ 2713.444487]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2713.445545] RIP: 0033:0x7fd673b8db19
[ 2713.446318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2713.450102] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2713.451651] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2713.453114] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2713.454576] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2713.456050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2713.457517] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:09 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x18, 0x1, {0x3, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:09 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_setup(0x2aee, &(0x7f0000000180)={0x0, 0x5138, 0x1, 0x3, 0x245, 0x0, r6}, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000fc3000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000240)=<r7=>0x0)
syz_io_uring_submit(r1, r7, &(0x7f0000000280)=@IORING_OP_FADVISE={0x18, 0x5, 0x0, @fd_index=0x3, 0x800, 0x0, 0x3, 0x2, 0x0, {0x0, r4}}, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:09 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x10, 0x2, 0x3d}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd21}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/unix\x00')
readv(r3, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1)
mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3e4bed71894973fa)
getpgid(0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0xe1, 0x4, 0x0, 0x25, 0x120, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4fd, 0x2, @perf_bp={&(0x7f0000000040), 0x6}, 0x10814, 0x7fff, 0x1, 0x3}, 0xffffffffffffffff, 0x8, r4, 0x1)
getdents64(0xffffffffffffffff, &(0x7f00000007c0)=""/180, 0xb4)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)

18:08:09 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffea)

18:08:25 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r7)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
read(r5, &(0x7f0000000340)=""/189, 0xbd)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 2:
r0 = syz_io_uring_setup(0x158, &(0x7f00000002c0)={0x0, 0xe6b2, 0x4, 0x2, 0x8f}, &(0x7f0000000000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
syz_io_uring_setup(0x1000001, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
io_uring_enter(0xffffffffffffffff, 0xb61, 0xa277, 0x2, &(0x7f0000000240)={[0x81]}, 0x8)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}, 0x0)
syz_io_uring_submit(r4, r8, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x3, 0x0, @fd_index=0x7, 0xee4, 0x0, 0x100, 0x1}, 0x9)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5e, 0x4c204, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x343, 0x1}, 0x0, 0x7, 0x3, 0x0, 0x40, 0x0, 0x1, 0x0, 0xe83a, 0x0, 0x4}, 0x0, 0xffffffffefffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x10000, 0x1}, 0x1)

18:08:25 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x24, 0x2, 0x3, 0x5, 0x0, 0x0, {0x1}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x14}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x400c080)
perf_event_open(&(0x7f0000001d80)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r8 = openat$cgroup(r6, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)
ftruncate(r8, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 0:
r0 = syz_io_uring_setup(0x8004d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4000000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80800}, 0x7fff)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

18:08:25 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$BTRFS_IOC_START_SYNC(r4, 0x80089418, &(0x7f00000000c0))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000000000)

[ 2729.367189] FAULT_INJECTION: forcing a failure.
[ 2729.367189] name failslab, interval 1, probability 0, space 0, times 0
[ 2729.368667] CPU: 1 PID: 14093 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2729.369453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2729.370409] Call Trace:
[ 2729.370712]  dump_stack+0x107/0x167
[ 2729.371134]  should_fail.cold+0x5/0xa
[ 2729.371577]  ? create_object.isra.0+0x3a/0xa20
[ 2729.372078]  should_failslab+0x5/0x20
[ 2729.372530]  kmem_cache_alloc+0x5b/0x310
[ 2729.372996]  ? mark_held_locks+0x9e/0xe0
[ 2729.373467]  create_object.isra.0+0x3a/0xa20
[ 2729.373974]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2729.374534]  kmem_cache_alloc_bulk+0x168/0x320
[ 2729.375056]  io_submit_sqes+0x6f76/0x85c0
[ 2729.375529]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2729.376226]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2729.376840]  ? lock_downgrade+0x6d0/0x6d0
[ 2729.377364]  ? find_held_lock+0x2c/0x110
[ 2729.377885]  ? io_submit_sqes+0x85c0/0x85c0
[ 2729.378379]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2729.378941]  ? wait_for_completion_io+0x270/0x270
[ 2729.379459]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2729.379984]  ? vfs_write+0x354/0xa70
[ 2729.380398]  ? fput_many+0x2f/0x1a0
[ 2729.380807]  ? ksys_write+0x1a9/0x260
[ 2729.381320]  ? __ia32_sys_read+0xb0/0xb0
[ 2729.381833]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2729.382469]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2729.383125]  do_syscall_64+0x33/0x40
[ 2729.383599]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2729.384253] RIP: 0033:0x7fd673b8db19
[ 2729.384654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2729.386746] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2729.387583] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2729.388398] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2729.389215] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2729.390023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2729.390915] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:25 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x11, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x9, 0x0, 0x0, 0x0, 0xcb3, 0x88040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x800000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x501081, 0x0)
ioctl$PIO_FONTX(r4, 0x4b6c, &(0x7f0000000180)={0x1d8, 0xb, &(0x7f0000000340)="07a82444534f9131c0f5b7168fffb100409017da58a392f41f89fd333dae84ca43173129913e52b3bcb23a7d03aef3c411510786e7c6a4242d803d11d5cf2ee9002cf7d13a9bb697019e7f92cdcfba89060c317becb512ec6bf96b1eaa5237f6bed5b255c4e5f735d708fc703ecb711eec05f0d80b1d98c651bb6483fb2133bb01bc42864d9ed110568bf026563de46b415d26fa64294e68d06537966193b4bb7c6209fcbd6c855fffb8727ac3c71f001abaef50b6c2fd5e80eb93e512ecb31921aaa44fdd3e44268936f72278d0d1fd31b670fea9f7565cca9553771923ef464ea36710db21ae84a7d7bb6b93ed3f7cd10bb158da6fb17f0f6822dad4d91dc93e0be53ffb35766b433dc72c7e88173d0b7ddd6d8df36598ebc290813a9ab7a5f087cd018bd90541696e45955749740c09592278b85e8d782ee26026f589ade2e272868670e146434370bc66bb14cf5f39dfa12f46851ac6bb90ab29c4e72a21afb21415bd9e18daa74c71212298f934eed4268ee5f9a5e1cb33ed1c612e82b21342597a323bb925755882b527ef3ced55ef49a3b946da3a298e4ce0dfdf00bc40c44e3ca3ebf71fcb4cb898092253ad2fd35535a4a18ced6d935d58651c66bc39302dc3de777f7b9751e88001967f95164c43a50dc3de3408ab28fc68fdc96c253f6188613eca898795cde5ed42eb0dcd67d6fe98972053fc3b5a712b62c53282cd983fd1608e7cc93d2d47266a60d05ee19b9cfbf225b639455a42803ca306e2d94f8386b802c1c5ef04761cdd3e55398e440b5127ac86695bff28ecd8c170aa7998c567d583fabebd8330a55301f59c2c52a58c1f5a418928aeb0201abfd6075d24f47ed7b6dabc72a73a2976e76bb2c78d6db94f923863a480afcfa6633d4c20fdb8cd38ad619405b1f0cb55f293031ac94141d75fe6a6b369588456d93d194dc0843f6fdddbd9a82119af996806c9723f3af1b6d76219366a63ea40181283e2281a1b9bd763f56a039c24d73a53c12a0838e1773dd137fcd5e3a23452815159d29043dfd435bff9d17f3a4d680bc94c39c6b1b0a69befbf2c2f79a1fd6770d763946a1df61f0b6eb51d384b62dfed721e4e01cfbe0f675c234033d984817a033179da3f18afec3167d2125239d5bc52d8f97adc15cc5619661e9a0c248df8a19f202dffab535e25c692152b55937b5cd1723518559363e0985809c31c4000816c4ddb038b9d7f50552d393758ca54e5cbb1e8e46fa29d4cf4e1d5e11bd8f37fc81846be90fca6a839d8f844b26c966f98b5165ab0dc44f42ca67a7937d5068aa13923871aa2576219246c53b5121dbb7d06095936996c84d2e501daba18b9de88fcd80a907eaf8b578dfbe47506e6a9700e13c07da297e28765caa7894d961ba43a739a9db329bab1fcd3df21a8709bfd8cd71e1afdc40bd9b05e3a09a9"})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000)

18:08:25 executing program 2:
r0 = syz_io_uring_setup(0xcd47, &(0x7f0000000240)={0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000180))
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x40, @ipv4={'\x00', '\xff\xff', @remote}, 0x1ff}, 0x1c)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
r4 = epoll_create(0x1)
fcntl$setpipe(r4, 0x407, 0x9)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:25 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

18:08:25 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000000c0))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2729.865908] FAULT_INJECTION: forcing a failure.
[ 2729.865908] name failslab, interval 1, probability 0, space 0, times 0
[ 2729.868594] CPU: 1 PID: 14119 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2729.869990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2729.871651] Call Trace:
[ 2729.872216]  dump_stack+0x107/0x167
[ 2729.872960]  should_fail.cold+0x5/0xa
[ 2729.873733]  ? create_object.isra.0+0x3a/0xa20
[ 2729.874650]  should_failslab+0x5/0x20
[ 2729.875436]  kmem_cache_alloc+0x5b/0x310
[ 2729.876289]  create_object.isra.0+0x3a/0xa20
[ 2729.877209]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2729.878255]  kmem_cache_alloc_bulk+0x168/0x320
[ 2729.879209]  io_submit_sqes+0x6f76/0x85c0
[ 2729.880120]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2729.881160]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2729.882158]  ? lock_downgrade+0x6d0/0x6d0
[ 2729.883023]  ? find_held_lock+0x2c/0x110
[ 2729.883859]  ? io_submit_sqes+0x85c0/0x85c0
[ 2729.884773]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2729.885768]  ? wait_for_completion_io+0x270/0x270
[ 2729.886766]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2729.887723]  ? vfs_write+0x354/0xa70
[ 2729.888509]  ? fput_many+0x2f/0x1a0
[ 2729.889254]  ? ksys_write+0x1a9/0x260
[ 2729.890042]  ? __ia32_sys_read+0xb0/0xb0
[ 2729.890887]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2729.891971]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2729.893056]  do_syscall_64+0x33/0x40
[ 2729.893820]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2729.894880] RIP: 0033:0x7fd673b8db19
[ 2729.895648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2729.899442] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2729.901013] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2729.902460] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2729.903934] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2729.905391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2729.906858] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:25 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x100000000000000)

18:08:25 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = signalfd4(r4, &(0x7f0000000340)={[0x9]}, 0x8, 0xc0800)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r6, 0xc018937d, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'})
syz_io_uring_setup(0x7ca7, &(0x7f0000000180)={0x0, 0x2008, 0x1, 0x3, 0x300}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r7, r2, &(0x7f0000000280)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5}, 0xfffffc00)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x7fff)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:38 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x10081, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:38 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x0, r4)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:38 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>r4, {0xee00}}, './file0\x00'})
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4e24, 0xff, @mcast1, 0x3}, 0x1c)
pipe(&(0x7f0000000040)={<r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:38 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000)

18:08:38 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:38 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsetxattr$security_ima(r4, &(0x7f00000000c0), &(0x7f0000000180)=ANY=[@ANYBLOB="040a4d9cd6"], 0x5, 0x1)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:38 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x10010, r4, 0x8000000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:38 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

[ 2742.825554] FAULT_INJECTION: forcing a failure.
[ 2742.825554] name failslab, interval 1, probability 0, space 0, times 0
[ 2742.827508] CPU: 1 PID: 14154 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2742.828611] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2742.829883] Call Trace:
[ 2742.830295]  dump_stack+0x107/0x167
[ 2742.830854]  should_fail.cold+0x5/0xa
[ 2742.831437]  ? create_object.isra.0+0x3a/0xa20
[ 2742.832142]  should_failslab+0x5/0x20
[ 2742.832730]  kmem_cache_alloc+0x5b/0x310
[ 2742.833351]  ? mark_held_locks+0x9e/0xe0
[ 2742.833970]  create_object.isra.0+0x3a/0xa20
[ 2742.834647]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2742.835417]  kmem_cache_alloc_bulk+0x168/0x320
[ 2742.836119]  io_submit_sqes+0x6f76/0x85c0
[ 2742.836787]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2742.837550]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2742.838290]  ? lock_downgrade+0x6d0/0x6d0
[ 2742.838919]  ? find_held_lock+0x2c/0x110
[ 2742.839544]  ? io_submit_sqes+0x85c0/0x85c0
[ 2742.840199]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2742.840971]  ? wait_for_completion_io+0x270/0x270
[ 2742.841714]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2742.842423]  ? vfs_write+0x354/0xa70
[ 2742.842997]  ? fput_many+0x2f/0x1a0
[ 2742.843553]  ? ksys_write+0x1a9/0x260
[ 2742.844133]  ? __ia32_sys_read+0xb0/0xb0
[ 2742.844773]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2742.845579]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2742.846368]  do_syscall_64+0x33/0x40
[ 2742.846935]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2742.847720] RIP: 0033:0x7fd673b8db19
[ 2742.848293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2742.851089] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2742.852247] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2742.853353] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2742.854442] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2742.855528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2742.856623] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:38 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xeaffffffffffffff)

18:08:38 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44)

[ 2743.255724] FAULT_INJECTION: forcing a failure.
[ 2743.255724] name failslab, interval 1, probability 0, space 0, times 0
[ 2743.258406] CPU: 0 PID: 14171 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2743.259907] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2743.261722] Call Trace:
[ 2743.262305]  dump_stack+0x107/0x167
[ 2743.263105]  should_fail.cold+0x5/0xa
[ 2743.263937]  ? create_object.isra.0+0x3a/0xa20
[ 2743.264967]  should_failslab+0x5/0x20
[ 2743.265796]  kmem_cache_alloc+0x5b/0x310
[ 2743.266721]  ? mark_held_locks+0x9e/0xe0
[ 2743.267614]  create_object.isra.0+0x3a/0xa20
[ 2743.268590]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2743.269702]  kmem_cache_alloc_bulk+0x168/0x320
[ 2743.270706]  io_submit_sqes+0x6f76/0x85c0
[ 2743.271630]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2743.272738]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2743.273802]  ? lock_downgrade+0x6d0/0x6d0
[ 2743.274709]  ? find_held_lock+0x2c/0x110
[ 2743.275601]  ? io_submit_sqes+0x85c0/0x85c0
[ 2743.276557]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2743.277603]  ? wait_for_completion_io+0x270/0x270
[ 2743.278661]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2743.279670]  ? vfs_write+0x354/0xa70
[ 2743.280509]  ? fput_many+0x2f/0x1a0
[ 2743.281304]  ? ksys_write+0x1a9/0x260
[ 2743.282128]  ? __ia32_sys_read+0xb0/0xb0
[ 2743.283020]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2743.284162]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2743.285284]  do_syscall_64+0x33/0x40
[ 2743.286107]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2743.287205] RIP: 0033:0x7fd673b8db19
[ 2743.288032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2743.291949] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2743.293646] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2743.295165] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2743.296697] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2743.298218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2743.299737] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:53 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:53 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0xac85, 0x0, 0x0, 0x0)

18:08:53 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
syz_io_uring_setup(0x3829, &(0x7f0000000180)={0x0, 0x45b5, 0x8, 0x1, 0x1d1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r3, r2, &(0x7f0000000280)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:53 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x6000, @fd_index=0x7, 0x81, 0x3f, 0x2, 0x12, 0x1, {0x1}}, 0x3)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0xe, 0x2004, @fd_index, 0x37, &(0x7f00000001c0)=[{&(0x7f0000000180)=""/3, 0x3}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000340)=""/105, 0x69}], 0x3, 0x5, 0x1}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
ioctl$KDGKBMETA(r4, 0x4b62, &(0x7f00000000c0))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10900, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xffffffff, 0xff}, 0xb80a, 0x0, 0xffffffff, 0x0, 0x0, 0xbec9, 0x1000, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:53 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_NOP={0x0, 0x2}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r8=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
sendmsg$unix(r3, &(0x7f0000001900)={&(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001740)=[{&(0x7f00000001c0)="d1084ba0a62b8171681b8e386f3c72dd13fc7d0db6fb86e00d6067e82661039bb218d8bd73839e37dfc26893", 0x2c}, {&(0x7f0000000340)="ee77b6f5de5e01856f3bf9879945c52e100bd561b74267e7e2b779f45397f159334c5d516bd822d3fd0b113e1e8df36e190c63416ff8bedb515715cace692186af3db11399a054e7f184374d1d1aae8733bf1819be8de45fdee4645b5b65d44f4aca32bf27d12d6bc69a850e87a82137d71354cdefdea2313fe33609a20a700e30cd0a6584506f810cae3fffa4ec8d04b5aa90b71b5730fdeed0df7f75dba21f20f90f3ddd4d32c08a067e2482333e81a962c4fc63ce99a05039e5e031e9be693d3c70f31bfa", 0xc6}, {&(0x7f0000000440)="9f1694d22956039aac66869124992c8679143f42ac4ae4a78c440dc74a4ff7c03dd64938718d8071f405538ebc5903572e818f0c0ad11045a29f150c9490f3468236bb424f202ecbad541f7d0a4db6fce201e6fca86704e9429669b6e3f7bdf7fa64430b3b79481ee042f6232b38f1f475db258649adcf30a60f4daf7ebf61fd3a20dd3703e8fda1aab3a4cc72fac719e22870283f14a28d72c206bbbf01dcf7fa0767112664d07c40671da77200d2b1242f513e6513782a50731d56872a8725a0e8817d534b6ebd325337062c140294bbcfea06762d1de02765dae68c32c90049acb9155b09a2d15fb4cd9a92bb58021e3e747be3b902eba6b7842492e69e9364ffd33317bf119375a50ecbfd9818b46bcf8481ba82948d2de9669e64b91382f39fa181bd430a85b7ecf591146abd9e1ceefe40268e74109d050fe29f33b2fa2690a1d92e58dcea30983d16de8f943642bc274ef35518633ea24ff3dcf738ff3e63f388104394d5f18e3610e264692612889cb348ae565b1b5e4fac1fb118fe55dcc44ce74c4882487eccc1321df740c0a2b341bbc9d675579f9203cdf76a03136ac2b6ed6e25ad63d47a4823a6e39471ee5bfe037f971cda92d3f6c946fedec2624edf31d32c848d92e31515627cde3a6bb6ea9fd9faab6f45edd75a130587cb09ec05b4fd60dcf9402468caeb10ad65a4081fe9ab546d041edb9fc8fd81f3872cc61c9c1b91153f74a763c6c32682c96da2dda425f0df9dda295f3b7ea5c7f46b73700fbf383e1de505bece62a7e46172157d23dd640495f5ca42c3d4f5c41c4170327fa838d7d59a69de7c4084ebe006c18b979796195a24b43899419b334dd78f51a4f6f0c4cac434738d087db1147ea5a0d3f5ea2019ff558160d924a6fc5cc10e40c91f4b616fec0c062209477fe5e9cf1df891eb215e8a615226637a777be50361ea9584c9771d9c5184f44d05fa666b1df1576744cc8b5d40e19eddf8b5fa97774b9e785ed0b6fe2eba3a73b9e8e8978c0003d393db4161d57660b6ff17a2b9d39d7aa55f14125fd2222de8b03b312c1a578bd39ffffce46aa6e30bb5ccb62f83b92895d421c54da09aaea622d96b2b2f1545e1895cca2f8d4ee9c76a4aebf52912e32232d4e155733e126197df72ea9e2c9f5fa4f8cb91f09862f1911b887186c6aec3b9628f5cfd1bd7140290bd53eb8193df8f59befbc51bd4e8ebb43ad94aa92b0bbe69f0b1d1b2f60702d1584ad339831dae3162982ca18a7151b5ff63e3dd7aa20c0e906aeb1d784195fb9ce89cb5d9bd5071528c3fb81d2fd821be1728fae2c2845f7469f0e65ca5379fcad958794ed327186bf9948a8332b0f88277aeb2c649f57bdc6dc1a907b16695684246cea6bad7ae7cd5b047b890507e34d0e3d5824c51609c747ecdb72159b3595e83a912d245f218df563c26405372f21f9a3f05eea719481f8b4d3b55f911cabaaf1bd60227a7178e949e78710870b89cfe5c99d3736c72e0910a2d233221358ace24be536820ac3c6979c6dd6a83e426e7fe0999a0c961967d0146c796993a711cdb33b2e2940258597f0e5e41c8ad596e7c96d35337bd85bfeb9d9d568d91deff3b88c9e6e7c82b30767aea72764267090b77a102b4f030fad485ece46633234047e21098d751533fe1e29482052d1b91d58cae57b94fceccc3a4fd3699ac56afbe133de639980eaa8c19a97dc6f06ecf483e18975b8cf801113b97b15598556c99d2e0494bfc3c47e650040d28a3a80c66190829c3ba82f7b98e38753a4e51c975c1a4abdcc1ef9ae2472f9c3fb6bb48192edc49628f69644b892b3abadd1010f2a649bb33778900292a330af4a841054d9435d2dda64649cf123259f108449c022f2daeb4cd4757f2c02c3bd4db082849c91d677a7f7e5e976276199cb0fe7d73d1a9989cadcb3d610cfc934dc8be2b447008d4a7e2a2f208253137acf4dc6fb35d1f301e664ad3a8b307e84182bbf1e25dbb9ec73d3c6a42d811cae461e093a96b1c9ace45e0c95dc516076cd7bae9ef0b9b7228334e6f16f5e4253f58199c25b41c0816b515e9a1ac8fb17173f7ffdacad2a7d6ea6ac1a0931c7ad511c4a85366ed4afaf4b9998c838d4db0b97c33e73cdfefd9b6e85abf28e5ffa910405de6236a797b4ffa3b15e966593452764bab3745041f46b1d5f7887ece66180f3596ec55f5b45c23f4e77e3923bd328cc2d73b9cc497a0393208da91c87237ef0fac076be34eb2568d015f63b08ec2eb1a1f4e808d4b294c140e131adf95325fb23a1b0f107f5ad5bb84d8b6e80cbb4b3d826179c3e1bc381878b6060d5e0777d9014697b0ec3676416b7a2ea1ef48f2390886d18ba2fef85500cce5291ecc51dfaf35c5db4a03a7b630204294ae0b49de9d420be5fb64c3e20f255cb042ddf4951da2ed3075808dce7d7537add399c79533f80753c69b7401873f021c434f723288a3b1b96f021ae03b8b0693bc3c1ad020f569a13a2bef8d1e7967f480d3fac315f7d4b6402df5ca3c54abea2dc5a215ea947b23c8491cbddf131f00068b02355fe91e7e9c2ef13eefa00545bfd5e85774af84b181ac5e352f7e2f8fbc129e2695b884e7c1d4e71f830ce8b96b1b435529b4312f9ed1aa101c39d59dffe08b60dbc3f95d4e3ac32e5b3eb05995507b78e11665719fe9be2144b01271c51ccc3de4cc1cac3a6abc6243abc0fab6a00dc56e36197556327f45539dd420aa34e5f56835358559e955ea152c07ba0426f49aa9cd9d3f5ac9623f19a73adf45ad89bcb046dba793c6a225ee0bb9a9780008390526769412177396f4aface3a1b0087af3522825b9116e1db48f27449fff40548f434178f7ac6d5db84c55ebf49dd0c33b3c8f37e71bf44d533581d3cc3bbdeaceb169fdea8f9c0cc02179ea434661c7c9079d91d9de33be6a6fc59173fd8adcff3190f46907ef91d20c1bda56847e3cbe61fa7ea53a46eab8bdccdf493845856274a75e9daa2fa648680c91c9ac792979932dac7f980dbff983930af0752c379821c819a30010bab6da0d1772a4851265370b1acdc2dda59f7ed3d0a352dea3798091b44d739dc53dd4743331a5b0b9cdd91a6827adc081a5b64e62e2954f0443e9c280aea5fe64fe2f0c9ced63d92fb6b8dd1d9a3084e717cf8f469a90ea0c1e2a09bc64cbdf1adbf41918b0f0da0a809dd663ca8959de1022519c2c94e91101c4deca24b1666fe999b84511f0def08a551f8c7c9f629e7dfbe104f63d7b6e0647228a9cabfd0472afe5c3b1c0d1db8cbbe1df7d785e1a81f7cf4c840adc94bfd15a642c4ddfbafd6c8b09e0e5301280b0eb00f784e72b1dd89fd81771549e31270334aa95c8656420b24db343fc5b7c372be88c93746cfbf35339566bc263bef4b7f6f69b56edd319849a95f2aa8b20b6a06548943eff5bbb1fcced5afcf9c2eae88dc72bf80d24ce0d90e24178735cfe685289349321d1258de04e75fad96efe09b83ad2bddcba7b544d426df62ac83d4611bb72d459a3ae89a2ed68dbba451b297c075851c8972a41556267cecfd83bd74427212e22c69cefcfb8bdb5484099122d964acfac7be443fbd111895147374a38b47a9c7b9bf154bc6c058b88bd28957a55dfde7c45b8db26b180fa2cb4e1efb5513fd0ec0f2c585ec4baf9d6010350f3f7f00f52c92dda71fc8d85d0e7e7f713759b6a934924b12a08213ac056c229e3ac64e1a07773c39475e83590dac05fea509ee21c9ae5f37e88702ecb0ce6341678289f348e74de977fb8338b6a5c8590d52a5ac05c98aaf7971fcfaabdb1ab096c3726100b779676506b97bb5bbc698ec80d16b0cbf0ad56c928c7dae8035d06fcb9dbdb8addb7578cc79e736c9cab88504792b7604e8545c36ea58e4c9157ea11cb2d8b34b0c6fb47727a41f15136f73fe5fdf0466bfae4a7410b484f6af024b7c5e66bf73acf2075687782225b013adb56cb7463ca4725902016cd3a0ab8f9deb2df9aaba88d411f463441409b462faad9c6f64bd4fe76b79c8c1857be9e53813059ace02944094e9ec47a74d8661b7c50ce1f751ac90605e69f8695c6b21bc5db0a532d026ac21be612c515754fa6820f025f9c5877bad2f1563bd7fd4bfc954da255cc80a9a53f594cba87edc5b28fd643202b5dc162a15c4cf25dc5c0b1deb4e5572de8a18bddc832505ba8b1a38d546244e9ab4faee7a509c9e35ef0132490727ad07d3e609ac684431214ece9997025d6cede170ec34e2b5c682493a124a63565d0e4e81a376efac545ecf69f7f4fcb8946547cb356436c3c2bdadefd2237f222be54fcdd261fb56746b7bc79594be6b890841b1e957041e5812b133b0c993386f0b8188993864bdf0a811b736bb20c8249354a7ba9fb007a5d6a174d87fca25e208c2a61dd856b65542e03c674af532048cff9fcc704e705138706fd654cfd4a04b8159b188f37e6bddffe66966257a64581bed7c7a66ecfeeabf0a485618b4817777f293acc1d0b1dc6b29d3b6639b28124df6e5f39304ebed8e1bca39e280d4e05cebef0262c34da54d9354d48482f7bde12a9ad18898913848b5e076ff5dab7ad40c4961c35e48a424841b106ad0d60c4fbc7d1c892912a472a641238a5b44bad7597c6f6da96b9edb468cc7e6691fd7bdc803a0618b777f1f663d7a560d700ddcacd1feeffc7f99469a60a39e8be136cabc506edfa9d6ba4bdb9333527719647dca8e534e4ae822cb364839f5093d475fddbf838159770616b2c3f993d40320f3091ed243df2cb9361573385ede8c91b71d2a2e8cdbbcf4453bb8c5a1b4a5b18f06e653e87096014c1e15331c161154bdda6bb2f5c72f076d8dd1875fd024ed3c2de1dfce8af6a34da9a7e4c58d71d16ed36c5c7e575cabb1a34cd95121adbc62e2d0c23b3a52725f35e0c72bd9d27180cd4a48fadc1fa8c709e10579c7631e6a02d90bfdd9efe622b0e6e0acf91332e6812b5ec570ce1d53fde8f535b798e0a6a3b201e83197eeff9b93a5559d0110d0f16f312e8385b799f921db1d593799e06b9496c567360299484b73aea4a834f8bb27228b7e225eaa88d377db4b93b51cd468b8a310db1578d572a590cf54fad559ff711904cd315ced70bb8042078bd903549f3fe5a846701ea7c0b228495aec387d55a6168ccaa91848e25a8ac3dc5f997f1584f14728cbead067312abcf763686dea62408357450ce7a87b7b1192dd5712d070e67f30be9448f24f74638984e6cda1e7746198282629720ab78644778cbbb312c39a4cd828ee421b65aead4c2f532f429c62c2d2259aa0abcc2553db32563dc756ba1f9f3060167fde1f7f0be68d4ff8fcb4aef07b070fa52e709b258a2dfd3f874d394727a44c906dd9e6d78c974516c41f160ac9c586362a7d6e0cc003d1f47c38c35aeecdb65e051728c48b4d2d2f669f8ec889bf3ac14a1f8c31421cea70d41256e2b5993e58a147d37189f0e1d1c5b54dcbc9f90cf0d58a3c4441c95d1a74939887e9a557249029b543eca3b62ab754c7acad890dde32362607ce275d4215afd35519bbd77e4bb19e88bff85ecf5bab83046f1e22de4a8f3ab1f1cbac255a734e9d8d36dcb1b8c261709cea9429e7fc95f3829decd65295668293b91171042da7adab5e785097494d5191bb389ecfc7df7880ee9ff6c1173db432734b9fd89dbed0f768a6b6bd20d33e46e54c04e66e179d60c7cfe6a4bb4bacedb65bcaefa00248985fdc8d16ffdf7e91d69c449c230edc9401056e3e1a3cc9b85ed27f79367e5beb80e15018abfe2b4", 0x1000}, {&(0x7f0000001440)="e14150fdd4bf4378dc113713bad873b071f4cc23fbf6a6c23e47d060d6ca0e26b4ef17644cbaadef5e181fe77239bd92379a4a4d96f7f5e9a01f66b2db372f7e0903c3d91b9b4b2b05c3a1a20e873792d50b9fe0fe81127a276672ed12ee0b2cb74645a5c2891871301f0de62f178ab6f9a7124687704aef233356494b162e4b0f29bc03c0e38b71eb9349b64c52c1a79d23e7ca4ab4340151fad819f0ff96f380dced6bfe68db8f31463a8d6d0b73039d5f883ba48e81fcaa3c88a96122ce58c233fd2cbc8afd411c85ffe3a4117563284271cbbe66307344a2e40227a9f9dc03c77d828621a5a84136b7", 0xeb}, {&(0x7f0000001540)="4f95fded8fb27cad62c6b1ceb666c2cd7916ee23c1893e68c2cbd757c87307184d0556823a4303d526415ad401f57b8ed8037cbbe4d3d46bf1f9a948fa2802b59e069b888489de9183b3ccfd8597b1e68b29d429fbf6eaee5a589176ff32b218577642963872c6f6012c7c784fe956e0592dfccef7277cf22e261c1f2a870fe096186edcb570ff566ea386ad5626853e35a6114d84cee617405847c6f89a65e0e7d59549b1", 0xa5}, {&(0x7f0000001600)="55d57387e7888188b46c1de99db2a3db921824b35a55", 0x16}, {&(0x7f0000001640)="b74e7d123f06bce0bf4b4a2fc68cf3f768bd5690ce2d87bc66a49ee7a7c61ce524fff71cd5ff295518cd439c08b14e5314e2f2a1aaf49d33969d9b0b0d3eb9c0091fdd4257376ea6af1dd50cd091762e3c917be418c165acced724a9fa8ef68677a0ca11d1ffc8d42e9de58aace25cd89c6b38fc114f80d3918c0f8ed0d1e14b86fd7cdf6d58d233c368a73fe4466c79e7c9cb764dcaeee867956fca201c9e0e82bd3b0eb9aff8045ce25159b4a4420339b792930c310a6fdd3db38b09c2ca90ca22c8f2f21e22b56c6eec7f00521e074a0785", 0xd3}], 0x7, &(0x7f0000001840)=[@rights={{0x20, 0x1, 0x1, [r5, 0xffffffffffffffff, r6, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [r3, r8, r4, 0xffffffffffffffff, r8]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x88, 0xc010}, 0x40000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r9 = getpid()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6}, r9, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000180)=ANY=[@ANYBLOB="0400000000000000"])
syz_open_procfs(r9, &(0x7f00000000c0)='map_files\x00')

18:08:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffffffffffea)

18:08:53 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45)

18:08:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r8, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000340)="87bc51d4ef1fc76dac50bda6b4d6d26de335d5cbe9fa0ec356247cae50479a68f6952f905692472039ba6dd50746d1a09133ad1dede7874b2c8cb266c24e07bbfa1591299f4c4e422e804ddf409b6b011b37037e1d57df402f23448ebd5e61412a6de36a231feb78c579127bdbd8b69d4a597a1aad38ce88261fd35e53226156d7297cd86798256711af3773eb54675d7983f022b61e7f5a324afbe5098bceb87924cb36c0c7e6eb87554384a78a19f68061afdfb8175d40d5b3196feff034d0a331ea69a32e861e4923823f673188919708e3b73bc956469fa4d68e", 0xdc}], 0x1, 0x9)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2757.688863] FAULT_INJECTION: forcing a failure.
[ 2757.688863] name failslab, interval 1, probability 0, space 0, times 0
[ 2757.691429] CPU: 1 PID: 14202 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2757.692877] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2757.694610] Call Trace:
[ 2757.695171]  dump_stack+0x107/0x167
[ 2757.695936]  should_fail.cold+0x5/0xa
[ 2757.696752]  ? create_object.isra.0+0x3a/0xa20
[ 2757.697696]  should_failslab+0x5/0x20
[ 2757.698490]  kmem_cache_alloc+0x5b/0x310
[ 2757.699337]  ? mark_held_locks+0x9e/0xe0
[ 2757.700184]  create_object.isra.0+0x3a/0xa20
[ 2757.701108]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2757.702160]  kmem_cache_alloc_bulk+0x168/0x320
[ 2757.703116]  io_submit_sqes+0x6f76/0x85c0
[ 2757.703986]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2757.705036]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2757.706037]  ? lock_downgrade+0x6d0/0x6d0
[ 2757.706893]  ? find_held_lock+0x2c/0x110
[ 2757.707738]  ? io_submit_sqes+0x85c0/0x85c0
[ 2757.708656]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2757.709668]  ? wait_for_completion_io+0x270/0x270
[ 2757.710677]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2757.711636]  ? vfs_write+0x354/0xa70
[ 2757.712413]  ? fput_many+0x2f/0x1a0
[ 2757.713165]  ? ksys_write+0x1a9/0x260
[ 2757.713954]  ? __ia32_sys_read+0xb0/0xb0
[ 2757.714792]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2757.715880]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2757.716976]  do_syscall_64+0x33/0x40
[ 2757.717748]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2757.718808] RIP: 0033:0x7fd673b8db19
[ 2757.719573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2757.723363] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2757.724928] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2757.726391] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2757.727853] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2757.729333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2757.730773] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:08:53 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$loop(&(0x7f00000000c0), 0x3, 0x100)
fcntl$dupfd(r5, 0x406, r6)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:53 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000180)='./file0\x00', 0x92)
r5 = openat(r3, &(0x7f00000000c0)='./file0\x00', 0x20, 0x150)
read$snapshot(r5, &(0x7f0000000340)=""/225, 0xe1)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
r5 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x5, 0x0, r6)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd=r5, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r6}}, 0x0)
r7 = open_tree(r3, &(0x7f00000000c0)='./file0\x00', 0x81100)
io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r9=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
r10 = openat$cgroup_ro(r9, &(0x7f0000000180)='blkio.bfq.dequeue\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r7, &(0x7f00000001c0)={0x10000000})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:53 executing program 4:
r0 = syz_io_uring_setup(0x3605, &(0x7f00000002c0)={0x0, 0xfffffffe}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r5 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e23, @local}, 0x10)
shutdown(r5, 0x1)
ioctl$FS_IOC_FSSETXATTR(r5, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
listen(r5, 0x5)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:08:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
getdents(r4, &(0x7f0000000180)=""/93, 0x5d)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:06 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46)

18:09:06 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
syz_genetlink_get_family_id$smc(&(0x7f00000000c0), r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:06 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
syz_open_procfs(0x0, &(0x7f00000000c0)='attr/keycreate\x00')
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x200000d, 0x100010, r6, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000240)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd_index=0x2, 0x400, 0x0, 0x0, 0x18, 0x1, {0x1, r4}}, 0x7)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0xc020f509, &(0x7f00000001c0)={<r9=>r6, 0x2, 0xff, 0x3})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r9)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:06 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r6=>r5}, './file0\x00'})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x0, r4)
r7 = accept$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast2}, &(0x7f0000000080)=0x10)
ioctl$sock_SIOCOUTQ(r7, 0x5411, &(0x7f00000000c0))
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/meminfo\x00', 0x0, 0x0)
ioctl$BLKPBSZGET(r9, 0x127b, &(0x7f0000000240))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:06 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
r6 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r6, 0x1)
ioctl$FS_IOC_FSSETXATTR(r6, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
r7 = syz_open_pts(r5, 0x200c0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000240)=[0xffffffffffffffff, r4, r6, r5, r7], 0x5)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2771.060572] FAULT_INJECTION: forcing a failure.
[ 2771.060572] name failslab, interval 1, probability 0, space 0, times 0
[ 2771.062044] CPU: 1 PID: 14249 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2771.062803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2771.063718] Call Trace:
[ 2771.064013]  dump_stack+0x107/0x167
[ 2771.064413]  should_fail.cold+0x5/0xa
[ 2771.064861]  should_failslab+0x5/0x20
[ 2771.065290]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2771.065788]  io_submit_sqes+0x6f76/0x85c0
[ 2771.066272]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2771.066818]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2771.067368]  ? lock_downgrade+0x6d0/0x6d0
[ 2771.067804]  ? find_held_lock+0x2c/0x110
[ 2771.068252]  ? io_submit_sqes+0x85c0/0x85c0
[ 2771.068739]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2771.069275]  ? wait_for_completion_io+0x270/0x270
[ 2771.069813]  ? rcu_read_lock_any_held+0x75/0xa0
18:09:06 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x4, 0xffffffff}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:06 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x10009, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
syz_io_uring_setup(0xe1f, &(0x7f0000000240)={0x0, 0x9540, 0x20, 0x2, 0x371}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000880))
syz_open_dev$tty1(0xc, 0x4, 0x2)
inotify_add_watch(r6, &(0x7f0000000900)='./file0\x00', 0x500)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r7 = openat$cgroup_ro(r4, &(0x7f00000000c0)='blkio.bfq.sectors\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r7, 0xc4089434, &(0x7f0000000340)={0x0, 0x0, 0x0, [0x6, 0x5, 0x80000001, 0xad4b, 0x7fff], [0x800, 0x9, 0x10000, 0x202, 0x3f, 0x4e35e8c2, 0x7, 0x6, 0x2, 0xfcc, 0x7, 0x7, 0x0, 0x0, 0x10000, 0xff, 0x268, 0x3, 0x33, 0xd4, 0x7ff, 0x8, 0x20, 0xff, 0x3fffffff80000000, 0x4, 0x4, 0x0, 0x7, 0x2a, 0xfa, 0x7, 0xfffffffffffffe01, 0x9, 0xffff, 0x7, 0x400, 0xc0, 0x5, 0x1, 0x4, 0x1, 0x101, 0x3, 0x9, 0x1500, 0x81, 0x5, 0x2, 0x9, 0x3, 0x3ff, 0x7, 0x5, 0xfe1, 0x93, 0x200, 0x1, 0xa00000000000000, 0x8, 0x2, 0x7, 0x70a4, 0x3, 0x1f, 0x1, 0xfffffffffffffffa, 0x7d, 0x100000000000c85f, 0x4, 0x9, 0x0, 0xffffffff, 0x4, 0x2, 0x8001, 0xfff, 0xffff, 0xfffffffffffff5e4, 0x2b, 0x4, 0x0, 0xfffffffffffffffb, 0xe1, 0x1, 0x1, 0xfff, 0x80, 0x62, 0x7fffffff, 0x9, 0x7f, 0x25, 0x80000001, 0x6, 0x7, 0x5c16, 0xff, 0x3c66, 0x3e3, 0x7fffffff, 0x0, 0x5496, 0x4, 0x7, 0x3, 0xa649, 0x4, 0xffffffff, 0x1000000fe4, 0x10000, 0x6, 0x0, 0x8, 0x4, 0x3f, 0x9, 0x7fff, 0x7, 0xfffffffffffffffe, 0xfffd]})
io_uring_enter(0xffffffffffffffff, 0x7239, 0xe80c, 0x2, &(0x7f0000000980)={[0x8]}, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r7, 0x0, 0x10, &(0x7f00000009c0)={{{@in, @in=@broadcast}}, {{@in=@multicast2}, 0x0, @in6}}, &(0x7f0000000180)=0xe8)
ioctl$TCSETA(r7, 0x5406, &(0x7f00000008c0)={0x5, 0xfffd, 0x8, 0x6, 0x12, "92c76b7e3b72cf23"})

18:09:06 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x6d82, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1, r4}}, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r3, 0xc038943b, &(0x7f00000001c0)={0x7, 0x18, '\x00', 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0]})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2771.070563]  ? vfs_write+0x354/0xa70
[ 2771.071097]  ? fput_many+0x2f/0x1a0
[ 2771.071514]  ? ksys_write+0x1a9/0x260
[ 2771.071948]  ? __ia32_sys_read+0xb0/0xb0
[ 2771.072381]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2771.072973]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2771.073533]  do_syscall_64+0x33/0x40
[ 2771.073962]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2771.074509] RIP: 0033:0x7fd673b8db19
[ 2771.074938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2771.076902] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2771.077778] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2771.078591] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2771.079416] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2771.080243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2771.081072] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:06 executing program 7:
setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000180)=0x3, 0x2)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, &(0x7f00000001c0)={0x0, 0x82}, 0x2)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x6, &(0x7f0000000240)=0x81, 0x4)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x80)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:06 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:06 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r5 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000080)=0x1c)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f0000000340))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:07 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
sendmsg$nl_generic(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x18, 0xc21, 0x0, 0x0, {0x2}, [@typed={0xc, 0x510, 0x0, 0x0, @u64=0x7}]}, 0x20}}, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:07 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47)

18:09:07 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x10802, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x5, 0x2007, @fd_index=0x7, 0x4, &(0x7f0000001600)=[{&(0x7f0000000340)=""/221, 0xdd}, {&(0x7f0000000440)=""/246, 0xf6}, {&(0x7f0000000040)}, {&(0x7f0000000080)=""/53, 0x35}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000000180)=""/90, 0x5a}, {&(0x7f0000000240)=""/93, 0x5d}, {&(0x7f0000001540)=""/169, 0xa9}, {&(0x7f00000000c0)=""/19, 0x13}], 0x9, 0x10, 0x0, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_uring_enter(r6, 0x480b, 0xd708, 0x0, &(0x7f0000000040)={[0x6]}, 0x8)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)

[ 2771.508946] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
[ 2771.539764] FAULT_INJECTION: forcing a failure.
[ 2771.539764] name failslab, interval 1, probability 0, space 0, times 0
[ 2771.542148] CPU: 0 PID: 14281 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2771.543446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2771.545013] Call Trace:
[ 2771.545517]  dump_stack+0x107/0x167
[ 2771.546204]  should_fail.cold+0x5/0xa
[ 2771.546922]  ? create_object.isra.0+0x3a/0xa20
[ 2771.547781]  should_failslab+0x5/0x20
[ 2771.548511]  kmem_cache_alloc+0x5b/0x310
[ 2771.549314]  create_object.isra.0+0x3a/0xa20
[ 2771.550166]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2771.551154]  kmem_cache_alloc_bulk+0x168/0x320
[ 2771.552051]  io_submit_sqes+0x6f76/0x85c0
[ 2771.552866]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2771.553831]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2771.554740]  ? lock_downgrade+0x6d0/0x6d0
[ 2771.555534]  ? find_held_lock+0x2c/0x110
[ 2771.556301]  ? io_submit_sqes+0x85c0/0x85c0
[ 2771.557149]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2771.558064]  ? wait_for_completion_io+0x270/0x270
[ 2771.558999]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2771.559879]  ? vfs_write+0x354/0xa70
[ 2771.560604]  ? fput_many+0x2f/0x1a0
[ 2771.561301]  ? ksys_write+0x1a9/0x260
[ 2771.562042]  ? __ia32_sys_read+0xb0/0xb0
[ 2771.562813]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2771.563837]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2771.564814]  do_syscall_64+0x33/0x40
[ 2771.565531]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2771.566504] RIP: 0033:0x7fd673b8db19
[ 2771.567222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2771.570647] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2771.572126] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2771.573461] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2771.574794] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2771.576117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2771.577458] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:07 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r4, 0xf505, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
openat(r5, &(0x7f00000000c0)='./file0\x00', 0x420080, 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2772.005006] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
18:09:23 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:23 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
syz_io_uring_setup(0x12c4, &(0x7f0000000180)={0x0, 0x9418, 0x10, 0x3, 0x1b6, 0x0, r5}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000240)=<r7=>0x0)
r8 = openat$cgroup_freezer_state(r3, &(0x7f0000000280), 0x2, 0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000340)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4004, @fd=r8, 0x1ff, 0xbc0a, 0x6, 0x8, 0x1, {0x3, r4}}, 0x20)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:23 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x8}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(0xffffffffffffffff, 0x1)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
copy_file_range(0xffffffffffffffff, &(0x7f0000001400)=0x9, 0xffffffffffffffff, &(0x7f0000001440)=0x8001, 0x8001, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r6 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$FITRIM(r6, 0xc0185879, &(0x7f0000000180)={0x82, 0xffff, 0xcc})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080), 0x5}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:23 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$RTC_WKALM_SET(r3, 0x4028700f, &(0x7f0000000180)={0x1, 0x0, {0x38, 0x14, 0xd, 0xc, 0x7, 0x101, 0x0, 0x8e, 0x1}})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x80049367, &(0x7f00000001c0))

18:09:23 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48)

18:09:23 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000380)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000000c0)={{0x3, 0x1, 0x81, 0x1, 0x5}})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r6)
sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000003fe298cd20de", @ANYRES16=r7, @ANYBLOB="00022cbd7000fcdbdf25010000000c009900000000007e000000"], 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x400)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:23 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
r6 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3, 0x5, &(0x7f0000001500)=[{&(0x7f0000000340)="5919bb353ae7e1d95b5b561faec4e2ca03ea464ff3e3bc007b3a476e1c05f875ed513d5c61bca6d36f63cc784876ee820297ab63e7961fea5518f8003d23a1b3f9ca4999c7cad54b0e1656e89aa29ceaec7cb11f97ebd98343255194f655ddd41ab4b36f74df48763af64f2ffb45ecb0ee10408ec2af1d53c395c99380a6ee2bcf7572d75398990340082917f3452fba85638bcd3378abe0d24383a543b90e6e2991fb5d8f58c768bb44fabc5986e5dbe769c79856faf3480011ded2", 0xbc, 0x51}, {&(0x7f0000000400)="a91078675610847a3fd851744ad8d009be3966707229d20199ba23059a48d6633857be7d2ef31fedb17c59dc836c64348dc85411e60094c73e802ee903850e3e8dea6859ae3eb87f16062261f6a8459424f394b637dc90b5820fc30008ccd72380b8f1433c685e8ffbefef38e75cc1cfdd318540ca2636f070165adb8b2315b692b4c3a516e988611c8e7c100582aacd81d526e7cca4ad21168de27309488d448d216fa1be3d4f957162591090f9bda06844918e813dbbc5f4500c3de2aa5d9a0cb51e8a2343c555fc42464df0020681dcb3ae8cd3dc9f6b5af6cc7ba303bfe436c009d31f52c49239b298163290a277221a6d22b361aff7ea8d014ede35cc2ba03e50d26289a5444c613f411a7a371e13595c8cb2ce164c0d7f8c4bff862805aa949a98f129ca558883d815b3cf227435db098ed9e683111172fa152b77d41975b123698ff27c8db6033115f535222515540fc2c296023319237e94633008141b75a18ea98dd0179bb52ab4c13e694539ef5909076643c755012175b9dd5bbbb05294009c2af675e356add8f90a756088789298fa3d12edbcd8e796cb3abd91ae5a30813dec537203e091cdb9583b70018d9daae92c59558de650ab4eed5b7a473cb4f55bf98531b37752a3e94692f3baf60a37822480e8f6b03b119789c9d15728c1c4e2bc77420745e3482cc39aaabeba032e24b3491a6f0dcd4cc9a20581c098556472e25cf5e49b7b118e6cf77b48f302e69cf5094c337831b4b4f2cdd0b8179965b6c9c15b7cc805f0d6cdbaa1b08b67dd1c976d8364f7ad6a11115e7a3c9e974d89954009f6ed5964ddc4cdce0dbeb23447622527f688c5054c7429cc358ebb66d34710420b6b97c96d343ac64e81e514b87b8e6ad1bebac5fc98a2a19cf86d88fc2754f543afdda4e21e12e88304637b0031f134f61140b15d0849034af0d241d7b3bc29f3df39dd3e11cfe1854311685ecda1d682c6e19a9a907bbb29f2d1d91347bc55447d1f37070fbc38accc7c7e1c91e9f6480d53ddc6fefd24a87d9c21200b869d7673c0409441564ba67e0f8e6990dd8dd0eab9ec90ba0727cc2e5bc16b7448ba7cc91d5e4686436dc65226d6a12da75146f0d95ebbec070431677d262a614b058e7ac521b7ba74a98466a36d4155351c514843a8f396b2f161b95e8630e12aa636fc0edffab4888095a9c04aae388c2a96f83c3799a9ef6d0d5d9115bdeda7728936cae07f84923d25921a6e34e9941ec298b697509539e55be91ad73e82d117edaad46e941e0cd87da586466f7f3965673ec4091bb637879aa76df36d7dbfa738272635e6802e5f575ab395d7dae7d64c72739d0e4626ea5627d1baf52ee53c8bac7ba2d903d5b5ab82fbd840570e125665f3d81563ca6c8b40cc19a91206cc4cf5e54de83c5e859d3b15975e33f842765e098c7b51d305a6d7004c7abd03e06e61b87244cc2b08b569d944eec5c9d6a1cc746b4ba1018aa97a4781cf275f5bc89893c2a44edfc1fb3b9e004aab4a41b5ca8b5dab818bcbd1462a8629b9983c613490706b8e4070ab65e8833a79fb9ab30449d781ff354918ea0e322d0b2e70c61209caa49125386110442e0ac639daeabaeb7ed24d544b54bef7d038f64410e6c7888c640b36ea70c2c7376eab06360e9a15e57ff299487614f310dbaf883053c0a2a1cde98444464ddbb55593a4b630fd2c73aa104c63ed13c086dce71df241e33ce1d2480c746c3b3b8a368398b7fb4672773b7ba572ae190bf800944c52c13409d5f6274c4e71efbccc4b9b47fcdd8da74355323fa876707ced4b1a5ceb21b03c479d4b335848b73f5f1a1b9385a750fb5203c08754fb8643ec8cab1a0d54c0047c7b07daad5726f96412b91ea7691b7659c0a172883e985cbf0bd149c0b4760a209f02cc324ae1d49417064768261a21212b73b60c9e072754f783337763d1628f5ec46dfc9b3fc0b060d45c7460a070c5b6ab9556a0df366e8f56ccc854b0dca23946f7d9b1f72b38266d1296582a707c2216fc98a4cf49f71899513d331d790f9907732ef2375fa24968da1f288ff83c4abd5692a2d76298a2fc052decfadeacf73d4d71f50781f5707006df8bf77a8c760c2e675e8713790d089a8662cfb4069647532318355f7a7739fab390863d258b2eaee6f5dfe229490a437f2404c38ec383919602290553c732f1a85e954e4a8dc336897f1a72358eff581e3222f3d556d97633d7f75f83449abd7172479919df467465ee2440a27619856b9d4e685f951f2610c35430baf20414bf1fbe028672720772094a2d4e511ae7b5c9df8d65ed567c6b76784c161ac159d444d73dae305f4f1776e3c090d8bf30240df3621414966c90913fdf811ad9988292e00e8723c512c91fdc7e54f2bea973cbe89bdc0b6387a7fe8c528370133305417cf4fb0fcf518b18006a8cad77d8a031325a9ccd6ff5b7a2e7056d5fdcd7efe8d778b0f94c88a22fecd8baebb580eda71384df97adf69e2a25be8125133ea92077b533f92f90c9380b453b2a00694d7433270a0f1073f534d19437bceec1737d50776d9e0fe77ea9c3b0e23be425328c9a7620939a38a3c5bba4a8b827b75364a49a2e50fc4b244ce2ef5f1791ec7fa57c1c90402b95e554aaf08b3ebd1563f84492be92d4c79c813f427bd54fef35705b06a0d1a5ca502a49a94869e5a08e06c531902674aa77f2b964d8c134ceae954953b8b50a0da63d6f47d349f6669940834d23b6871eab28eefeeb52639a4df89d01ad8af0f75caaf370955a3926d08dec09c64fc27026ae25e14a06a48b96d7a40c53bf7dcbeccad9b1ca610aec3940a2f8114763c59697d85595c32ba42ca0c47ab2f6f02539995a25fe27fd4bd8171790a7f694469b6e731dd61a765071c69a874f3b6c5d830097ae8ea3042091dc6d7072c765a215cc96693634c21bad6e5bfd6faaec81dd862bb8215341c4b02a0627ed2dc102972ad834b2b153ad192319ab3176a41f635aac5d679811457d05e2a2a8beef128ac437d43a96823d3a68bbd25542236bcac6879209adc6f74ecbbea59363082e4a6b9c7f3748c103d2b1f99b876a9da8826f513ca9727fa541f52e6332ff2970fbca7d12bdedcf6104e7a9e3e242dd97e20058a8f1ef6622b90bfb24731f926301a7d841c2af42eff0af1b52f71dcb2de69efa3cfb0b6078d06d14523cb20f9442cf8b6a8989912ff92ca3b70ca8b4f457d5765a706f5bad370cae4c9e7709ba441518af18bdd17116c1b3f49b0a7d3b4427c0f78dea4e7c92eebb95971f8df876846a245c067ca552c436093de2bd1d45fcd204c9120bb10485e60bf7bb338eb0ca5ee5a4d6d32f6bc4aee5bf9b23602cbce85a59c5effdce90d84da560066e586f9fe78768025eb9b02decb1b832e5465b586e912957f5ba8adf2871652aa2158d7769cdeed2f983e842df382e9cabf4051045375eff1568774b27eb84b5c2f5655fb0543a5ffe4abe12bea45e940fc5a6bb09517b03325948796875b70a79182142d47e40df9c9314119bf618eae38d4b5120aba750d1f5b6e1ac786bc84320a003d3fd30da0e0e19c1cd0747c0b5d2b1165fb47ff02a6f7d7ac76d93c6601d45d461add30aa8a6d40e5cd68f6e65643785ad0a52e4a2ff03cb79435d7ba4ea6a090bfd3275e45336fa0e5514ea79c25035358566f2b5e6f4bc4751a1a853b41e5267c7f4b73752c8ff9902e8e06c280bf05d0da121ac46835455dc53e1bfcea0dabf75d01661c46817278911be8a6ff01e2e8b8c89943b26219fb4175b47b1ddc58fa25345056315884ed35de60729414698bc0fb283238a0f2f0cfa3033d5cd3ac2f68b0c193882237c9d90a4191ca1c2c749667fdc042d60ba7d94701fd3fc7af69fd3b83d9a151bcfab9923d4409fb34c8145382d6851baa5fffe47344e2aca89696dab2382ef51691615144ab271ddac457dd61b043c7cf4cc31b7bb8050c4d34c83e0f41219605d0a4a2ba96176eec55014f5c4b4a2f9817b68f2700d3c79485d4c42d4521a55c2970f8b6242e5a604165dab4552678836c164a92d494ebabebe1795ece289acc8ef069500292b78c2d623a2ef4400159e100ca2258140bb081ade12386ef977f060598e25e68f9768a9c34da94f7ffeae461609350eda147a350831db5872305e827134a04483e18ea2ad05498a4a217f0a06ec97d28726ea6e903e1e47d170ceca305b5df0be279488e689daa910cfc8dda4fefc89bc894a2f4cc5398d31191173af79b67b2c6a0b1ff7c972c87a3e8c34d53b3962b709813b543ebc15aa31f3d39ca93b3a5e6f02e76982149bce163dedccd809af112231e7a47b21d917fb205261407d613b59154e4fb63a3d8c82d51514c444caa34a6d062fb088d8c63eef9a664b80bb5e5d24efad1d378a33c6ce2e5f53ab0246b8a435f06cb95e1334907e821a7bde5fad6e3eaf4105695c511a5cb666b245fd8d2595e0cc49c4525ceb2d7e71065c07edc55afe81113b3973bb4edbfe788ff09b959a1fa8a0df498e54c3318fcc85440f9ae028be17d014b981002bc5e9be97eba9835ae557118ae32467ea7314a3c2e5348c8f3d85a29c274c21acef2afeca7e9d659e474d43c13858da9c2f6deca7ea15d6b9e0005faed1ce29cef72a9441bc0d5f64fc2d8850c911ea1bdd647aa950c591eed8624724da3eed04cf7f087421668df482ba96be4bb4cd91e5f4aa72d86c9866817f4e3ad279b4c3801479dc32f9e8078c514f595b2d6e38e905e47ef0ccb23f5d18da936b3dede19b9aaa85e7c6919bd0a027db9cdce442a9051de0f3fd210b0c71f6db0801c2363d9acca333faf11ea4541fc9ba5b65875fc72834c3de398ba481ebbdd4d8541fee7e42d6504b119cd3d32c90fc0acad93e405d36f5b1f34564fa08688050b96c5ed81a3f02ceb27614a1a17ddda988952bee15365ac1cc264929582628f430090ff5555ecbff139fc8ab7f198c87a6afd2d6b995322760b24797cd41707f6fe4d13d470121201d08943872900d533f5d6f3cae75d05ebb64ad8777aacfd318d6b2afeca194be56d00c2034b7f3a56f4962bf3e3008a94d16ce2bcb66872959cc8d6fb034bc08b85d9f0eb1684c45282d7afc40e4e851f1b17954cc8de59003aa714cbced002b21f1fc72c30c863fd9971dd5f91a87cf2f13af6b6e3d198aa8bc4c59173f11daa29d2ce588f1fc5a6202b39fd625b88249a859e1e0a19fcf6f29cc2a6b73a1ca0eea147d4729ac6e3fa0a0aadda0fa3ff82fd45e07f25e2a691d85408715da2aa25ffec30e3df9ffd2d4e73d38c8ad407df47b7efdf2973a60ee4870eca25cf0a2996f0d7cb5125672a20f6cfd432325fe94b103e5f3d5da63a42861c7542bcc46085327e15c9633b1feb05781579c0248dc20654d2c120d7e05472dd3991e53b8a0bcbf115bcf37be8ceb5672d1d5204e9356aebc5b0414515e73608abccd6d48956411ed04be61c5883a7a169b4993c1995dffbc8236751420580e3dfcf147b6edde01a5959fd0ace00eecf50cb39219f95343979d4a7444a917264a1a8115c3b2ce452ab9f2e61b8eb0f7cbf0acaa41231d7b205a6bb11ee3172c7c091fa089d6f9a83a3cce0d07592eb0a85c3f54096b03ef11b2679a4fda3a4a2fc4678cdbc9cffb39a4cf426d1323a2217b13fb36afd1f49f163fbb35106fb3e06bc29f5f21489a47b74dfcc1c0b671a5af80967c471a5bca508e6776612152424d8e35c2d268dd94e1fd9fb4a1e58698bc061e11ab035b8f62ad509f0fd7cb96", 0x1000, 0x2}, {&(0x7f0000001400)="e22ad69aa3a9f45c642e5beb7a02ca15e63a500040ce8141b43dd1e8c0163ed5c849e3aac423352cf6bce32e20902c31535d832e4597c6827c38bb679c56d1d090cad676d2835c06830d5badac647456ac7569b8a75f90fb8d89cb0962261988fb8a42b9bda669555652c4ce2c92de99abb1e34bb2a9fe602b88f96407e132cee36ca094de98e05710645a1052032bc53620ccd1b779a5eb9da887604505ddc6fc98f241316db03464b79396a08a343d39522e78ffb96c3be23355b598639559e6", 0xc1, 0x5}, {&(0x7f0000000240)="d998ee0c47b803283be687bd268eea22e446798e8091c5618477becd07160bfff33d8d866497306fd0f20c67bd3ae26c9c72e7a97e106f119989617f24874d0f9344c5a242", 0x45, 0x5}, {&(0x7f00000001c0)="88eb1ae0fec11efd84e90f46caf890c3a3503b7e84d762cf7d711924c89d24474eed85fc8121892a3773b70d8dea90352cf6ee48d9183a", 0x37, 0x10001}], 0x40004, &(0x7f0000001740)=ANY=[@ANYBLOB="666d61736b3d30303030303030303010303030303030303030303030302c6e6e6f6e756d7461696c3d312c7375626a5f757369633d3078303030303030303030303030303030332c6f626a5f726f6c653d2c736d61636b66737472616e736d7574653d7b2d2c7375626a5f726f6c653d002c61707072616973652c6f626a5f747970653d25402c6d61736b3d5e4d41595f455845432c61707072616973652c00000000000000000000003977e241613d640af48f16543e937e239a83f98380d614eb110ea842603bc35aca6850349369139f35797be1dd03e7af6d1d584f050e28d8449690933b2d7b56e424c48b8e2332027626f73f5dbf907f579a459e44d996595f0624c4a37dcb130d25a1e54fae05c63dd9e933731db988409ad63bcf476f3a3a304504c185ccfe67b261c07e9e49d33c7bfe6f76165efb8ddb16187d09c0027bedf6c5d4693f9d4b6a30dc8e9e1fc7a964b64e5dfeaff553e09d90c1f729219858409b6ea04cb7ddb811cf3671b9268fb438113e2a2bafb058757387b045c58e98d842"])
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f0000001640)={r5, r6, 0x1})
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2787.773690] FAULT_INJECTION: forcing a failure.
[ 2787.773690] name failslab, interval 1, probability 0, space 0, times 0
[ 2787.776178] CPU: 0 PID: 14310 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2787.777621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2787.779285] Call Trace:
[ 2787.779827]  dump_stack+0x107/0x167
[ 2787.780573]  should_fail.cold+0x5/0xa
[ 2787.781376]  ? create_object.isra.0+0x3a/0xa20
[ 2787.782299]  should_failslab+0x5/0x20
[ 2787.783073]  kmem_cache_alloc+0x5b/0x310
[ 2787.783886]  ? mark_held_locks+0x9e/0xe0
[ 2787.784698]  create_object.isra.0+0x3a/0xa20
[ 2787.785605]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2787.786616]  kmem_cache_alloc_bulk+0x168/0x320
[ 2787.787525]  io_submit_sqes+0x6f76/0x85c0
[ 2787.788370]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2787.789365]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2787.790345]  ? lock_downgrade+0x6d0/0x6d0
[ 2787.791166]  ? find_held_lock+0x2c/0x110
[ 2787.791995]  ? io_submit_sqes+0x85c0/0x85c0
[ 2787.792897]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2787.793868]  ? wait_for_completion_io+0x270/0x270
[ 2787.794860]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2787.795777]  ? vfs_write+0x354/0xa70
[ 2787.796543]  ? fput_many+0x2f/0x1a0
[ 2787.797287]  ? ksys_write+0x1a9/0x260
[ 2787.798073]  ? __ia32_sys_read+0xb0/0xb0
[ 2787.798875]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2787.799914]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2787.800969]  do_syscall_64+0x33/0x40
[ 2787.801722]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2787.802746] RIP: 0033:0x7fd673b8db19
[ 2787.803482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2787.807146] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2787.808666] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2787.810105] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2787.811532] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2787.812997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2787.814402] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:23 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
ioctl$FICLONERANGE(r4, 0x4020940d, &(0x7f0000000040)={{r0}, 0x2, 0x9, 0x3})
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(0xffffffffffffffff, 0x4018f50b, &(0x7f00000000c0)={0x0, 0x6, 0x5})
syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x1, 0x2000, @fd, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:23 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r7 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc018937e, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r8=>r7}, './file0\x00'})
ioctl$KDGKBDIACR(r8, 0x4b4a, &(0x7f0000000340)=""/197)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x11, 0xffffffffffffffff, 0x8000000)

[ 2788.136550] FAULT_INJECTION: forcing a failure.
[ 2788.136550] name failslab, interval 1, probability 0, space 0, times 0
[ 2788.138054] CPU: 1 PID: 14331 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2788.138787] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2788.139661] Call Trace:
[ 2788.139962]  dump_stack+0x107/0x167
[ 2788.140353]  should_fail.cold+0x5/0xa
[ 2788.140781]  ? create_object.isra.0+0x3a/0xa20
[ 2788.141261]  should_failslab+0x5/0x20
[ 2788.141659]  kmem_cache_alloc+0x5b/0x310
[ 2788.142369]  ? mark_held_locks+0x9e/0xe0
[ 2788.142810]  create_object.isra.0+0x3a/0xa20
[ 2788.143269]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2788.143799]  kmem_cache_alloc_bulk+0x168/0x320
[ 2788.144291]  io_submit_sqes+0x6f76/0x85c0
[ 2788.144752]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2788.145288]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2788.145796]  ? lock_downgrade+0x6d0/0x6d0
[ 2788.146241]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2788.146803]  ? io_submit_sqes+0x85c0/0x85c0
[ 2788.147277]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2788.147788]  ? wait_for_completion_io+0x270/0x270
[ 2788.148303]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2788.148806]  ? vfs_write+0x354/0xa70
[ 2788.149205]  ? fput_many+0x2f/0x1a0
[ 2788.149579]  ? ksys_write+0x1a9/0x260
[ 2788.149969]  ? __ia32_sys_read+0xb0/0xb0
18:09:23 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49)

18:09:23 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
tee(0xffffffffffffffff, r3, 0x8, 0x4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x2, 0x4007, @fd=r5, 0x100000001, &(0x7f0000000240)=[{&(0x7f0000000040)=""/122, 0x7a}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001500)=""/119, 0x77}, {&(0x7f0000001340)=""/208, 0xd0}, {&(0x7f0000001440)=""/166, 0xa6}], 0x5, 0x0, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x200000, 0x0)
pipe(&(0x7f00000000c0)={<r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0xfffffffffffffc00)

18:09:23 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0x1}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
preadv(r6, &(0x7f0000001680)=[{&(0x7f0000000340)=""/199, 0xc7}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/61, 0x3d}, {&(0x7f0000000180)=""/66, 0x42}, {&(0x7f0000000240)=""/91, 0x5b}, {&(0x7f0000001440)=""/186, 0xba}, {&(0x7f0000001500)=""/8, 0x8}, {&(0x7f0000001540)=""/201, 0xc9}, {&(0x7f0000001640)=""/2, 0x2}], 0x9, 0x8, 0x8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2788.150388]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2788.151079]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2788.151631]  do_syscall_64+0x33/0x40
[ 2788.152034]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2788.152582] RIP: 0033:0x7fd673b8db19
[ 2788.152979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2788.154918] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2788.155734] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2788.156470] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2788.157224] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2788.157979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2788.158730] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:38 executing program 2:
r0 = syz_io_uring_setup(0x4d53, &(0x7f0000000180)={0x0, 0x4, 0x1, 0xfffffffc, 0x271}, &(0x7f00000a0000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x3002, @fd_index=0x1, 0x8, &(0x7f0000000500)=[{&(0x7f0000000240)=""/142, 0x8e}, {&(0x7f00000000c0)=""/35, 0x23}, {&(0x7f0000000300)=""/159, 0x9f}, {&(0x7f00000003c0)=""/80, 0x50}, {&(0x7f0000000440)=""/51, 0x33}, {&(0x7f0000000480)=""/74, 0x4a}], 0x6, 0x1d}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:38 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:38 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000001300)={<r7=>0x0, <r8=>0x0})
recvmmsg$unix(r5, &(0x7f00000011c0)=[{{&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000000500)=[{&(0x7f0000000340)=""/214, 0xd6}, {&(0x7f0000000440)=""/142, 0x8e}, {&(0x7f00000000c0)=""/51, 0x33}, {&(0x7f0000000240)=""/91, 0x5b}], 0x4, &(0x7f0000000540)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f0000000580), 0x6e, &(0x7f0000000600), 0x0, &(0x7f0000000640)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x98}}, {{&(0x7f0000000700), 0x6e, &(0x7f0000000780), 0x0, &(0x7f00000007c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000000800)=@abs, 0x6e, &(0x7f0000000e40)=[{&(0x7f0000000880)=""/243, 0xf3}, {&(0x7f0000000980)=""/194, 0xc2}, {&(0x7f0000000a80)=""/119, 0x77}, {&(0x7f0000000b00)=""/31, 0x1f}, {&(0x7f0000000b40)=""/178, 0xb2}, {&(0x7f0000000c00)=""/148, 0x94}, {&(0x7f0000000cc0)=""/98, 0x62}, {&(0x7f0000000d40)=""/49, 0x31}, {&(0x7f0000000d80)=""/149, 0x95}], 0x9, &(0x7f0000000f00)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb8}}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000fc0)=""/33, 0x21}, {&(0x7f0000001000)=""/228, 0xe4}], 0x2, &(0x7f0000001140)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}, @cred={{0x1c}}], 0x78}}], 0x5, 0x101, &(0x7f0000001340)={r7, r8+60000000})
getsockopt$inet6_int(r9, 0x29, 0x4e, &(0x7f0000001380), &(0x7f00000013c0)=0x4)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:38 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
io_uring_enter(r0, 0x3abb, 0xee0, 0x2, &(0x7f00000000c0)={[0x1]}, 0x8)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:38 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r4, 0x80045400, &(0x7f00000000c0))
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:38 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readahead(0xffffffffffffffff, 0x6, 0x2e)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000180)='./file0\x00', 0x40, 0x4000, 0x0, {0x0, r4}}, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r6}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r5, 0x400c6615, &(0x7f00000000c0)={0x0, @adiantum, 0x0, @desc2})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:38 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0x0, 0x12}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
readahead(0xffffffffffffffff, 0x6, 0x2e)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
syz_io_uring_setup(0x54ef, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f00000000c0)={0x0, r5, 0x9, 0x6, 0x2, 0xffffffffffffff00})
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:38 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50)

[ 2803.364113] FAULT_INJECTION: forcing a failure.
[ 2803.364113] name failslab, interval 1, probability 0, space 0, times 0
[ 2803.367166] CPU: 1 PID: 14370 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2803.368810] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2803.370802] Call Trace:
[ 2803.371441]  dump_stack+0x107/0x167
[ 2803.372316]  should_fail.cold+0x5/0xa
[ 2803.373242]  ? create_object.isra.0+0x3a/0xa20
[ 2803.374338]  should_failslab+0x5/0x20
[ 2803.375154]  kmem_cache_alloc+0x5b/0x310
[ 2803.375965]  ? mark_held_locks+0x9e/0xe0
[ 2803.376777]  create_object.isra.0+0x3a/0xa20
[ 2803.377679]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2803.378700]  kmem_cache_alloc_bulk+0x168/0x320
[ 2803.379623]  io_submit_sqes+0x6f76/0x85c0
[ 2803.380482]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2803.381487]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2803.382454]  ? lock_downgrade+0x6d0/0x6d0
[ 2803.383278]  ? find_held_lock+0x2c/0x110
[ 2803.384092]  ? io_submit_sqes+0x85c0/0x85c0
[ 2803.384957]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2803.385932]  ? wait_for_completion_io+0x270/0x270
[ 2803.386897]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2803.387819]  ? vfs_write+0x354/0xa70
[ 2803.388564]  ? fput_many+0x2f/0x1a0
[ 2803.389301]  ? ksys_write+0x1a9/0x260
[ 2803.390057]  ? __ia32_sys_read+0xb0/0xb0
[ 2803.390870]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2803.391915]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2803.392940]  do_syscall_64+0x33/0x40
[ 2803.393691]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2803.394705] RIP: 0033:0x7fd673b8db19
[ 2803.395450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2803.399104] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2803.400609] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2803.402043] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2803.403456] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2803.404894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2803.406326] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:39 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
openat(r7, &(0x7f00000000c0)='./file0\x00', 0x501240, 0x180)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x2004, @fd_index=0x4, 0x9, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/2, 0x2}, {&(0x7f0000000340)=""/129, 0x81}, {&(0x7f0000000400)=""/205, 0xcd}, {&(0x7f0000000180)=""/21, 0x15}, {&(0x7f0000000500)=""/23, 0x17}], 0x5}, 0x2)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x100000000, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3800001, 0x10, r3, 0x10000000)
r7 = signalfd(r4, &(0x7f00000000c0)={[0x69e]}, 0x8)
syz_io_uring_submit(0x0, r6, &(0x7f0000000180)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd=r7, 0x4, 0x0, 0x8, 0x2, 0x1}, 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$FIONCLEX(r7, 0x5450)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x4000010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000080)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}, 0xffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x0, 0x3, 0x0, 0x6, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x7, 0x401, 0x5, 0x3, 0x1}})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x300000e, 0x8010, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x7, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x400100, 0x0)
fcntl$dupfd(r3, 0x406, r4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
sendmmsg$sock(r3, &(0x7f0000004940)=[{{&(0x7f0000000180)=@caif=@rfm={0x25, 0x20, "0b207cb11c24a1a593e47aa5bb5b6c18"}, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000240)=[@timestamping={{0x14, 0x1, 0x25, 0x6}}, @txtime={{0x18, 0x1, 0x3d, 0xc3c}}, @txtime={{0x18, 0x1, 0x3d, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x1}}], 0x60}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000340)="b19c95c47aaab9eed475cf8c8c289b4d41ee5e637459ba12a35f1e1c3665693f513a340b15483ee2e0bdcf115dadfad4c2cd2cb127117511abb0770b65ec60db298db9a16439f0d74eba639812ed74a0a0149212754be7f683de934257da69916686bea62e913d2f6f51800b25075607c2f1c3e3ff3d2127f7c38c1a2092b1bfd0f994acdcc2eb0bbdad3de525a85f175794ff561bc41c9e9b362f618eff60e31fc720a907bf0cdf", 0xa8}, {&(0x7f0000000400)="6a790119ce0f7908a43083683434c12f875f27bc4a85e368ad9a84a3852f56880ba95985915577036794c67b26a119366ba970463521699b9fdea780450147be3915c359fb47dffd291fb242232f6017182a2b03b1006a6f147ad430742d83b3b7508ba9712d0bea06958dd41d24d1ecbda40a255f11a4c2cd15f03a7d22def6a490636c82de331a6cdb220e37a81261df4fe6d2368a7d95f915f9e0bc1b29aa4761a55c942bf28670c4a5e958cdfd70bd46d1db9c0a04a17226b7984af42e4f23c29fdc7d8db713f266b766ceabdc8dcf732f069c17a8387977881c83e4eae4e96f38c4526b8d", 0xe7}, {&(0x7f0000000500)="0c4927c3c23ff8ea385212bd7136bde65af51946300a2fcd6b031027a5a1c08f02acd7351707d35a09426f71bf82a8c1118a1e2127604cb918da1b8f06b31f846c6fa77a8fbcf17b94779d7a46d4e001908930da8278c8e1a5272b3b1dcf4a9372a69b103458cd8dd66701c8d446940ed58201e3bae2967e0fc011ce5aa2e7ff084386858f68de71ffcc6a1a9d37c7a117381ef903f20707af2ba1102ec96373a8d4b422de3962bd06a31884", 0xac}, {&(0x7f00000005c0)="72a77a86dbea86527ed59c0631188ceb7575128bb24945df2f8a4e0e31c0b7011a7e93bece9d8afce5e11f1d8b696816cce0ca3ca9124b86892cde2db8c2c2283ba49a478c7bedeb7d6d04c86a445a5f8aed99c7345cf54ad5d013ede0242f4c229ce498e1265b51e55fd8f3274f83ab08ce5178f8d972620936fc6996e64cd051cc311c28b5222cdab110046034a382e6e33982e1ad4181df6bd7ab1424b290e16f772d55b775e199daacce317a9defa41d2e24670ae306c7418847f35cc7d6099f521218f79fd1cea7a4777ad1797718770ab6c3124242bd3a5946f436083d6ba38d72dc0d9a1138f69022e21d05cb8d1c3dd9372f6f9b774ee44c0baccda70bf4edd5fce1184e261601ebf782226dbcb4cba9e6f202b07d82879c70a12d07bfa5ea3f0f6601966ad8fc7c191cc64c8eef9cb78fbb5b2f070b4131c24d367d06065eed1a9fb6dbe9f5aebd61d32e9e4a49dc4359ee5a3dd150a48f45ff3e6f596baab5f0dea456f032643fe06794f4f10cf5b29651e3a123c1fbe3f7c9c2a962a11845a748fc3501e5b48a21a9d8b287b89bddf8b685955be04e28ad99ad1a0a02661d6cc696b0b9a3be4238fd0d5e9d2a963bef94af601aeced69406838844a9a3774547139b071cb52b0ec941c56d9b57687291fcaf9da10161637fc7a3b88a2952bdd235ffb5a9856e84ca7568caadb4a080299fe15a6b0930b68b6fe065b174c175bb0f850419f7a206adbf6601ab18ffd0a54aea6258d17c9c03e1731423eb6af63c88881bf3e9356f713882c0f022b6fce774572953743161951e36764c60e96ba82c263de33ad515f8bb1aa25dabb81cb530273e18d0d33b6aedda146c5d0b72ddf40d9136d56d5a7d2ebb3e46bf65cfe36bed3e13e4095ff9768af7285cac44f204ec98343de864c5fdf8e8a2dddc258f2ce8661df136d4ce4d2135722002758e6a1020360a8b86c07f93808a3c99b7a62106c81cd919f6768492ffb81c378614be695bff2df14b9c31340529b12304ec7d342e76e34e99639646e230bd19f3d4c4ba5abeb15774ada7e601ec12577d91ea53f6731446b0dff3837fb2108a0c0787b97f0537fc58606a6a3238a3cb4223fb6bf92cae66d7c31b100006dc3a8f5a9257c4dca04929b39b52fa94df479c2a60b46bc1884878dff51f4d09d75087c69897d68265926341e1c7184a19f46c6291e3ab1c37fb9fd2d33bc9e12b0b762e3a22889e37805b6d91b9956126eb7aa3090be5b9b09c776d5d9ab59ceaa06c2ffcc29acddbb5ab2c6e4f69f0f3c5a7fab5055d5c474a0d383dce695e81af8610ecdb87b109c74417b821d5c34655a15b3247253a7efeeb7ab7752a3b259ba7a1eb8009fe60c7106fc5c3b3bf13459c945ed0a56bad6d7dd7b6c76e26be1b9784bfcd5289bf856926eebec27bee9c955c2e2a785f913c210f8f5896285df923d70cf5ee225737c681a5ed662925cf8356fd89584ddbcbf2dbe8af03d5bff91265bef288ae47bd30299878bb577f5edc7c0a3ff8d63e03b8e15743ed23e78d19d21a265de1201d12fe38bfbd01aa578a17a7e302efc32c2dd33257888d1b9fbf7be7960d92ce4ea94f48d4e6e2e10ba0b108ac8b5a1ad3944cd0b5ed70cc1d28032b14ffceef100daff02e8ae843e797e07716260eff4d5ab952e48bdaea5f7dc420e2e898316d42c852d02c15069e64c6382af46894453231e1dc9e22cec933a568d37dfa97d97c1a35e5cbd9a0f57f038f29a3fe07c0c086fabcec006b6837a170f704d35412237bd0af7a3c02d39ab47d15db43c09453a6582430f27e542b0f6c5e5082eb17fca0a31fd2d2b2059f44ddd512c74c5dae5b24a5a58260abe431c05978863f2768241ffdd8b4f8b4d58f99ed697bfcd110c6707aa968716323a13654eeba2db2b160d7592fff8b552f042600996227d0ed0681a871cd8bb65f01c126f83adc2b8c883d64902c485db3aad7e0c2ac099611b46f48dbb32d60664308dd792ba334872fafdb4abcc8583788b796e6881767eff2cf4d286238dbae20785da88b91629f4c806b2e95df56b21fb7cc0f2083c14016041cc147107cccaee8b0c92bf8ffa2d3fb773db50e396c3ca15e9d2e971f46c9a4eb72b68a0d157bc629e78fa3a2ed2ec664bdefd60362eca6de535c2d615a513a39fdfbdb88f4879ff4d6e51b04ac1bc82de777581fbf6d468188cf71d692a415cd4b086e59b78ad4d7c3739e5ccd641ed864b8c80d40430265c525e3ad0f1efb7e2486d09039954cfc77290156080f7542e687f516cf41cbbeb48fe65ec240b97d718df8af3c3c0a1432f0a9fe5292e3e7d1a79d1f0d5c8b1964d406cef77527314a40256ab372ad609f0a5939cfaa3d1aa05b0209dc608301b3b72f6c25de738cff3249e23a51af057806a52a5618b27c4ed2b9b2e356138b3d6ba7bf35c19408f83a359ec299b5b56ecd6f3d0088faeb0fa252c13dc54b641ad40f8d3c8399d8f809d2264c9751a11d7c4ea4cf36f83fc3c69e11fd9c91fc28e6ccfe6c3003424f983f43c783df9f6684b97029ad21664f049a304f3ca2845d6b2a5d468de86640b6308bc52830c48c2098ede0d899d1a6ebfded6d46a478d5cb345ed3b8210ae8c020ffaec14a174919380718dfbe65aa276a6b44a6ab283037bd550c5023b63564ec10162ba01c319fa7e2ff65509c40338387e40a011ceb8f4e58498738996a32438150cda603af93fb6ee307630ff642f4faea5d6016dc9bdb79f03024d67311be35ab12b571bbe169d0cd0d37a38c7a9778e660624877afe78230d7c13449da8908c4b48d0bb609873447633624354097e9399a8a7861685370e16fd1d69e2d02b90436a2b49fbe0886acdc5ee495b06209bef42e383924e42ea78e8410920ca23c4275fa3a77ca495c3aecab31e81eeef1538f5fdecffa45f9962db9e2ad6f8156df37fd7bb0465add213205261b5effacc87676cdf3233fefb785b41c9820f9136933609bf8797e118daa2ceeeacec383ec559f9d63767a92585319bc6175b05ef2d4ab721d5b4c5960d48e1b2d8d74ab7d5cbd28eba3664a9715329b94ae9d3b02b8e1d48079dc0bcc685f9d52223f93c453337b3983410a8dee859796c6d33e903749d73fddf1e37975830b6e78288d7766c169f1a2303c21867aa9217519c3a4f074a53911ae4a2524bfa2dbd6f996654fdde1efbcd88ea97ea480645aab4b6be70b1972caa2232b1e8a8221a026df199748666bbf2a2e6520695e16df929c6b5df9a64ede5f3a4759fad2e35bbf859255f137962f898f2ddef5936c1dada19b0934be9c2f2756828118c9850020bf2c1aac084fbfc39750cb1b0d2fed853c341a17844a31c7ff26afc577e32642e6affb2f8982c577da5190fc6c772a029b17bbf506221ce6a43f89b968b0fbb60f8ba568f8ed47a882e7593aded16e1949c3be2149598491471330f6e987929bfa81b721b79fb4c8bfc3fd63485d7311ee551e7a7c84718a59da4c542fbef13217e53b5f8a0efd32fe33ad3bb8605a984ea92782f309a9853f917212baeca4fd0dddb60d60248779f7c15dbe29d52f684a641b537d85db2bcb961c7e9ac3695595a8cbfde7a55e34a2634ff50da3efd5d1f1df090447d59fe72b9cc3e5c8ae5888fcdd96615636608012188e34bd7c64843a1f61a7311d63c0e253f33ad40406e74c1581a626ffa018c66457b6e697b934e5dedf3bc658467073bfafb0bd81f73420625240b92e606f7daac067748552855caa25a753dc11b2c6fcc2e47b661b661a679ab50078167cd1e97c66c8325285378911194f3814d9c4fc7f463dc10ad1b03a8c146c896458dcc74d8f1a80a5f53de2432a310dd65669e0dc4e0711070e43f4bbdde30f03e2bcf3f8b5a57f5034fc80bd6cd55b56a3c2c1b85945e4f605ab66507ea66fe42c44d40db75979e00fb6bf9a9dda0083465020fb004c14b32c9d97868cf0d6d5a9aa1ba40561a697e5cce2a32dc59731be27e65b5375dc6d5d38b3490aa67801b16d9645e55ae2720d797172cf83047085b4d1bb5a1ba712c9c40801416419ac0d3f86d467857f4f62ce572ef460c912cb3740e689571d76d2cc3e353aeae076aba0dd0db690501e62822a08a11f1868a7b9788db3b3341af4eb4dd1bbd6dd5b3f81bc803ef22917a67f4f2626e427ce990deab30166f8e17eafe38160d912df75a4eff9af33b30d4eebc7cec64624888b08a24f30a55d6755e05d7bc5efa8e827e7564d536819ac1eca38faddfad9b3337c665cb9a15b8eebda55899aa48dde3dfcfd9089c75f2eb9c3ccafa9f347b7075d4bbd9549e57461b6e8772a42a2b05733b37958836df3184b18140afe8b20bfe5fe3b6306a3be8d212c7cb22af885755b53aebbae0e1b1684cbb642a43ba7a3238051229a57f04fb376d1a7570cfc41e362fb907973e176d52785872c8fd53229be2197c0eb04e83ebc3ec442a56b761b2c4e8a693cef68b1d5327d108ad7a23864c2d664e8d91b30289b5ed77fa88ac047bd3b2017b855045cf512d93aae3d9374f76433090063bbf0f54d26844094fd55919999202dd74d7f1f57b91f93432544a0b7213ae73da14e1877f4a6840635c909c3b607e2c3f00604cf92015baf14aa4ac8c9838fc68654fe0b561156852cf8cd24fbf3e0c664fb7ed8d2c967a32a7c43ce5ad230eee44fd11c33679083ceaadad815ffdab2540a12a83828f91a38100170798a6c370cf6e6071a027ddda3eeb3d0e256d8bb0dee99520d719c483703bce4a0a413b67cd53a5cb29857fc873147aaac7a57a6ff4e04bba7da435c72de7337a53ca08f0e5ba4766e02398f4dddb3933e68d0d1dad1e9f46b8463835c668fb466c69a281bfadfd8f5224c45487e4a1db8e6e6528cb2f82e5358055d5c8ba1d8d232e18c5d05ae592c8537ddc467dc7cd3826bcebaeaf55606395f77d5e3dee8b70002ea0582ba0a383fcb3420230b31074fad7967a9ef37906d5e4d7eb37ccd07c0fcde11c1c1dbacfd40dd6ba4e93cf1d129ff05ac7bd23314aa546fdffa341ded7280a9f65c57ebb23f0c93241b878168111cb6a3061730bbe299361ddb70358d45cb0fcfdff2412040e0708563799a15a9267007c4e0d0cd35ea440098653c6142b31087893defebaf9945d79d7443df5dd7732c7f2d94799fa54844d6919010ec1e9f7678575e6821870fec36f6a5a844eb971266a3019eb21f7d8940ca36fce5f1fe478404fce0f9bed70b223dc271ed1ee3d24d74049cc57fd599a0d475a926a9c96e5a4f2b5f99e8c0581c2b4cb3a9b6a3e29ccae8f1b7619bf60fad67e87aaa8af9af480b61bf6a94146e4825a668b4bf37ffda851fd20398e2f96019e06add91f308c6b738e81e953beeacd4c016013b16d4ab064b2ad45253091c45f244d5f00af9926673b9a7b9f17993543bb4c00fb94e05778ef5645133db4cb268a5b26acf2b0acdc4b218623fe18188185135d1149f71f3acdf658abb5e3cfd29dc2f8b6e031af2274252e3012584591d27a7ae8f605c07478eda158995e84674be42175448a295350d5e40131cec817ac34028a21eb07057726997116ca07101ef41e27d1980a57f6c65fe316a33111fb7f3e087998186893920c283efc2d1d63869e41e2f000c6c995cb11d444d5edd5025f7de19f2197eac0cc7339fc157fd32b8125858facd1281054f4f894e1638ba457c74ee0acc6ef51bc123d8c51ecfce84bf9f10e4fcd1552a81e300b2470032f7808a116c1ebc96449a3704b0dfc65c7306d97001204e28ff3c3edfec9", 0x1000}], 0x4, &(0x7f0000001600)=[@timestamping={{0x14, 0x1, 0x25, 0x9}}], 0x18}}, {{0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000001640)="a20936725ca42c9b3863532b325975c64d29c5fe20d6c59f6bb681c1230dbdefce94284f6730792e03c6f347a3b0a73f8401e1728e1dbf740363fac8bb232dd453361dbadc19dfad74c0e465421fe31011750579164e52d7b796e77de337c1b934279d745d30ff8946fe0c137f2ff0a9af6c61a386f59a76dfa4ddb69b0769696969453d2c88b69c5797d26227ef", 0x8e}, {&(0x7f0000001700)="3a23fbdbb96634bc379ac01d19187bee46e4aebef9c7035785a4af5bbf8fe2a3569ace8c9da78fb6a898f320e8e8019c04b0c3aa89d0089eafbb62dcc16e351ab46fbdea2570d132581c2412ac422c7766b7dba0c55eac94ccbb8a556acb6525164897cf05593a45902e7afb4e54bdc47c5195c5bf9602d6c619b108fa3f9c10fc70c1", 0x83}, {&(0x7f00000017c0)="294489617365c0890cc8eb2f73d73f07510adf4503aa76cba7bd1a968862189ec4df6879", 0x24}, {&(0x7f0000001800)="e13804e3252fd18ecc599a6a9e94435a3ac60997f269bbd8aebf05ecb03bab555c97dc38ff619fc341028394e109030635dad1b6acb0d16f7af7a980cb026c2be4d378810a249b3cd5cc25021903e4cc19c2affa3cc0b7147ebb5ccc10c0037f89e485ea85071d50fdf15e108770a51e4ae74405f318b1491bb30b5dfdcb48cdd559eab4758fecb46f3f9a0d9f5e5303fe8b32aeff2f01b303692006424e6e05006b633817f55c2c0860d2f822b1f024808601643cb93a1da7fece2bb67c56c8a3c87aa4ea7418f58b", 0xc9}, {&(0x7f0000001900)="b83ecff046e89f2708f5ec8c0e77af9db56a6e1b37cced", 0x17}, {&(0x7f0000001940)="0db7413278119fb31b83f0953139ee5fece0e11e12f6a8a94d4de717b5b9805db8d0af9fd7e34a089450b7df02ef00352be0e4db5755c9578cfce8dcd03f094f0ee773e7235818e294201caac1a1361f386463adb905560517", 0x59}], 0x6, &(0x7f0000001a40)=[@txtime={{0x18, 0x1, 0x3d, 0x7}}], 0x18}}, {{&(0x7f0000001a80)=@in6={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xc21e}, 0x80, &(0x7f00000040c0)=[{&(0x7f0000001b00)="7c413252dfe6909b598b649c566f27b587458d6aa767d77e0fe1795049b1d361b117707dfa397685c64c58fb84872a4ee477c43a66bc6c67f578eb2bb7b74f5a00f3696a3ef30683a58633f3aec361c4986cb83fca089f6fcce613fbb30121ff8473db123be6ab461f14737611c08441927f0ad826b7f1e3ec4febb37fbd94ac276aff922cdd5052805dbae37f7d88738b9436b15f5db067fce8148e254a8d76eace80fe1319b20c2efe514f63120bf42f055e4657e80e7b5c5384c5f4c2e3bba17007d251cc99f9d94101c79f3210b77084cc7da31d2ce495f1150e5f3fb66d8dfe09007ce269b31f0582682c800f7ce537", 0xf2}, {&(0x7f0000001e00)="944c6f4cf98ac5270db54b44cfb30e2f61d8aa05eb3670f18857c7df2d7cdda73c7e6cd458ec045f9772ab49694f9171dd41a934bc924bc0c3a87ce27c19dda9de0cee07d070f4385a545051fe7ba8067f7e1b623238a3403573ac2710b36ceac7d88b6e2a8d5043abb4bfd520dc5e5e14f0e374bffec444ceb52c5c823f24df104096fb94a4602b80001e4f31de5ddb25432491ec7eec668226b4b26ab86d982c48b48a9852171088de5a6bad4526d5e0e4b1cc38a24faccc495ca1a14ad7c7b7e12db118726944eefcf20ce7432d369ed1ada364497152023a925857db76ed899886f6d29b0e7ee16588c91037e70193b25d1e845001ee405ec86336a8574e63f91f6d9f633b39db1fe760303fd3a5ef734f5e4d2eb6a60ce90da10d26400a173da9ea0e3a4457646f7a20f71010fec3e63f0e0b772569c2452cb1a06e665367e1b0a33ad073965d41661aabebccf11447e049fb69b14fe933846f1cd3a2bba6ed77e7174b123a0328f0ed5a6393527a633116d3c7e4c06b613b05628a83c53693ffc4ee10477517306644cdff395d559606e2538f28e755cfe496136c441a478d399c7c1836a4b5dd26a71cd4f6619eb0ed3abd8c01da724d76c624ed102f754fb197df345651cecbcdcf7db486be72fe0042258f8429c9308e7216c06ae52881befd8e18c82ee6ae61fc57e907533edb19e4b1b61a8c0654f01cffc19745b1fbae463212754c7cb74997e434bc700170271ebeeec64e44d04eecbe7697bcb46bd0a2e212237889c88b7da9e0780da31117ebebd6da76671ce0feec75b32e2ba87c302319d6651f30d22abaa1eb49bd1b00b525a3fcf3a6da279d590023603d8393dad3c091bf05357754232a02039451f2631e883c9b92cb071d69380ad0d1e7378903d7277b3317aba555f4fc6006e0c8bb5639d00b1e9413e25eaaa81869449dd75247c8823ba521e212bc72c49963ef6bd51f596b176104375b88bebe392a1e18c80ed0ad8f322297a2824c241f58c47196a4782506fb28500fa19397fe09f994e685ba0529e880c051749b8f284d12aa7b7b7e4b549b61cbb5c482349bf265b236c8c7a26a61c09e622597782a63c7e7e881bf4196d859ebe1bbfb73522f2140912833b54a37dc362fecad358d610e35ec536425b31b20e2581fcd01a52a07e986fa54bbdbefe5f036d47647e088c60081250817c3e89408d312ef4f43dc899f1960dcd7138d3a57dd2ca612d48ce2e00989669da912d7857a643519413d3b019e62dfa10a0cebff2e7a36ceb611f542012840eac15fc84b14bc476442b783028bcad02e4c84afbecd2a9bbd604a8d98400497b1b5c0153eb5b47719b2114b07b6e85a5c94074f5f9aeedb39216a41f1dfaccf3b0ecb378422264883b81f1db382de1a90556c3ff55049fee82d05eb4d240f6c10d50e7f932c968fe31c62ea8fc3b11f34287b437da0ac2521e4882d233e38a339efe127e58c72550dc7dbfba71b3ed28d0d63a8d69f68796e71527147cf1552fde6d9a9f3f69ad1d6b74c5f9d4db5824bd4141877cc60720cddbf0eb8a0a1865b10cc0ce5b2ce1a27428fcff912f67284ce0c7f783d8f82f0bf6bfb478ee0ae21a86179f9ce74e85a7da42fc4f32c02f06534908065f271d82a582826d778d947beeb0bd874e1a861773242195cd88e601a948a83ecff050580426da9a688be7609732108bef18bd940f4246159d1c39de72c143968b8b70c6aa474698ff383ec289b25b997a5bfac2059f445c906280253b9708d781e874e6480da74ec53e93924684f9d9ff861682dcadc3d94ec91a8b6f6f191509f5a29470ccdbfae1c1d37962cb29e065e6a5f4c03a1f5310ee5336c1178c967d89774668c4c914c9464d98836b4b77732ff78776be758cc8a1a7ce66699fb689229fa23c9f7da18cb00d6e636e0ce3c4e940eff427245816744f1bcd06a6e0a4a46448a0a76b87ad138085c27f761343903d420e1ab8c6fc295f9588497a9e57caa76bc8cd91c185851b50b8617e8a033f417023242af202b34b536a4db42aceb2889ea3e32c33f64ef5148af9d5e95db4e49e109e2860a8260d10344caff346504606523d52deabf6f6cafbeb18f9d9ed1f849a5a513cc6f958ef9149b5334ce7475bd159cf56e09f0ea621b058449c083c906e783663ebc8135bdd4271cc83bb6c2b2ba621c412c9e4669cb35a745c8b90c3a921384a80979b13fe58c4d8de1978cc98df580a2014af4fea3969af0af5c4f93833fcf6f6724b945c72b0400761b2c7d62b80b67389af08a65fac591f776465c0d58ba8c3800285129b4807a627079972c66b07d25a134d3e4b5f6e15f570e1f86b291f74d5e466c04fe97c9aea7752791287ba1c2bf7cd202788e43b75261c21b2927d19aa426ca24fee349133fd1d611ebe250a787448143898e11c6136b19ba3745b9b1e9be5ec827daed18cc0db4dd517066b8a408337d3d99731dc0810495e8c85aedafd5a13f3f17820f76fc5172cc7c8ba6b6547905ec1035dc30eba8ff2ef8cdfc6a0b7eec9ff1834fc5030c739129eefd338ba8dfdce50d5414f7b6d71bbbee05c985737e049d5ffdd424b1affca3772bf6a14d649e23f24c8eb8e6bdd3be87ca039dae6f310fb977fec0d06ef72c2259a049229465cbfd61de48f75aa04df8f8e151e77cf64b64ec21bd5229cd07d7aa6f965504c8badfe5c1bc7c382298bf63590d454bad1dcf78d4bd9a6c17fe255b26e77c20bb75c9c9261fe00eeaf405bc3ea5e26bfde0216db1762ab9f642f3d2718b5cabf23b32dd223f1448566d4a94984415ecb293d8570b9d768f72b217f2ba45e656295c13f1ececef5f69c133fcb2fd8dca2623151d937d0edeb20021aba3bb5bb828e04a7626792e9321eda8bf5bedf8554899fb5d661a2adbc36e5dbd4eb2ba1b4a34cdd298a70ceef99bac4ece36cf73de104b11b47a1a8b05067b5d727944250da23c31f61ec956c2c8120dbaf0b5e8b8d2f167c24ccd83b242c878b566b9b3f47ad03c4005a854d436e8a38e5d1d49b12e06b32491035a77e279963f4a1c1c233c141ef85b5066ad7511505bae7be151559b77728b4a72b8c5990a5857b1dce69dcd2cc86841d93b87654a146caea724bcebe5f5a482991a512da0adc80bdd318fd897b40d838374837af3fbc3b5102c6c9ea256b96b7af9d492ebc86c28cbe393f32f652b24282169007638264ae4edf30abb66147e17da0a83f27884ff05596ada687e56993705839bc6d26edf5a9c71f38a48fd8b1a7672943004dd3081e359600ec97fd561207c1f467bac7ae2f6384d9adf4d845e5f6054505701b30d0c522e0b93b91002545ff42b3213b8833c8fb1b22d479196d34e6ec96133f5a2f9edaf21526a4cfc7b7f3e3283335359a578ca963f4c78397dc3331c2f363df92fbf821baada691e1665e8431cb3c921ba833ae842aa0b4c0a25a007f1a9131a0544a22a2f58481d3040909da706c7e2eca015ccec98d638055ee0059337011473211eca2eedfe23e6134a0ff194450228957bf9550737518b4b2dea8951c77dca0b515f5fd2f18e13b937ebf90eb8d6e8b20bc8ed00973b2747c4275db447065ab7bc30da4722680ce0c7c1985beffde67ad88cdea90f8f79f9560d512e19d195cf4f15c95d45e187c0062d7419c9e315bbb16bac3f0f4714386ed98c6202a43f0a293987cfaced1f925c064de4ccda30226fc288a298c203760b97e78ecce1648706d72c5cdab2837c0ecab659883e3cf44b163c7c460f6ad93d8ce53e4f9d8d734a633d4c3a72d52a120252feaa1b0a7ad13795c4656f2591c25bbc60d9d6c4f6b430070c01ce151d325bf7a792ccedf6ab6476fddcfb5ff9b8450361babb5dbcdc55d195ecab6fee026f63b181b24279d5425c3147750560aa8a5a0db0693e3cb37455a66ee5c69c9b8999053219d36683c4eba944aa53acc38f43aaeb9e74b6ded4302ed9d3c38d91d9930c5c6cc2459cb2d45de03dba3980748aa338208cbf128c9a622d8313f4ec51d0063e453d3371a5cf35d83fb619accf999de4ac7608eb1696d06730b014aea700d746f09749c5904e06e687f8a285d58b4dea25440b8aee1821da9d469f3cdd05c6e8685357114fd4b776502418ac13a7e7da6c979d02159511de678c8a20b839602146d6db0d2ab0c2ab9ad22a7b6903060bb66d398665f0a6c7bacf19bdf56e75e4156675a9e27798a2d41d84e6948eed4a8bba9d17fecfc2f9577b9e2c3c7856ba5f3328521ca14acf6a6fa30a31a6a0abb072c5947f1cc5505ddaeea3c63e232f6aec7925f51e60f3780a67a38d33ad20385e7591b21d33c675eae34a6b960a8dd73f8982cb6c0667df31a39225109420cf8ee010ca9fd380c75105497108cfa561b607b96793d1b3b9cf41de76a2988309518f93d178c0c3ebf8ee05a5dd5273cd5f82d0d8172e0c8f78743b0c5c48dda0a7537aa0d7716ff268c0631d307b4ad1a01c98699828b154979cac8d0c1f977d37a26ddbac1a99fd112b46202c71caef274908af54a458f29ffb64ac1a3b046050001495f95db0ca2c2f30c94ed0e03cd9ddfb0f078968ca30dab1a4833a56489d6d4dd53f524b26502b4e9ded172b878006b3547b15d26431b82b127bc8f448d27d8b9069dcbca49581a55d2f50bcb52b43fd2a44823475ef9d49602717f9f361a1a92d011f2e08953dc29b35c5790d2e0ada07b0f92f266fa3284ecc50c6eb941bde546059b1d6cd3313f6d79147634963226cfce7488528fb8fa37fb938e49d6a7b0e0e02b67a556acb777bd5b25770d4547e7abd6a1798bb7d4950c8f0e8833e560106f002cf1c0a4ece18b9b4a0e643054ffdb8ae292ce835edc1699cd790b2a932ccc6acc44883ed7d944b64d5b1a9473d10845a4f17befae0be111d41f8125f9f7fbcd509064da26484612b9baa1690639bdfe5a96cb105bb1638f6244864cc1331e127ae696cb8b76a6ba3a9a0aebc228db5a3703ffc3ff684c883c324821b49655a7c5eee517164729c0ecb23e0a83b5314778fce10eba9633b072aeeb2a9eed00b3c038fad92b7d50c2d60690a8421c5a4f34c8d7cd15188805133ab4608a9caaa51aac49bdfa1a587aff913e738809f2fc32079d865b9978242b929dee33f324c442374ccc2cdc6af24245ec3609a6f017ac1e1f9f7fe249b0d10cc018771b2403355fae2261454dda03071060ac3076ecf3473af305e6339884380f70ea5227d7fff2e755a3ebd67ca52de491a3d03807f7b0626f98f161854b565447abffdd470523d1d64d83231de7dc3c9eb77ce8b4b4d7e425afead6101d3ef24b668d40ad24d69d0cf353661099641e0cd643ce335be4a16fac4d602e9da4b0e89683d27b3b49c851d6b674fb8ab0c2c3170edbe4c1c5952fe8ba077fd5fcb3875a19904dea3bfffd939794377e007eac1b07739d66cde405116f22c55cacdb7e0c37311ca4478dc1abf68b307d13a5e9b84be9c0e8263efae5b699ad082779e77a15d5bd458a21f35940953386efd260827c166c134c1bd2ceae4c0a385c607f062b99e0a10fea4952dc49ea93b1ba609376ae166a2f82330f3641ac8344b505b6a1cb9449d6886a507f0aa9cd2a6a3630b8c6b03a7fbbe18d9f7f54c68bd5a58283fbafad5e5d19e7564c86fc58abac3f47d68eb080ebb66b4a0231962bc1acaf267d05b6857cc1172b76101e817f573b4208234ff359ebe919fd2399a49ea129a2be8a87e4137948e0f3bd89b84934b9aed9777cb739666db7c8590b1be6cccb12cc3", 0x1000}, {&(0x7f0000001c00)="fbb782edcc13a7755c9b11817ead4b55c4bbf0727068c044d4fef3929ee73fd997f7bc8296d6f67989d96d7916820941b7d29e88ec772b5455a700de3bfbfdd4d45320f87865f3621fdacbb6d5eba3698dc898cf117d2620a615d933fd6a50e1537502f611200c904a29", 0x6a}, {&(0x7f0000001c80)="ea978dd0f51dad15d25482244fd3e1bb8c2a3ed8c5d67a1414dc1b84d1fa9ae0dabe75cd3f3c893264c6b08ae29557d18f7874bd8bdf881c1aaa2c1ef4c729b97bdccfddcfc21171d93bc6112b7535b0bde6eb34cfbb9240538b69c6ddd2603705ce17882b74ab40a482df269a9632a08262748fdd7bf86a2517e36427161aaa63aea43bc7aaa664f03ee0ff53496e5de9b4e9d76e990d5b03547aa9e39a3c78114695c4fa64e3ef9f02cc2cc5", 0xad}, {&(0x7f0000001d40)}, {&(0x7f0000002e00)="25faf2527c07a9a012393ad6c85c3256d35bcebf6b71220503f217942ccb1e8f5e223aee4098835885c695bf2b575450d260f397f5d7312cd8c173cf9578aba243c742dc47f18511e2578c12096a48913369682e4cdceec3700d9cc8d2f16274a7905ed1b4e60cb31da80e70ef3eef1aec332f704a968b7a93262f566e397ddeab624990c1a061edb9b2a3fc19055035a0a7709f2ba1e0b21d81ae6634ca7a81640a9360bbadf4e2cf4896579c53b6091c2734d55b749fdcc431fa8ca5d56d55bd8f1b1f48134b254331260236487d218d69d47044d2e3723b8c66d01580497f43b12b7215297bf8a3f4d0b25966f7704f8b0fbc27bebf6e459c4b6b97e16913a736b2c6e5d7b6f740e0e5f2505200b6dab699c58b165094b3ad64227e469e6aea626b099707f5b5509de0ae0bf83eb5f53a9fbf7ef156f02437f358887fc15007544dc0aa9c4c8ec8ea42f17ce1ce705e343ab2440736590fd5e92bfa4944e088efecfe054255789ddd86b24adb33194746184b48df3b625a1e874a6bed12c46d0d2ba7d53ef9ab555edc044212a20ba643315a0de8c1080293e5a1676ae7a4aba39e82c038312adbd3885c50cc574b7682b8a93210301831a32a52e3c7918fcff2a248e9379024adbfcbda66644a3b94f9184e830ec3d507d988f892aebc3bad6cf1f08aeeff026703b6204cf24f274e05c29d4b51f08c241829817040512c400a1d5010b327864c17fc827166f8f13f1be1f36b67b7dc92d6138575b3c7909356af03eba3fab5bbc9c80f862cebda319408d0fad6e7f4099a0b3e98c0e115248e48fbc2d26c00d3bf736b6acf15854b6c383c5fad697953380696bc94fdf46a5086b6b9eea8499249acb1872ca0183b56ae576f2747586ab472b37e696b913c813459e3cc37c128f0deb2a2c03de52461a5217f076bd16cc82d717dedb4e5d2e81f794c93f9a35f8fa5ef0bb0fb1a0e13d1ea5eaefca238779c5a4eb340fedbd5536c903fc34dc040141990d3e17ec3fe62eddf75b1234add153a13e342f59dde8ad9efe5fb7d87abd6a2fee2e45ce21d0c1d926ba11c841669eaeac773b431e2667e4b4033c0d5ba70c5d4264a6d5475e078c5b08fecb746a3a157debbb5805a3a2a06b68dfb0eb9d949cdf3d454f968c7f3d6cf163641229ade8fcfab2e8b5d071efa75cf8ae8da4c65a4903131a1334b6fb98241b19c1e2b0b4cd3e2bcbcfd321e1416a5a959382b56e8bd4ad8aa041512cd0a825bf7f66c2af726978a7aa760465f65dd98f54b637eacbc1e61ccdc41b24b3abd5cf81b4966316311443a722150becb9533bbaeb9aa534c5e12190c9b648183ec087949baa03850908409fa12d72db4279a7fbe2ae63681cc8744f4219c4ccba11e6c488b8006a3974f8ceea6372bd820068226e1584cb6eee839cf3898c2b0edfe106d4c3d0ce5878fff80a0cd56c4967cf00c72bab64112ea36ea8b998e7b586563ff0c538d66b6195ff7bdcab055d43cab83210a06a21a50af98a9be38ca8c94d496b16bf8892e81c1eb5952e2d6d17d39f842e7d1dff6fa344efa536fea01f3a3125bbca5f5bd723cbe845b22e0088ec999a19c7245c421d79df19e86cbf337806dbea009b04dde2f590801b6c7bf3e25bf05f257e300c81f83785a1c465ae7330189fb3f8dd142f015d70485b73b901c6c87b33546e95cb173ae81fd2744e86bc244763f5040c863a0c3555229cc7f5225fa42cdd868ccdbb85282ff740c914ef272a850a2130909794e0469848cc90e4afb2d404488bcb03110253e97aa8dcfb0985f46019cc1d15948842bbb544d8eb65c58ed080096a2d16bff7c5267cef48c67c06df740eec08a561bd852c819a577189d276ee57917c1e49c3f61791e1ac1be35ee4898b72e397298a33447143faa39af4edce6119fce08ecbd83f25593a3e32daf459328dd9acc4593a2abd6ae13d830e3f06211e71c37490cb2ccc0d46c3bf87b2dfb447c12c7f75513c701f059b78c93de054746f64ddfd0ccfd0160c09d95c102118c2527a172cfecd143c17f672d8c70bf72763b859087c769d7af4778d4861703a55ae491c298a2d09e2196182d338929ebcd79b3905fd485c376be4ff2696463e2733bfeb1e7dc0d01ddb2711e656e03e0e54b2b993f26e084e458b02c915289c22ed281cef1d4ca663c895aecaba414b5ce6dbdc90818c4cd96485695a87d8c0990b5a998b3a3ece78d1e739e41397f85e3e127a3e77a70346131f81f41bfbd7167bef910756068fb45fc1a0bebdd30d18767d23549903357818ce84595d66ce6923f9c5fb15300e262065d9a6fc22fca1268345bc0eb070ed5ba6765969909c208a4e6e79fe0ef7844f677419b957daadd25d000c1e1a89c98a2c4af16c25fc6329f4830b5a24a37f9a3a86e74b8fd45da207a115dd1df74561c3c0d2349e2fb31fb97a7719055327150e3ea194a39da434c82178e8bda500ce03722dd81675844d57a69571e12ab837cb0a6d5692c8366ec951bf842c4400366adb0ac36b1f3f5bc4fb1507ab7fcf16b0be5737aaf3a35dd547ef535bc362880ff993dec6d785691c210f3d49717f3918b236d104967c2e337a80dbf353bd9ffc7c340554389fe31e6912773437f7e5c5e3964c97b6ea278e338a71fee37abde5b600d879e022bcfebfdf19ddec10ddee4d54d956c0eb8fd3f19b11822f46fcac6ca92b0b1f05569840dad8905ad86ee588ed47c122184ec41264918ff093a032b6589334dabe450bd733508f6e747d151138cfcd3fe953b8b06b3a7f7dedaddd057b308e0dae0a7650db408a88d872e4d1ffd855ac9186945a35a3e502a9fac495e17148fb6ec0b43d72b568dcaaac36cca01e2c8ae4f92b54b365520736c201172a9e7f552aa085e6507c98685c06a943a216ba9282f7a4dd679ba526644693f92fd77200a1ec79fed21c6d4decd41ae332366d73bf10a2121e578980dd54383f488d1f3bca2c0941f851ac112ed4a1e2c32443528d42aca26b708f828d82f89f08bed8caa412446d40c72852ac006ca0704213d6d6fe999f415b66b740a63738c52da9ffcc46196f2bd9effaf13e3690804113594d27c0c6b871ebe67df7f0e994d91ed7adf7efdb687b2144405540e1742ba05d412b6850704686078742f17e7e9f8e3653e329a3c59b48a5ae43878401ae3d3f343140326f9bc177e48ef94e4b90648636eff51e48449b6952016ede5f495bf6ddbbd0b05b9d3f2266d6f72828c60a9fa4d97c26aed808c1a16148f862aa72cd072241abc36e73ddca2fc78b7830367da23c622bf66ceecc3b7275359dd37516456a1de2e79fb17e0be04648cb48bbf1c116c747940f7231b8986e9595eb55459a938dc8d61495bc5799bfbca63e4372ae524dc1ba06f05e994e314fd6a3a27c28795a33c0ac9a8aeabc09f07f3729a94fe32f98cc8adcd5e059587e19d9b4261e0fb09a3b2f2d9d8aedaa7aa5e479a33c6b80d34dfcb9e3dc43db87263c90090f2c2b6a4d675e9bf2361b41b9fe1bd31a4feb476a4e2296d565804657c55079b627e4b4b547ba8fa24ab020af0cbd4285cc721b0b0ff6a9e6da17d6860cc28cc50af259afd8352f1984c7b77184141a3bd9930410eafbb39f8be82ff7f605f3f35d99d7612e55e67f7e76c438f0b810c78d832cec5de75c50aef1c753dddcd7f44686a7cfdb7f88b7001856b6d6ced3e6f9a790a8406c6c1a42acf656f7c390eaec6b7aace606b8f3c9bf993405407fe62079de456e7ce1b300dd51c360c0c66a432fa55d5f3d64952d47611748b4446892783c402dea775ef59f3c36ecaad8b9f2053de0461baa3a1898a10b29058e422741a8fbe7405c723cd07d9ee93706e5e91dec53cd7f3766c4d2d435ff07441b53997c3165c9faac5ed69b93ddd4e2d1a3df2c92d105633d1c9e556401b52cbfcf97008ea542bbbdd8eb3071b265fa6a56932a9cf6f66491d7b3bcbfa4e46074a4d66ac4c12c85845a664be311e16545a43a035a96e272f6810a66bf762c59e71d016f72a9c3f429f6f28862662fec4217bff2b8adc5dbdb49ed3d57c85413c7e954deec5b44c19a15ee67a002dd9c8fb7b9f32dd772d333016ad5cc6197787a57130a42b5b7a82a4cc21233a6d2579237cc4d4cb94c37017a8c459209ee7302dc7f26123c2b68e70a62d5348c6ef9be86856fcbf19bf667953e6a84e2de6bef8139994d6287d442a8be2e8c507ea011dfe027cd81a3a7f631f986abd26bd55923aad7f3441c1875a814b987e87b2fbd75875a18dbf0a4a6a65f55c2bd7714d5f14cabb77fa6e5cc959ab82f2827d32c6069d23fbc32dda968438114fb65a255fb29d12746dad2a87d5ee9e95fade39ca01f23c2136d1ebb9f9c203a0ef4fbb520eba4518d2dc7e876c7622c1fefe281cbc1c6b73d39764eea2791851fb8b5b8c432caf2bf47bca5f320733a1a45291eca4304b7218a5e5661dd5ffbb41d197622cbcaee298b025f2b2152cbc2558ad6043e842898ac2716a100fb02fbc799d52554a89b34059ce60341d0137ee1d2b999743ef191c4d278ff6119bbf36045f356172db0286da639049b95525883c9585afbe68f442b8badf231f233dcd064c09bae25864a7356a8c393bcf77ca8d62888d8f83720b8a135cd093c024c3ce3b235a1c78803534faa45e296327d963106db3f3cf1d319e10e553695e134b679fa7e1955b98018b50a79d5e26a5bf24b8b63e78dae968e41a78b5194e8e093c937261c50998c1e197d922b300e0ef1c6af945d8e7556f06ad486dc3b63e13c9fb218dc506bf9e8e74f2a1a9953fb1a130c5bfecfb1f913e98459afe0181e8ab9cdf52507d5d3a70ea8ccadc071ed2952bda0362651c0ac81835981e0d8f81c4ca7d773a12dfc9cd62e1929736132e819a185181d56610fe0e6d33099987782a9cc1e68609a46636ef85767011c899fe00dad493505230b90b7a3ea57f6e9c0fe206b554eac46fc45d8601465a90624629c9cd8faeec27184d1251925c6d5efaba297aefb3452999fbba8a23dc86135fb6a47956dc92409bae4e8a0678900e985b240747caf79b76c89bc83c2f65fd4c849da95e6e75d280ee6f3f071c4d6315b7f263bdac1baaef3e9bc34e98d6410514ece70352c8a30b4bfdce7fdfd8523c7b7ec3014fe1c3cbcf07f3efb538bc469001beb1c0caec7824f92bb3f94b99d700e263d16069ccbcc56e343993fc6021769ed18f72b32f252ae44ecd7cf66e8de83994487a38f8885085abbbe00b8da9e1879ae2ade6762dbb045babe8319e890ddd4401accae1da5e417466ab3dd90a1640f132f821494b9c0c5a762c539930612d968275e80255abbd906a61a5c74a7025eff8de7487e02e6e95b275160aff997e135742ef46f678813053c94a8a8a94526d6a09d0935028f1cb25e2128b739417165459626ca42cf707e02b00cda41d0be2703b0cb05556ebbbeb79fc6b4a563f8001c215ab3d0d27ab0f7fe6dac59e4582e630b8a6be4c0e2f84725ca47d286f08608387fd9eb0aa2631a7b83b63aa2e72921f8180d4b022715102019f5bed72971a4ac1553d1fc2575159b970518e3e5b3dbac94de6347a8883c89d38f493d763da283494c6fe4d974fae6b12d8862e127b9de93fa6d0bd4862faf4d588ca6e4ca0a14c74eb205daef1ea9ad2cf4fcdca40203d087a20f83f76e894e976e968916e8f329234d766e96294fee8c50a648ffc9f7fb01b8b43dc9dfae26991c8e76002d8a741e9c2c005ccc5a398a418eaffe9bd52ee5464ab8bc9da4275274b", 0x1000}, {&(0x7f0000003e00)="0e6f0682d59f62ddee7c118c4d69ab66a6891b771e6a9d864fc810afabd35fcc34aad00ddb5732157cdb43951424ce2eeee92df84f5eba077cdde195ef1935352c5951a178d6310b0a86bb5b21a1c5e5f2c423acec3ab09fc2b5509687b1753c8abaf74870785fa0b7004d24f997d0058f1c4244ad5f", 0x76}, {&(0x7f0000003e80)="bccf2844f2fc085865b88b82f8c8215909a24ce07bdbb6a3cb3fe0c4cccd762700a88e574930615d61b40eaec4adfe9ab63a668a89200d6a8ec499e44b11a73c8371d3b2b29e2baaedf9cde95531d27248b55f14baf80421bf58bc1826346659038bd1ff9fac0935980801a037febca8878c4a1862ca0ee84ed5fced1e6ceefd642da5825cebacb39f2d4c95d8123707b34c8b673cadd19757bba28f30168e", 0x9f}, {&(0x7f0000003f40)="72b9e4ec214fa9dfc735afd5fe2c161280d49acb3d41bb8bfe7b7109a82c86dadc13287b111d34e0a6797fb18452076776e75c833f06bfa97a9344fc141e95f94f7338f61f485f684fa4f41bdc9f8f5a6ea16a22b1483b0f4d332b64d89d224ba4637999921b3b594f6c586e495b79826d6ec6d92cc0ff23059ab17c3a7efe86cabbe9db5f3ea06aef8aebfe742f626352bcc9dc4fe2dd3665311f15b0ff3a1128d821a36acfbfcbe45b3c9d", 0xac}, {&(0x7f0000004000)="d4ff120def59f4f7d42e4872d8f96fab3c493778952038b686570aaf75e2d16bdb12ff111a4af3743fd8bee999f8b07e1056b965026b5a5c39f65a9b0f5688d0347d724c9d0ce9bb1a4e44d44ffacbf12935f4f9aa3d04298b93097892ab8d194eb6d748e08ba000c46b0a114ccfe195a8da68359ca3e582a44ebf813dcf4bc42af3c7131139640c89445104498cc6c72eb2f1c0d291ae0c417f19f522ea902f2146b81e9f9ca964d687ba417b", 0xad}], 0xa, &(0x7f0000004180)=[@mark={{0x14, 0x1, 0x24, 0x400}}], 0x18}}, {{&(0x7f00000041c0)=@sco, 0x80, &(0x7f0000004640)=[{&(0x7f0000004240)="5fc832a8877c4933a9ae2660eb263d0e7186a4fc058611a09cdbcbbd87c13959a86c81cece23614c572a3b8ac02a80f9ea043205670ada25a6de90c0ccb04d5f0ac0a82733871103784425b03c2630d619f10e1548bead8357271093310312f81dc5122e38ec77974a24d7269ce27af9335c307378aca883ed9d6be834afebe49adfd9726cfa1ef61e426b434cdaf9a3e62f117847fae38903a376a7c14381513ef0ecfdccfc5ce6a4b93ddeebae19eb4d5583521624a9", 0xb7}, {&(0x7f0000004300)="09cef5576de0c13d324384f2bb7f926c2b6f3b34796aad4fb3bfc4d891581e1d643b513f125396ee9e916ae96aafd1af2f8453733da2db2ba53fee45892b0c368f3fa781b730139f0c3e7812e816c45dae0d6c668ebecb874343c6bc5cefac2960aab3f28db3f6ce09e302c42f8b34e1d7e0db1cba89cce062a1162d8bb1f14c45172a5084ee9b5527e44da2192859d142695eeffcf1c284593b426ee16170d1b26e", 0xa2}, {&(0x7f00000043c0)="9d44dfca3bd547e2b21d08a34b122f8adcb306a1716dd956672236224b55ff46cdb6fc387f5656e20db40db31be86fc014bcbc8243412cc502515bdfd5a4f9aff8b5f31f6a6c3fce12d1767b70176d80ca89b6860d358382b4f0542e1fb0578a2beb5f70ce468a6382c04e3c027f7367c399263f9e9de12cb1da2e7c81f70b68f6ddfaedbfa980f2df9df36c5e07436848478f99dc959375fdb84a42db116dc1f479240c30e0ef09", 0xa8}, {&(0x7f0000004480)="825f203d299298483bb024fbb737d5459b7e5931918185df997da7d245a1", 0x1e}, {&(0x7f00000044c0)="ec717b2140a4b7a09b920e06afa52a03c2710b3e0142ea7fff4a7a03126b32c7afbcd98f892f9c8c7e4165ea05cdbe12221c3fa75cbaf52ce1b78ca18a0f96329e9549c51a24e8dbcfc1e7e87f8de8c62a0d4b88324835d56f95ce26ae925dc0e376d5f931d1e902a08a307c89eb45cd80cc", 0x72}, {&(0x7f0000004540)="d465e3b6ca53303e46770c1cfbd4cfc8eac409682919c22539e20aac7329659d909be5bef9ad1acdd8c77acb012b51bd871bd2e97bee0d501f2b3671b16a5702a37298ac98bcd74af34571c85bf1ae4e26ee7235ba8d0af682139b2ea28894a739348c66d9f27919b6f5282e892b580f4afd76225489f16e973fed78b68d1deacfcb8cbfa2df7b4aa400b4d6b3d39b3ed1399f5d55392a64bea5edc42c84ceb72f43480a84fcbdd75fd5ae5636aead192ce72a6e44d3a61049fa726f31730aa2283cdb0491297caf627ccc", 0xcb}], 0x6, &(0x7f00000046c0)=[@mark={{0x14, 0x1, 0x24, 0x6}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x3a}}], 0x48}}, {{&(0x7f0000004740)=@in6={0xa, 0x4e23, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0xa26}, 0x80, &(0x7f00000048c0)=[{&(0x7f00000047c0)="4f42a359d55a2eae2b6fc92791502da02624abb4a010f9e618d2a47214a7b4ffdeb00bcbdf2edd2e1cdbfd0619a4310d529850153c03fb13d0cb48f808b9c09b28405efcc25ed2471ee0727e14be26b6dad95ebf29a6d31a16c20ae964424658de74889fdc6cfd83b39b22531d5dbf41c2e95ba6696ee514d9861356436ebacbbdacb80bb1bdd3416ceb1e51b6100e6929a1ce9055782082ace11bca7839bff949de4818c8582b04f40794cc1646c91fde9efaf97521a1b0c0c3f8a2263e38180a5d4ec8db2ecb5a93ac5a05a3", 0xcd}], 0x1, &(0x7f0000004900)}}], 0x6, 0x4000800)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51)

18:09:39 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x800000, 0x100010, r3, 0x8000000)
r7 = syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000140)=<r9=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r10, 0x0}, 0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r9, &(0x7f00000000c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)="930fdef01a2de30ed77c4d78e6b5efd5e329f4337903e56f4f650d48a6898edb5a1100739daae3d0624d13c9d998e9d36bf7153c665bdaa6fbc5fac6e66f269e786b95cdfba406bcf1b38ea587dcd1bf1b8c2d56b035ea82f8633ab3ca7a8e8ed6c82286b9f232eafdf47dd01ce25be0418453990755414a46e3f137770ab0715c75e2b859983b1e1ae89a7d86c18cf1ca1dc6d2e28b3dc3b087f010a2a590a914a094f2133048180e5c56a4e2dcdb25b5f66a0146f743b8824c03e2b8faf38d822927e37315340061cbfd66610e3f00cc558819c71623fcc177192c23", 0xdd, 0x10000, 0x0, {0x0, r11}}, 0x730)
ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000180)=0x400000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2803.920146] FAULT_INJECTION: forcing a failure.
[ 2803.920146] name failslab, interval 1, probability 0, space 0, times 0
[ 2803.922827] CPU: 1 PID: 14403 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2803.924249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2803.925978] Call Trace:
[ 2803.926535]  dump_stack+0x107/0x167
[ 2803.927290]  should_fail.cold+0x5/0xa
[ 2803.928073]  ? create_object.isra.0+0x3a/0xa20
[ 2803.929008]  should_failslab+0x5/0x20
[ 2803.929814]  kmem_cache_alloc+0x5b/0x310
[ 2803.930665]  ? mark_held_locks+0x9e/0xe0
[ 2803.931521]  create_object.isra.0+0x3a/0xa20
[ 2803.932447]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2803.933510]  kmem_cache_alloc_bulk+0x168/0x320
[ 2803.934474]  io_submit_sqes+0x6f76/0x85c0
[ 2803.935371]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2803.936425]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2803.937448]  ? lock_downgrade+0x6d0/0x6d0
[ 2803.938330]  ? find_held_lock+0x2c/0x110
[ 2803.939164]  ? io_submit_sqes+0x85c0/0x85c0
[ 2803.940049]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2803.941039]  ? wait_for_completion_io+0x270/0x270
[ 2803.942047]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2803.942995]  ? vfs_write+0x354/0xa70
[ 2803.943761]  ? fput_many+0x2f/0x1a0
[ 2803.944520]  ? ksys_write+0x1a9/0x260
[ 2803.945329]  ? __ia32_sys_read+0xb0/0xb0
[ 2803.946173]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2803.947270]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2803.948347]  do_syscall_64+0x33/0x40
[ 2803.949141]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2803.950214] RIP: 0033:0x7fd673b8db19
[ 2803.950987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2803.954794] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2803.956376] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2803.957865] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2803.959334] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2803.960786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2803.962262] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:39 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e21, 0x7, @mcast2, 0x3ff}, 0x1c)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000340)="60dab110797724d907323c0091e969960bbaf2906f23af39388a525ecf9d16c0b811762e5e96902a5f667ee5ab5e73534d7b3a82f43b45b68005e7c4f85e1a4d6d135a02bd4220e59525567d17d5204769b4ee1bea68fbb7c5be9d11285ae6825c8a62d43de9958c4a9f68b9dc7f9950e1476de2a952c9d6310964abc9a1855b25f57cff6e8b467d5edc6741ab0c8a471d03fda81e2d4aecfaea86cdb8ab87eeb098edeadbcd1775a66b3b3fa5fd74093d3b4a2f34d8cd03236a3013ba973ed228a976443dd530193748ec3dc3f4f50693cbfa3fbe0fed840d00509da95b816f237ca1f350c04233", 0xe8}, {&(0x7f0000000180)="0c5d665768e5ee0702f43d3ec1ae18afe3cc6107474357d25bb5bdf81b7991cce79f0b0122d83899458a10ddd74afdd24424a83e4d6c3f019281752b0c8cb2da428ae8c318f947fb0f28e6129c721f64fe9025629706cf898fc8382f6aafc7ff7b17289180d0fc90aa280f60f41184661e84c39ffb", 0x75}], 0x2, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:39 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000400)={0x0, 0x2000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
syz_io_uring_setup(0x2ad0, &(0x7f0000000240)={0x0, 0x9e81, 0x1, 0x3, 0xc, 0x0, r0}, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000340)=<r4=>0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
r6 = syz_open_dev$mouse(&(0x7f0000000380), 0xa5a1, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f00000003c0)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x3, 0x0, 0x0, 0x6, 0x4d29299de12674d2, 0x1, {0x0, r5, r6}}, 0x80)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x4a3, &(0x7f0000000040)={0x0, 0x3a3f, 0x1, 0x0, 0x76}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000180))

18:09:40 executing program 6:
r0 = syz_io_uring_setup(0x607, &(0x7f00000002c0)={0x0, 0x0, 0x20, 0x0, 0xfc}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r3)
sendmsg$TIPC_CMD_SET_NETID(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x24, r7, 0x800, 0x70bd27, 0x25dfdbfe, {{}, {}, {0x8, 0x2, 0xcb}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:40 executing program 3:
r0 = syz_io_uring_setup(0x1742f, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x23}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0xc7392859c80bae2b, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
pread64(r6, &(0x7f0000000340)=""/185, 0xb9, 0x7f)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r5, 0x58a7, 0x0, 0x0, 0x0, 0x0)

18:09:40 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52)

18:09:40 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
r4 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r4, 0x1)
ioctl$FS_IOC_FSSETXATTR(r4, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
ioctl$FS_IOC_GETFSLABEL(r4, 0x81009431, &(0x7f0000001380))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
write$binfmt_script(r3, &(0x7f0000001e00)=ANY=[@ANYBLOB="2321202e2f66696c65302023213a275e7d202f6465762f736e642f74696d657200200020272d7b5d212a5b5d282d5e0a659d93ee404010c18bf8143d2754458bb8d8e98568157bfbd34523d5f9249cb612440feadd9f066397946e90276deb6e6c2b0661869f4bd22661f45d677508f0591d9b51db5f1ab11eaf02ba52a9dd1f4430fb3e63d7ee05712891827700dd24f85de7868a06837bd5f7fea5d19a49595197c6699623b6edef497b2ed64227340e4aecd02fab06e0b636d04cad836865405389868a940055e36b5e84c7b8179721336da6e9b53978c32a507f96ec40c098fda9ac98f574ca72ffaf113140c286dba318ae37050b8d532f9acd0e0d06d9c33c36a975b8829210864e1bbde70298d6da90a1adf4130f64382d8b3d4738bb95a7eb852d6a2b09213237c3e95cc542bfe5a9db272b747025c477aaf1fe25502f06c217fa4582a83565abeeb0a8d17cb1afa417cbb82e3e9ccded7858da24d55f6d7896906e6b0f344ef722c8af3e8d06a6b9c554a92a42722ebc4444c1a9203aa3bf2c657a0eca9ca62eab449ad5d388b8d005d7a61a94b2289f642e1cf233f7cac2c391473124e2896490a1d95f2c6fa0bf33ddb27077dd094c71a5c5811535c79bc07426dd7a42f2f5ae10851edef7a9e20da038330f5c26926caa1ac6ae9a97da63d2b47ce444906f757104a77025fc367ad62526cfebb78b345ed08866b9cf30c0cb85a533af2f293a33f4348e513994bda2038f90d341c938bbae14b6f5870756e71dfbc8fb2bf3fb6fe8613e895175997a87ad29bd56b5d20ba1c2ae17576a077df863416f1783b833906ce6f02de3a2032166eaeb078a540db0b18b2eb4ac445c670d9ba7c05508a004ffeef7beb47d22830326840b85e7943395f08471ec0d8f05657f8a27421bacee270fbece91006d753b9ac3b1e455008a268eab713e381a53a1edd9d6fe9889cad3057706b4a06297aac8b951198bfd8d47cc57760146d2288496d8d167b3e7aeb5db32d018761f8ed8fb2945ac4757eea5620ff2e846e58f3da438eea9096d883fbf0c811d656a553051dc42354010ba5ef807ec66cd9d8c13151966e66176860596b0a6a05f6cd2655c6a7f7bd6be9b5974e1dabf1f51a25872fc32c591f0d24535ea632ef10c2096bef24caa89e8b0a9fa3b32fe0d8eef521f286c68e712ce279e512f05a20c8886b7710ae492c53969302226d6585b86b377713a22483b10488866be565a386f7672d3d54b924fd9c09595e343e1e74e8c2559bcce6f43597654d52e4c133804768b4302d1341ad23f561580e58c45ef1d71006f9f94fed106d83d4f8809f048923ebbc74e5672aea03373f09d450fcda7df17b073e23a3c1a4d72103b56f0fd6af7c59416ab7490cff07ff2fd7df12e5975a257f1f0e22dc12e1bdff7c0ecff23f0cdd752d72660bb3689cf44afad9b7a13db40d2d71970e6ce99c620447f0d04f01f65d88b27f89c3b5e4c661486494ca84e5f2d8c5cdc7a511dc4e8605885b2b4988e9e6fabb781dfcdc4c600a68805da4f61c21c8e9020cff772add532b4be3dd7b4a1c6b79b35e16e81f0d027b2bc35e79a441887fac7ba69b7e3785bea1687b83a72def64fc63e0f6e153d773438729ec6d1bb7bb11749e70a7cbd6994784a7b0e8eda1006088dab4036c90b9c46e6a2c7ba04c487b82f83f823e9adacda09798bc3ad45b05d348cea93e570fee43afe11cfee5b729c98f1276dbfc813f32bea9d980716cf2c9fbf5e1dcb5c557df51e07b0c3999b9f8dbe10f36af32dc91c2686adf17b08bb6c9f591811138eedfcc6cc70dba2fa65333c3e70a74757643364f4ccd064613c3e449a0df26d04a4dcc18618bf3addd3cf0c76c385a25e4576eefba7857a023f8943060bcef0952aeaa342970bf7ea768e60ea293056d6dae11c84a2d2d6ec8927bb5d3f4a6145cad7a4bd16184dbd32e6870ee15da38c0e26b5627102b3e16ea99529d7351bb45d12b97ecc62b03b85b0a13e5f215d0df32bbe4950ba6b25ab527ce5180bacbbb4a1b7e4f6a1a938a559bdb1e243529254b7f0875a803d2db7db555a517e6f60234b439cd3ffbd8e38c4f3e344cc54e770b70f4aa41ec71b07327b3509550e55384de8b90cdb618d2402cd0b7156d0d2e0c1f7ef3cca96d8f2b50ea49d385a109fc98cc61babc381e0f8bc2863095aa6cca8c41423e289422dd823d9838075ee377be3d7d7060c7faeae4f80f0fdf0d8fb6971d8318d5009ce52c109f4b5b4fbd3e7cedfeb89b23b305a693ac6f7cd1385f8c2f519be6bb321005da59ad6ccd0e9b521ef5bbb42bdba22eedba2be576536e93c7c493d10e9f99032ed2368a7ef355d86e3efcede2e328c6e7d892fbacd69f6a057ed771a321b5275683f05a963e7428d8165de4a8bf4a2c429ba4bc06bf88b5558abae3dde1913dbae8209f50fc73b52349fe17a05e8209238d2ad6985e7db86b67aca4e84cd48320820bb018d590e7ee00520cfdf65ee3df8f372ea879fb45c77941de2691bcf4204d57df316b88388b2f400524e0775ae328d4be5341a18554f74605c21b66de2500dd4073fe0caba93037e5526da1f0091994b93691a21187cdfced6381e6d0d6d4b4c536dcd1a70219bca29ef968c63b574e8e27d18fa6d7bd167926ea8d0b4814cd986ba104cc432d0bcb8d1e75e3ece4de12e30034eaaedbfc01c7efbffbcfcce0fc3fc42f76f553c831be4b80507f673c5c6ec6623582d6869d01eb77592794b79c5e4b80c383863e56291c07b3d9f9995dc844403c72f533ccbd3b3af0004741c918b439c496b70f86b6fc4a022bd0c259603367c9ec33652c2e8af7d4a696dee62c698a15952192b05d4356f8691297ec9f5b81858cf9b70457b31e1d45604a02e9e29569852193d5587c3d8802547270f47cea90ae232322e092a5dcf00b0fcac087f5db5284e32ef94e5a951271d62bb78f6f0145eb2cb9a5c58565509e6a8a0cbb602db2458417bfa3bec797fc31b1f342ec509adec31a31ba5a53001eecef88147a4c0882795e8736764f8188aa7805263d460e8155afee6aa0a37c14ec2cf65abe72681f4cb3fcb2c4b7fadf9bfe7be65b3d0a1e28c8de9377a0ffcab27c19ad3340344b71ba5017921b05870198d4bdd7b0152f6cf9983911e21d8756565c63966f323eb95f985f5a28ba2c3cc82c774801992a980e16400f78e4525b315cb61bc5f8d911580f4751dfbd39928bccbbc38f947ca335d2027aad7c697d3e1b0374699bdade5fc391ef60b8fa1c40c272a7fae4300561c6f9b9e87032e3c36d78220dda9c3ad38172abd95a2ad1a8294e406142ff39db6bcdc17b271e31eef158775d1197e82aaff4b964f487cd030407f12796f413aab96ca7df04efcb632d8b7b777feae3e80062e592edf3a738e8602a96392bfc03aaa9054d7be4cd303139a9cf334e983b69fe04ab505ec91e6601d1d6864666a80d905aa9cd10de12bea87c463056fca045d393ab8cbf94c2cb5d9d6d56c6b0b7c23769b2f84e48ea5d99440b0d5ab49894dd12ea2fc32f6d49e97a1aed20eaea180e1cfec6eb9a4956914e354b2e30813f585b29e59b186c8c4bee4d65515c565996a07ee010aeb9f7beeb9eac8f6623338690796474d5e0d75d8f4715c2d2cc41e9c654a715b745726b4ff75ecf979b9afe91efa7fab32504fc373ea1e3c6cc6e010bd5b9328c4406c5420e414fc8696e7947426039010e01a353e582d5af972ec2b63a9dbf0ac13a82edf446c8ac3fedbe01fec53e8aa6f5996186493ad97c26e6f4ba337750cfe0081c199aa30dd48ab07605488baf8db82714fc44266d9189b493271d268a80add50317c1a2f00c7d9305ab4827aaeade1ec63e9bc47ebc53f49b3b97be719815b7ae383c29e0e2621c9a79c1d52dd10ec7d55c9d76a93bcf1b2c9462da4b2493772f88ac42d0d944b8b19913b30890a41513a64487d22d44040045f981899452d778f85b8e1a2ae9d1379039a29cc8673aff2fda1e49b63ac5919600760dba9eaf0da47672cc7b0553cbe3dbfd6c13a908ca7226082f3feaf5274c1be4b2df9c4d0dd06949f1dd0c6d89e0280473d90a129b4ad75297d7a0b049048c02c4ddb9d532e852260b81a9996032a41afd25c4beec89cf25286fd1cd2ecae8d18f4d199d8445c64e9c9065d0df64ed174ace480205e6b5d5868f473689d0302a23c8cbf88857fb7e01d95f5b3fba454f057bd9152214bfa9dd9ff127080a33153aaee2df466d22af6f2818fbd3a01b53219f13812f1e131011eb9b776a065e9f056f0aa88718ab35b20339d3b67cf33bf8a136655db5cf02eaee79af627eb9e1c5c739205b540d413817f0e7af8d059e5454e1e044dfbf1c45ec6243843fee828cea51bb45fc7a8ea6de934dafc1692fe3579418c9fad5615cd489225292cf6646c2b4e74e059056895e88461f0cd734414f1b8a9a6321c5905b63bcec69f0d6ce7b87e5a137da4d85db6e4139ad7961e39c2b492c48ab34f25d6b6fee17585b507f8114a64b5966b0c36e63bcd6c5abf6844950dc36398d0afaa161a688a7696b51939a1047368e3ee4f89e78fa194128357c1fde1b2dab05209c1595cd694000400ec71978ed6be9bb5e0325cd48bdcc204844558fa7fc2b860f0da607177c2311a72faac9c110e49c9c118ca281fe2ccd861fa4db3f18c73bb7ccfac3a37dbc9686498d1f68bf1f68818f4abaa664cca3e60f5ee7187bfd8c1c9c13374b77266a1c801870f9900eb8090cbd56051c538ba23707e37313ba65e9cfe2129ba45476cec391663da63aa19d4acb6645d806fae7c89d929d7273cd62988c188e60c894169472f5f14bf08a2cab5d260c9d9f25a687157b461403b0a10fe73a23871c823b38ed92cb77bff7a13753ca04c47ef9885b86dc437896abb895afc8bb887b92d1572135803b5a17682b41ce9d2b4275642ed4e7a9de55efa5419304fcde1ee20abf083031292caeca0c5839d86665d50eeb40e89e05dbbb887cde1eaec80ad5cddc9a2bde349c8156ee72932e624a7b13bd1660af47a03bc325e1bcccb5c6e8c61e67905930e22686f7773012b8f995bba86e4cb9365f109f89897dcfd113af732c7c719687a41687f03c2e9a7d1649eb3bae2b910b8baa2f63031bf51a7b5e34394fa3192516f439a04ce54e94559aec1c7950792884b440ffb975481baf301b432c9ad3d59a74a5021591b6d2c5aa845b743212372852cdb0db3ba89977e0e0ec838009ecf2a70e50c1406a06deb0ab0523b2f4284c3919f3ca13205b8723e0c6612722dcd71ee1d7a2870cfcc7971d7bba52fb1086cdd4449542a56b96da6b1556af353fa9b420eeff1c66e06a3a2b3707b3752376981ea813a09538e5f6e9b5369a4f4ec94a2f3553a3baa55c54369a02d3a8e93f3df30d6729fc99b3de0524044ceede3c98ca4c1ffb0df4fb43089439854b6e618e3c1cb4e0701308f85cc5215ba8a2f1ad23b556c23b8c015bf3d8bc147dc20db3143e0753aacd8ecd6996057f4c85a827bbbc15950a11d7f16de9048ebbe060deb13463e062fb2aebd4793bd21f988116339bba6fea04bf854f6a3a3516d151a700c8396108dd3cd23a9cdc6dc220ef215f8b06e047fc252a17e8c00693c452ec66f0636cf4be8dad743c7b51593ec9e973d55a1ffb37467efc7e58fe99a6aa39a77de030f7c590ee3b9071abaeebaaa379216a91e034914d5170909cb338e05ab4081912a38372a56308c9c32b2520500f6272286504326e4270817a02d5ea81dfdf0e0f2c36383dab67df830f0300976944dc04454f0f27fcda1bbe2b34bde1ea5d410cc91cd705f200d46abe681d2b9a84569d46e5f807e3adadbf51846e7a2a01c3f"], 0x1030)

18:09:40 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs$userns(0x0, &(0x7f0000000000))
ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f0000001540))
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x6, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r6}}, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x2100, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
close(r4)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2804.584862] FAULT_INJECTION: forcing a failure.
[ 2804.584862] name failslab, interval 1, probability 0, space 0, times 0
[ 2804.587746] CPU: 1 PID: 14433 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2804.589339] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2804.591221] Call Trace:
[ 2804.591830]  dump_stack+0x107/0x167
[ 2804.592665]  should_fail.cold+0x5/0xa
[ 2804.593554]  ? create_object.isra.0+0x3a/0xa20
[ 2804.594586]  should_failslab+0x5/0x20
[ 2804.595454]  kmem_cache_alloc+0x5b/0x310
[ 2804.596383]  ? mark_held_locks+0x9e/0xe0
[ 2804.597329]  create_object.isra.0+0x3a/0xa20
[ 2804.598328]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2804.599479]  kmem_cache_alloc_bulk+0x168/0x320
[ 2804.600512]  io_submit_sqes+0x6f76/0x85c0
[ 2804.601485]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2804.602603]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2804.603683]  ? lock_downgrade+0x6d0/0x6d0
[ 2804.604604]  ? find_held_lock+0x2c/0x110
[ 2804.605534]  ? io_submit_sqes+0x85c0/0x85c0
[ 2804.606512]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2804.607599]  ? wait_for_completion_io+0x270/0x270
[ 2804.608686]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2804.609740]  ? vfs_write+0x354/0xa70
[ 2804.610589]  ? fput_many+0x2f/0x1a0
[ 2804.611401]  ? ksys_write+0x1a9/0x260
[ 2804.612254]  ? __ia32_sys_read+0xb0/0xb0
[ 2804.613188]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2804.614355]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2804.615520]  do_syscall_64+0x33/0x40
[ 2804.616352]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2804.617515] RIP: 0033:0x7fd673b8db19
[ 2804.618356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2804.622489] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2804.624189] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2804.625804] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2804.627401] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2804.628986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2804.630593] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:40 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x42001, 0x0)
r4 = io_uring_setup(0x5004, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x2a2})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x5, 0x0, r5)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd=r3, 0x96, &(0x7f0000000680)=[{&(0x7f0000000080)="96d70f2d52db5a589d80bfcd1c503e68cecfb24765dc4a31d1828bf8ae0ac0595ef957cefbc3bfda42b25359e7572a50b1845efa7e57baa8297f6017ccfec45b987db1259b624a2414ef5dc0f9f748424499c6d00579b73b2ac99f92a7eeb59be2518c9bbc3c7e5cf21c2f17f1c600672cecb868a28967ae89513315e8467952", 0x80}, {&(0x7f0000000340)="9a387056f4249a1f2ba3ca8ed9c557b2eff13311051866edbf054b256ae1998fac3c516c8fff8878c834a2d8579895a6c8cad7015b083b445117ea67b0c64f5af449336b58b93eb49dea246c67eb6af195d2826084adb4214517bb4818dc6d92b4c25c35c0a6a50bc6b5f9c95fa8589e7b1a0af74ed9191105081d527bb2068bba9d3b221180ababd1ea54d0815b27c1d7e3bdea87068b293d6676513f7358bc2d9c01", 0xa3}, {&(0x7f0000000180)}, {&(0x7f00000001c0)="e43b8adeadd5a87b112d44cd71aefbdcad26fb45dca2ed607b8d3ba59435db8b8944536b19ea45604d", 0x29}, {&(0x7f0000000400)="c7f5315f8b8b8252a1cbd0b459e3f270905f790b98b7fe9bc9acb30e67fe32acdd805bccfea7908b9d54a1e998622e2f3ae2cc74c1a7dc4b8da3367e93592de6672778170de3bd19b015f526de1f47ce51b5b5ac661b0c9aa164269d420fac4f08078854c62cdb2288cee14039bc0d2c986db444cf5b15211e947c0f518d53112bee62d15105d29618e554ed9c2637d479e41ada4517c317e9705829b5a3a361a511d32b06ed39b6c672efedd7d9c4377458725f18b31cef226d1de77fb7b98f6bd0174bdbd96717b14aefb6ab509bc5", 0xd0}, {&(0x7f0000000500)="f16f6490bfd56bf8ae55d7dd47f2d83fcfc3194aa767aff77fffb9b02e0e940e25da91e792cb4565bf71fd330fa8535b00f688c4e9422818973ba819d35086c24dafc9f3512153133591a415c3f21c58281658105c94217bafd227d8755e31d9422428f7410ffc4f2041530a57af9bfa9872860374c93fc8d1e0de7d42d5c5e7710f562501b376e6fb9f955b7198f1485c9a1cb7efeb2d00e3d9c06b9e6c381e7a1ac794080f413683", 0xa9}, {&(0x7f0000000240)="977ecc839c8b49ad313ac12fb580a78278ab4a1a069ce0de98eecbd44620ad2b4f3b66a41f266b82a5b1781d947a2132a3e91dda08cede44d14b6c3bbac5d935cd72b9a9894a7f64e23e7d61671bea1073ce1f6e017047415381a3e0c1390bd549793632c1adb77d6c2c", 0x6a}, {&(0x7f00000005c0)="0b8b9883ecfd9ef5c88c78f2ff052b128af7088a48209a16432c0d9a99570002fb940fb3bb54254555c70a20110400fb55262f1f5e79c428c4000867aade80b036458168d7b1463d63a037bd323c9c8cdc17f44924590d8669206dd3e4fd5ccaad7cf99e8d8a2684ddc6f11d5f0ea0159116ae4537062473fc92a8c7cd832b40df9106ecd111fde01398b7819b9f3c67e10c6c491fc8051c21ab52315cb12acfe5f8d0a5794a41454467953bd47040c30ead8eea9f236228e959f9", 0xbb}], 0x8, 0xb, 0x1, {0x2, r5}}, 0x3)
r6 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r6)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mdstat\x00', 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:40 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0), 0xee000, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
readahead(0xffffffffffffffff, 0x6, 0x2e)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x0, 0x0)
r6 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x4, 0x1)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd=r6, 0x5d06, &(0x7f0000000640)=[{&(0x7f0000000340)=""/225, 0xe1}, {&(0x7f0000000240)=""/76, 0x4c}, {&(0x7f0000000440)=""/110, 0x6e}, {&(0x7f00000004c0)=""/69, 0x45}, {&(0x7f0000000540)=""/115, 0x73}, {&(0x7f00000005c0)=""/77, 0x4d}], 0x6, 0x16, 0x0, {0x0, r4}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000180))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:52 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x4b67, 0x0, 0x2, 0x0, 0x0)

18:09:52 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x10000, 0x0, {0x3, r4}}, 0x50)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x80, 0x0, 0x0, 0x0, 0x2943, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000180)}, 0x0, 0x0, 0xffffffff, 0x0, 0xffff, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:52 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53)

18:09:52 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r4, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:52 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x20a}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:52 executing program 2:
pipe2(&(0x7f0000000240)={<r0=>0xffffffffffffffff}, 0x40000)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x28ee, 0x2, 0x0, 0x35e, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
recvfrom$inet6(r4, &(0x7f0000000180)=""/95, 0x5f, 0x0, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x3)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0xfffffeff, 0x1, 0x2}})
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x4000010, r1, 0x8000000)

18:09:52 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
copy_file_range(0xffffffffffffffff, &(0x7f00000000c0)=0x1, r7, &(0x7f0000000180)=0xfff, 0xbf, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:52 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffff01, 0x0, 0x20, 0x1}, 0x40)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2817.363185] FAULT_INJECTION: forcing a failure.
[ 2817.363185] name failslab, interval 1, probability 0, space 0, times 0
[ 2817.365789] CPU: 0 PID: 14466 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2817.367206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2817.368887] Call Trace:
[ 2817.369449]  dump_stack+0x107/0x167
[ 2817.370178]  should_fail.cold+0x5/0xa
[ 2817.370946]  ? create_object.isra.0+0x3a/0xa20
[ 2817.371857]  should_failslab+0x5/0x20
[ 2817.372616]  kmem_cache_alloc+0x5b/0x310
[ 2817.373439]  ? mark_held_locks+0x9e/0xe0
[ 2817.374270]  create_object.isra.0+0x3a/0xa20
[ 2817.375164]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2817.376188]  kmem_cache_alloc_bulk+0x168/0x320
[ 2817.377118]  io_submit_sqes+0x6f76/0x85c0
[ 2817.378021]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2817.379025]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2817.380002]  ? lock_downgrade+0x6d0/0x6d0
[ 2817.380840]  ? find_held_lock+0x2c/0x110
[ 2817.381673]  ? io_submit_sqes+0x85c0/0x85c0
[ 2817.382544]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2817.383514]  ? wait_for_completion_io+0x270/0x270
[ 2817.384472]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2817.385416]  ? vfs_write+0x354/0xa70
[ 2817.386162]  ? fput_many+0x2f/0x1a0
[ 2817.386890]  ? ksys_write+0x1a9/0x260
[ 2817.387647]  ? __ia32_sys_read+0xb0/0xb0
[ 2817.388470]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2817.389538]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2817.390567]  do_syscall_64+0x33/0x40
[ 2817.391310]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2817.392335] RIP: 0033:0x7fd673b8db19
[ 2817.393083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2817.396752] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2817.398281] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2817.399706] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2817.401123] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2817.402569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2817.403987] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r6, {0x100}}, './file0\x00'})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:53 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_enter(r0, 0x3c92, 0xf8d3, 0x1, &(0x7f00000000c0)={[0x9]}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000001c0)=ANY=[@ANYBLOB="010500"/12, @ANYRES32=<r3=>r0, @ANYBLOB="06000000000000002e2f66696c653000"])
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000240)={0x0, 0x1, 0x100, 0x74d})
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r4, 0x6, 0x15, &(0x7f0000000180), 0x4)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = dup(0xffffffffffffffff)
setsockopt$inet6_opts(r6, 0x29, 0x0, &(0x7f0000000280)=@fragment={0x8, 0x0, 0x12, 0x0, 0x0, 0x1b, 0x67}, 0x8)

18:09:53 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, &(0x7f0000000340)={0x0, 0x2, 0x4})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x4dc202, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>r3}, './file0\x00'})
vmsplice(r4, &(0x7f0000000240)=[{&(0x7f0000000340)="6a358126153cc823ba16e2e5ec9be6c42285ea1f987489b06cc8cd0b465e69dcc74c42dc00559dfc90030b3bdc1b28fed9da5dd3b8d3efc1c831cf826b5f6f535eb22ec4dd022507855ab6f43ecd5d379357af820ff756427420dbd03d575a55ab7743562f762e313d99772926597efff05363ac70c44f936674c39ba5cf21f1e2bce15e8e6cf750e38a923203", 0x8d}, {&(0x7f0000000400)="f1a4007f03474d93c7507e9619e2d6f09a17bf6f4ab19d982f10c59e75fea6fbc87ce42fed73eb9b04876290939606554661b21bffe568f899e6ed3899a5afd1a31ab4a380562ddcf533b4209310612682977d848076e77e5fa10ba547dbc94cbb429886ffa2d758325c1ccdf898e267de5c0085d30c559b975d22a9f92506e9e13d549ea28f320accb4b374f886644ed13a0fd3e2a167d3462c238fc1b6048d3985ed8a3570655605ad884cd66fd58bdf5e57cf813058f53427605033d0d78606ae3446928371a02251591563", 0xcd}, {&(0x7f0000000080)="cfa6b26bfc1c4715fa3193ea799cc6d38a0c24a2c64d4c0e86842055b9", 0x1d}, {&(0x7f0000000500)="b12b6fb0f1ed6900d6a0db524f0f83fa40c9710d49a062bed412365ca8b49bc42ba84814ea11db29cc74935e91abd797a254f1cc776b2720c2c5c92133cd9ed9e7e5bb86b7916d0520cd1809a811cf4102cdfbdea6d31f366b2ef70f1c97474e83623c0f2fd2a661bd3783f980d2f4d936d2674bf3b6adac0982fe109d81a54c37333c5932fef50086a2b13ee637c4f1012b185b6d5d588f9440b19e22226ab298a574ad2a01504d83d997e3c5df896b8b139480aa6337841557f1b48440e7958fd6cc6a2e03b50b2e040397cc213293900478fb9ff0f34b6c1aab28b4de5d42bc88d549835aa62bb7043646b14ac4dfa2b9c64ae086", 0xf6}, {&(0x7f0000000600)="c83cda49e2798d1fcce925f8634adc1192c0fc71e1d1dfd00ffe2883e0ae3132a52247b2bf63e1ad6f8e4f0f6ea7e8198b07742905ec2f1cda2a570c40545049a744d0b6ec01830ee5ab2042a59c64b93aeff07ab1cc8f2c4a922c4b0724d379e368bdd8c902b2fee32c894a9e2403c0fd60fa7cfd6439f383e23f577d656db23bcd9ddc57c38ef0f642b1fc914fdcbccf21740f447c6dc81b6229cd1e99fa88e83344d4ed8d0a52b4471740d555f17681794a44d1f30dcc4d48f40457dd458137f92bf326050c03089714f792e2962521fd39904d8da2d7275dcc0d065c", 0xde}, {&(0x7f0000000180)="d1fc2faf8911f0908a4b08f48c8aa88ec3a44ebac83f7f112777d8b56573e06a782ecc1698951ab18da8ec475913e00157fd904e70b3120c571e965dba4f8a9ade976c476cb13e28df7f58", 0x4b}, {&(0x7f0000000700)="5893f655188945698fe1b620d2810fc93972a06b74e522bbd6ce46267453564f81dc92bd6d7cbf8c8f3387716e8fb423e9d990a8c380a77eba9cfa8319b408fa745535b7cd5bc4437c70f1752aad5df815f75908af18c190e23b98cd5132a632e245995f48b4ee65e3e1c2b91c24b112a286f05541ae1d635384a11aba3b24bac7a0f1db56a42f8fd84d92eeeb600bc0206e9195e28c207670095c78c6aab99a7c04317afee8003cde6a548bcba43eeb1924329aba3599c4d513818fca0206e28b1989b833f3a08a3c08ebf8a9608420cb592ce5c7b86d61e4f3bf52782903e84c784e", 0xe3}], 0x7, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r6 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x170})
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0x5, 0x0, r7)
syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xe, 0x1, {0x0, r7}}, 0x7f)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:53 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54)

[ 2817.811852] FAULT_INJECTION: forcing a failure.
[ 2817.811852] name failslab, interval 1, probability 0, space 0, times 0
[ 2817.814563] CPU: 1 PID: 14493 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2817.816189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2817.818152] Call Trace:
[ 2817.818808]  dump_stack+0x107/0x167
[ 2817.819680]  should_fail.cold+0x5/0xa
[ 2817.820592]  ? create_object.isra.0+0x3a/0xa20
[ 2817.821716]  should_failslab+0x5/0x20
[ 2817.822635]  kmem_cache_alloc+0x5b/0x310
[ 2817.823612]  ? mark_held_locks+0x9e/0xe0
[ 2817.824596]  create_object.isra.0+0x3a/0xa20
[ 2817.825667]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2817.826889]  kmem_cache_alloc_bulk+0x168/0x320
[ 2817.827988]  io_submit_sqes+0x6f76/0x85c0
[ 2817.829009]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2817.830290]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2817.831453]  ? lock_downgrade+0x6d0/0x6d0
[ 2817.832435]  ? find_held_lock+0x2c/0x110
[ 2817.833438]  ? io_submit_sqes+0x85c0/0x85c0
[ 2817.834479]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2817.835638]  ? wait_for_completion_io+0x270/0x270
[ 2817.836799]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2817.837942]  ? vfs_write+0x354/0xa70
[ 2817.838854]  ? fput_many+0x2f/0x1a0
[ 2817.839726]  ? ksys_write+0x1a9/0x260
[ 2817.840621]  ? __ia32_sys_read+0xb0/0xb0
[ 2817.841647]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2817.843009]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2817.844436]  do_syscall_64+0x33/0x40
[ 2817.845434]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2817.846676] RIP: 0033:0x7fd673b8db19
[ 2817.847575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2817.852000] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2817.853825] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2817.855519] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2817.857242] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2817.858962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2817.860670] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:09:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x164}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x4, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r4, 0x0, &(0x7f0000000080)='\x00', 0x182, 0x0, 0x12345}, 0x3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=@alg, 0x80, &(0x7f0000000280)}, 0x0, 0x40010081, 0x1, {0x3}}, 0x8)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:09:53 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55)

18:09:53 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5e, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca39, 0x2, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x400, 0x3, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2818.367637] FAULT_INJECTION: forcing a failure.
[ 2818.367637] name failslab, interval 1, probability 0, space 0, times 0
[ 2818.370361] CPU: 0 PID: 14507 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2818.371764] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2818.373467] Call Trace:
[ 2818.374017]  dump_stack+0x107/0x167
[ 2818.374767]  should_fail.cold+0x5/0xa
[ 2818.375542]  should_failslab+0x5/0x20
[ 2818.376320]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2818.377249]  io_submit_sqes+0x6f76/0x85c0
[ 2818.378135]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2818.379139]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2818.380123]  ? lock_downgrade+0x6d0/0x6d0
[ 2818.380950]  ? find_held_lock+0x2c/0x110
[ 2818.381792]  ? io_submit_sqes+0x85c0/0x85c0
[ 2818.382667]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2818.383668]  ? wait_for_completion_io+0x270/0x270
[ 2818.384636]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2818.385576]  ? vfs_write+0x354/0xa70
[ 2818.386343]  ? fput_many+0x2f/0x1a0
[ 2818.387075]  ? ksys_write+0x1a9/0x260
[ 2818.387848]  ? __ia32_sys_read+0xb0/0xb0
[ 2818.388676]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2818.389760]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2818.390804]  do_syscall_64+0x33/0x40
[ 2818.391561]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2818.392593] RIP: 0033:0x7fd673b8db19
[ 2818.393387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2818.397063] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2818.398599] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2818.400028] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2818.401472] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2818.402909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2818.404343] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:10:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r7=>0xffffffffffffffff})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r8, 0x6, 0x2e)
ftruncate(r8, 0x1000003)
fcntl$setstatus(r8, 0x4, 0x22000)
sendmsg$inet6(r8, &(0x7f00000016c0)={&(0x7f00000000c0)={0xa, 0x4e21, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0xe62c}, 0x1c, &(0x7f0000001600)=[{&(0x7f0000000340)="38f6a05766c11f78c05777caff9acdd1876d1326f67f12f320e36d4069db16943db86e5630d2c1e9a601ce0afa98f2617c36d0214a5adfe540a4540d866df41725d576c3efc076d6ea258b22fbd6239194bc1d1f4b3c0346dd3da4350ada1b758977a62ea09b4789dd44ee77e14ded15c06be475f83143d3fb206991d6ad36241163f5106edc1099938a356a7ba88f28850cea0fcc9ba83c51042c9185fbc26643a9223fdf9984925bb35075e865b036341bf41802a6e23f45038cc2946ca5cbd9ffb4de77a5863f6ca743129d30299313f8c739c3777906bbadb037e7f678398e5f18f8115ed9a2e6e369e28a8483782b649a8d5a0750cab7b7db1b485362b8974081f61c270c82cf3f94ae634ca0e793f9a13f120f4cb1c1bf1dbabb84ae302538a4e148265d5a9fedc95e22bbba1b58cf73888f01ea2f282bc5f0afde82da54f25f5c8b79e12518b7067a09524e0044c6b4f5a9c98c233265a5127163fb5c378f3e2d0ef9a537b37cda033085c15c3055749a6de1b59d5bf8cb44afd4ad0aed173213b067bda80165008f56ab33f8e6cd4d1e4c38f0b750e3e37d25b2508e997ab2cb3e6d332a90a15f506a353e8d0e0c21cd00033903e5d56839aa3c54592515545d2373261f623f1aa143a16e822d83186693bc51ad0751ff4918263fed6848581e28e9ae0e21ee40f4e3f3637cb49669f6b50942ba9f42504d675457ec53a4e2c0f8fb5b1fc698eeb4bdb6d12e94ed68260a1eead09eab3550c17a94744d126aec17742b0caee4cb7dac3b8db0230dfdbc396fa9f12cc990e5e84c764568a356611d84986266fbc260e51eb5f69fb97e012e9f2acd75df9479be20fc87f6e51d1ab6c9414d7aa930a5ad3e3483ca4ab634ad20edc61b21bd43de4719ff149eaba56d2ecb5b9e2a02c5dca2362a40be387d6d904dfd4d557387fd4bc358cd5d903ddfc30edbdddc05de544843e54ab799fe0842b4116734d76a2b85aac705b43ac268488c1748d34d4a86975115c40a8b4c8f67462240cbd1f14f7ac57fe622938743a455e5383dbc7bf2a74ec4fa525724bad126ff124e7fc6efa65aa725d6d54890399b9e6defb839b3178b8c0848bde467da3aa023525b83206282ab2d48cce0cb905e5678e1bed280eb0ea76c154c2d63917be7b95e1cb37425741c0f3c060f1a12118fd596ab1a6a6bc5a1aa0330b1696e4e4f1941170bb347d74c3621b09a293a22fa0c0a8ef8c65f078f8097243029037a030c9864ec2a5c6e5abb6f2cfe5b0a7b8cb4e57fdfff986272cf88273aa7585df486641bb2a35e7c8a1ca01bc3f64fb566b454cf7cda4c4b071e82523a076ce7404183ee764150a57b7489e5a8f7ad79678e413707efece2db1d794ea7a31de6e8101318fc1f33a13f2cf71d3bb44c0f4887405b279d8273ac4d3341e0c0345ca6c81bbbe22e4335e73fad1e9591edfcb6a0729ee9fb2e3368b446a3d54bca3d8173d62962750871b0a25ca6e1578df99de03df49e248fe5af2e46af609c1d3e65a8782bd6f8bfd976f0c5347417119f9cd5fa5300a7d8a128b27932bb185dccb1d226e4136fc25819468cc328acc48e15e808f6d5c285766b3a9f48bab8130bc0a6415a4f725ad455a2ea843ca5550f28e7d8161127b80c9267b82b656d05fca85544cb672c75decb1625ea45bf3fbac3f049c500d159541c449aa24963211c2b4648ce8e9cd6d342ec3c9d080448b962ea71289bb576d370c62abd92c9e57495894b85164f09ebf779c91ebcd66e79851213d8f49f555ee2fe64748bcb014a5d9dfbc8587360da4109de7120a4cf0f3982cefa0f2a7128809fd8ab26d746ff63eb77dcc96ea6f6381cee080c1ed8e28555c121b0fac61d36ba2da935489db03968b22f4319ea0ecbd1c1cef304f20276a364f31d7e4684d4c847e9ee463d11b2eb54c142a6017fc7ff88c1c3f5b4fb3aa18b5f972bfa4f616103712a02e665b168438c16374430a3b4077f134b166a83a26413db3b8102416aee18e7cd203cc987048b8a369cd41cce6ec746777f95d13e015e35d3f21789ce46d653b40e8fd40507557948a8a68b3ef435cb83861c2836d44094eea36654da116cc70b7e4bc6fa4f5d53f823d08fdff228199d4472287a082a84afb17bba7fa104c614336300e92dc57c521be07a8219286bda8167feb16d77a2a5be67f8c35b18788c8b1050bc71453c5fd0ed9c098481a3d451ad8da5237fcbb6508113b26b96ac2904c0f2986dbe40e49c06492ed8695d8258e6387ac4d9ccc68c965cff12a28e286098cb925e462160b32ec381e7dd7bdc42f4b124893ebc71da6a330da25d0d8e32356f10cbedd4a09dabf1be07e4c8b8fc8345ef5ce2b1a61df35fea64671c318a7c12fbcd3b0c9b14f7f2069e632ff96cbc12c4da043362d8c587950129e0a3433167f82214cef82c0b5d16916e8318432378ddfbdc17febe14e02a86afedde8f46c26a9124b3eec2f9083f5e4e111c1ba7339e1060850b04b538480b57961e9aedc86c457057fa8e7c91e069e7c306cff6534aaf2e96d6a738241524628c8cf6adad477ffc14797901543560641cc146eefbc2e40dfab23340b3c7c7174a8848e737d82b39ced5a248fbdcd1276c1aa389d30571615d96427f04aea263355eccb58433431d4c2ca0cda03a7133465d37991b9a8c6e71938834cd9c2c0eb5c1dba6e0290153ad626713862216ae7be671b88b31317be89bbdd3651f673d2d666936ecf71fa0fb9bb5e9c520b8576b0e34011f76efebb9531fe8c039ef8ca96d0b1fa766851dab35e29fc40f56c41f959f7dd2f257ba40c8478d6c6187bc71697ef58bbc6912145b2f62c8e7aa9afb044812e8267e6c5f34f00363f757461b3158e42f372a9b9721e02084a61051ce16b36c2cc9cb7b444911184ad8b7bd9bd196a3fc5a9f28773f7c3376184bf0e612a81fe4818814ebb8dfcddc66a2276f9b0c0ce94a2038051e83c220a5f0e1b48ffa70623f03b0e97f505dc79de0973ca07da37301cbeeb37876bd011dd60e3db7c6cb67f1abe5c20b949990fb53e9c0d26e88558cdfc8cd4180253d521dcfe2076f684c03a8cd0afee47ac5f2b9c2d880a76350f8ef725f85a207013d88c4bf854ca1b0b0d1ec66873211e8d8c3467fcba700937ebd104b6d82e26aa7176b68ec62bc4431a4418e869f15ac676d645352cb0f8e9de02c5bdd73394b74464f756dedc4e4e79e1bb8324f8e4c2c4ec6cb85815b0eb6618a07732ce20a025b874088ee6aa80a3c5dfe6fe767b585d0f0f512471b644fde997471546e2edc473ad5dff40e81f737b62735535d5efcc839cf75596b8975a53c02adb1e80d3bb4b4438a4340abf9aba54309d4bb0a2bfd86004f7cc2dda8b05aaa77fce23e3084a39d0b97d1ee223062c45bb09bd3267f639a34647313e7eebf5f3b0de9cef16070aa06c0694b3a99d97b008233ed056967582beea640773d76a2ac46df57961a26dd7b097a69c2594c08a104a6b5a4a1be238c3bd0d4f4cd1e190655d34c590b0aa4b765c39a20ec2ea4d4a1507f96b5cd2d449242e5458552a4f6992638c316e94bc40a5640bf18c9c818b1d958b3b173b6dea3d9bc048899b76d1b14af0484bad50087a0d1fda11bde265ced1cfa8e04f44ba796d12d27e793e00eab770c49ef86958f190ebc091f61bcffc1cfb698b8a454d47fcaeb0a4c1256981b450897c33d1887419108e10571f3b115e06481cfe69c6f7277d59542c7232958621a7ccb9cb3bba88ca824f5a4bb8f46bbf5ed207534af932b8d4aa7a1418e27b31e176676435448f59cfbd9773e09e94f7118cf0cb713a9b36b729ef8fec3a3d9dde61ef6529c51e6432827f6f30a0d7d372e56c65b1f7c7c35b00dc47f5e06c48cb2de75e958a3c27fda8f2aada0e6cf9f43ccdc1340bb4f79e9ba7024fadea29c6698d49cacde468e12905089705e18f185ee69f2285b4e2f31784e6a1fb217e17771f9027f548a8ef0ef21ea7f04ec734b04867c001a1f8e0ded886009c6953465f7f05708ebc8766fb66d32f6bb12e5709d4151a41db7efe864fcd5f54a3616060d269118b9676906c37e61e5e44893cf6348be7395f8f392e9789ed6bb173bebc258d407177db43393b1ae8bdedd320b72dde3cf20f76b419866f82abe220230c3ff6942308b634471dcf59eec247b57e6dbcfafdebe9bd8fe872927162503255c5a4ff7bea35f11b6a8ccbacdced664e66d731579f9969ed29ef2d6483e01dbcc625d2c0d9eac977468751a312c44ef4d13d95c6c8ab13f39cb38976fd72f10edd39d7c8cf5e95365baf258e7e30b04bfc4c342ed568405b43c9669c7f53317626a726d911da87c3a195211d557b89f9afe34d3544857ac09f676bdcb5df87df0bceb3f9a3b0cbdb2c229b1885d4b01923c8399ee314ec814ac07582e7e28cebc614ca7e5ddd0b8b17dadae4efee789bcebca6bd4bdf002bd319a7595e8cd4ea463cf5f4492990e7110d58bf3b6a640e00e006bd945a59cc674c05a03eb272191076dfddedc018aa35565baf974bbbbd418d3e90d1c95b056c87411e3f5bb3f95fe621141e69fa049f1393e077ba7d30bf9cac26f9439a1d9dad1241ce84ba2009a291ba2211d8b428e2e39913d2c21500012f0579be85339b5f79cce5044aa659167225208868ab778d422e6e0f0ff1ca5e64730f768884b637d9631c5ca2afb12601428317eabfca846a3e6ff238addbd8aefe9c7ceb541b97858d5610997148357d895d423e7d7b7965d8c6ba1c55903fda68f1425c62dd6bc085325c4e3d62fe861e07c43de189d1d65711f041738ae89a8f6150f48071b9d60c530755983be6b1ef662addf24a7b09e620834d2d42064ea7fd3a08797d1199c20271b9e313716eb344fb45b0af86a7c6de85cc463e3ac8bb4cdc56687784bb0f00f7ac8e266308c517622592fb7ad595977c41e885471f80934798819e7c8f5554367692be000e23f23c7cd538765b0024ef4bd7fe4694a120d62b6f23bb8ec5c946ef021ba42427cbbdf5a302e54e4c04aa72a85354045e0ede08412e09feb47e9054d5a6c9ca4eb8f091f30181d4b640829b0986e27d90dbfcf504aee7e8ee1e7dbf0ed3be9988d965e421eb6d3aa85195156aaeee0c36246135cb30f4e0534bb7b8f98f77f899c78688a81202fa4ec5f2a83a79971d6b76481f81bae06e55ba5366681ab1c1bc59e914962592c72b77ecf1057b891bf674d0fb7d59b647cfc5b85248ebf60ff268b915349c083a2f96b29aedab4d1041d8218c808115198fb96b61825b08b9168858577e3342799aed89936b4acd2044a4179df8ac92c434227c5688257b4b68ba243ea98ee73bbabfb8348782b4bda27e4c08e4113e2689c297086c5ede248261398060b57f6b26117504208f4a4505e126b3522a53f37d97c893d29e846812c808e2a764b1fa766eebd1046242e0c382430e2f9023c3a34b0aa2a4ac189cafb2b4b11de782810cc0d092bf0ff2c413376e998f81553a2facac3b7e8121133cce8d1cbd5883134e525ba98347e3fb0810400b3edffb6616ab68a259508ae9a0735107da16252ede57f2f14230c9a06e29453d203dab202d4c115e494af9027948b35e66e6bf8f1e89d20df278b65ef134b52be2906c9d6c8bd4fffddc216b281606030662677c2b7ffadefc6af5881a777cd8d928095ecc924321cf520cbc867f8219d873b678f4b76f99989e642338a2c2adbbcb28a93e2c699b4808e177f29dc40ca87ab904f51f8edd46971789715ec791f7e5607e6c2db", 0x1000}, {&(0x7f0000001340)="3881f5c6816b9becd0fe99ae9e9a11929ae04fb6a509a7123e4075eacd58e8f047066e3000f2836a5eb33e88286e2a0eb40b9cd85de13d4d966585a43afd2ae63341a8fc13d01ac74cf914eca2f448ec2858f220ad6de4ac7573791eea721404d1232a408a2431cc0b4a1b6993672293bde1bc5ad6865a6c1ff134d4c06f1c500da4289c41d67189d784381b2518c0d37572f26ea7e7e8f6bc712dac642cb9d7a71402687cd6d3df59", 0xa9}, {&(0x7f0000000180)="f241f6984f98cd1703597bdf6d0cd267ee652f9ae3cb1e2038c130e6bff34d6b99348ad487df331676aff639ecb763ead19b8759e9e6", 0x36}, {&(0x7f00000001c0)="7f739b3f5584ff0b7574685193340142a549dbd8438be508101384", 0x1b}, {&(0x7f0000001400)="1c9b635d54a5f0b5bf5b1294de7c3dcb374061f564191341c073071d6946516cf2fa8fa29685f9ec706e15d0143c212e52f08e33974cc74f68f9ae3317f1fc32b07064ed954348c69cf47d061f8a83a0ba6848f3bf0683d39075df1d3032aa8472afd8e42fcb1cda67dbfbb83933dd5c4f716d1d3309457fcb13bdb1e31d88dce7a6e865d3952fbd42deec5f1b7c4ed89f86d9cf87dd797f02dedc00d2e4a83fdb3f73bc7028f1565267fc6037165795076930c4d295ba146cc017d7ff47eaa0032780fadd325af1519703893b35e9adb2730bc40a99c1c70e807ec83964ae73be", 0xe1}, {&(0x7f0000001700)="d9a97965161d424e0b52367e0415950000780d0a2e9daabe9d291a738412611d0000000000000400000000007d0dcba83195ef3eedf33c7625be983dc1a2283d5e52e548650c", 0x46}, {&(0x7f0000000280)="6f529bfb8a93f7d7c3dd76", 0xb}, {&(0x7f0000001500)="28f6deea92bad9f17808b4a945a4c358dee831cca95fb7ba0d9004ac7adb981cd54b542119dcb30a22955f2cbb4b0a93ba15de279c194755ce18a59088121f2a90e2439c2a0aa17d26273ea0804a22260435c3bea032722b8672b8118160297c56ea23704007a7bfc4ebff40a10d5c41f5d77ce648cea7393dcc66efb9603ac9e435fc381ad4f84009d2925d254beb6fa0a01c81f16521f727c8292ad7c9ec49241f32e4a10f41c47c01325b4197202b9afccf1db023a8d3e2ab94e00344768a82ed1ace662fb1c0b45396e05d85ef89e5959b8fd2dded2741513dac571d1ba63454d9d35e8a042dc488", 0xea}, {&(0x7f0000001e00)="42758be5b802241b4c108345a3a2cf4c1b18efde52787c2403e9f0c391ba8efb96e21a1a0fb6d237fd530e7b4d8f94dc5b1b724e17d4e92f93315241667aea153af6178f718aaaa518e8287e8be7f360bd8dafdc95ee22b382215869520da871a4ad8387e5883352e966b41205a47b6cb78a831c684fd6ff61a67949f0b80a7d735ab81eed701d5db176bd90d927216ef3fdeb758c244435b0c8556d55be632269d19eb6797944feb7c97646285d15fee0b4346260a7a05582da011558fad3ae4978c42e53ea4ebe08eb3c7cb6340fb790088d48cd05159c7c376685c6c81cbdeaea5fef55834a8ca80d9d20d0d0e4b8fc0bc9586d72150fd4bbc9271336e6eb335d8f63a57ccb29b0f2018efc9fc1bdc8aba64fb84ebc38870c285a44ea8c70504299e9bb85d36d769bec79ffc6a33cad0aeedf25a87899467ed2d7b5b23e089aa77990b048b289319fe215552554e4ca4cd0c008d6a0c8e866f37bb50aeb08f61f00bb4ce8891d3d15182f2c308352ca8fd57a66d01aee2cdbdebcc7aee9202f0f686c4d34f836b71bb30a4d9c33e515902f04730e8af910bc9853ef05e36c7887b80054b4c05d7d06966d12e5467542936281fa15a34fa034f09e84c9dd602106b86a261e48d2c8ad6173ce6a7c33d7c5cfaf51c42b5666c8af287cf6d51d13d2fe65c4b44de444b67433ebb6827df8b4ce94eb8d9d1f85e91770b22df62fa46cac6a75ef647a30cce392513e0dafd77c81ae95891dda6b756e02c057e059ddf345a21ed6ffe0e15befd3ef25eed1e6dbc586048aeb021e374f400fdf24292b37f0837bb57b55866dc0231461095b2441dccd6a84a73c8d5e646b7f7de6965a553189c22cf1edd86bac971d85570720e5fd5334c80c8d072ed8aae9bb2b1a35e5a9e431380718413a572c4c5b8b443ca25e7f4136648c670a5d1a8437b16edc2d1fa08e1db4a3e2383b243be266a1f928634def7667437ed56fe97bba56eb22c61b48092e688cb65446f542003594eaa42220b9fc1ea97941f6512cd8e7f08e90e4bc1f6e21ddcc245889509d64c91bfe478a8908eafdad9923c9f14ed9ec4e976b480e308b54e8fb2f3fcdc82cd6e3d9cf0c111544e65531e13b8d24ec57289caad599e34726c6a7f12536d00e71626b3b13a734727c1747e0b69c0ce2d9bc46ca1a0a4e179410bc571f10f4982035f4905ef690c44f115095d359fb4c3cb8b3a4814a35ae582e8fed610b403aaf4100a4ead77f6579fa00c6f082aaf5a74ab9cfb9d807358328f4a7d7718df7d92523c4ce8da9d24e9713110cde8b6426ecb5330fc8f3c0952b4a1fb240d91c7bbaaced28772fe59c0ad5b4f12f27ea5cc0fae3af357994a55897049c19ff0c217af8408218241c946895110da42b2065a453117055b133d6c52d4c44ed60befd80bd9457cbaa6832996578478e3409dd50d3ff9b3f4a656704440736ae37c41b80b118655eb1802b88d999b408aa294ddd9b43f52b5ae80c94b6a5afa60958c41df74bfc9ac53aaeee76d06e1b0ced224360d000c7f519b7328c7acc6c1e89db8d8bdab6a7a76d9c7e272c0a4d07243d8de15e054d5a0bf41bf5e3e71167ab24b93962390b681019cd9d91adb8ec9918a287a2c3c0d75f47d4e9d4b515707bdc820f40d344c40a54bb7834b7b796b6221116a7408308ff59bc5737266de7e68967c8839d9370304ef490b69f2f276f76d1ec36b055681dbe08b66cd277862e0b42be4d187842069cd33142ee574519420624dc72ba1f3d5ecfbfc15d6930705d0802d252a7ba3d9ae02247d07c9fce9a2aa05e2374804d4a6bd58ab32af4d50305b420ef12a68de43d742d83f10523e6e19cf92294c63e3680cfcfdcb43d3e13f200bcfcf24a03614e8b08d2888dfae75401b46b6bbba207d247ff200b7fd508218beb5908b1f3c65056556c1b450bd872f8d3e9e733fc5697ad66f9d37add08165cee701b91406026fd31700cfebed3c0640ffb1d538ed6c1bfc2c87dc75dfc83dd9a4af83353778eb49f70c1f84937224d294a215b591a10139745ac50b7eb17a1749dd1485811aa512b9121ba249f3d0b4acdd241c95fdde1f1c1df6ad6b17775d60e2fbbe117bfcea6ef7c6c2e78c51178251faec62f907b09b37b4e1f3f65cbf26a1b8d6ed572e0cb9fe8cd575c123b129b46675069e400d588aa981b894718c8d5535a1d57201fc6b9db155196fde9635668a64ce67b41104782fe269dde221e1147b15ba6cc91dc7407d5a2e266047012ae2520c88e9acff632468b7aa5e9598015d3ee3c6d4a8e8d54155c26db21262aa46e18f70a588c04a4df618b898b5e319a675f852f31616fa3fcc7baa459511aca039ed417ccadd77a65c2dccb0b60a9c157017d4c912dded46beaa15c54de613f11ea860309810c8f4bd3d6c2fd04d1f28ff7d7413d1de44cd08d44cd75a6c1f7dc3c74068d383df8cddeddd99f455636e25a97fd6e8faaad79837839193997e58f02b5019384bb5ff849b18805e4bcea290281a7c532c14a327130550d0b76731be62a2daa073887cf57be2596d8a50c77b544fa9a9f04af190fec757ec81e3d7019260d8df23d3f0a2093544a01dc996f421f17bd30688d9c402cc1bb94d831840f2a658def45a47732abe5395717ccecbf01ebd66b4b9500e1b51a030cce01631e5911f7feb9822a1862dafc1038d13153566b38db7e0ac7c6422783adf3f7d89edf54fe0d16ace210babb60564464ce64ec601f9e3564744c17de8077cb65635fd3c44bb2395daa730c2c47aee71333d73bdc59759d519a2445cf95e6eb04eee58f84a836f15f2ad9a3a0bbe6c152383c637137fd453bb7a09f42e89b62a9c4b91c56c0370d710a750656d36431ca3906906aa10446b3a8306bffb1500618434413943e0ade11011d88d1c9aadcbecb2c907b583b29f3ab6f94ca7064abe7d5d79326eb5c7f6f85cb86624c8cf7d91f88d8f5b47c6eaa6e83e5a4cd70218a609ed39a2171acb7acdba5f7b426b0659f5a820b312dd813fbd345e6f7d59e7f1d55a402c05e15e3b18a29cee3d95f281fba3f78d8b0d9ced4c0154b3e5378df1d18cf987c7f5d7c3065a5644594f4a4527e6a70307315ec4fc577be2b7304698596f3862f16d07bf0eff10037018c9f53a0cc1d53d9074ebad14f2d527152552c2ae294695e1a7cb226add02ec78052637415c1e618daee26e57dfdf2d5b0c5f10d532f1e0e78aafe946caba2915cbaab4205ad849e0b785cabd15b3435a342b5bf099aecad9391867ff26903834296101a8650b22357af9e45eafe788ba2b9fb3f331db49634f6d28948340fc69a8e426cd402b59509f8f2fe049f9be47187dcd5896b7970db67f41f0beb898a5a4a8de14598cde2bbde28dd30b2032b99cb4cc9872c126ab4a86abaf9dbbe9de1153562503fa2c50e2ff29d00a7960117d04145c8cc6a16f0e3ef6715604d1aece7223d308dc8e40df9bc5d2760f91ec579b47de4f86076178c1efaaab015433ff1298782caf27aabd15da609f50d0502efbeacb2c31b0c5b31661cab4b3d8b4284a982961a70e768e143f54d307d22be59f143c814cffdc5bcffe1a0de53373a7f2add6d73cd5373ecf61572ed226ef6c0197f065060bdfbb6ec68d819091b49d61af19b621089ff2eb5cc4f8850ee88317c9f9f2e87a482818842e6a6e43adddaf55eb16a1bf9d1ec9771cb31cf72705f475ec39439c307146ef954d803cdafaa8d6d402a6fbf238497601ebd3b90a29e8fa17684a3acf3bdfcb1aefa5de0ea65f8dc45e0683b5d5f17fe84693f6985b7edc8883b9b223494fb78004c338edb36581a3a7c48d9c05f67d50ce2d16ea54c86f5d851fe759bb9d56255dc87a98464d3378816253889136063e1a286b3c25d47ce894229075e5c5b8674edce6d2e22aafd248a74f5db2ff17c68e99fb66a609c781a129ace639847e85a93c572c611d85bb3f987e4e9148176a0cc5158a1bf161e649c899ecf63dbe816a9eeaf0e4a60e59c592a670cb6873c952a8a5b717501fd8505c02a06b155639c7e4fd041eca5916185466192a967053fd97c9500cee8498ed07993a4d080041d6ec32c2c1ca14c0c4833453c63c04054890ea710646a96072cd70351aa048ac922407d26b3b815f128a8fb5c9202e7af2785ff99e6a52bfaf9769c322fe95f339430daf7c724c1ca3ed1a51a279200189b31a515b70ce285b4ec2440b47e72c0956d2cb9332ecc8ea534ba53c397061558082074d02d5b639a80d9e0f4ce593f9f4068c9f7bf970e2c07373751fa5b2e0aefe53d6f6772ca8fa065d9ca9706ddb5048c9e8c9dcc05e3f6a7c820f66e4953b18aec7b8ebc5313709f70080f2c27b60f914aca4798e85617356f2d09e5dd23aff19fccf612a9b866859972d33388d3b6cddf1bf89718f5ed290c49a7a2941aa00e2a322f6da530830c1d918b07e49310b7142aac55bc5b24ed809ae6f3f140dcbaec459ba89d6c062ffc28cc98595da5587e2b5505f917b6d632077754121910c8aea253574479cc2b7de4d4e98e946263da8f45569515f34888c9a1b5900206a1393e26e7560302d8ba8920e7d91c69e050a2244c0cf57310a9d8149d2ffb260fca48d4a45031522877507546017239f2856cad723ccbd5de39f7f252c37f09c51fb6bf47d2a94e3ccc32cafaa86198cb1b968aa2ef136861c4409fa3e9ae23aad92482751d045891619d824b4bd0fd36efc0b216d2784cf9b2d16cf1cfad6ad2ee9199d0da115e7691cbb37ed3ab90dd134aca1b9c1dae41b58bef3b1c278a202d7b9312a9b2c350c253310136598d6720028de2672d146c219f082bd335ecb1772b4810f245f9f4515b82fc9de0efeb044c2b3801c7d412e5836562c3e4b917cd7f28db0bba42bc88876a13d262ea52b45334b4dd8bda5fd5e4ea14c20a2a6232c2d8d3270fa9971909cdbe23532f32bddb8b32308a493e3c7ac97571e7c37944ba392c79e4f9c5bbae62debf70794dc3835dc6cdf92daeba7a38246d8672d3d92a98a76cb368080d235726e7f35a018d43788a86a34f69635e32e296da07ae8228780f56dc38a91643b2603956dbdcdd07f0101b52beac55f9a397a453f072061d1c16b153522ded812aab900f1533c9ad28a7fce14995c78c27e188c290ce4d7bbd94aa3d82870b4d91ccf121b329adcb4798f59f5a8c70b8c27a55e8e479e2aebee1f6d7cc857530cc2fe1e2c7367cbec331660a7a69215b41601f4cd18fb7fa5fd4f1674d6e85b8b6ed3579b19832c51740d0f8e34e05302aff2e73701484e4c1dae56097f8f160ebcfa8d3c13f8cde18942f4bfc2932fffcbfff000e1b785983289f36b94567081323d2163f42a49ac0334430bb2ccc320375f8d03928ef16daa13f9a24aa938f63c6b9d0ea4c621e812dbc60fbf1d1afd8e828ee95933fb32bcf8e887c09f283460bffffba5850a7748405caece1822be0e25c5f66a625b2ac41426e7a36fcca3fa409dd4676dfb38f58e287318c24e0d4ee2b99d535ea89f5fb514b1d15c79286d043218eac64d71eaca7139f46c7abf07b7b14cb8c4d3041659d4e31bc29f3030d4a521ed33a95c5915a43d17f56e1219bdc4bb4b5c7158e9d42c5800c34d4d9140bb02ae5d98115fcf19fa902f975f4d314c09adf14c5d8c0f39449a5a236316159bbda901612c62907facdb898f98cbf049484386ad5ef0ada293f4e84b5fb999feeeb1268a49185ef74499fc8cc6ad6078c2e0dc1cd75cbed86ec44b43746d5d7e222ee7c24cab82d1af9fa8e7ea326d1", 0x1000}, {&(0x7f0000002e00)="0f3af1a83d66f815fa9f6efb3c5821526fcbe65c5ad7c6b984bcf8b7f3c379ff128ad4ee69ff90a890e40aa053d5ac29298278793a701c34b135efad2b7cb01fa1775afc0b4b8f3faf7c06bbe1859a637963137c9fa0b48074fa751daa4bcf11d4dde77488dfbdb6897a0b2ad157f1a9943e415db75cfa87b6cd8aa7613bc424f056ab76e4ad70bf00818db2abf27f7e63f0bd8b7f8c5a48995bb662d79c7f77619616c0397426b5508b41e5f5c7e947ab5b5ece604e20b95e64b186493d35bc3fd5f4bd00d47f42e964296ea2cbcb01f62d065615559260a9c6151be6717ea30cc77882ed3ce2cf587fb9a04fb92460d3d80d46c3d1d5f274df36744947f7a7d23efeaf19c412eb5a7a4d4bf99322bffb27cf21f43a8f2a14f75e6dfb4a7499abf2f38593131c2dc197dfcbce33051d99d2bd181e242b5cda935902718cfe9c3f0424b8135f1ab0c415fba87d16c8133d22a5175c073c60ee87642fa97619da17a533a2041baaa604ba05741d64a320b84962ec3f75c13fe26a5c688a38fd165c408083cb3192f752f5729485a7b1a3d880ae8efe1539959fd46fb84c81276a0859eb0ed69da121da202cfa836548e34f7f43bdd3d9bbed604106bdfac1543778ecc1fb1c920b4aac6172fbd967116f5205674e00d253d6240b0005ba5681921685cb491b9562c73582db20cc1057572522c36a21963fdb444c53cd60ea993826ab9901db0c777728a540902f23d80eb9996705a9e77caae5e73952e07ecb8c94eb32a94a338813e01091fd5ce75cdc3e3d77e3faddb2e5fa2c6de757fd40c6eb0f9eab9e0b68df94216931e5947b7ac10abc51d20d59a92e683bcc8caf32d84d2fcbe27d551c36ff5d82a087cbc988a5fd018d79cbd42e63fd72f9379663b5aa8c38cbebcf1d5224ec0bb03e36622699d4b9bbf4e866442c41a29e1036c6521a337dbad98d54e811a690513de7e4a1ce1cd58aaf8b1e161c4f3dd64553761dc036f4cb9d918f45676c6bd814ec6ae875b94978571719c1173709d4369d8c02c5fd7b4bfb71915458b1bdacf83ad5e483d3114ad575defb23ebe4b3bc4b88b8ee3be2fdde474b8f668632489549324494857afa50fbc6d5dcda2c8acd64e017e3ad5668da2929650f0e56db1dab7fc2ba9b4147ffdd9431daf62b776fda8a69a4b6bf651fdcac0a65b3ccbda07c5d149ff956617c74fddcbfcb95b278dc3b4db8bfbad615e5f9b4237cb4345fae6e2eff1d50bf1c0c80312d5eca7eebfb65757b998394a195f996c542c8412c3cb4fd8868a557ef172cf8e57eee7d3d3cd3a12bbd8dcd1a0e992a5927ea1fb4d9490475bf4adac115ee436f75d63ac857c1fc4602bedaa6593122d021c45a3ae8732f67222333405fd172b0c4d4f5101202c628f63d15aaea0e6bb68acb8f7be8406482748c7a6134063129c8690a2d20a5dd3d6ee2e8e87797b81b4fe56819052ed73731f9b6d79935acd16c442c09ea80aa305680968c5b4673374fd505f2dfd4321c4afc573a2d004e710f1410329f3e964885e45ddd61a4cab4b517f788c632af8c6821e0fb5fb7f057b8812da739b584c039fa316ef3eb2682ff5bc5d651eaf4e720c563bd928fde9c5cce94b22b3b031932c69af3a5206041be5c276647d8a3b2f37c7d71537bf3c3332a203e6d039f0d2613446258f7c0194fb0d311b8b794ace70f5fdb74b7c79294f476cee7b1973340a2c82fde4ceea0f2165e0592df67f9479037a57b889520431bfcf09e9d1ebc9fee0e035eb1f65ebb74122c72389c9be2b131fd102e3aad5928dbc6423a5b97002e6607b61d17d8b919a7f112c173f913f99173068db30858252bbb8f22ef0d2cfd964867df9c193c45581874d2f6637aced8ada61d5eaa41230ca37ee199309896f8c9cc8258ff2ebb0c4a0883c16a5ad0bad3bb5cc8b69969d443107e20eb6f65ff2847ef1d7789001777d97e4a093a334a2d35c9c800af8a2929b668cea23e889f8de7f89fecf238eb4032eef59e5b79c67788d7fb566d36cb01f0b17c5972589c591e5ee0a78ff0ca9d9b81a39863888fb85f34b68bae0128b04d06705466be2544d428db4346c954253d15b0b48300bfd5af0f7a4c6b70015a6a085a017ddc31cd9f124ed7e8844739a59c268761f6dd262f5696744c39b14f0014635929b0cc3f963b88629778ddb40f47b01ae2daf07bf6fa8c8daef3e2feb30e0776b7eda0eba5295ed5cdb360132fbf8a12315f3ef619d98f61ed32556b1b3bfaeda08f79c3bc11d3e876d09ff4e4e3640ebc12f82ccffdab206838e92cefe5c1304c43b8326a7477189c0182d972e8b652e4263d995df3c08abbb50a01f783afa08ad1bfa673a80017d6b47c08fde885199e96c2cd8d3569af00026a8a7ec8377b83b957271c528bb16d64be9134a03de57a5353fb110fb59828bd9804522041dc9394f783a485b7b6e773d77a9b42ed9019ca7bb7d4b3c43812db7c8060402fe37b1ef364f60f5039a892d749320dba4e7dfa4e854893d5810209c3b43c44a94d9aa658361df06fe624204b6a0695c14b69888b40f75ece1d570e47c466a77af0bdab0acec8e49a7ea30df874de1a084f06ef931b733a49a2f0c9a4feb14e7c29013f639ca70f374bd5005fc8a3b7d7dd9ed28d8af1f6bf2c115196e22f3f7b643c221aaf49e7d5653a0f2afced63dfd529deb6bec01e7dd03dc7bd11fc62f6e34f7b6ea478fa0cfccf14ce7ed3eee7296f627f65c3d153423ae258fbe997181eb0965f8e50e634986b0d4d720e4032914b3e8c1283e508251a41a8cf10548bac4b7a7b9aea2f863e99403471829c297b10dec12c4d6c866640109d8ee369e42c18b95862b0749fb670fe1bae6f56df8b5c41967c3bf166bd6f7493c7faaf662da619546ce3293a6572cca65f35e0dd0dd62a5eb86bd47c1de84dd0987176e927098ecd5f69d2a215e6ac3384d9165cfef07c80b9dd423006efa567627c381b852b37bc332dc21232273802499bd7d5de1fde6692f33e84848487505fdd0711008d6b1124c67a5956a5ee06a629df5a5e3f2d9e10a9d67484581c0edd0af5d997c2c9c95ce71ef34a839edaedd1867427428e71877d085bfa2f257fe9bacedb88b9e8253b7797bac912dad63cdf4ea6d431a8c32f8cfb079cd154393d58d0707fd40370f786fbfda4269c1b1ab7c7a76fd28814d98eaab941f4a4412cf5323db34ccf8435d44e835c1bbd199b76688283c2db86e5971923a0b9db899a77a6d16344b468b3cec7a2d4222e06c8683894e180f914657b98c263220ad1f97f77bd70a2cdae033e228a6391c0c86bda5e0703f28546a2122d0ab4f1632c94c509fad71de4e076c92e7bd998c6ee9a6f3787998079bc05c60244143beaec3f8d44257084781583836224a9a5cff256f49e537a8818ab09839497b064ecb26c4ea4cf170949fb66f4445418915191ecf81344df8656e53d9731c1e414279c8b3c4db07567a62b1897b55331fb8eee23a191ab7a5a4772173236c4cb1ba9bc067b5ab2e3f74b570d16626142acfb5127a138a59a5d8bc2301503cb3a6ce4ae177cadaaf7eb412c8dd39aa78956c322141adc5bac16cc3548062790be3e73b803338e87321a216ad6ccccb18ead064e97daaa381da1d1c6ec98d7ecbc15cafd171df3e5e05cfc94ff9401d75ba3567c5496a8f2cd4e64f9fb6fc488cb742e4eabd5bf8a1fbc4ae7f616b2e47ab20c119ceaa5955619b3611b6830ebea4d2c8ee949d6642db2d4e6a02f0167b6e1e249221f6a52fb9ae3308057ff800cf7766863cddec65d09567814db25aa7d5d98718c83aaa3c0938a02d9a9254a44bef8b40e2514987017438912ffaa63e81c16703763122bcf54cd381e571c3ad7b94bedcc2bb29139e56b6c38918b8d69ba2150e6e5d6b9f210955c00e48be6ba5fbbd85c1c7acf686426e8aa4f094e4fd846d27f9ef1d5ed855cc9aa952f94d6aed5addde3f66415943c07addfc0f1a39915af9751d963b8dbde51f7d2d46982e3e744a7674b290d2011c84de7957c125931e4b5dec463b76870d522a94e43cc00e4827186d35c3f9cd299ce49f320a4888dcac41458434dfb42307f1039539e563ba78942bc08da0a82662fe20b040e1853f4f621deb8e526c73a6139f1648ac1b3dbc899dcdbf4c849e66ea2e26311ccbfe143c2d4e1b8e250f88b42e5da9be0892c36967d82c0a57401cc0724ffe20aac922445acad18ead4494f1543bf9fd20956fe7c8882b0486950bb807bc5dfa7aba2e26a7e2d1a529174efcd293cf1556c8e9e8bb5edc33b0bfc514438a4780bf0a7d06f615a56be496480db10ee627775d20ecd4e673c93b0756060e8618f649cf84e6e8f71be5d07533ae3a38c0c4d561b2bf204bc5a0432ec67593316167d340fe5df0de58799e241de51b3d0e8f70748616289bc4ef995fea9bd51d79a8f22f99d4ee27f730bd21b9ff6d9b25f174190fd539b8b5d6e6619fc4bc1c801a4a4d381337bd9a9abd16eff07cec81ad8166a11ea06be15e1bbc7ce63104d08e03e0771718ca92959c14456332baed7401b6ab7024df49d02ca460e3e27608da7f22516db2bd49b74068f69fcf30f4c0e9895dcfbaad960edd07478507dfaa1811b2c7569cf831d9379eaa8bb0088bd55100f6fc031dc3770cba5501577a69a8ac6f912492e76814d3ee4a6768f7c6271c0ffcce408d1729a475c632a3ff80a79e7ad3620f91ebc09cccecc7d9ac01adb51682301ffc8572ac940e5c6700d462e9d3c0101abf6cdf06033d0f340ed75d156902b5faf754aae828d90e79f02a92fc987e752387741abc24093d95127856f3d00dd94b3f714af137ffa60e77d4b75c7d8e2d6b653663cc05decd0b544abe8e94b3bcd5d89fabb741e569483e1214bbdcb49d54dbe2786b7dd711ca7dd4ded63b08e45cdcc46fcf2908d4954cf37650adf7e0f459af0e0324a564891c5b6c94e7c68d2e405df1edb367275000128a0038eb7bbb39000282732ad69b507bc545de3c65244c34c667ae88c8b1e12557d3753d144a1eabf876856e836f0138724b6fd908fcbef1bf54f0aecca7671870f04e445799121bb46e49771a7eadeca14cfe62abfa3a966265a884f47437967c67d33d3a22e191ae89fb80d0e036263b3bc3cc7b6ee6e32d8edb2780998b8f9667826ff8dba053393120268a0d502791f01d75435b9740bf22023a07c3ae18b22688b6e6c0671541b034d629eecf3caa290f2cbe6931157992828b71fe7cbc2dff7ce2b48b3e522ddfc527009656cd928941e2ed3919cb7bc84619ac2f4416d70e701fe70c440d71817928667fcb3e678f607321a9aa30956f92f961810936a5b9cd0afe4ac8eb1b18dda3d413d1ada3f0a1478bd79c971bbeff696beb6bde8fa5ccf5452fc6e1c0eaad01bb739f55270e8ee561e393eec8ace77950f967dba7a49ccd9bb6467632285b907dfdac2801fa5e0dfef52f20e8cba5ce8efa28b60e540454ff942c03de010034450d000ce78d6ecf3057f668ae68defce85b59dec2aacce86f62c6fbc70bd93290785fb2ab965450b085e2da07bef762da798e07b61cd38f84d53757ed8c1eca03a3c55bddd8b8c8c6d345d9c1e5be813d3ab322168de92f376dc6002b8ccf81bf70d5d9c1870232edabefd93a46a8d3a100c0e9ba3af7b70664ad3477afc183aece97ab1aa70c495b168d9efeb9812f26de44828ad51d8dee96d01dfc9b4e5004b5cbb7b53a7d89e0d6da64926d0e36fc1235e66980a54eac67ca14f299960133e9b04aa4baaea14221e43", 0x1000}], 0xa}, 0x1)
syz_io_uring_setup(0x12a1, &(0x7f0000001840)={0x0, 0xd14c, 0x10, 0x3, 0x27b, 0x0, r4}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000018c0), &(0x7f0000001900)=<r9=>0x0)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r9, &(0x7f0000001980)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4000, @fd=r5, 0x5, &(0x7f0000001940)=""/63, 0x3f, 0x11, 0x0, {0x0, r10}}, 0x6)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
fallocate(r3, 0x52, 0x438, 0x7)

18:10:08 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
r3 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r3, 0x1)
ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0x100000000, 0x5, 0x7})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:08 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000100000018000000d01713b06b4ad03aeb1c07ec23b55b6d944ebd5f1b1b431021ca45d56e78248fdf7a930553a9d4aef84c59ffbcf3dbd11af0477362edeb89362f", @ANYRES32=<r5=>0xffffffffffffffff, @ANYBLOB="b3480000000000002e2f66696c653000"])
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r4, &(0x7f0000000180))
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:08 executing program 6:
r0 = syz_io_uring_setup(0x6968, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
execveat(r7, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)=[&(0x7f0000000180)='/dev/full\x00', &(0x7f00000001c0)='(\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='\x00', &(0x7f0000000340)='\x00'], &(0x7f0000000440)=[&(0x7f00000003c0)='/dev/full\x00', &(0x7f0000000400)='\x00'], 0x100)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000140)=<r9=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r10, 0x0}, 0x0)
syz_io_uring_submit(r6, r9, &(0x7f00000004c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x4000, @fd_index=0x1, 0x8, &(0x7f0000000480)=""/9, 0x9, 0x2, 0x1, {0x0, r4}}, 0x2)
inotify_add_watch(r5, &(0x7f0000000500)='./file0\x00', 0x10000048)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:08 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x3)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x2, 0x2}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r7 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000000c0))
fstat(r7, &(0x7f0000000180))

18:10:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt(r5, 0x4d84, 0x1, &(0x7f0000001340)=""/126, &(0x7f0000000280)=0x7e)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = syz_open_dev$vcsn(&(0x7f00000001c0), 0x80000001, 0x88400)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000240)={{0x2, 0x2, 0x9, 0x2}})
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_io_uring_setup(0x3bb1, &(0x7f0000000040)={0x0, 0xec57, 0x20, 0x3, 0x327, 0x0, r8}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000180))
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$BTRFS_IOC_SNAP_CREATE(r8, 0x50009401, &(0x7f0000000340)={{r4}, "bcc7e2ddeec4a3e87975a66472bf6306a47c75198bb39e9b5bf0b72938bf026c27dd99a79e8712cd396784d7629d0c3efe3a0808ffbadcda7a1fd573e6c838002d30bd93ba55b98db68ab201c3f227628104a8939db1768381a81f40c60de68342d950bb16264624a0de17a9cb70bbbe729003c0746211e1fb0ba34753dc5132f6e9afd433056ad48fc4eaeed45ac7f4e5616a24c999c30bb8050ce6f6e0295a3fc3bfbe9504fdbf1769f81a502a96002153d3ac48c71ebf1b57e00cdfd39979c1f182618937b4e455b3ef1641573d3563872ca25241a361e16b9de898935cf830a645a6f6e4d4e4ad33c1d78403764e84e4201a3fd62fa6fc6c377f683a9dcf5e84bcb4f677dc17f565a19ac8367a512a133734fefab0a0554a633a350a716396611fc0e6ff38cbd88d95ce35b16a1181fc64bed001192b887e7382a80c10e831d0e844b3a89fff358c00de4c196464d808e017a5206c369283584d79791e8ec1f41a104e321e20db938e4917ef0620665ccb41644654e028dbc6b87f3e84518df078befbc76702f2eae179ee030b89842bfceb1b1d8a83a056e54465686c8cf67e22075e0e2b1acd54322200b84701866d448aa19df49c25138fdb3571d267f72728d60b6a2de7734d91842409fb711ca2a7d3648f522222b24b29ddcca05b719f1a39ce31260ab9595c527bff984c2f320e0dd7c82e67341862bb551d382bc9f683ed11b883df49d2477255995ac2c4ad28a6130fce96dceeba3c9fedce44238545d7326a9e99a836e06e0c2301ab1d10d2bd07142fcab85cb3cf66753c5c805d1108c335d3324952ebaab6712ab0bbe6bc532d8458afebc3fec09dbe96202cbae6cedb4809e6ab38e7cb0ddd80c20a370da5c3edce791192bcc7091a5c2dfd000369c877148e47acb329558c7d828b96f87878d7a1e221c85dc742260339ba42beb741d4aa400e5357a9368dcbed909e11bfb9d492acc2ec94f92fe73c89dbd7295bb0e7c1957a3cbd5b4cf03045f7fae79c381d4b29f31795e461753cf15acb77dad8cf63e1e60da11f84a4c185bddcc3e4d2913cde0fc63f5333a55ad80feff1a412d58745d12c33b2e6eb1d5a7f9ca3ccb530789f3729de2746ee121cb3460eb1ddc7f42449cc05fc94dc2231cb4f289718d6cb8005461e7801681b315162b7c8a1dbf8ddfe7a3437d2ddc4c040a17851def2dbd09f81d154e554418834779bb2ca0a9c4d148d5ec7f6170fc03463efe5c98ce85e300f731dd57e4016232af8f3a5fcb9a707a660f278732bdd2a62bed36ae2a39c0dbb2e5b356674ae5374daab2018d7d76e22a6aae1a78bdb429b5963d8ae0a3cc367a0d022541b8ce1aaae60f2d7f56e405136abe83508a2e5a6188da105c8e97041f43d99d041bd3570b9e264a0203d14d49084e76dffc11d57b792f763530438cc510688f030b704dfe322f2feab0a3242e9400c7aa6e145537992410671ad5961086824b8531481a772af36e317ececc8ae023042602ebe5b1a734130ea17d794f5e2c8343794d1e689f6c83ee084d962989a789ab54b645f6f8e91cf432df5603689540a098db7c48f890962d225a2e6f326ed3f1605355c1daec299a0793ccecafdb4c55c3246793b224f68269194107e7f40d7295d27f6e7ff08d5c77104ba76c768b5cfac3a3c6a81083e14eceef865e5cd5f162f950fc7083078c7c29b6ce2446877c8b796296935ace194b674ab32aeada31726c4ef50724ec0510600fd183fc5446306a3e80fe104b5941096236a4ac91752cd532ee831ba06824106729cd3abeba7b903db0ff966a2a361578f75889453ddc055159f9cf685aa6ef7c63b1828480481b86eae297a029becea17bc555955fe4b0f6944aacc810d0a0382ad10786d34bbfa3536f242a412d12478b47a8789baf47195ca5b87051df04b19b5cb3fd272c43a550482631915155928131c75726588295a9144ba8201094f810d3a14005bca4c440efb76b6bee94541cb5edad7f727826e1154f81ae82bd7b38980e85b087ac0debf89db00b2c5ec38f248a52c75104eb38d4973e40fb36dbf4d4b390ee84ba730c19212ccc6db50fa33d95b7838fc1b850e33c1943fc5c6e8c8082ceeba3b50bce3f56f076858ad61ef91b3f1218e6861bb7ac3a852a1ccc57ea0b13ec6a5412ed9084992ddf064ac1d7d7a36c7e9545d3fe7a871de67c8f76098ddafe0bf6b04769174ecf3ebc02d72244e30ebe928d0fc502f43ec0c2dde5456259b1233bbc84ca84aecbf21df9406957d772f5112b2c72e5595a84a9d767f3c6ab840bed455b7bd59330f5033345ac145e6b3b817b3e74689d5c66e76629138d5c987e6309b09c727d16feed2fe843e7c752f1a2566b74f2c60cd957e3b239393116cc80e0b64d993d99fc28d6f4d011b9da76cda306d50591f2da72622c24753aeb92dd5dd3d97ac460ab29a61e53b8a4f131da7c5df842bb24502aa1af8e89eb7ab7f7656a85e9ce826d4d5446708df564ce13138bcebca37796c1323295746829d5ccad3e3c4b9d894409a32aa4bffc76e5cb5083609811155795c47f085f542ee5d13be92ebc83d285313fba60d3cf4d6a4afbb77c452c5f2f4e8d96d3868b2368ed238b10006c353822f98291d6e78686662a3fa07aecc2ec6947b67b1802431322d21ac2ed0f9f600d913ff1390487996d474f2ae4304a207176f4c820a49676b26c6dd624925c1b08533b7eb8dd31496507446d64934dc72707f0efcabb030294f5c59faf43e31f20d33b5ab1d4e06dd5dd867ecdeb0c9eadb433a8cd38e61e2c2dfb2d06a6e3487d03a3f38b9b837e2886622f719ad4f5933a79bfa3be6195f62b6c0553aea9c8b447579d2bf95df2ded87aaa0798414fd875ec54f64e8d10cbff1c298ec7cfd65a4056bcf84bc93ec0f571d57a9c88b02ffe77de45ae813158d779b49d648eca57390204cfe2e3e09e322f254800802ee3bdc03d2fcf62f276192b1e6cbba1e9f56d76a21298a409ef08eb375a958641f48ae38da5b341ea9953bac44998cbd9373b1f8e2e8470e868f6c0954a0af61bff839acdcc37108e49b4b05669a36ef623589939bb2f533903c22160da53531ef8fd989dd86a007d05e9c1d91c30956bc0677148b74db0143dc178aae8f9d88cf688c7020635e0cdb321596c020ee00fd1e3505807287467996aa253ba530ddabea62721401419f677e922d49c9899b2157b7e618706a013fc51905ecb6087f1ac668090de42b5eed3952603d7a1846a26dd460e0ed0c55ab3d2d411cb71a242488674cbe7d3de968c94ceec99db37a2663e52308346d05bbda6cfbc7fb1b4b97c06b78be03a9adb55f8b808e3da6dcd833a3e5e32948d761601d7d7b1e452631c37f2fb0a3c7e60a72d3536c4d3d98ff52f3fa38a2c991d3b2cc442e55ee061ada6437ee24d6a421442257d191c80274ba9e47e8d19915b79f120f582c8c2bd73ba3c1fb4ee98405c8ed231cd0f9b86087b9f7f755ef06697459a4cb5ef2cfea376e2994b0a50d2e6588465aa8869d62e267a00069dcf4e04f25c3d9c5c2f5176c6bb80fcadaf36c3f730c6e6167e162dea14d00e816d7efdcc568777ea5fb0ca166b491c8a094509b1e13f92be7fa8c4d7b13265beb09bbc6a03f3fee430322e5a861346e4eee178aeffdab8beba1f55ec79f0577b42071ceec430876ed0daecdffe05eef4ecd67719bc235b198a78f0c393e3854e3d79b3c0a2cf91351a46337f8f349cbfa55975222b669f81baacb362f4eb46c37b3f6628f2bfc34d84098e6cfd75420b5df1e4a4d151b7642947aaafab0351c63df88443777d8d993b63e50be7144de00c0774950f9db134b2c81afa5c4eb868e8774947b63cc743519000ec093532c73989ca4209d3d581b85429c305012dcbf2b9d9b6edce60a0a45959c8f44637171c0902b558b5d10b5242ba1ff076a05fd6a2f8f5680b2a49256713c687ed4a0efe6368cf9562c80d4610284b6f1286dcae3706826cda396b4b66319be9c768467c63cd15c615f2eef402258eb28d3bbb4c884c1b02ba3dc68968b57d1dca046161c9f04fc350c91120f6565b31751c9f08d93817688783e30b36df816472264b3d010ed9d47a61259f3113897d8e05620a692c4943e6d841d3f333382edccf1569f7d425058c9afafffa37e09d70cc12670b98b46151136c1d954e623b9b4dfc9183f14c4c5b47eb56be9e135a19a8cb6622095c7cc17203a7cf001df5568b36d99fa48e7e8b00a0d346bf309f8361cbd474b68e94ef22c5e3560a6d31e75e881e170c0f33f6dae0c7e0033e37715fc872960a23baeb8ea3b8d5fce63fb55538a03331db27351ab5df3dd2a3460d4c4a7585a8f30c5b51e4fbf9971ae4ba2ce7af948f9ae81762a341699cbb9be055379481661943626212407ad8d10faf2adaf2108f8ce1f8c0abecb752da5d1c4b71e05f8646d74b4b28d1fb0cb1945dff15e4129b29570b36038bd01e90b3ca20d6d6f97b02cdd36ea167cd8b999cb462f45383182c240ca5825129efbd288658112c86e698659ceb6bd5dcca35f68c75a8f8ee1554e7cc6a9de51e68e245c0e97b764554941bed8052219a2e1d47f6c94e24eb4434b31c533cb06b31f5093c29f6763fb8974e31d894aa51b3bcb5d19ecfcdc92997d04c534c0d8e05a57093ad8c80925a737cb1901654bcfbea4275616bcff73b09c17c10316bd3d05924f81e3dbfe97af807fe886c45d029dbe878c475c43fd7b2d6d1dd1a4925bc9c1c02762f91894b7d5948b8070c9b2290f1c30761309746cedf146dc464fa9ac957a00f018deb05e7981c31f602f07ddac7a72b49d5591f1bb99f4891490a466bd42b2aad5cfa94f80390767179bd7bf8582c00ad4a940f3118b0b262b38d4c3e16c87fbf7cafae1ae651c32efb1696fd773cf7b9db1cc6b9f93eae1c522c380bab032b7e8221058ddc6baf75d4b49fcd647c0c168c752f291e7d132f834513abab4d68d3b75134882b8b5e272fe39350d1c85183fe5a64be13d93cc88ee232513d71f3f5cb667d8ae8f3b860e15be04140be804f1071ee96cec49cf6d4e2c055f3fb40d78dd943a7cb437fb7f06be1d5bfa02ee7dd5477f973089f5bb2f510b96f4a44a8fa8ace7ca1f9a7c0604392fe736a9a8436ad887f7434398ff70fd96a12519b89f73acb01aa5db8269a61d0ca8eace8af34cfc63d2ca2c20123d593b3d803e190df8e5c2b670b84448ad0153b15f102da31ec858d0f6633b7eb166907e8ad53a53ea0ad42a38ad302dd8c6e4bed41a371cffc2c9003b70dafd65df0f419c2aee80951639df5446780176edddc69aa190f811d4a5c89127f2b45e34553878542d30ff787ecfc7d2e7aed1edea0600e41bc66cf8d5884c11dbf510f90cbe729e98e0ae4e2ca5b0f3502a5491828dda32aece3e0bb554753919d8f4a4e36022a39f6846505fa845f16ce810300185ccd4975b2c20e06c42e7030133250fb11d9a6952785ebb62b5b9d49bd66b1d68b0e0a026214129ec8f545b55e75f9038210f72b2681110521045a8e3cf2fa2bef83bd5b7122449c7dba9f23fa7abb05b29ceaa898afc7ce2ba51f17e14db17c3cac89b5d0a73122fd4425cd6a477c314d8c10a4638d59eed5b77d30530da76adae01e943c757f8c67014f37fd6855b5ebfc43316cd5e3c4ac45ad00905428b89b450c8441287d1d2d4dd5a08a5dcaa207944775fa26055dfcff83e8e8b1ebad7f98329d770f3890adbedfe208295cf578efcdbe6c04da73ba57e018d5f80"})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56)

18:10:08 executing program 1:
r0 = syz_io_uring_setup(0x686f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f00000000c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2832.771129] FAULT_INJECTION: forcing a failure.
[ 2832.771129] name failslab, interval 1, probability 0, space 0, times 0
[ 2832.772714] CPU: 1 PID: 14533 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2832.773711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2832.774879] Call Trace:
[ 2832.775199]  dump_stack+0x107/0x167
[ 2832.775711]  should_fail.cold+0x5/0xa
[ 2832.776247]  ? create_object.isra.0+0x3a/0xa20
[ 2832.776889]  should_failslab+0x5/0x20
[ 2832.777422]  kmem_cache_alloc+0x5b/0x310
[ 2832.778007]  create_object.isra.0+0x3a/0xa20
[ 2832.778632]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2832.779348]  kmem_cache_alloc_bulk+0x168/0x320
[ 2832.779994]  io_submit_sqes+0x6f76/0x85c0
[ 2832.780592]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2832.781289]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2832.781880]  ? lock_downgrade+0x6d0/0x6d0
[ 2832.782460]  ? find_held_lock+0x2c/0x110
[ 2832.783028]  ? io_submit_sqes+0x85c0/0x85c0
[ 2832.783634]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2832.784194]  ? wait_for_completion_io+0x270/0x270
[ 2832.784874]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2832.785411]  ? vfs_write+0x354/0xa70
[ 2832.785945]  ? fput_many+0x2f/0x1a0
[ 2832.786448]  ? ksys_write+0x1a9/0x260
[ 2832.786972]  ? __ia32_sys_read+0xb0/0xb0
[ 2832.787542]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2832.788150]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2832.788879]  do_syscall_64+0x33/0x40
[ 2832.789400]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2832.790137] RIP: 0033:0x7fd673b8db19
[ 2832.790655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2832.793208] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2832.794284] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2832.795269] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2832.796251] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2832.797105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2832.798110] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:10:23 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x7, @mcast2, 0x6}, 0x1c)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = syz_open_dev$vcsa(&(0x7f0000000180), 0x0, 0x220800)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r5, 0x40045402, &(0x7f00000001c0))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x7, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:23 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x1, @bearer=@udp='udp:syz1\x00'}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20008050}, 0xc0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:23 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57)

18:10:23 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
r9 = fcntl$dupfd(r0, 0x0, r3)
syz_io_uring_submit(r5, r7, &(0x7f00000000c0)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0xa, 0x0, 0x0, 0x6, 0x1, 0x0, {0x0, 0x0, r9}}, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:23 executing program 4:
r0 = syz_io_uring_setup(0x4d4b, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x300000d, 0x4010, r0, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x4, 0x1, 0x0, {0x0, r4, r6}}, 0x8001)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0xfd3, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
io_uring_enter(r7, 0x23a7, 0xc91, 0x0, &(0x7f0000000040)={[0xfffffffffffffff8]}, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:23 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x1000, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/tty/ldiscs\x00', 0x0, 0x0)

18:10:23 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
r5 = socket$inet6_icmp(0xa, 0x2, 0x3a)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
r6 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0x5, 0x0, r7)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r5, 0x2, 0x0, 0x0, 0x2, 0x1, {0x3, r7}}, 0x0)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_io_uring_submit(r8, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT={0x12, 0x3, 0x0, r4, 0x0, &(0x7f0000000180)='./file0\x00', 0x40, 0x202, 0x12345}, 0x9)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0', [{}, {0x20, '\x00'}], 0xa, "a4669afd70a334de81701ffd8ae85c1eed0939fe44f9d271"}, 0x26)

18:10:23 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x30, r0, 0x8000000)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}, 0x0)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r8, &(0x7f00000000c0)=@IORING_OP_FADVISE={0x18, 0x3, 0x0, @fd=r4, 0x7, 0x0, 0x6, 0x2, 0x0, {0x0, r10}}, 0x1)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r11 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x83710, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0xe8b9, 0x24cb}, 0x0, 0x80000000, 0xfffffffb, 0x0, 0x0, 0x0, 0x1000, 0x0, 0xfd, 0x0, 0xffffffff80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_submit(r11, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2848.334170] FAULT_INJECTION: forcing a failure.
[ 2848.334170] name failslab, interval 1, probability 0, space 0, times 0
[ 2848.337050] CPU: 1 PID: 14573 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2848.338511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2848.340200] Call Trace:
[ 2848.340761]  dump_stack+0x107/0x167
[ 2848.341521]  should_fail.cold+0x5/0xa
[ 2848.342329]  ? create_object.isra.0+0x3a/0xa20
[ 2848.343270]  should_failslab+0x5/0x20
[ 2848.344192]  kmem_cache_alloc+0x5b/0x310
[ 2848.345129]  ? mark_held_locks+0x9e/0xe0
[ 2848.345995]  create_object.isra.0+0x3a/0xa20
[ 2848.346896]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2848.348112]  kmem_cache_alloc_bulk+0x168/0x320
[ 2848.349058]  io_submit_sqes+0x6f76/0x85c0
[ 2848.349946]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2848.350978]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2848.351997]  ? io_submit_sqes+0x85c0/0x85c0
[ 2848.353039]  ? recalibrate_cpu_khz+0x10/0x10
[ 2848.354009]  ? ktime_get+0x158/0x1f0
[ 2848.354771]  ? lapic_timer_set_periodic+0x60/0x60
[ 2848.355759]  ? clockevents_program_event+0x131/0x360
[ 2848.356801]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2848.357880]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2848.358964]  ? trace_hardirqs_on+0x5b/0x180
[ 2848.359876]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2848.360988]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2848.362048]  do_syscall_64+0x33/0x40
[ 2848.362804]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2848.363844] RIP: 0033:0x7fd673b8db19
[ 2848.364600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2848.368321] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2848.369933] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2848.371373] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2848.372827] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2848.374291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2848.375723] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:10:24 executing program 1:
r0 = syz_io_uring_setup(0x3f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x3d3}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
dup2(r3, 0xffffffffffffffff)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r6)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:24 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0x40, &(0x7f0000000240)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x3f)
write$binfmt_elf64(r4, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x81, 0xfd, 0x4f, 0x1, 0x0, 0x2, 0x3e, 0x20, 0x313, 0x40, 0x16d, 0x5, 0x0, 0x38, 0x2, 0x8000, 0x1, 0xfd20}, [{0x1, 0x8, 0x319d0c81, 0x1ff, 0x200, 0x400, 0x1, 0xfffffffffffffffc}], "a2d177190c42b590f8e497afc89bb52a82b6b583e77f12d10161f2128e8fa05ab1f70303e09494119aa2a2cee7c23c28da678ef6160c67983e11b8a96ccf170b78da1f816884262e04ef95f2f48f393d3ffe42df8fdf2f8b3a0f3b64f3ce362ea9614b91d696635203f8be4c5196233450bfa51ba9f263e7b2dffeffbcac5384da0bf841c662827c9f573aa9659ae659a28b9f78f1b72fbdf7646ce1b458450c84406d291301b79606", ['\x00', '\x00', '\x00', '\x00']}, 0x521)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x3)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:24 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}, 0x0)
r6 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0x5, 0x0, r7)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1, {0x0, r7}}, 0xfffffe00)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:24 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x5, 0x0, 0x80000001, 0x1, &(0x7f0000000340)="9365fef4b07d9c89cd560941ba07a9af6d59394b98814a32c758f0a5914778ac50260894e7b6a5b343b24c947488048339d8988fa2523a4f3aca0b6db4de72e9a6586df014fe34870fcfb3294c1b1b284d20ab27b89b837d885f4c75d60ca19e42e2917e0021b02abdea59ba73f63ea05ecb3d8af083e2c261ecc8d06034529e9ef3d910d95457256afe10486c8e9b1e8406b74eca7a7c13f71da337fc7c09592251b3c4cdb3cc3736ba970222418e6eff8a55b48c153d08507e0c1aea8618faebc8289caf0ef8c9ddb003", 0x48d, 0x0, 0x1, {0x1, r3}}, 0x2)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x351b, &(0x7f0000000180)={0x0, 0xd870, 0x0, 0x0, 0x80, 0x0, r5}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000280))
syz_io_uring_setup(0x29ce, &(0x7f0000000440)={0x0, 0xb563, 0x0, 0x2, 0x3da, 0x0, r4}, &(0x7f0000800000/0x800000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000004c0), &(0x7f0000000500)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000540)=@IORING_OP_POLL_REMOVE={0x7, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r3}}, 0x401)

18:10:24 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
ioctl$BTRFS_IOC_SPACE_INFO(r4, 0xc0109414, &(0x7f0000001e00)={0xf6e, 0x8000, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:24 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58)

18:10:24 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
pidfd_open(0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2848.874147] FAULT_INJECTION: forcing a failure.
[ 2848.874147] name failslab, interval 1, probability 0, space 0, times 0
[ 2848.876921] CPU: 0 PID: 14600 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2848.878453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2848.880238] Call Trace:
[ 2848.880801]  dump_stack+0x107/0x167
[ 2848.881562]  should_fail.cold+0x5/0xa
[ 2848.882396]  ? create_object.isra.0+0x3a/0xa20
[ 2848.883369]  should_failslab+0x5/0x20
[ 2848.884169]  kmem_cache_alloc+0x5b/0x310
[ 2848.885020]  ? mark_held_locks+0x9e/0xe0
[ 2848.885896]  create_object.isra.0+0x3a/0xa20
[ 2848.886791]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2848.887843]  kmem_cache_alloc_bulk+0x168/0x320
[ 2848.888785]  io_submit_sqes+0x6f76/0x85c0
[ 2848.889678]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2848.890704]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2848.891695]  ? lock_downgrade+0x6d0/0x6d0
[ 2848.892553]  ? find_held_lock+0x2c/0x110
[ 2848.893382]  ? io_submit_sqes+0x85c0/0x85c0
[ 2848.894294]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2848.895282]  ? wait_for_completion_io+0x270/0x270
[ 2848.896274]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2848.897225]  ? vfs_write+0x354/0xa70
[ 2848.898000]  ? fput_many+0x2f/0x1a0
[ 2848.898742]  ? ksys_write+0x1a9/0x260
[ 2848.899526]  ? __ia32_sys_read+0xb0/0xb0
[ 2848.900358]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2848.901437]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2848.902511]  do_syscall_64+0x33/0x40
[ 2848.903284]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2848.904360] RIP: 0033:0x7fd673b8db19
[ 2848.905134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2848.908949] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2848.910505] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2848.911969] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2848.913445] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2848.914908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2848.916360] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:10:24 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/msr', 0x0, 0x4)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4, 0x11, r4, 0x8000000)

18:10:24 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
dup2(r5, r0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000005c0)=[{{&(0x7f0000000180), 0x6e, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/64, 0x40}, {&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f0000000340)=""/230, 0xe6}, {&(0x7f0000000440)=""/212, 0xd4}], 0x4, &(0x7f0000000540)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [<r7=>0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x78}}], 0x1, 0x10000, &(0x7f0000000600)={0x0, 0x989680})
shutdown(0xffffffffffffffff, 0x1)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
ioctl$BTRFS_IOC_SPACE_INFO(0xffffffffffffffff, 0xc0109414, &(0x7f0000001e00)={0xe5e, 0x1, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
ioctl$CDROM_CLEAR_OPTIONS(r7, 0x5321, 0xb)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>r5}, './file0\x00'})
open_tree(r6, &(0x7f0000000180)='./file0\x00', 0x8100)

18:10:25 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r7=>r0, @out_args}, './file0\x00'})
syz_io_uring_submit(r4, r1, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd=r7, 0x0, 0x0, 0x0, {0x102}, 0x1}, 0x0)
close(r2)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r8, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x6, 0x840)
write$binfmt_elf64(r5, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0xff, 0x8, 0x6, 0x5, 0xffff, 0x3, 0x0, 0x1, 0x3c, 0x40, 0xd, 0x0, 0xf800, 0x38, 0x1, 0x0, 0x5, 0x6}, [{0x70000000, 0x2, 0x3, 0x7, 0x0, 0xff, 0xffffffff, 0x1}], "6d6b2413d3729ce4dd9afdbd42639e98d804e9fe51fa7c9f0194a8b3aa47de17b1eb379fe3cb49fa2789eeec1f805b14d7130a02f01f163d9748082573a9b136824b77a34c0a4a256780032a71f0650dcf282db88a7edc3577e71f6241d6d13bdce036625df1740d4ed71db378bb0e23e3216ead65edb40fb023ec0170f801fcb20b98ba84dc95478e930e9461e38429a7e39987a2332116b33bd71d051cffc42e94235500044692759a80bd6ef93271760cb4f967c58ff25d2a5f", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x933)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0)={0x0, 0x0, 0x8}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x4000, @fd=r7, 0x81, 0x40, 0x3, 0x5, 0x0, {0x0, r4}}, 0x1)
pipe(&(0x7f0000000040)={<r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59)

[ 2849.582128] FAULT_INJECTION: forcing a failure.
[ 2849.582128] name failslab, interval 1, probability 0, space 0, times 0
[ 2849.584803] CPU: 1 PID: 14626 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2849.586248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2849.587957] Call Trace:
[ 2849.588537]  dump_stack+0x107/0x167
[ 2849.589278]  should_fail.cold+0x5/0xa
[ 2849.590089]  ? create_object.isra.0+0x3a/0xa20
[ 2849.591051]  should_failslab+0x5/0x20
[ 2849.591861]  kmem_cache_alloc+0x5b/0x310
[ 2849.592721]  ? mark_held_locks+0x9e/0xe0
[ 2849.593527]  create_object.isra.0+0x3a/0xa20
[ 2849.594405]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2849.595410]  kmem_cache_alloc_bulk+0x168/0x320
[ 2849.596306]  io_submit_sqes+0x6f76/0x85c0
[ 2849.597133]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2849.598114]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2849.599028]  ? lock_downgrade+0x6d0/0x6d0
[ 2849.599802]  ? find_held_lock+0x2c/0x110
[ 2849.600612]  ? io_submit_sqes+0x85c0/0x85c0
[ 2849.601483]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2849.602471]  ? wait_for_completion_io+0x270/0x270
[ 2849.603408]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2849.604370]  ? vfs_write+0x354/0xa70
[ 2849.605112]  ? fput_many+0x2f/0x1a0
[ 2849.605903]  ? ksys_write+0x1a9/0x260
[ 2849.606716]  ? __ia32_sys_read+0xb0/0xb0
[ 2849.607523]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2849.608625]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2849.609676]  do_syscall_64+0x33/0x40
[ 2849.610464]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2849.611521] RIP: 0033:0x7fd673b8db19
[ 2849.612240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2849.615897] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2849.617385] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2849.618836] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2849.620230] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2849.621690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2849.623111] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:10:25 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
syz_io_uring_submit(r1, r6, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
getsockopt$inet6_opts(r8, 0x29, 0x3b, &(0x7f0000000340)=""/217, &(0x7f00000000c0)=0xd9)
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000180)={0x3, 0xffff0000, 0x5, 0x3, 0xffffffff})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r6=>r0, {r3}}, './file0\x00'})
perf_event_open(&(0x7f0000001d80)={0x1, 0xa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x1000, 0xffffffff, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, r6, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_WRITEV={0x2, 0x0, 0x2000, @fd_index, 0x3, &(0x7f0000000240)=[{&(0x7f00000000c0)="8575274f6ceb", 0x6}, {&(0x7f0000000180)="cb1ef475028046e9cd962e4e941878d8f34242d5bc916da1fdb37bcab1e2f961f70bbea9a3a96e3746a070fd69b198695863834391339dbbbfe887fa447f7c732509ea405d7ab269dcb732147483", 0x4e}, {&(0x7f0000000340)="9b0cb858429a983c6f2ed4f7dc1a55ab858cc521f0c75385b5df6df56a1c3bdfd2267ae9731a7e2ed033cfd9437e28d7e34b9b45aa39e3afdc6788e7b14de2df94e080782b698df0f50b1bb219d7745794c1ae3b10b0a2217cf9e5014ca3990e25845f0ca330cb49ad0f61f91244495fd1be6d278a4e0f183d0b73c58107ccc18c80d11d1b7bfb81d6a1b050a8b23c971bad2e9b9b6e457515a86c84c6767678c45692a8699f9fddc94725ce790be662f4297f38bb44e26568164d66a865", 0xbe}], 0x3, 0x12, 0x0, {0x2}}, 0x80000000)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r3 = syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x100000000, 0x2, &(0x7f0000000340)=[{&(0x7f00000001c0)="9250bc78b404f29699c5f689585dc988534dc182ee96b6ab1ba86a4093c181062b0427a13f78d76cea3b0ba254db38b312e6cdf2bd", 0x35, 0x1ff}, {&(0x7f0000000240)="09835daebd0fbfba063f87c4e1f48a6a3dc47cdb0cab111a64a96e6696a898481e83a3113c282cafc983ed63476a07c42a6289e89a589a54ed0f047249516386eb75c661d00a7d81beb7aefba1e232c594ba095ed319e7a12a89", 0x5a, 0x2}], 0x820, &(0x7f0000000380)={[{@nr_inodes={'nr_inodes', 0x3d, [0x0, 0x38, 0x36, 0x33, 0x0, 0x50, 0x32, 0x25, 0x35]}}, {}], [{@pcr={'pcr', 0x3d, 0x11}}, {@measure}, {@pcr={'pcr', 0x3d, 0x21}}]})
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x3, 0x0, @fd=r3, 0xfffffffffffffff8, &(0x7f0000000740)=[{&(0x7f0000000400)=""/115, 0x73}, {&(0x7f0000000480)=""/72, 0x48}, {&(0x7f0000000500)=""/86, 0x56}, {&(0x7f0000000580)=""/103, 0x67}, {&(0x7f0000000600)=""/38, 0x26}, {&(0x7f0000000640)=""/4, 0x4}, {&(0x7f0000000680)=""/184, 0xb8}], 0x7, 0x1, 0x0, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r0, 0x6, 0x2e)
ftruncate(r0, 0x1000003)
fcntl$setstatus(r0, 0x4, 0x22000)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x2c3f, 0x0, 0x1}, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x5, 0x0, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x2)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r4)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:39 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60)

18:10:39 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
io_uring_enter(r0, 0x607b, 0x7cac, 0x1, &(0x7f00000000c0)={[0x9]}, 0x8)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000240)="c2bf78de71bafe", 0x7, r6}, 0x68)
openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x40040, 0x0)
syz_io_uring_setup(0x42c7, &(0x7f00000003c0)={0x0, 0xd664, 0x1, 0x0, 0x111}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000280), &(0x7f0000000440))
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0xff, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r5, 0x74c3, 0x646c, 0x1, &(0x7f00000001c0)={[0x4]}, 0x8)

18:10:39 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x101, 0x3ab8, 0x101, 0x7ff, 0x2}})

18:10:39 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000140)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:39 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0xfffffffe, 0x2, 0x0, 0x327}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000780)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f00000000c0)={0x0, 0x0, 0xb, 0x4, 0x17a, &(0x7f0000000340)="e1653ca4d08b24ff16bc86c558e0d26f78ffc96b633a75dc83173a645bc3b0eba4389c2e11ab0b258cca963d4e28de01623aa2f0daba05a5f71fb29927dd6f1248eb12398d714ba90cd19f0d6adf790b6eee2a17b4d05ef832b8044624472284c0c5cb73e6d089d784e19848e9986c93f230fd1fe33330b1953ce1362c3831d6c403f378ddda06651e74826f45d3d51a11e0598aa50adc3e80ef079316eb36ae1f81616a939da4da5cf352aca49fe7a162ff7e09faf539177875636f0edaf1cd69246079d12fe661d2cb8912a138a09cc42c857b6004300f607c48963e7e36e409a53db9b770898d2184d0aad501a8a8656ff44d0a4379cbeb4b61cfa7585be4d4c5e4ac6f2d25a2ea5d74eb8ec154181314aff2cd8fa644abf19f4f1793db227e8290900139e7a9b7a5a1467e6c9ad7935cd328c2abe38c3bd3d274d76cda33cf695776c52ac5d52db89a3c87fcc4fb710604d1a803041e591c478fe8d666f3ab043a57d9b1ea8202a24c812001d91a42c78126687cf3464e25eb1e48f0cbf498383b3cdf239305ebffc5f5155606ef32161c4cb1e8e5267d214450c85856e9cafb6b4d4494714a91767d952f639c6f43658061dcd5ffe2d9e49119c89c8ab3a6c59548d6154083ac4f030d1f6291b26c94c856ebe5fc7e6d813e15a07906f76039011b8782a316b946b1b9356f0764c25f0a9e9378f7f99c058934bc9dfdb10e1e9e3a6fed188f474bda0074c389bf9fbe3be3b59e67d01d885e9dbef21b7558cfed264dfac2badf36f2166209030320f831c660ad709b7949a1f8a3df17d0080c4d2f951bfb346a4a964530777191cd1f3d723bf575abae1c52ee4037f9a561aeaad45dcc031bdadfe1a06fbb45dff2756f9e914e8d6d993d06a844d0ec7d52def592d273a17f10e4623a4627f12e2e3b2815f7e5c98b249e99edd285684fda4450a9befd91f2f71d2faf2f4263c4d8f4131f1da28ca30395bca1dc51e85d340ed8673165ad83c4712c7bb235307ce4a4e4797c06c6d6bf8d853045513855b65f0da630f14a1bf3eff184e8759417d8b9c4a62663c12406c0d9c8a56c1e27e523ca9d3c385354eceeb12ed3a33f5fb08c289830a8049005aabbe8da6591f2e300380d129cff399ca79affd55e8ee0a2dd4b4d2b7e09233728cc319498ed0da85eb2e836ea3a92204af377fa4c887c40fd5958720fe6e780cc1a3d9d8b5b4657b2cbada0609860092208e0b0954f0dba10a077640411af0c7a2ff9334bddc361830571d878f745123b838514dfa780da2507b73eb500dc52e3593aa7215ac09786b1ed40bcbbf743bfda20ea9680da55df16f8adc31beb0e3fac178596350ec8134becd007248f455016dca2b56b2a25b53540e324abfba8b090756b7e29c8b41fe0c49d100cb2d585829a864c406a6bd2abbf8e1618c83c3840b9dc3f5f5e"})
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x1010, r7, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x3f, 0x2, &(0x7f0000000740)=[{&(0x7f0000000240)="387e087acb5d57e52546d5ffad712bb1df09b7db4a6b18fd87ac5623f20f1b6dbadabc3a79db56ee1aa3f9d2d0", 0x2d, 0x1}, {&(0x7f0000000280)="a19c", 0x2, 0x9}], 0x404, &(0x7f0000000840)=ANY=[@ANYBLOB='nonumtail=0,usefree,uid>', @ANYRESDEC=0x0, @ANYBLOB=',fsmigic=0x0000000000000400,smackfsfloor=\x00,aud)t,obj_type=\x00,\x00'])

18:10:39 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x5, 0x0, r5)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_WRITE_FIXED={0x5, 0x7, 0x4007, @fd_index=0x1, 0x2, 0x3, 0x8001, 0x17, 0x1, {0x1}}, 0x14b8)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_WRITE={0x17, 0x2, 0x4004, @fd_index=0x4, 0x10001, &(0x7f00000000c0)="8a1321f59cbf53ca9a7177411bbb18be034e7d6df86e3e5a5b4fd47d733c1b7854694d680c01aac960b6acbc0b36bf808e473b5f0512", 0x36, 0x0, 0x1}, 0x5)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x90000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x7f, 0x3}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x1000, 0x0, 0x0, 0x0, 0xffffffffffffffe1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:39 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f00000000c0)=[@timestamp], 0x1)
pipe(0x0)
socket$nl_audit(0x10, 0x3, 0x9)
fcntl$setpipe(r4, 0x407, 0x8000000000080)
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/nf_conntrack\x00')
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f0000000080)=[r0, r5], 0x2)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:39 executing program 0:
r0 = syz_io_uring_setup(0x4d50, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x160}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000140)=<r1=>0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000008, 0x2010, r4, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r7=>r5, {0x5}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000240)={{0x1, 0x1, 0x18, r7}, './file0\x00'})
syz_io_uring_submit(r6, r1, &(0x7f0000000000)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd=r2, 0x0, 0x0, 0x7, 0x4}, 0x0)
close(0xffffffffffffffff)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2864.285081] FAULT_INJECTION: forcing a failure.
[ 2864.285081] name failslab, interval 1, probability 0, space 0, times 0
[ 2864.287925] CPU: 0 PID: 14671 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2864.289506] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2864.291414] Call Trace:
[ 2864.292029]  dump_stack+0x107/0x167
[ 2864.292872]  should_fail.cold+0x5/0xa
[ 2864.293746]  ? create_object.isra.0+0x3a/0xa20
[ 2864.294786]  should_failslab+0x5/0x20
[ 2864.295663]  kmem_cache_alloc+0x5b/0x310
[ 2864.296605]  ? mark_held_locks+0x9e/0xe0
[ 2864.297543]  create_object.isra.0+0x3a/0xa20
[ 2864.298571]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2864.299746]  kmem_cache_alloc_bulk+0x168/0x320
[ 2864.300824]  io_submit_sqes+0x6f76/0x85c0
[ 2864.301830]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2864.302965]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2864.304105]  ? lock_downgrade+0x6d0/0x6d0
[ 2864.305079]  ? find_held_lock+0x2c/0x110
[ 2864.306054]  ? io_submit_sqes+0x85c0/0x85c0
[ 2864.307063]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2864.308152]  ? wait_for_completion_io+0x270/0x270
[ 2864.309247]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2864.310355]  ? vfs_write+0x354/0xa70
[ 2864.311216]  ? fput_many+0x2f/0x1a0
[ 2864.312046]  ? ksys_write+0x1a9/0x260
[ 2864.312901]  ? __ia32_sys_read+0xb0/0xb0
[ 2864.313853]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2864.315123]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2864.316304]  do_syscall_64+0x33/0x40
[ 2864.317186]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2864.318389] RIP: 0033:0x7fd673b8db19
[ 2864.319284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2864.323316] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2864.325120] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2864.326694] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2864.328390] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2864.330084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2864.331778] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
[ 2864.365754] FAT-fs (loop7): Unrecognized mount option "uid>00000000000000000000" or missing value
18:10:40 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000280))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = perf_event_open(&(0x7f0000001d80)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffef, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r4, 0x4040942c, &(0x7f0000000180)={0x0, 0x5, [0x1, 0x6, 0x4c292449, 0x1000, 0x80000001, 0x1]})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0xaec, 0xaa72, 0x7, &(0x7f00000000c0)={[0x4]}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_READY(r5, 0xc0189376, &(0x7f0000000340)=ANY=[@ANYBLOB="0100daee0ffe1c89277f00007bebc7aa0fbf", @ANYRES32=r0, @ANYBLOB="ffffffff000000002e2f66696c653000"])
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0)
r7 = dup2(r6, 0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000007, 0x2010, r7, 0x0)

18:10:40 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
r6 = accept4(r3, &(0x7f0000001340)=@tipc, &(0x7f0000000280)=0x80, 0x80000)
splice(r6, &(0x7f00000013c0)=0x3, r5, &(0x7f0000001400)=0x10001, 0x3, 0xb)
close(0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r7=>0xffffffffffffffff, @ANYBLOB="01000000000000002e2f66696c653000"])
open(&(0x7f00000001c0)='./file0\x00', 0x30583, 0x100)
close(r7)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000240))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0xc2, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000180)={0xffff, 0x6, 0xffff})
ioctl$BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0x5000940a, &(0x7f0000000340)={{r9}, "c656dd414ffa87f833255b4ffb776f6b6afe98ca457ddaee5a08452df45028831ff23016c4655c2db9d63d261cce49089bc0b788e82c0323b008584da2c7c04a2ab478293579cdf397f1bd7819281c1ddc4f7da7fa537ce7d26d0f959b74a261189c776b128ca79570c7e1575f2c55ab9a3e29172236503e452383d37651ed8368089559583b9d77c3ed89902048374d8e137c18128a845993f393cfee6cbd2e783bbfb968987b744503416fb1e95e5b79bb2d6c8bee075c17668dc780c925a354aebe1d2bf839053ba79582d812bd43849b3bf59bcb96fe089dd7e92d068638f1ab5bc9ea4137cfc52be2a1b53a0eaff5c9c30c7dd50981e6c5612d92531b4a284c1831854765b0893c5d8ef85ba324b48ab95c51b615c21e85a024660ec367eca3ef19e990669d75d987c6d43a6a18c793e5655fca21b2156e3ef25b434cea0cd38d70b192e027017aafecc37fdac62e883ad27ab88453dd9742868c98cefaa92463479e92cb296a4d107dc98a00020cd015c18d170211e3fbc4246b6a785ec996f1c3ca896ea592a02fb1cec9f2499ec8b4bbd98a50a09d845a9604d3e3f309b406a490d3bab2ef51221e3644e206caab9b387a301585d6087071267c58a32a875a060f0c246a25e49d57f1213ea2ce70437dde95101474671d6f5490f838777f292268b8365ee20f0856431315ba337fb16b5cc32ea0bc47ccc78cc762665777dfecb209e2f18cef8e7c5894c59743b0bd070cb76a25a5e28b6acc59a6525f7e40abc35df2a34f4977751a05754c363ea76bed318113ac6150c522cb5cd0d669185ab1711c719c98f5a324f86ad6ef24510d60e5d3e4f7be94ddb42730a01c0bc98acc01b0b87938e63dfefc0438f942efa9c578812632af7b05cef10d20f43de7d926e944bce72021e0f3b573131f811ed9efcead1eadebeed2788f141dfd17f1ea35a67ee8915bfc74bf20f1c042875c01f80cbb8d20fee6bd92d8a5faa24216aec422c5854cb75fd09e7b28f2e1539e7d3d604a698da8b814a9dea5a6aa63ca9bb87b0cd401fef73eb78bde874bf3983cacec11c95275def6c301418df6f2391903d83874a4feb77db0ea22dc2184e46bdbb965fa571ab70e467d38194602cde8ff45bda6cd3a64637c8a9c2aed9a73db775a5bfb402632a47ba13d66f7920791ac2501473e8e020600307b529a9a769630baf20237fec687f7404392230756d655c6965d21554d8d39574be42ad6681b41e2c3cf3d195c4d4bc163f0dce85cd83a2c15f6ffb975503f3809d5b3d9a246a4489c5a2b26127d233fa080e7adf2cf6ccff6ae995dd8b151525542a638ea6ba3baf95b7fd3e1890d8d1b9be5a6cffa93c33625db307cb04893dab2cbb703a3c5c733a88111dccb3b16daf188d2166906ab05dd09bd5986de9c28446e5f1fa326081caa595c94fb129a7ee83b5298280f679f001a7494143ba5070c38912ab349195d0e7c156fddfa098d4d637c8bf477ff248adff471a8308420068a897fac7e105a310debaab9f475c213aa17bcdb94adb83d0a487d76b8915b70e6a8fd6455dbc6bd8f0b558ecd6397d2ca7a86289f13ac7ef2c57b1e1bbcd78643e00e628ebfec3b3facbf19e6dfaaaa636a822c7934851318b58e7752c10e992f83534a0abc3fc257507f971b9c09e03ecb3454b7c0b938f320ca37768d168fa438ba53b540b4ee6d2d3b8cd881f3714e6fc2b76d537273946511e08511c614ddd44f947315ea68d556364aa256b3cfefb2912a8c0a841bc9a3f1cf80ae2af973a7ac0638b3cab3c8f78fd215f2b9255b604a5449a4f1ad0556d1541c035bc16f98539035caf4c0ff013226ede1a0aa4f4f3fefd50e9faac5dce50d5922fc6ea002f9c854c168b13297081b87d52bcb6a542537288be55c2f04296144d2fc0d07425469c8a5760ab3e93f4078fa1f51621fc1013c8d506abb46890679f03fb857aee562e2040e0399aad4c19c54d51e8811c90ea84b65ba76a4103ca3830a9845d646f987d42fc6394b590a189027062c3715006f0b037e50595680c897efa37bb461650fa9c3f036baa7c177b9203997fa0f101a4c9dd543baba75e424661e48b78b03993123b08df1b25da2e801a3fc3aad89c1890bea224aa67583ac2b67a992f935722964af41db21150e212e11a6657718d62f626410a1a9e0256b345f5d45cbed0f43007081e7e0dee1379f40673f93e7546bf0cff17cb17abac7946b6252f205b709b620bba2a7212333148540b76c00745a9e726f8c1ee7b7af19992a89f74c4044353fb9c4ff3cfcc3ba375f9f6a64d068a6917f47fe7be67f0658e38dd30b1a9a9bcc7f2b248310063da335e2a35d61068fedf80b520446bc5a60a807bd471f037d72a5205d04b16596b5b002b2daa63f123a0eb6c2129c74010eaf2a9b6adb36c8928aa6e824e35f6ab91d02dd0178bb28b5b5b1d9c37d4f3f631aa65d9ecf0788dd8203d4a1558fcec989cae304371e443b651b69051fb08230274f84b746014b623ba1e2c2128d8c6a33dde7b1f62b6258cf0b1397a324b0d24a61b92d588a1dd0924c2e826218dd82cf20fc394181b694d693c865efa84b7c14b7d306fc3fd4c52527c753d06d97831df47d7f0f3b247fc4ad7128cf4d2c872cecbda5b33f0e6769fe5f34d970d575f975de41f131f13b958a181c3f57842ad0b330a02ec428a592b16eeb5c862a56a7227da919b94461a965397ea60c75dea52eabf81fc9b8c2840126dada7287c5b4ce3fe5d2055fad77cf82a2d7ae739ef7046b7b801d4ac6234ef73a0cbbc6632d712cd8f82ca084d913ad61152318c1680364bf0686bfc2608a737517536dc874e3b405ea34c1ff82923f7824602814a0d0c36bd967e57d86bf26829546b7af673c4ff3c2497f9cbc9122ab590231071f9542f65bba1b981277cd8a50c35e47cd5a71d379f660608b4dc112a6c93725395b24956a6431448688f06a4ef14b47b6c24195900829f610cc9d4bfffcd440161729efa874eb665be5c28049fe5fd3eca40594d416a31f0813df849f0dd032bac562ed85f1a173237568fa53de97ec69639a850c1e941922442c28b3f0f28ca8992734b2d0da000350865cb1ba91b596122e2053be3c274ea3e8dd89f40bb24fab1a802a08441972770b7e6592e6d33e62683be326afc90e22c9ddb91313a9f1007c467293f920b0fe97bd6753c74da40c61c5c59574b7cdb28eba3172b315d0312bd40868a76620e097f1ddbb15d81653ab6aaaeca1f33448d1c3f6965566da03a72b298bdc0a42a4b6060bc3bc4f09fc96bbb1846fd14aec3a4bda902678ee2af840da02d3e3645fee16a27593c0ef1d5f5bb4ae9f9660ef8e0f1bd12172973b798796db6b6498f28eb0d88c66071efdc8201b0accbb726e7c65a5fad1aa34a5d15e1ef2e6366b3695419d7c90a053b7fea46f3c867706ebdb58a29f5baba33d6997c4e1e4ba41e998fd964a74108026193770d74f9fad747856aade41bea254b7e25f6126a626aed7c14e5e6905272ded0cb21c44d9a38a934bd5eabcb6866e0297000bcc427b7d0d2564e469bacc6fa99500b7f4a286e97c3dc9dc316d7c5004808f7e57f9b9f48c692cb93868e41017fdd968151e36a2826f9f51590cdd81ce2b87f5b2c5412b83dd7ebcfa82d706db9f57ca10b51df005cc29238525536ebb9c427146d05bbe61529f47589a5ba230e3759c015676a4d71376ca893490b38839c3992b265586712356d38089afe62e3cd0157727f6ba9ee8b20a94859d60f424da37a3df323ff9cd2803429e04a5794b547f5371832c493c0bd5a2cafb774d6908a0800c00f7562a49eee7126ee4d2fa9fedd8f486de3498fa6b8b8b27aa16c2ab5c3dab8470f5c1540ab12e62a8e88bf903802fb9053377cf1e9124cb8a1b72fe538f684f0c85e72a6cd6261921f30fb69525ee86a8a6c11656701254f3a45c65dbb8f8f20d462ef75b92c87fab71573fcba5a69ca2d1165d386b8714ff9041061d8187954120e8018524986e46bdb15236bec1e70a083df19165ec83534c4e3350ebc0b4b5ad6d1ff1712a31b4338132b6291482ea7893c4525d29cc8677394b1d0321360d95b5cf8ba3a0873b1d3325658d5f6f274a67baab395a8c571258c7ac1fbaccadc0a9ac6e599e82331ca6a84a08eecb6d8ad35d4e7b30c9fde6534d2862b7d17242ecb19e9592e75bd30117a837e0fb8f0772fb6b617e4de76b68d50a5270e7158e0d246073a989f0ca31cd7817af1a01d59abc25b4e5d43306077ddf3aeb654f46d1f45fbfe4dbca2e8aae84cb96542b65288785187a6383b8b8f09a4f66d81ea53c0b8a67f1386d2b1533b57a656d6b63f00c3919351c368ed1b96571cb5474632075c73e93b5010b425d4bf72512298cf5d2be3caa0771debebd1e793a3ef5306d215a4c325b2de94d0628f371aa31f3774a505eed7a3534c2ff89b0e2080f54a54cfcbb4139e38450a1603c39c3b87c3506299880225567a529d82acf8bf205c824b52e106068f66923d8623dabd279eacc3193ac0c3dd05f17ef1a64ac2dbf2a1bb6e9d7d3f9e05bef4e7ed85ba886b9b73bd226457095969b42cf8d676cb35e457cf410657c243c7e4d32492b85fd4117b9e6100a7d15a56870584aef13cefe9dfec4b98b4d7e5a87d151bd18af8b52a69629ba5b2833372a2e91cc8daa55ae166e98865e367d58a6c88ed6450cb7a0a896158e9b4e2fd6717060fed5622cb8fabe677cdd05c287d539942bd188eb333e06eb0a1dd0730996edb347319810b662a9e455cbfb809453e20dffe2e4b646c4916ca02500894f28be20e57ef05fead3dc18dd99ec8d748ea5304c84da25b1ddb884cf41ca258b6e23e8d27ae4a17ebb2ac107c7df07b9dce79a12d99330f65a8aa1b264adb62aba0e9917f3584098db3e5bc56140bf021640039d4f25c1837d79e0b55e4a322c78f270b4e6f15d55445adb596163a4bafb28a23fb4b1d46d0a7fd6816777d5ebe99e08fff6ec2ea9af715768442623bdef715f23b77ae72c4d192e8db671a1cc82e98822305b9c3cf03b2811162e2a4ae0620e8d5b951d501a77ede66eca9f5362f83876ebd41adb011b409f7f6680fd4f89207bffabfce8deafa43cb0e30c40660f25fa7a1859df92feebc6d44c5a218e6283077297c0973c7b2348d984b3702fa249e51e8821c2d12b82a50e5115bc04a3238d50e1e16c24ed12351427bd46d9007185c1e8fa9a781c4b39d04c0c83d66648fbfb07da743cf7d5c878a59dc5d75522d8070a015150a6bcfddf4efbbc52ae7f4348e6d08ae93a2bd6fb9602bf8bc6220caca3ca0e8038bb1999e29bd48db52c336d6326647edcdbfdafc808cd9326f82d31b979f822389037e95ee1f8c44bdcb3d16fd6fbdb431e64a614853bad0ad60b5176a403e236f0018797cc911a00c2e3cab6145377c2626e82abc5c68dafef75fa0ef363cc0f88536292071da0954164fbe9153195e72c4a1c940ce96da7d40f8eceaa99e7a2682f892f3e9311b7cc3eaa056aff75bcb846ef0884854f1f2f11b2c745d706d502827f57dc5939be798ff2d528c958e6b91ef43e27872d65a1f9f07d9adb2a8b69ef3ad6ae92806d2b420dac1b39a1642669094355a3718aad7a930cbe3c1d214ca0c3f939f0a7e55504bdbe51c5e2bd47e2fd699d247a7394fd34a8d1a4670217c4c3880a9164bc13a7e6d255a7c60407fce3be6e0af77587a6180ee1e18e3fe3a2dcb781e5b52d39d2c161afd382c3eaf5e5a0889c065d62cf"})
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)

18:10:40 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x1b38, &(0x7f0000000e00)={0x0, 0x51e, 0x1, 0x0, 0x133, 0x0, r3}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000e80), &(0x7f0000000ec0))
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000f00)=ANY=[@ANYBLOB="5c000000ce5cc58cbfe48c13ccc01338dc16bf6748273d337c2c7ea37b2d4d222e5fdfaa7dcfd18989bfe16d72bfb29ed89ff6075e620205b77156c21734e77ae233c9814ec3fe77f66c9417fbb15beee2dadfda1966f2e14b539300cd96e3a31237afa725d9c954a67785b6651df5c58c6165f4d6db5a99a3e2b742f7953e81f4213c3f8ab1684bc7f82fc6354ae0ebd5", @ANYRES16=0x0, @ANYRES64], 0x5c}, 0x1, 0x0, 0x0, 0x20040850}, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
write$binfmt_elf64(r4, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c461f052906ff0000000000000002003e0020000000230300000000000040000000000000004403000000000000070000002c70380002000004400080000000006000f0ffff20000000000000005f1f000000000000010000000000000008000000000000000900000000000000ffffff7f00000000070000000500000006000000000000009ee100000000000000020000000000000800000000000000020000000000000001000000000000004f84595da174c4fa868f405bf8b18ee94b1562753a2228c05cefa9832d8c03ac5b94680e3dbfb6f1815f750f55ad4e0f0eedd5c6858c08769285c7393ec9b91e07d1d315301d44fa483f89d295f3be4f52d176fc79c3dd70aff5335e729b519e3718d69c7156fedc5fc0a87994199861f1db2ac918da3d51df9216a245c4eb3d332123a20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000082bf56289a4f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009eeec9cec100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005bb28ae731229c2d52dcec92ec471000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000058ec16b20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d364b43f45b41e959f67582927a7388ed4c2a222d286dc6062a838f3f1b20fb3eb7516cf9d2599903610c0b9d1ec977a88b761292d4bbde5d52ae382ad6b4cef5fa9a0866a647f3bb90c47dce9878d797a38c3df258a7fd41675cf629c7e55fee7c74c5aaf828bddf4d37d5f21610d6fa602398954bb259232631420296c82bf76593c9656f33d8c6c20485e16df145a0b521f737aa5173968"], 0x634)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
recvmsg$unix(r7, &(0x7f0000000d80)={&(0x7f0000000980), 0x6e, &(0x7f0000000c40)=[{&(0x7f0000000a00)=""/30, 0x1e}, {&(0x7f0000000a40)=""/206, 0xce}, {&(0x7f0000000b40)=""/16, 0x10}, {&(0x7f0000000b80)=""/146, 0x92}], 0x4, &(0x7f0000000c80)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r8=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}, 0x80002002)
openat(r8, &(0x7f0000000dc0)='./file0\x00', 0x418002, 0x4b)

18:10:40 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x4, 0x4000, @fd_index=0x9, 0x0, &(0x7f0000000340)="30506e725420ef9b1aafbc7c69bc20080fe66ce870fb3f033753266324aac73bb1e75725325a13a0107064cdb70b20bfde9f65f9baaffbda3b8909bf51057447eb3e6539fd2c83c1ce5d945286153d2a0e5dac5fa5b00ef32ea8de4a203691f39b8343b0876ebfc3e2d436503a7eb482d0c549d851535357ad23c37769714a1ba3d8ee44a8f493192efb3da0a81e4b40cd5d8268952562adad8628", 0x9b, 0x10, 0x1}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r7=>r6, @ANYBLOB="0000846e060150eb00f34cdcca4a214f4859dcc4759be2ba4ecdffdbc48e5b00cf7cf4f8c324da9dfbfbac8f56810104ef43c8c6000000000000"])
ioctl$HIDIOCGFIELDINFO(r7, 0xc038480a, &(0x7f0000000180)={0x1, 0x100, 0x9042, 0x0, 0xffff8001, 0x0, 0x2, 0x20, 0x4, 0x1b9, 0x3, 0xfffffc00, 0x7, 0xc895})
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:40 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
write$binfmt_elf64(r3, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6, 0x1, 0x1, 0xfffffffffffffff7, 0x3, 0x3, 0x8, 0x3ba, 0x40, 0x346, 0x101, 0x2, 0x38, 0x1, 0xf6a, 0xfe00, 0x3ff}, [{0x6474e551, 0xad, 0x54, 0x9, 0x100000001, 0x80000000, 0x9, 0x9}, {0x60000000, 0x4, 0x1, 0x6, 0xfff, 0x4, 0xef, 0xf9}], "20414e33324fd184d3781e867f3cda105e373cce3530beb4f053048f862889adac63278601cbd4990e168aff0d6629ff03b3ef57544c7fd17c78e70933037aa569cdcba7e7e30e141eb6aff2ec4003ab3f4a0ace1a8c85c044bcf5cd0c7540e62c29622f78c83237b71f973068d70b8aca5d11de92bc8bcc91a32e8f420e2662a372792086219735bae3b12b3499787afa39f02cb5f8dbd9233467dd6f", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:40 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = signalfd4(r0, &(0x7f00000000c0)={[0x80000000]}, 0x8, 0x80000)
accept4$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x1c, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:40 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r6, 0x6, 0x2e)
ftruncate(r6, 0x1000003)
fcntl$setstatus(r6, 0x4, 0x22000)
ioctl$RTC_IRQP_SET(r6, 0x4008700c, 0x75b)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000001c0)=""/49)
write$rfkill(r5, &(0x7f00000000c0)={0x8000, 0x9, 0x2, 0x1, 0x1}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:53 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61)

18:10:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x100000000, 0x400)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
splice(0xffffffffffffffff, &(0x7f0000000180)=0x1, r7, &(0x7f00000001c0)=0x81, 0xaa7, 0x646e1b08adf6c20)
io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)

18:10:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4000, 0x0, &(0x7f0000d19000/0x4000)=nil)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:53 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x8010, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_FADVISE={0x18, 0x4, 0x0, @fd=r0, 0xfffffffffffffff9, 0x0, 0x6, 0x3, 0x1}, 0x6)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e20, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r0, 0x6, 0x2e)
ftruncate(r0, 0x1000003)
fcntl$setstatus(r0, 0x4, 0x22000)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r4, 0x40045402, &(0x7f00000000c0))
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:53 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0xdedf}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}, 0x0)
syz_io_uring_submit(0x0, r8, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000340)="aa49c991b5476aec9d4e085127e39b85b919460dcc498ebce5021a7511fdd83bd8752bad00581d40890d8cdbb06b776d19003c283589b44030d024eeab516705c25f48e74531132386fb8dcf3d64bd9b232d7e5aa14c7c274d9ba594a476990fe244bf5ac7cd0b32777d4c8957a3970fb184c3fa1e41cc82a97efaafbd5467c45b4c15a8afaade21035e445ca5c7d573b6bddc176914d6f9dd4a4cb5abbec3d693660cde1fb7a881f1382b36084656944105", 0x10000, 0x0, 0x1, {0x3}}, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:53 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f00000000c0))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:53 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
r4 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r4, 0x1)
ioctl$FS_IOC_FSSETXATTR(r4, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f00000000c0), &(0x7f0000000180)=0xc)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x1040, 0x0, 0xffffffff, 0x6, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2878.267761] FAULT_INJECTION: forcing a failure.
[ 2878.267761] name failslab, interval 1, probability 0, space 0, times 0
[ 2878.270540] CPU: 1 PID: 14746 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2878.271983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2878.273712] Call Trace:
[ 2878.274294]  dump_stack+0x107/0x167
[ 2878.275052]  should_fail.cold+0x5/0xa
[ 2878.275835]  ? create_object.isra.0+0x3a/0xa20
[ 2878.276789]  should_failslab+0x5/0x20
[ 2878.277581]  kmem_cache_alloc+0x5b/0x310
[ 2878.278430]  ? mark_held_locks+0x9e/0xe0
[ 2878.279275]  create_object.isra.0+0x3a/0xa20
[ 2878.280200]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2878.281254]  kmem_cache_alloc_bulk+0x168/0x320
[ 2878.282186]  io_submit_sqes+0x6f76/0x85c0
[ 2878.283057]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2878.284101]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2878.285080]  ? lock_downgrade+0x6d0/0x6d0
[ 2878.285955]  ? find_held_lock+0x2c/0x110
[ 2878.286806]  ? io_submit_sqes+0x85c0/0x85c0
[ 2878.287723]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2878.288743]  ? wait_for_completion_io+0x270/0x270
[ 2878.289770]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2878.290754]  ? vfs_write+0x354/0xa70
[ 2878.291557]  ? fput_many+0x2f/0x1a0
[ 2878.292322]  ? ksys_write+0x1a9/0x260
[ 2878.293127]  ? __ia32_sys_read+0xb0/0xb0
[ 2878.293996]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2878.295113]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2878.296163]  do_syscall_64+0x33/0x40
[ 2878.296924]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2878.297954] RIP: 0033:0x7fd673b8db19
[ 2878.298729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2878.302656] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2878.302678] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2878.302689] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2878.302701] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2878.302712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2878.302724] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:10:54 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r7 = syz_open_dev$sg(&(0x7f0000000080), 0xfffffffffffffff8, 0x0)
ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000700)={0x0, {0x2, 0x0, @private}, {0x2, 0x0, @multicast1}, {0x2, 0x0, @broadcast}})
r8 = fcntl$dupfd(r7, 0x0, r7)
ioctl$SG_IO(r8, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x11, 0x0, @buffer={0x300, 0x93, &(0x7f0000000180)=""/147}, &(0x7f0000000000)="4feb7dc9066b5ce43db74169d00c9e13e5", 0x0, 0x0, 0x0, 0x0, 0x0})
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000009, 0x8010, r6, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x3cfe, 0x0, 0x0, 0x0, 0x0)

18:10:54 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
close(r5)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:10:54 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r6, 0xc0189378, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018800000", @ANYRES32=r4, @ANYRES32=<r8=>r7, @ANYBLOB='\x00\x00\x00\x00./file0\x00'])
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000006, 0x40010, r3, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000}, 0x8001)
r10 = signalfd(r8, &(0x7f00000001c0)={[0x5]}, 0x8)
perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0x40, 0x81, 0x1f, 0x9, 0x0, 0x7, 0x20008, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000180), 0x4}, 0x1000, 0x2, 0x1, 0x9, 0x3, 0x1ff, 0x5, 0x0, 0xc6, 0x0, 0x200}, 0x0, 0x8, r10, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:07 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62)

18:11:07 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:07 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
accept4$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000180)=0x1c, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:07 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f00000000c0)={0x9, 0x101, 0xfffffff7, 0x60})
r6 = syz_io_uring_setup(0x1, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000040)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x0, {0x0, r4}}, 0x1)
io_uring_register$IORING_UNREGISTER_FILES(r6, 0x3, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:07 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x7)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x80)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0))

18:11:07 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
mlock2(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x40100, 0x0, 0x12}, 0x18)
openat$incfs(r4, &(0x7f00000001c0)='.pending_reads\x00', 0x400800, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:07 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180)={0x0, 0xd887, 0x8, 0x2, 0xe9, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f000098b000/0x3000)=nil, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000400))
syz_io_uring_submit(r4, r2, &(0x7f00000004c0)=@IORING_OP_CONNECT={0x10, 0x3, 0x0, r3, 0x80, &(0x7f0000000440)=@ieee802154={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0202}}}, 0x0, 0x0, 0x1}, 0x20)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000c38000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000a03000/0x4000)=nil, &(0x7f0000de8000/0x4000)=nil, &(0x7f0000b34000/0x2000)=nil, &(0x7f0000d6b000/0x2000)=nil, &(0x7f0000000340)="c9039c25b60a477e7b5c733cd98f420ccfed4e66f87f2ac4dabfc1777aee6f9ce43c50c32441ac67ea333e038308c1aac5897f05e4df9848f7f2f56274ac283f579a647ebb7b79c5bee5ba67551e23f5d4a3ad9a73d04135f106fcff9a6dfc20210526775fff50d28d19450c47c1ef555821ae8aa9d0f0616c44976f029ae80ecb74b20992a0e9145a8dac00934daa78b9885199b5c595", 0x97, r7}, 0x68)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x10, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xe, 0xffffffffffffffff, 0x1)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:07 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000000c0)={<r4=>r3, 0x7fff, 0x0, 0x7})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000004, 0x4000011, r4, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
write$binfmt_elf64(r7, &(0x7f0000000f40)=ANY=[@ANYBLOB="7f454c4601097f0100000000000000000200030000010000190200000000000040000000000000000a02000000000000010000000900380001000010800007000200000000120000050000000000000009000000000000000100000000000000000000000000000040000000000000000300000000000000020000000600000009000000000000008e040000000000000400000000000000000000000000000040000000000000000000008000000000ffd7731a37fceedfe35eaf3563d7d3e4ac001dded8ec0d8d4206ceba48ad8990681d98639a028ff753e6a3b6fa5ca0ce6efa233e97e6b3ea5d970887b00de0ca6af7e28b20f0384092a6e1b29f37d1bed134d48d82e86e4d7b0f047e4158e9290d01b1230130a560bb7fc41b8b673e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001dfaa094b5b300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d04230500abf4584daf77dc0a911cb2728072df4e86c9e2d98b72b2890291cfa4f701c4f49c057047773dd22d5bfea5cd9d8e5ec8a51fa2974be51d2106bc93a7e26cd5141f8c12ca582a2ec031929e08736b9b9cf5207ac0957d1eeb11033e031367a0e0c5d7bfaf491b006142557973320024656c6f5ea59c0e1ab062741cfb6ec806b488c15755dbbfff685d956260846ffe62c485b5c5ef73b5525199f476a21455bc807e0072f5ede16bacde934ea724bff535d4f069071464363151321e6563432a07d6e5da0a2555fc15de9462202c8aa10fbdb9bc0c94cbdc93c8640bcf94e4f5e3155af4bb054ff67e88768ac2f7db03be713ed64c22da92d95f2ac1a905eabbed7512dae7608fcd6f5ebed6a95bb7969736994fef8b797bb80a35a4e87c136f876d55fd20d150142a6ea5999e7c252c80b2b20c2f5fc1d876142"], 0x51f)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0xfff, 0x3}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x200, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x800}, 0xffff2234)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2892.134049] FAULT_INJECTION: forcing a failure.
[ 2892.134049] name failslab, interval 1, probability 0, space 0, times 0
[ 2892.136668] CPU: 0 PID: 14796 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2892.138068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2892.139753] Call Trace:
[ 2892.140290]  dump_stack+0x107/0x167
[ 2892.141035]  should_fail.cold+0x5/0xa
[ 2892.141804]  ? create_object.isra.0+0x3a/0xa20
[ 2892.142750]  should_failslab+0x5/0x20
[ 2892.143525]  kmem_cache_alloc+0x5b/0x310
[ 2892.144348]  ? mark_held_locks+0x9e/0xe0
[ 2892.145155]  create_object.isra.0+0x3a/0xa20
[ 2892.146044]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2892.147054]  kmem_cache_alloc_bulk+0x168/0x320
[ 2892.147983]  io_submit_sqes+0x6f76/0x85c0
[ 2892.148824]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2892.149852]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2892.150815]  ? lock_downgrade+0x6d0/0x6d0
[ 2892.151660]  ? find_held_lock+0x2c/0x110
[ 2892.152486]  ? io_submit_sqes+0x85c0/0x85c0
[ 2892.153368]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2892.154318]  ? wait_for_completion_io+0x270/0x270
[ 2892.155293]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2892.156200]  ? vfs_write+0x354/0xa70
[ 2892.156971]  ? fput_many+0x2f/0x1a0
[ 2892.157689]  ? ksys_write+0x1a9/0x260
[ 2892.158465]  ? __ia32_sys_read+0xb0/0xb0
[ 2892.159267]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2892.160330]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2892.161360]  do_syscall_64+0x33/0x40
[ 2892.162113]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2892.163144] RIP: 0033:0x7fd673b8db19
[ 2892.163905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2892.167517] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2892.169036] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2892.170494] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2892.171924] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2892.173364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2892.174823] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:07 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x400, 0x33, 0x18}, 0x18)
openat(r6, &(0x7f00000001c0)='./file0\x00', 0x100, 0x388)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r8 = openat$null(0xffffffffffffff9c, &(0x7f0000000240), 0x6e5458af80f1a4da, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r8, 0xc0189379, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3}, './file0\x00'})

18:11:08 executing program 4:
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r2 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r2, 0x1)
ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x4, 0x2, 0x5})
syz_io_uring_setup(0x149a, &(0x7f0000000080)={0x0, 0xec57, 0x2, 0x1, 0x73}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0))
syz_io_uring_submit(0x0, 0x0, &(0x7f00000014c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x2000, @fd, 0xfffffffeffffffff, &(0x7f0000001440)=[{&(0x7f0000000280)="765cc29a2009acabbe299e17c5496255f186ca6fd3d7964d7270d7137a57481fa8b135fdcbe72ce6fcbf5eae4b76c07eb2fd78f3cf4a2f768f7a1f6867ad40b830e396b485d778e58ed7e957ebb0ac6bf8d4785171993f4b6c8d1de4112a14351027b7fdc66c9dd63036d51f7accceb3af8ebaade8e125814e4c0ad19397bf64004c0ac7d452ca694f3b3033f21215f4d1830606190699b96701c81024fde3cba4d138e511b29e175e301c6a2c26beca859b4308df94ac706842c62a82d0e6d553b20d85f66aa4a6a50b1388534851e537de8383d55b93b3383bc9ffc5aeeaf2f79be6cf0a8983c35d09701d49156f788471275dabeccb9b33c43f92807ee286a3255919763455c63c78adce218d32f006ab50af06e88a572402d7057ca14956b30b0e569ae853ba25c1ee373163d756bb8b92dcc22ee4266eb777d62636ec492aecf7d96e0e86847b88f126f032a94b8975f5f461b3e4bc4f8bcb68be5886ae3c0299bee3d620fb48178ccb23b18fef906cb54810ee088ff89f1a3f5f14bfed9b734342f40a883dd07c262cb13bf335a6b66029d1ddd864403b1e787f8596e87eeb8618811accca79c8f672e873ea34b5cd82fa2a1c47efd202e054e41e47f1f74fba63a110cd9aee47b2083421de54d30d450de1c0f0c39f64dec9627704f7360d59d181c3e7ba96901830c1b7988a94709406141d70b3dc6db3aec4c486d34428d508d2d614ee4d1cfd163bcda89cd5f2c12c8a70844b66edafc683a1d6ef7d7b4658e79adc2529a0ff0ae3a9d0c20e55585a1f1eff15bc55a49a563d2e438e9244cafebf2449c5c125d6a7b74dff1e27ea46b78b26de0fb7771958874620a74b1016fd0e5ea3e6eda290b220ae773507726c967a23926c1f2a07226bd137a1c66a80303cd4054f564d66b61f9272ea1367128d238018b7efe58ed9f2f423193d6ae5004ac2673c2a920a282bf18fbdf73cf8b1c065385796ad079cfca9fb5c6dcb4866c8f27726a8225a21b2d1f67fb1fca345c6921be6f91945a0f385dea0ded5195fab293ffecf97d1db776cd67a3c1373d71b7c4fbb5ea13c2da4833d5bcc55a6b9b334cee4f8d8dfd4838f0b6e8831b59c7e477d31144780e622a3fc4ee377b8962e162a577a75030ed5860ecd01ff1cb47a4d1560f39fc4b8ce9cc75df52463e4a2e25d1f2d72eeb0c5b5b3b4b6efefb6c95a580e0453a5548a3df1247840617b0c526257bd8598a68b784ccbf7fb16fe886583a5bdf31e32fc766283445d0c55ea3449545b575c6afac28cc234a22daf146343bcc62d749ca269bd5ee2ecd52113a7fca0a915d5c0833d7d990f31cc98e50612f207925063afda2d9256b620ced2bcae4fe462d1b92cec3a6812b6dc376f57eb1741e7816fe1a06d6ac2f4f0adce0462970d25ca8193292c950007a7f738106a7b1c4817567160eac10155948da3e6f618b1d189b018d9380bdec780c200a307d1c44dbcfe1c74865a29ecd2c6691836c4e31c7ba2c476770a94f1597886f2b58f3643d87a13ccbd1b26d281df9c34e4a57823617c51583038f2fb39805455becad2db37b23699fadb8abec1c6cab8a8740b1b8f73fd2713e3e5a4cbd1ff58b84f0683093a7d7af5c81150e2b1dbad8f23a4c7d7c802be84b7dc9e7c2a5500f09ff9f5ad9a993e511f06fea1ecd45d2805e29cd52beaa187e54928a46147f1b7b318c26e5c06a4e5c9a9252fdaf788ec009598457011270f3504c34d9af26529cd7aeb853d8a638e00d292e6190b74a64164a79da001538b81d2d581142ee6bc527c9bffbc75b6436a00e608f1baa04c940d27714247011de2fdf90655f3dc3d8dc6b96e855a1335a5d6262e48b478c9aff31f6f6fcf12f33857cd31995885ff2fdd29bc6f27a31655e0ad5104a2c6f08526071e4fe7e947fa2e99aa9d5cebf04246b55105008eb4fd8e98b5ecb52239b7a2b1b0ba424208820d3f5a3f0d48e9bcbb8c01b116fa76f65b9e3afae82aaf32c50a91dec18c48f6c72d045dfef00e82c36980a565ca1c7adc3f821f0cb21f1e12e7a573504df3070ef6b46a472c6c2d5987f16068dbc50026aba4b0b3aa487439b069fad4526fddc4c024b8407b2eaaf4b4cb41e673ab5393101837ce3cba8424d75580ff1726c2a3ff42fa7c4f306d6fd9433f09bfb26d6da8f695bc2b866567515b83faf34f529ccc7feef8cc9254275d8a211d759373991ec8d912a12c21ef97739a72947b475cb25d9da09f8f0a96748e50103d7db62d487bff9dba1d0c55a8aa50985439175d88a58a140c410dce3d5e90afd2ab494fc3274d835204a114cf6669df389992c50e5ab590bcf4fe055fafcc2ec99d316fe005c458440cccd9372ec6278e050ae8b416c1ec9eb9e6759d85a5ab7ea76ec9490ca091e29687a525e5d1fe95030e7515c0d774cb7cf1f9499adc0c4b297dc5cfbc7f23efa17848e8fbef877cbfaba4f17da3086cfa4ff742ebe774ca1a812da771ff66cf9fd271cb7dceff6b2a87f2103b6e37bfdbb379d271efbe50362dc044eb1658a555120a45052ee191a4fc9611093e8774de9e28d6ae6127dfbdf978cba77676e4cd28ed6cce9b492caa9737e7b8ba3f3b6fa60d75d4fefe01954dda42cc691247e1f4b1341590a49bbe4f8caf5ca9e65a0d99a754652006dcbe39fd65795f2a61a14f344080a592cdb4a94256191b2ac1dfca5a8255c07c14de70b9f3570f2d596be71d75cf7fde2202f4ffa07a5e495773eaf596a6566a3ee3e5b839b9b988dc24e0ed94ed6c8ff278d60873e6698c8125dd3cf72be55fb29391a72a0275faae831fa3a904dc1e15ce36bd1f0fcac70cac5c044a9912e9fd721a49dfeb65ceb89ebf598920ac73bcc0e1af310470f07451633cf271e2981ce506c7752f482057ddee9a1f46c23cb157452375af3243c4d3ae9afba56e09a792caa73ac2bde8cfe8174f91d083b497bc82ba9c84e7f2a48fc1dcb8adb50ff4803ea8501e86f6f9bf947d63f5d41525c3384d1d3d49b942b451cdf5741f4f57082bf8834419d46cbf74eb03d75f14562f5a067c53712bbdb6c8adbf619d1b25414ec70a2f2bbc56e3cf61ce1dc854f85c3a231791f8aebc63025cacc6dfbc5cd92f3c7aa017196663c892a0e63faaa355406d5dc3cec5caeaf21e4b259d3e3a3cc79930c169bb902339aca3600a1ef94558a002e09232eead897f537533a5bb463d16c3e4670ed4d885943211c1a0ee075bcf60a0d803889e145dde2fcb2a1a2b8a2bbcd2965386fbf78822c36f779c2a5b1c884ca4149d49d63835fb530d652f1d15e0f4d222e43c1c9696ea2ceac85236bc24decb29e21fe05a3a79454dce18ea292b9ceab69177018c5986ad21397c724ee3be5645d2ad3966ef52b4244c52847c383395ee0e55be96d22355b1f4539f3d01c1cb8db30be74b9a65ff3fd150a726adf3ca56f8e5a3357b5aaacac6bd78357fc56e662cfcf04536cc1bc9e946377def81a34090b01537723c6a7a7aac65de9923877126000b1df7c1ed1b69dd52a6e7bcee2f67191e329ff1b76af3e37e1db34beb2a9b5b7ebc0263dc1ffd69ff4bf7110deb9ed6cafe4ed35456a7af46de90212dbe81bece1c3a887bff84d4bf94881928b428688ca94b4bbebea2f134fd11255e18786338eeb30723220b2dd2861efe465398bdec7f3c111968db9cec3c24aabcdece41416630a9d4295de39c15a88aac84c8a2796a7ae6ec020eb0c71b2e9c8d5f08f5b3f3fd3b1fc9064044e77d2cdead22c04758adb18f667c9176f92b6b775ac2bcf0ba3b402cfc43bffad900bfaa9b76cb5a791c1d1996fc530a44aa95e56fe6bac25ce230699f4b0465c85405bc6826c07a533a0ae2408d229354ba383ae5f5e17e0aab918cc283a6a4e823b2f8f3319bec0ff457d5434ac3e3cffa59e8abe630c6dd943d0dddab41ab894dde07410e6abd4cd9cab8d57b388c16dcf0c0ca4fa03277c52d8fb12fd7ecc07ea83a94224a516f0279331f55c5421c5856dff29f1a87d8cfe889f8fa6a8b64be7be0ef3bb210db4ebe261d6763cdd566b1303400213c40f570b7d5af18b2af208cb890b754d57477f249c331b8b2fdb6808e3522dd0058994611072e98db83edc4ef135aff7dd5b76cb3bbf4625ccc3421407cf6f8f97c5400bff49599a656eefd8d5b97de5386a5672bf54f7a7b1fb8cbe98dbb562595f2626be7aee67d36e1954b77e6e7461ce38f52a31cbe524986aa4b8f1560276aa6ef2f2e93119ecc884f27493bb477512d0043801522e4a6aaef40acff18e68674f396a694f2ea91c2c5b0e1908a6542383e07d49a24772a4fbb45343dfeaff318f494a21bb3b57c987f30507a64d8a5b330a80a5d95b685e4061a60942e674930ef959cfca76b2ad94686460cbd4d26ca86537cdc79873eafa9a67c4bba6e133f2bdd248666afc5e6749dce0aca208b1349c65f85f5f643d04e4b3a4f86700ffdf3f2ce97f14d3a17df35b69eaf864ba35705b4f86295eda94cdd687793ee31ddda8ebfe9c6e97bcb7a74d839e378358e6e689a9181d6cb01aadc5b9cd844842f799188d9ec9024a9654fb12f35c09f7cdf6479977602abd26ef4536c99da4358035959e460a6d07565586d505db8d41c3555abc00a0bc937ffaae9062b6eb2925afd863f10fce465548ab6775a9203a48d8a93fa9e379526a834969b53e64773a2de52d8ffeccb300b246bf4b851eafefa3521c4ae086fb4d2652531f96f83373ff22bb1027ed938dcf94cfc803d5ca10533e060e0776683c1f16c76d29be163d763ffbd8703d51cb7eab4e7080647def700595c137d8cb5a73eec6f3d42e5b9a3faf63671b575ec0be26d84a1f5738930124793da0da591f7d1d5d0258755342c50001e83c75368893c191a886f3cef03f7f622b69b4f2cfbae74fa76236da5464318b34331f757b93b93b0724dbc77793cc3418cea46a5379a728f308d59e68de6921173f9f070c2824f53ea6f91b00bbf4dbb412ddaf1b6e24f6649da0dd4db2aeb456760fac7c45b41c75ab2131abd504d01bb2fb4af4ee1460d9cef84650f75387977d4182a721f1a7de16fcad7c546fa102b4973767b9a39cc1b23f8da2d29c933627a90bfdb1ca0d9a94a9d847ac0074e95a829c87989f964e207b15037acc7d34b72392b33a282f7dc14d4206babfe2334b2529061eb28b296fc1f3c72991c0c118f150ce6f7b95147e2f51661ad588cecf7997b076c779becea25631fcd0fefff04e6ec183ddd921e4c51dc87a92d79a6c176fd0e0587d3899bae68cc287e5dd27c82c4cac9b93f1b0136b76ca5c80daa870245a2f48b1920824ab06948d4b48ec60125dbed3821157c31b1eb42dff5a760a23c4d2afae3411b4c6c3fcba814a4bcf854668e1b32df7f687b3d76bb6d1b3261a4a31ff81a0cdee28dac462a3a91e0d81aff00117bcd3c6c63c9880cae7b22a7871fc68cb45825c7cd301e2a5bb7fbbed9cee8ea9785ef3f2d30d9e9d33f2cb19069c422cc485cdcf8820100174b7a0d7e532f0053f7e5ab3edacba6660ae099e15fc93dd5de248877ffbe84fe1000e25db5cde0e00481fa1a71945dca148143e8720b29b2c0ca1935088c5f5a0bc62f76755368f8d8498b2b96ff2ef0666588a8dd84b4b02effb029408767b57c7bde2ee7c3ec90d9d079a569268491da5f312902b639f68101bad9b262dc39c31f740d2810792c0f940c7bc2b1dbafc23458f8f7b0be5da96bb15e01eb6163bcfbc82c79664582527e0b506335ed5faff4e9f303da8992554c24aebe5529ff9e", 0x1000}, {&(0x7f0000000040)="e037d06a67c9555cca7087b624d88510b4718f42092722fa4a5c9a", 0x1b}, {&(0x7f0000001280)="9369096f197723ead5d38c7ed96b8891ed75bb1d4f347192c41b571b1e513439f476ebab8c7c7e5c779a48cf02bc46ff2a5c5f993d9c437c4bbbb412441e3b230b0b0179471f45a8fb4dbdf9cfb04784765df8ef99fb04fc5c28433ac8c045a5401f0413e5d3fd5d4f93f5", 0x6b}, {&(0x7f0000001300)="02348ea9ff6eb84bff8a99c3d75ed37962a090bb4a607c91c503201bd53eaa9b67ce0c40191076838cf80cec3f85329520ef6b1821bb0780d877171c870aefc9305c9b7b7aa0ac651634f72b48d2a0dab4a9207036d543dcaafb4839072f65082533f8d7320039ce1e00e7d878e292c0db32b8b3bdbc1aa4948c0491548762d386a0592d0f6b50f0ecb279bfa49f24167d26fd61feec93a5be3ad90e3c295242e04ba8e09304525b937056159e35927e2881e65303d7502eb3d90d01911388398396de9796e4c6995b61e923e07209949c1f1a295c71150bd9afdf1443c0c1c041e2ab2ad18e2e9f440c752c6be85586ab065d4446", 0xf5}, {&(0x7f0000000200)="eb432a8c012d0e07edf736aae327df2d2fd955d195f627266f10b2e1d800", 0x1e}, {&(0x7f0000001400)="abc9738e7ec5dd5afb81f08588365ab54d7b1fd9593dbb9c492cc20ef9f17b0587127e819c50471764d8dd234b6ec84bf1", 0x31}], 0x6, 0xf, 0x0, {0x2}}, 0x7b)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r1}}, 0x4008001)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000000c0)={{}, 0x1, 0xa28, 0xfffffffffffff001})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x10, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63)

[ 2892.587143] FAULT_INJECTION: forcing a failure.
[ 2892.587143] name failslab, interval 1, probability 0, space 0, times 0
[ 2892.589131] CPU: 0 PID: 14813 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2892.590127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2892.591363] Call Trace:
[ 2892.591761]  dump_stack+0x107/0x167
[ 2892.592310]  should_fail.cold+0x5/0xa
[ 2892.592864]  ? create_object.isra.0+0x3a/0xa20
[ 2892.593584]  should_failslab+0x5/0x20
[ 2892.594177]  kmem_cache_alloc+0x5b/0x310
[ 2892.594817]  ? mark_held_locks+0x9e/0xe0
[ 2892.595472]  create_object.isra.0+0x3a/0xa20
[ 2892.596160]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2892.596959]  kmem_cache_alloc_bulk+0x168/0x320
[ 2892.597675]  io_submit_sqes+0x6f76/0x85c0
[ 2892.598348]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2892.599121]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2892.599869]  ? lock_downgrade+0x6d0/0x6d0
[ 2892.600516]  ? find_held_lock+0x2c/0x110
[ 2892.601148]  ? io_submit_sqes+0x85c0/0x85c0
[ 2892.601817]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2892.602592]  ? wait_for_completion_io+0x270/0x270
[ 2892.603337]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2892.604053]  ? vfs_write+0x354/0xa70
[ 2892.604643]  ? fput_many+0x2f/0x1a0
[ 2892.605205]  ? ksys_write+0x1a9/0x260
[ 2892.605795]  ? __ia32_sys_read+0xb0/0xb0
[ 2892.606433]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2892.607248]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2892.608053]  do_syscall_64+0x33/0x40
[ 2892.608633]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2892.609423] RIP: 0033:0x7fd673b8db19
[ 2892.610006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2892.612868] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2892.614058] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2892.615165] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2892.616266] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2892.617385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2892.618491] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:22 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000004, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:22 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f00000000c0)=""/55)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000180)={0x288d, 0x2, 0x1})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:22 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:22 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r8, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r8, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
splice(0xffffffffffffffff, &(0x7f00000000c0)=0x7, r8, &(0x7f0000000180)=0x8, 0x800, 0xb)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:22 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:22 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/usbcore', 0x800, 0x13)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x200)
preadv2(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000240)=""/85, 0x55}], 0x1, 0x22e, 0x5, 0x1f)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendfile(r4, r5, &(0x7f00000000c0)=0x2, 0x1ff)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:22 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64)

18:11:22 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000040)={{0x1, 0x3, 0x177}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000080)={{0x3, 0x3, 0x3, 0x2, 0x7}})
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2907.163558] FAULT_INJECTION: forcing a failure.
[ 2907.163558] name failslab, interval 1, probability 0, space 0, times 0
[ 2907.166101] CPU: 0 PID: 14835 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2907.167516] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2907.169187] Call Trace:
[ 2907.169737]  dump_stack+0x107/0x167
[ 2907.170520]  should_fail.cold+0x5/0xa
[ 2907.171302]  should_failslab+0x5/0x20
[ 2907.172072]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2907.172987]  io_submit_sqes+0x6f76/0x85c0
[ 2907.173855]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2907.174863]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2907.175839]  ? lock_downgrade+0x6d0/0x6d0
[ 2907.176674]  ? find_held_lock+0x2c/0x110
[ 2907.177494]  ? io_submit_sqes+0x85c0/0x85c0
[ 2907.178368]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2907.179370]  ? wait_for_completion_io+0x270/0x270
[ 2907.180347]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2907.181293]  ? vfs_write+0x354/0xa70
[ 2907.182052]  ? fput_many+0x2f/0x1a0
[ 2907.182807]  ? ksys_write+0x1a9/0x260
[ 2907.183579]  ? __ia32_sys_read+0xb0/0xb0
[ 2907.184402]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2907.185472]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2907.186532]  do_syscall_64+0x33/0x40
[ 2907.187291]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2907.188328] RIP: 0033:0x7fd673b8db19
[ 2907.189088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2907.192777] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2907.194323] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2907.195771] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2907.197207] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2907.198660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2907.200088] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:22 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r7 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x248c00, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r7, 0x2405, r5)

18:11:22 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
syz_io_uring_submit(r5, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x140, 0x60)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x7, 0xcf}, 0x0, 0x0, 0xfffbffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:23 executing program 4:
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f0000000180)=ANY=[@ANYBLOB='trNns%fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',fscache,debug=0x0000000100000001,msize=0x0000000000000005,seclabel,\x00'])
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:23 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000000, 0x80010, r5, 0x0)
r8 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x5, 0x0, r9)
syz_io_uring_submit(r7, r2, &(0x7f0000000240)=@IORING_OP_ACCEPT={0xd, 0x2, 0x0, r3, &(0x7f00000000c0)=0x80, &(0x7f0000000180)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x1)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:23 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65)

18:11:23 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r8=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r8, 0x5249, 0x100000, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r6, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r9=>r4, {0x1}}, './file0\x00'})
r10 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x10000, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r9, 0x2405, r10)

18:11:23 executing program 1:
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000b40)=<r0=>0x0)
process_vm_readv(r0, &(0x7f0000000540)=[{&(0x7f0000000440)=""/239, 0xef}], 0x1, &(0x7f0000000ac0)=[{&(0x7f0000000580)=""/200, 0xc8}, {&(0x7f0000000680)=""/40, 0x28}, {&(0x7f00000006c0)=""/138, 0x8a}, {&(0x7f0000000780)=""/9, 0x9}, {&(0x7f00000007c0)=""/184, 0xb8}, {&(0x7f0000000880)=""/246, 0xf6}, {&(0x7f0000000980)=""/191, 0xbf}, {&(0x7f0000000a40)=""/79, 0x4f}], 0x8, 0x0)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(0xffffffffffffffff)
io_uring_register$IORING_UNREGISTER_FILES(r6, 0x3, 0x0, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x80022, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',unQme=!,!/@a000081`-\x00'/34])
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x6, 0x1, &(0x7f0000000340)="bb9cb4e89f1b2d5dcc3bb434fb454c31b6cd40556ed5c796f030894c91039c85a6ce8318e0315c2c855aed2fa17c2f71d7d3a1bcbf695bce0dd639edd2920770aa1fe79703ae38c39826a837dcf62d12b25599d2775bb5f5f3ef9cb98201ac396413a51775ac74b83261c6714d0ee3ce3f1a86b932f570dfa222d40cbd0283ed24843dc50cb72b39321283", 0x9, 0x0, 0x0, {0x2, r5}}, 0xffff)
syz_io_uring_submit(r7, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2907.602900] FAULT_INJECTION: forcing a failure.
[ 2907.602900] name failslab, interval 1, probability 0, space 0, times 0
[ 2907.605512] CPU: 0 PID: 14867 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2907.606926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2907.608603] Call Trace:
[ 2907.609144]  dump_stack+0x107/0x167
[ 2907.609890]  should_fail.cold+0x5/0xa
[ 2907.610701]  ? memcg_alloc_page_obj_cgroups+0x73/0x100
[ 2907.611763]  should_failslab+0x5/0x20
[ 2907.612542]  __kmalloc_node+0x76/0x420
[ 2907.613332]  memcg_alloc_page_obj_cgroups+0x73/0x100
[ 2907.614354]  memcg_slab_post_alloc_hook+0x1f0/0x430
[ 2907.615370]  kmem_cache_alloc_bulk+0x182/0x320
[ 2907.616301]  io_submit_sqes+0x6f76/0x85c0
[ 2907.617167]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2907.618157]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2907.619145]  ? lock_downgrade+0x6d0/0x6d0
[ 2907.619976]  ? find_held_lock+0x2c/0x110
[ 2907.620803]  ? io_submit_sqes+0x85c0/0x85c0
[ 2907.621677]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2907.622676]  ? wait_for_completion_io+0x270/0x270
[ 2907.623642]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2907.624586]  ? vfs_write+0x354/0xa70
[ 2907.625332]  ? fput_many+0x2f/0x1a0
[ 2907.626067]  ? ksys_write+0x1a9/0x260
[ 2907.626848]  ? __ia32_sys_read+0xb0/0xb0
[ 2907.627682]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2907.628718]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2907.629772]  do_syscall_64+0x33/0x40
[ 2907.630524]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2907.631554] RIP: 0033:0x7fd673b8db19
[ 2907.632290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2907.635987] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2907.637509] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2907.638957] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2907.640399] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2907.641848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2907.643291] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:23 executing program 3:
r0 = syz_io_uring_setup(0x7aa3, &(0x7f00000002c0)={0x0, 0x8cf9, 0x0, 0x3}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000340)=ANY=[@ANYBLOB="010000a50100231bc758ab77e46e95dc3b33e93d00d3958bd233b5cbee37a16271259552244f0fa2d3db598467fae9cb6587f3b3ea034a5196aaf902dedc0590afdd2ed99378e6f3e810a7344e69c1c76fb3ef61b0afb743d05afb57a0fe480beba2604d6868849f6226b5028885d2e867c24917fe10773a4598a5741f8a1ec14b707d0b8059c7daae4822b41b1b5d0c6cb3b5fa9d67835381d45939cda5ab9c06be5effa30c811da3615b40b803b039684f4ac24fe8c70528c65c2548bd03ddbf2f75fd2eacbf458b982c370d06e8a0f84faff31935fda0f891f49e2f4138c5755cfc9ad2a27e616936bf2697206dbbc237", @ANYRES32=<r5=>0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x128050, r5, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f00000000c0))
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66)

18:11:37 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r7, 0x1)
ioctl$FS_IOC_FSSETXATTR(r7, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x5, 0x2000, @fd_index, 0x80, &(0x7f0000000180)="cc2fafe9cd77d92ede", 0x9, 0x0, 0x0, {0x0, r4}}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r0, 0x6, 0x2e)
ftruncate(r0, 0x1000003)
fcntl$setstatus(r0, 0x4, 0x22000)
r1 = syz_io_uring_setup(0x6ff6, &(0x7f0000000180)={0x0, 0xa4d7, 0x2, 0x4, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000180)={0x53, 0xffffffffffffffff, 0xec, 0x81, @buffer={0x0, 0xe1, &(0x7f0000000340)=""/225}, &(0x7f0000000440)="c8e986376730a9ca67507dd11bcbb46730a7fa9c5d6b3f371fffe1cfbda4b586eea8d0a5f8be5408b5315425172e5930a819a738b3047399e0fce8c5a09ef1e6d2030c1d05036fbd3f43b2fed8cca3e90ed79f1260abe13787201d400bbe9e81709cfbbc6e6a06e90a38bb89f5165757b77788904a726e3b073f0c7f6cdcf5c85b03e50d0a9f43e5f74e1603b64fb2ca08c9ef05afe5c93b8f3b7e6697537ab440e9f185820d514a8904459b9463531979435b87ad6662a0c50c0647ea6dd77c0f1a18dc0092f6d3b7ec477744066c87f0621145ba3e48f6219aea236009961b08a5f55156a3a4a3532fbc77", &(0x7f0000000540)=""/237, 0x8e, 0x4, 0x0, &(0x7f00000000c0)})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
dup2(0xffffffffffffffff, r0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd=r5, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/41, 0x29}], 0x1, 0xc, 0x1, {0x0, r7}}, 0x0)
close(r3)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x109940, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e23, 0x7, @mcast1, 0x8000}, 0x1c)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2921.890736] FAULT_INJECTION: forcing a failure.
[ 2921.890736] name failslab, interval 1, probability 0, space 0, times 0
[ 2921.893275] CPU: 1 PID: 14909 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2921.894736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2921.896463] Call Trace:
[ 2921.897016]  dump_stack+0x107/0x167
[ 2921.897766]  should_fail.cold+0x5/0xa
[ 2921.898567]  ? create_object.isra.0+0x3a/0xa20
[ 2921.899524]  should_failslab+0x5/0x20
[ 2921.900309]  kmem_cache_alloc+0x5b/0x310
[ 2921.901151]  ? mark_held_locks+0x9e/0xe0
[ 2921.901996]  create_object.isra.0+0x3a/0xa20
[ 2921.902929]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2921.903984]  kmem_cache_alloc_bulk+0x168/0x320
[ 2921.904943]  io_submit_sqes+0x6f76/0x85c0
[ 2921.905825]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2921.906852]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2921.907843]  ? lock_downgrade+0x6d0/0x6d0
[ 2921.908692]  ? find_held_lock+0x2c/0x110
[ 2921.909528]  ? io_submit_sqes+0x85c0/0x85c0
[ 2921.910413]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2921.911415]  ? wait_for_completion_io+0x270/0x270
[ 2921.912412]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2921.913359]  ? vfs_write+0x354/0xa70
[ 2921.914125]  ? fput_many+0x2f/0x1a0
[ 2921.914891]  ? ksys_write+0x1a9/0x260
[ 2921.915677]  ? __ia32_sys_read+0xb0/0xb0
[ 2921.916536]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2921.917631]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2921.918718]  do_syscall_64+0x33/0x40
[ 2921.919499]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2921.920558] RIP: 0033:0x7fd673b8db19
[ 2921.921336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2921.925124] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2921.926732] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2921.928232] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2921.929702] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2921.931183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2921.932674] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:37 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x5a04}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r6 = gettid()
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x2, 0x100}, 0x0, 0x0, 0xffffffff, 0x0, 0x3, 0x0, 0x1000}, r6, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x280, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000005, 0x11, r7, 0x0)

18:11:37 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
pipe2(&(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x4800)
ioctl$BTRFS_IOC_START_SYNC(r5, 0x80089418, &(0x7f0000000080))
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:37 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67)

[ 2922.381785] FAULT_INJECTION: forcing a failure.
[ 2922.381785] name failslab, interval 1, probability 0, space 0, times 0
[ 2922.384520] CPU: 1 PID: 14930 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2922.385953] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2922.387675] Call Trace:
[ 2922.388227]  dump_stack+0x107/0x167
[ 2922.388979]  should_fail.cold+0x5/0xa
[ 2922.389763]  ? create_object.isra.0+0x3a/0xa20
[ 2922.390709]  should_failslab+0x5/0x20
[ 2922.391493]  kmem_cache_alloc+0x5b/0x310
[ 2922.392313]  ? mark_held_locks+0x9e/0xe0
[ 2922.393132]  create_object.isra.0+0x3a/0xa20
[ 2922.394028]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2922.395079]  kmem_cache_alloc_bulk+0x168/0x320
[ 2922.396015]  io_submit_sqes+0x6f76/0x85c0
[ 2922.396887]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2922.397898]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2922.398885]  ? lock_downgrade+0x6d0/0x6d0
[ 2922.399730]  ? find_held_lock+0x2c/0x110
[ 2922.400559]  ? io_submit_sqes+0x85c0/0x85c0
[ 2922.401442]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2922.402418]  ? wait_for_completion_io+0x270/0x270
[ 2922.403412]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2922.404356]  ? vfs_write+0x354/0xa70
[ 2922.405113]  ? fput_many+0x2f/0x1a0
[ 2922.405850]  ? ksys_write+0x1a9/0x260
[ 2922.406629]  ? __ia32_sys_read+0xb0/0xb0
[ 2922.407454]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2922.408511]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2922.409569]  do_syscall_64+0x33/0x40
[ 2922.410326]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2922.411381] RIP: 0033:0x7fd673b8db19
[ 2922.412134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2922.415889] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2922.417425] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2922.418879] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2922.420325] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2922.421781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2922.423223] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:52 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x80002}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000340)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000005, 0x100010, r3, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000000c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x3, 0x4, @fd_index, 0x100, 0x0, 0x0, 0x1, 0x0, {0x2, r4}}, 0xffffffff)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0xd, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:52 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x20, 0x1, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x7, 0x13, r4, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x3)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r6 = openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={0x2081, 0x140}, 0x18)
io_uring_enter(r6, 0x58a9, 0x0, 0x0, 0x0, 0x0)

18:11:52 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)

18:11:52 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x7b8f6145a6607683, 0x13, r3, 0x8000000)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r5, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:52 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68)

18:11:52 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_setup(0x10d7, &(0x7f0000000180)={0x0, 0xa522, 0x20, 0x2, 0x25}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000240))
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
syz_io_uring_submit(r3, r5, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x4, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000280)='./file0\x00', 0x106, 0x40000, 0x12345}, 0x1)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r7}}, 0x0)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:52 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0), 0x4)

18:11:52 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
socketpair(0x1e, 0x4, 0x5, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd=r7, 0x3, 0x0, 0x3, 0x3, 0x1, {0x0, r8}}, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r10, 0xc018937e, &(0x7f0000000240)=ANY=[@ANYRES64=r6, @ANYRES64, @ANYRESHEX=r3])
setsockopt$inet6_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0)=0x5, 0x4)
fcntl$notify(0xffffffffffffffff, 0x402, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r11 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f00000000c0)=[r11, 0xffffffffffffffff, 0xffffffffffffffff, r4, 0xffffffffffffffff], 0x5)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2937.221093] FAULT_INJECTION: forcing a failure.
[ 2937.221093] name failslab, interval 1, probability 0, space 0, times 0
[ 2937.223747] CPU: 1 PID: 14954 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2937.225145] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2937.226823] Call Trace:
[ 2937.227378]  dump_stack+0x107/0x167
[ 2937.228124]  should_fail.cold+0x5/0xa
[ 2937.228896]  ? create_object.isra.0+0x3a/0xa20
[ 2937.229834]  should_failslab+0x5/0x20
[ 2937.230604]  kmem_cache_alloc+0x5b/0x310
[ 2937.231453]  ? mark_held_locks+0x9e/0xe0
[ 2937.232281]  create_object.isra.0+0x3a/0xa20
[ 2937.233171]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2937.234201]  kmem_cache_alloc_bulk+0x168/0x320
[ 2937.235149]  io_submit_sqes+0x6f76/0x85c0
[ 2937.236018]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2937.237028]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2937.238014]  ? lock_downgrade+0x6d0/0x6d0
[ 2937.238870]  ? find_held_lock+0x2c/0x110
[ 2937.239706]  ? io_submit_sqes+0x85c0/0x85c0
[ 2937.240585]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2937.241563]  ? wait_for_completion_io+0x270/0x270
[ 2937.242543]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2937.243508]  ? vfs_write+0x354/0xa70
[ 2937.244270]  ? fput_many+0x2f/0x1a0
[ 2937.245011]  ? ksys_write+0x1a9/0x260
[ 2937.245780]  ? __ia32_sys_read+0xb0/0xb0
[ 2937.246613]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2937.247712]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2937.248759]  do_syscall_64+0x33/0x40
[ 2937.249519]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2937.250550] RIP: 0033:0x7fd673b8db19
[ 2937.251330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2937.255102] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2937.256634] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2937.258069] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2937.259517] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2937.260940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2937.262364] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:52 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x20)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:52 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r3, 0x0, &(0x7f0000000040)='./file0\x00', 0xe2, 0x2000, 0x12345}, 0x10000)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x5, 0x0, 0x0, 0x2, &(0x7f0000000240), 0x1, 0x1, 0x1}, 0xfffffff8)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r4)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000180)=@nat={'nat\x00', 0x19, 0x4, 0x5d8, [0x20000340, 0x0, 0x0, 0x20000624, 0x2000072a], 0x0, &(0x7f00000000c0), &(0x7f0000000340)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{0x9, 0x0, 0x1a, 'ip6gre0\x00', 'ipvlan1\x00', 'tunl0\x00', 'bridge0\x00', @empty, [0x0, 0x0, 0xff, 0xff, 0x0, 0xff], @broadcast, [0x0, 0x0, 0xff, 0xff, 0xff, 0xff], 0xbe, 0x12e, 0x166, [@ipvs={{'ipvs\x00', 0x0, 0x28}, {{@ipv6=@ipv4={'\x00', '\xff\xff', @empty}, [0x0, 0xffffffff, 0xff000000], 0x4e23, 0x33, 0x4, 0x4e22, 0x4, 0x10}}}], [@snat={'snat\x00', 0x10, {{@remote, 0x10}}}, @snat={'snat\x00', 0x10, {{@broadcast, 0xfffffffffffffffe}}}], @snat={'snat\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, 0xffffffffffffffff}}}}, {0x18, 0x10, 0x22eb, 'wlan0\x00', 'vlan0\x00', 'batadv_slave_0\x00', 'veth0_vlan\x00', @remote, [0x0, 0xff, 0x0, 0xff, 0xff, 0xff], @multicast, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], 0xae, 0x116, 0x14e, [@statistic={{'statistic\x00', 0x0, 0x18}, {{0x0, 0x0, 0x9, 0x6, 0x9, {0x1f}}}}], [@common=@redirect={'redirect\x00', 0x8, {{0xfffffffffffffffc}}}, @arpreply={'arpreply\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0xfffffffffffffffd}}}], @snat={'snat\x00', 0x10, {{@remote, 0xfffffffffffffffc}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{0x9, 0x0, 0xd, 'nr0\x00', 'erspan0\x00', 'veth0_to_bond\x00', 'ip6gretap0\x00', @local, [0xff, 0x0, 0xff, 0xff, 0x0, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}, [0xff, 0xff, 0xc6b2407b5ba4b262, 0xff, 0xff, 0xff], 0x6e, 0xa6, 0xd6, [], [@arpreply={'arpreply\x00', 0x10}], @common=@AUDIT={'AUDIT\x00', 0x8, {{0x2}}}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffc}, {0x0, '\x00', 0x3, 0xfffffffffffffffe, 0x1, [{0x5, 0x20, 0x6007, 'batadv_slave_1\x00', 'veth0_to_hsr\x00', 'tunl0\x00', 'batadv_slave_1\x00', @random="390239e83e29", [0x0, 0x0, 0xff, 0xff], @broadcast, [0xff, 0x0, 0xff, 0x0, 0x0, 0xff], 0x11e, 0x156, 0x18e, [@mark_m={{'mark_m\x00', 0x0, 0x18}, {{0x10000, 0x1f, 0x0, 0x3}}}, @physdev={{'physdev\x00', 0x0, 0x48}, {{'geneve1\x00', {0xff}, 'team0\x00', {}, 0x8, 0x39}}}], [@arpreply={'arpreply\x00', 0x10, {{@remote, 0xffffffffffffffff}}}], @snat={'snat\x00', 0x10, {{@remote, 0xfffffffffffffffd}}}}]}]}, 0x650)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:53 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x80000000, @remote, 0x27a2ed9b}, 0x1c)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
r7 = syz_open_dev$vcsn(&(0x7f00000001c0), 0x7, 0x2000)
io_uring_enter(r7, 0x5fee, 0x35ac, 0x1, &(0x7f0000000240)={[0x17b]}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000340)=ANY=[@ANYBLOB="010000000100000018000000063c567e9ec66f1629547894c721184307786eaaf5a65c382272059752e037f95f25be09bb0c9206545c5282f7f3967fd31c723a5e7f6b93fd60274dff3def8eacff82e7ade63c5bc356ab166702c38331f194b90406d006db7da0561cbaf59dea59ba1ab4540a90f756719ee8bbe9a99225becdb971052e1400a071ff226741f421d631aef75b9ccd6cc0547783bbaa12b6f76869eff844f92cddb55b5c70601477", @ANYRES32=<r8=>r6, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
connect$inet6(r8, &(0x7f0000000180)={0xa, 0x4e22, 0x4000000, @mcast2, 0x313ec856}, 0x1c)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xed89238a17494710, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xfffffffc, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r9, 0x8983, &(0x7f00000000c0))
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000280)=0x6)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:53 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x7f, 0x8, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x20, 0x1ff}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1)
syz_open_dev$vcsn(&(0x7f00000000c0), 0xfffffffffffffffb, 0x304000)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r7 = fcntl$getown(0xffffffffffffffff, 0x9)
r8 = dup2(r0, r6)
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x0, 0x8, 0x6, 0x80, 0x0, 0x101, 0x10180, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x84b, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x2000, 0x9, 0xc9f7, 0x7, 0xd2d, 0x3ff, 0x3, 0x0, 0x7, 0x0, 0x6}, r7, 0xf, r8, 0x1)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:53 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000016c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f0000000600)={<r7=>r0, 0x2, 0x9, 0x9})
mq_getsetattr(r7, &(0x7f0000001640)={0x100000001, 0x2, 0x6e97, 0x8}, &(0x7f0000001680))
ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r8=>r5}, './file0\x00'})
recvmmsg$unix(r3, &(0x7f0000001480)=[{{&(0x7f0000000240), 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/214, 0xd6}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYRES32, @ANYBLOB='w', @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001000000000000000010000000100000024000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000800"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x140}}, {{&(0x7f0000000580)=@abs, 0x6e, &(0x7f0000000600), 0x0, &(0x7f0000000640)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r9=>0x0}}}, @cred={{0x1c}}, @rights={{0x10}}], 0x90}}, {{&(0x7f0000000700)=@abs, 0x6e, &(0x7f0000000dc0)=[{&(0x7f0000000780)=""/60, 0x3c}, {&(0x7f00000007c0)=""/98, 0x62}, {&(0x7f0000000840)=""/174, 0xae}, {&(0x7f0000000900)=""/238, 0xee}, {&(0x7f0000000a00)=""/69, 0x45}, {&(0x7f0000000a80)=""/83, 0x53}, {&(0x7f0000000b00)=""/146, 0x92}, {&(0x7f0000000bc0)=""/151, 0x97}, {&(0x7f0000000c80)=""/188, 0xbc}, {&(0x7f0000000d40)=""/76, 0x4c}], 0xa, &(0x7f0000000e80)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x48}}, {{&(0x7f0000000f00), 0x6e, &(0x7f0000001100)=[{&(0x7f0000000f80)=""/72, 0x48}, {&(0x7f0000001000)=""/242, 0xf2}], 0x2, &(0x7f0000001140)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa8}}, {{&(0x7f0000001200)=@abs, 0x6e, &(0x7f0000001400)=[{&(0x7f0000001280)=""/22, 0x16}, {&(0x7f00000012c0)=""/116, 0x74}, {&(0x7f0000001340)=""/131, 0x83}], 0x3, &(0x7f0000001440)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38}}], 0x5, 0x24, 0x0)
sendmsg$nl_generic(r8, &(0x7f0000001600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000015c0)={&(0x7f0000001e00)={0x708, 0x3d, 0x1, 0x70bd25, 0x25dfdbfc, {0x3}, [@nested={0x79, 0x87, 0x0, 0x1, [@generic="f728a4c0a6b2b5124a51e4fe928d4b1683d866a81a78d4421634cc3478e0491d8e2fadde2cfef3ddd8835ffe3c8d7f52faf66fe1863c8d20505c89c9c03907636f55f37b29704ce9ddd55b62a9c84b9cce0bac66946cf1ee37", @typed={0x8, 0x8f, 0x0, 0x0, @ipv4=@loopback}, @typed={0x14, 0x3f, 0x0, 0x0, @ipv6=@private2}]}, @generic, @nested={0x2c, 0x5d, 0x0, 0x1, [@typed={0x7, 0x34, 0x0, 0x0, @str='+.\x00'}, @typed={0x1d, 0x1e, 0x0, 0x0, @binary="b2668ba39375f7f5b94005b406df2122a31a8a54a24da6c12d"}]}, @typed={0x7, 0x22, 0x0, 0x0, @str='-$\x00'}, @nested={0x23f, 0x45, 0x0, 0x1, [@typed={0x8, 0x2f, 0x0, 0x0, @uid=r9}, @generic="759cf8a460f5a0d5aef770b41009acbd2242effd5e5f5af716371c5670145452be87affcc8450163fb3105a7e1d635fb061c664f064cbbc04b65339821a5480996b16f2c88752210bd3927f9f5c5e48bb6f32875bfb2f4561576a24e1283f3f4d4f227647671a2568983f082414d26a519b6ad06f9ffc53c99853a19246ada82f91de3cf431451e2e2b9af571d16f66719bfb1aec13371ea68ff8694cb4cea02", @typed={0xc, 0x6d, 0x0, 0x0, @u64=0x8}, @generic="ec9822deb2204f174d18d4", @generic="56f30e4cf9e7eeb5f2be03b0d9fa17d045ac8f8f99553e316d02d8f4bd92fa71d1d4919a1989", @generic="982234252c170d8413e870", @generic="e490e5226f893569c13b6667c7a4ca76b8d259df7f4da4330ff4e7b117ac2a57f7907c22efb563ea5da92c1f120444af0ffa3fc1cd7892eb9e1cc71d0a350f5ff10534f35f3e0668e6ca9eb2c32762dfffcb088cb8d24bb8311e4aabdc3375db08b75bd9038e26c1581d9b842427dfadc22f499a887ba6f29d28d5f641e6642d2fa08d02bc50c566d90ba55a407cf1f57e7d9e3941f8468d7e9d8372851dead67e88a8ed3c5f1902fdbf1be316ec8f7eb41ff7283e75bb58bff55bb478c40e72d55416a5c795226df853fe48840ba8c08d5b2bb3f3b83a45964edfa766e72c78d3a9c991d736670b6a2dcf693dbac1aafc", @typed={0x4, 0x96}, @generic="b7269cc8d3c1b2add2e33ba063fbd34497cf2ab115d06df92ee5627d798e1af9cb76e1cec4ebe0abd146875a4cb1c448b8a8d827e566b7b52c99f58dce030123190769aeb4b2f491dd5d939c30e9f095380ad1bbbf86"]}, @nested={0x2dd, 0x44, 0x0, 0x1, [@typed={0xc, 0x19, 0x0, 0x0, @u64=0x1}, @generic="0d99e38482d7c4fa4b9f0a9dd0f8b024d8d2be86e7c72961a635e49385c06df571f5608d38b140e4b0375ae6414f23300cb0fafb40fa93b8b0a1e30243a5b9f0e890a3c9e1e6942bc2463bc169af2db21dc02be96765fc584599e614bbc787ae00044284d0e459129544d85e93bd3fb431afea7b390e5b8c5920aeee2dce242ade7d2a702cab12fbb2bb99defcb032550cf3a7c6dde9b6c68a23", @typed={0x8f, 0x72, 0x0, 0x0, @binary="85038ab7b114a7c3a9f681a4231d66e11d9a543c7c3ff3f4e346267a537a7a011078f55c24a682dbb21aaafb7700d03fe4710026f138274f3115edc29d22ce81cf422381525879cba1cb0d22264e52f655a8945c1ba72eeb9b41e1167f2e9b3629cbda062218c64ef7988d10b9209d273392d104bc19189d886e157841e208cee6d9cd5d550573ebfb6c8b"}, @generic="377c48716809a69f726d6edbe8e470d648b2ef92b32f0ac39bc255740db88276a416ddc54bc1e1b406d803a85ea790179705895b02e9ac7b95d32c09418033794f62f84cd73d1eeb125ac326b6ccd451b897037a967fc8f02a8e3f0df46ab9efe0cb0a24f1305536bca58d0a84", @generic="b23ecc6c51b8999e2d6a5a1c44657d4b135fb66aa4cde2094044614c89059259f0441dcd54755bff4e73f5e491343bac0ca41c2ab6b8309f8e", @generic="dd5ac2a439db79ae47ef4eebfae8af744af5b2bd6fa51f5497ef49f653e0de8f207d3858d32223771573a4cc6a05ccf72b00e2be83178cca6bd06f261e7df3c76f4c361dc160d505df3220063723c76cd3c065618209b64eeb3d7dbdb72c11bad3140c847074a42ab8d03a93cd40845de8bab8bb6048daff7cc06aeea736d0ee57913b5a3b9e627dd0e892da642bb0d567e58e5840f8abbe40956f6ce98b452169cfb9e5b934122fa7bd7f6e0e42677321b20ccfe47047a55e98c36daa1a76d0b0be4ca0840b8e505fb39a04646ec24e356e1f1b350b84665366746125dc6b5e5fc83662a526f5fb420260a048f5751036043ea1b47c9e3e7c42a32924"]}, @generic="e7bf0757d7c494b5e1d1e36ed3a5a337ac5aff669c2678256547cea80949d57bb648265634fc5b993f77f703fcf6019ad2ac0f9e626b0a56ebf2e55947712c105ab3e03c334c468389d11af5f498ae31a71de7510d2c2e6435f4fac0ea3b548fa8", @typed={0x8, 0x92, 0x0, 0x0, @fd}, @typed={0xb7, 0x92, 0x0, 0x0, @binary="f81fe48396666af2c6cab7037bb7eff08b7fc5cd2b3f5a7b956d7100efdd6d92dd35cc67259e4eb1312c91dcf8f6337b3e2c3cf16202a67a384e5cf2dc7c1e505891885581d402fad4685b5f30ff8f83893335f0b661d1d9124167a1dc671721f5c585b620be678650ffe1093451e5acdf934185c49d72cc3961ed72fb0b1b2cdc0b55f638b8f734be4533cdb8648646dec8f242b3ca2c480819cb71865fedf28b5cdceaeb276cb754bf1652d0a2ebec6ec621"}]}, 0x708}, 0x1, 0x0, 0x0, 0x44018091}, 0x20000000)
close(r3)
r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:53 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69)

18:11:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000380)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
open_tree(r3, &(0x7f0000000040)='./file0\x00', 0x80000)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_STATX={0x15, 0x5, 0x0, r3, &(0x7f0000000900), &(0x7f0000000080)='./file0\x00', 0x8, 0x2000, 0x1, {0x0, r4}}, 0xad8b)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
r5 = socket$packet(0x11, 0x2, 0x300)
sendmsg$inet(r5, &(0x7f00000007c0)={&(0x7f0000000180)={0x2, 0x4e21, @remote}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000440)="943ccaf9cbb1a21a72d9a8efa1f3318974361aa94cfad7a771fd66dcffde55b55219485295fcedd2a3bcb5ca8d8dc048d04f8fe29f835d4d36fc64c90113ef15a8916960954c6a0446864a80bb81e3f85656527d08dc14cc1c678bba3eccd22d065e0a1bfc436b920c56174f602a06da04fc19c2110de36a3b9fc0181e5755832c2e7e00078b49ad2d97f2d233cf95e95f4529106088fb0a67", 0x99}, {&(0x7f0000000500)="037df9164c336acefbed06de17ff0007539ebb829f9de6a4eae3daa6a6e8e3c1cfdcac17dfbde5fccf5a5a284161fb462a5f9118dd33c7a86eaef781a396c2d34a18a55c5497587f4c269d8d1973c4cbb2de7e1f8175c16d4c1c072422f2c410af542c0045c582401617057985248c501f945a2f9037c0dcc2c6aef17a14b712e6e60c6d58a37f30725e59bb973d133eb0d506b4c8eb7c4b1bc1a5398ec0e437e936da8e68ac9eadb878c2e4c8c900c47de8c99b1a9229a2049387fde625dc32415e0dbce1d4c366a2a7763cdf07", 0xce}, {&(0x7f0000000600)="48ed964d8b8b56e6ae31d98ad0d22dbae78dd5d1977e36a8dd4744268cc9521dc6462c23f8a4704701e4c5433ebe87318ba6db4ab4a922434507e9f600a2d9a1bf48c44650f045e77fc8db32dd2ca240a6ad1a00a501196c1485a9ec28281e12382a0aba1152486a2fa5729dc1dcded161a91d326eb120bbb8b4d2f0cc0ff59a082dee0eed1df9106d6958a7ae4adb30068dea36dcf7190bf81bbce0eba0599f48bf7277b09d53da264c16d00bf842635432fb9095eaa54142437fe5a212ec983afe50b3f8ad230b02c3e1f2a81fa9c1c92bac6cd49975ecfcb965e327a8ce40cc8c6b256a02833d1a5cd2270420f5d8", 0xf0}, {&(0x7f0000000240)="d8e58bf554a7adfad68f147d2572e882f2fc7e10607a4ee83a46e32e1345fe40b095dd2152d480d5963f9b60bb7b2f5e2461791dba052a7d408b55cb650cdbeebe8d583abdb2062b4c8dbf79081483fd319d32b2fe5711245081bae0a674", 0x5e}], 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="2000000000000000000000000700000001890fdeffffffffffffffffe00000022800000000000000000000000700000094040100018913d9ffffffffe0000002ac1e0001000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1e0101ac1414d52025c2003000000000000000000000000700000094040000070b8dffffffffffffffff860f0000000000095338c4e615a7750000"], 0x98}, 0x84)
setsockopt$inet_mreqsrc(r3, 0x0, 0x26, &(0x7f0000000340)={@broadcast, @rand_addr=0x64010102, @empty}, 0xc)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2937.737998] FAULT_INJECTION: forcing a failure.
[ 2937.737998] name failslab, interval 1, probability 0, space 0, times 0
[ 2937.740564] CPU: 1 PID: 14996 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2937.741943] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2937.743621] Call Trace:
[ 2937.744158]  dump_stack+0x107/0x167
[ 2937.744892]  should_fail.cold+0x5/0xa
[ 2937.745660]  ? create_object.isra.0+0x3a/0xa20
[ 2937.746574]  should_failslab+0x5/0x20
[ 2937.747358]  kmem_cache_alloc+0x5b/0x310
[ 2937.748206]  ? find_held_lock+0x2c/0x110
[ 2937.749051]  create_object.isra.0+0x3a/0xa20
[ 2937.749957]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2937.751024]  __kmalloc_node+0x1ae/0x420
[ 2937.751887]  memcg_alloc_page_obj_cgroups+0x73/0x100
[ 2937.752924]  memcg_slab_post_alloc_hook+0x1f0/0x430
[ 2937.753942]  kmem_cache_alloc_bulk+0x182/0x320
[ 2937.754887]  io_submit_sqes+0x6f76/0x85c0
[ 2937.755752]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2937.756760]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2937.757750]  ? lock_downgrade+0x6d0/0x6d0
[ 2937.758592]  ? find_held_lock+0x2c/0x110
[ 2937.759451]  ? io_submit_sqes+0x85c0/0x85c0
[ 2937.760341]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2937.761327]  ? wait_for_completion_io+0x270/0x270
[ 2937.762299]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2937.763247]  ? vfs_write+0x354/0xa70
[ 2937.764002]  ? fput_many+0x2f/0x1a0
[ 2937.764740]  ? ksys_write+0x1a9/0x260
[ 2937.765508]  ? __ia32_sys_read+0xb0/0xb0
[ 2937.766342]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2937.767411]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2937.768460]  do_syscall_64+0x33/0x40
[ 2937.769217]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2937.770258] RIP: 0033:0x7fd673b8db19
[ 2937.771030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2937.774745] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2937.776298] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2937.777746] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2937.779197] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2937.780646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2937.782106] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:11:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4d, &(0x7f0000000280)={0x0, 0x0, 0x4, 0x800000, 0xfffffffe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r3, &(0x7f0000000040)={0x10001, 0xf4}, &(0x7f0000000080)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r6}}, 0x80000000)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:53 executing program 4:
r0 = syz_io_uring_setup(0x2001970, &(0x7f00000002c0)={0x0, 0x2000, 0x1, 0x0, 0x1000039a}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0)={0x0, 0xb85f}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x80010, r0, 0x10000000)
r9 = syz_open_dev$rtc(&(0x7f0000000040), 0x4726c420, 0xe0b40)
syz_io_uring_submit(r5, r8, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x2, 0x0, 0x0, 0x0, 0xa, 0x1, {0x0, r4, r9}}, 0x80)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:11:53 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x19}, 0x0)
close(0xffffffffffffffff)
ioctl$SIOCGSTAMP(r3, 0x8906, &(0x7f00000000c0))
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70)

18:12:08 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
r4 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x23, 0x0, 0x0, 0x16e})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd_index=0x2, 0x4f45, &(0x7f0000000940)=[{&(0x7f0000000180)=""/6, 0x6}, {&(0x7f0000000580)=""/247, 0xf7}, {&(0x7f0000000680)=""/221, 0xdd}, {&(0x7f0000000d40)=""/4096, 0x1000}, {&(0x7f0000000840)=""/193, 0xc1}, {&(0x7f0000000240)=""/75, 0x4b}, {&(0x7f00000007c0)=""/57, 0x39}], 0x7, 0x5, 0x0, {0x0, r5}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_WRITE_FIXED={0x5, 0x3, 0x4000, @fd, 0x401, 0x1d43, 0x3e, 0x4, 0x0, {0x1}}, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000440)={0x8, {{0xa, 0x4e20, 0x80000001, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}}, {{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, '\x00', 0x27}, 0xff}}}, 0x108)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e23, 0x3, @private0, 0x5}}, 0x0, 0x0, 0x32, 0x0, "2fbec197aa5a257900b298d23533f8289a3b7dc10e1779119cb8c5d5e0b2625f9c26e382845b67dd5ec7e6fef06f16a2cda1d3271c08923801386a6252c9806f21efd1d91b792d1c5687b4252d73b958"}, 0xd8)
ioctl$FIGETBSZ(r9, 0x2, &(0x7f00000000c0))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x3, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/drivers\x00', 0x0, 0x0)
sendfile(r7, r3, &(0x7f0000000340)=0x401, 0x6)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000240))
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="d00000000201010200000000000000000100000108000840000000001c0016400000000800000002000000ae000000030000da75000000084c00068814000400ff020000000000000000000000000001080100ac1414bb14000400fe80000000000000000000000000002808000100ac1414aa080002007f000001480001800c00028005000100060000002c00018014000300fe8000000000000000000000000000aa1400000000000000000000000000010c000280050001003a00000004000d800000000000000000000000000000dafe60510668e7abad78d3b2d7ce663e5c0f6a7a32be29e1e3dc77b2be6a391b1fd81f1b2ecc6343fa97f76ba3e9e66298d05df5ddbe00d2558d15e8e0def72aec6427d73335ebd47ab8ea25c686e73762c8ffebc79f6849a892a4f63a9fdf1f4862509eafe85113e517e24c111a5371f2d5d6a1887c2875b00417b31b7f01eaba58b7a0da35b370d3fd6ebaa7e8d00330992a697676b9ba474b85c505faf1e0356054ca42fb0358a9740949b27261d8ed5004"], 0xd0}, 0x1, 0x0, 0x0, 0x1}, 0x6008010)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000005e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITE={0x17, 0x4, 0x4007, @fd=r8, 0x401, &(0x7f0000000740)="e359bc4e03f9c7c0387a0f42d784c1292ecde59cd1b9cacfdd170107de9b02127e15c22a4e03ec45c01bc2844ea36f4a246cd54c4b2236f78de493a1085dfdfb598dfd393aa452f29ca4bccf3ec8668d55", 0x51, 0x1, 0x1}, 0xffff)

18:12:08 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000340), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
sendfile(0xffffffffffffffff, r5, &(0x7f0000000280)=0x9, 0x4754)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2004, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4a15, &(0x7f0000000180)={0x0, 0xa611, 0x10, 0x1, 0x10f}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000240))
syz_io_uring_submit(r6, r2, &(0x7f0000000300)=@IORING_OP_ACCEPT={0xd, 0x1, 0x0, 0xffffffffffffffff, 0x0}, 0x4)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
r3 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x2, 0x9, 0x0, 0x0, 0x0, 0x0, {0x1}}, 0x0)
close(0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000240)={{0x3, 0x1, 0x0, 0x0, 0xff}})
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000180)='\x00', &(0x7f00000001c0)='./file0\x00', r5)
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet(0x2, 0x800, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r6, 0x1)
ioctl$FS_IOC_FSSETXATTR(r6, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
ioctl$FS_IOC_FSGETXATTR(r6, 0x801c581f, &(0x7f00000000c0)={0x3f, 0x2, 0x3, 0x2, 0x6})

18:12:08 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x10, 0x7}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 4:
r0 = syz_io_uring_setup(0x37c0, &(0x7f00000002c0)={0x0, 0x8b4b, 0x8, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x6000)=nil, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r5=>r0, {0x4}}, './file0\x00'})
mq_timedsend(r5, &(0x7f0000000180)="d407b60d83dd8503e2ad37e4782deb725c5457f5b5ef4bd6caa508a7212780e4dac2b68f0e26e38c0de3ad98533b6fc2c58652267ad60de170d10739bddb75233538f48ed43f373dd9286f0171092fcf57f6492f113a9a3bd93c3682735386552de7d9828d86543b65", 0x69, 0x5, &(0x7f0000000200))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000280))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r4, 0x4040942c, &(0x7f0000000040)={0x0, 0x686e9be7, [0x40, 0x4, 0x10001, 0xfff, 0x800, 0x20]})
r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0)
getpeername$packet(r7, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)

18:12:08 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, 0x2)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r3, 0x8008330e, &(0x7f0000000180))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x10000, 0x23456, {0x0, r4}}, 0xfffffff7)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2952.625099] FAULT_INJECTION: forcing a failure.
[ 2952.625099] name failslab, interval 1, probability 0, space 0, times 0
[ 2952.627688] CPU: 1 PID: 15041 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2952.629086] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2952.630749] Call Trace:
[ 2952.631313]  dump_stack+0x107/0x167
[ 2952.632047]  should_fail.cold+0x5/0xa
[ 2952.632825]  ? create_object.isra.0+0x3a/0xa20
[ 2952.633750]  should_failslab+0x5/0x20
[ 2952.634539]  kmem_cache_alloc+0x5b/0x310
[ 2952.635363]  ? mark_held_locks+0x9e/0xe0
[ 2952.636182]  create_object.isra.0+0x3a/0xa20
[ 2952.637074]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2952.638102]  kmem_cache_alloc_bulk+0x168/0x320
[ 2952.639051]  io_submit_sqes+0x6f76/0x85c0
[ 2952.639930]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2952.640965]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2952.641991]  ? lock_downgrade+0x6d0/0x6d0
[ 2952.642839]  ? find_held_lock+0x2c/0x110
[ 2952.643718]  ? io_submit_sqes+0x85c0/0x85c0
[ 2952.644592]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2952.645604]  ? wait_for_completion_io+0x270/0x270
[ 2952.646570]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2952.647505]  ? vfs_write+0x354/0xa70
[ 2952.648251]  ? fput_many+0x2f/0x1a0
[ 2952.648983]  ? ksys_write+0x1a9/0x260
[ 2952.649748]  ? __ia32_sys_read+0xb0/0xb0
[ 2952.650566]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2952.651635]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2952.652671]  do_syscall_64+0x33/0x40
[ 2952.653415]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2952.654444] RIP: 0033:0x7fd673b8db19
[ 2952.655193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2952.658871] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2952.660406] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2952.661834] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2952.663268] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2952.664689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2952.666116] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:12:08 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0))
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, r4, 0x0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000340)=""/153, 0x99}, {&(0x7f0000000180)=""/15, 0xf}, {&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000400)=""/211, 0xd3}, {&(0x7f0000000240)=""/95, 0x5f}, {&(0x7f0000000500)=""/221, 0xdd}], 0x6, &(0x7f0000000680)=""/16, 0x10}, 0x0, 0x2, 0x1, {0x1}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x2000, @fd_index=0xa, 0x1000, 0x0, 0x0, 0xf}, 0x6)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000140)=<r1=>0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
close(r2)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x4, &(0x7f0000000000), 0x4)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r3, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r3, 0x1, 0x43, &(0x7f00000000c0)={0x77359400}, 0x10)
pipe(&(0x7f0000000180))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r5, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000180)=0x2c)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x1, 0x50a0ac75}, 0x40000, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
openat(r7, &(0x7f0000000080)='./file0\x00', 0x400, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x8, 0x4010, r7, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0x5, 0x0, r7)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, r7)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71)

18:12:08 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
socket$netlink(0x10, 0x3, 0xf)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2953.157172] FAULT_INJECTION: forcing a failure.
[ 2953.157172] name failslab, interval 1, probability 0, space 0, times 0
[ 2953.160617] CPU: 1 PID: 15073 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2953.162249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2953.164210] Call Trace:
[ 2953.164857]  dump_stack+0x107/0x167
[ 2953.165733]  should_fail.cold+0x5/0xa
[ 2953.166646]  ? create_object.isra.0+0x3a/0xa20
[ 2953.167736]  should_failslab+0x5/0x20
[ 2953.168635]  kmem_cache_alloc+0x5b/0x310
[ 2953.169589]  ? mark_held_locks+0x9e/0xe0
[ 2953.170552]  create_object.isra.0+0x3a/0xa20
[ 2953.171609]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2953.172804]  kmem_cache_alloc_bulk+0x168/0x320
[ 2953.173878]  io_submit_sqes+0x6f76/0x85c0
[ 2953.174904]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2953.176081]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2953.177222]  ? lock_downgrade+0x6d0/0x6d0
[ 2953.178200]  ? find_held_lock+0x2c/0x110
[ 2953.179175]  ? io_submit_sqes+0x85c0/0x85c0
[ 2953.180205]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2953.181334]  ? wait_for_completion_io+0x270/0x270
[ 2953.182461]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2953.183579]  ? vfs_write+0x354/0xa70
[ 2953.184462]  ? fput_many+0x2f/0x1a0
[ 2953.185319]  ? ksys_write+0x1a9/0x260
[ 2953.186209]  ? __ia32_sys_read+0xb0/0xb0
[ 2953.187166]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2953.188387]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2953.189588]  do_syscall_64+0x33/0x40
[ 2953.190454]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2953.191667] RIP: 0033:0x7fd673b8db19
[ 2953.192544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2953.196778] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2953.198540] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2953.200203] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2953.201845] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2953.203509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2953.205138] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:12:09 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000040)={0x0, 0x4, '\x00', [@calipso={0x7, 0x20, {0x0, 0x6, 0x0, 0x8, [0x2, 0x9, 0x4]}}]}, 0x30)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:09 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f00000001c0)=@gcm_128={{0x304}, "9041de832709f2ee", "59534f52ee5cbc7d0751ac81c930aed3", "18e8f24a", "66f0790aaa433c45"}, 0x28)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r8 = syz_open_dev$mouse(&(0x7f00000000c0), 0x8001, 0x80400)
io_uring_enter(r8, 0x48eb, 0xf1f6, 0x0, &(0x7f0000000180)={[0x3]}, 0x8)
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
setresgid(0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="53a679b1b56b8942decf116581c37021b1c7bdfe9fcaed05303222b8e25a700000000000000bcb0979a59b61326c1cec08f566"])
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:09 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0x356297e0]}, 0x8, 0x80000)
r7 = syz_mount_image$tmpfs(&(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x6, 0x2, &(0x7f0000000280)=[{&(0x7f0000000340)="6afeefb53b50eee876c27b3bbfcb2bc44bd5e10399df79e447554ba63120dfc62ce26a622b7c83de82880633e17154728e8f42f9f752beb007c02c91825517b239582da4119a680af62a2748d89d50b0351ad55931e5e0469e22af5c465c86b4845abb490c8088be1550af5f9eda3189a364a14acb92e52125c3b1ef4cd7c54dc2986b33a1179a8c37ac58", 0x8b, 0x40}, {&(0x7f0000000400)="9500f1248e28897f7401ddb142ee6b4432c79e3039de4e44d9a860ea84c987512a9092ea69a9cf17b94568ddcbc784c5c2b422d55ad6c015a2b20c7e48c950c144494d57714378ef71525b500213b7d071d85c10266061cb9f0ee1ea736b42bc8df78849af05f38f9189012ce9c5c82b8cc2d6868878e08cbb7c452df44852b9a412eab76c4f87bb1d6c8583563370698e6b8f1abb793f786d1430dae6f58b810c3c77e924becea0a5b455b0d930faca7d41ac59c13abb1d1f376b3590", 0xbd, 0x80000000}], 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e725f626c6f636b733d2467332c687567653d6164766973652c6e725f626c6f636b733d3233742c687567653d6164766973652c687567653d6164766973652c687567652d616c776179732c7369d6aa3d742c7569643e", @ANYRESDEC=0xee01, @ANYBLOB=',smackfsfloor=:.,\x00'])
socketpair(0x26, 0x800, 0x40, &(0x7f0000000540)={<r8=>0xffffffffffffffff})
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000580)=[0xffffffffffffffff, r3, r3, r3, 0xffffffffffffffff, r3, 0xffffffffffffffff, r6, r7, r8], 0xa)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:09 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72)

18:12:09 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
connect$bt_l2cap(r4, &(0x7f00000000c0)={0x1f, 0x401, @none, 0x0, 0x1}, 0xe)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:09 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r0, 0x6, 0x2e)
ftruncate(r0, 0x1000003)
fcntl$setstatus(r0, 0x4, 0x22000)
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r4)
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f00000001c0))
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r1, 0x115b, 0x540f, 0x2, &(0x7f00000000c0)={[0x2]}, 0x8)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2953.735708] FAULT_INJECTION: forcing a failure.
[ 2953.735708] name failslab, interval 1, probability 0, space 0, times 0
[ 2953.737608] CPU: 0 PID: 15093 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2953.738653] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2953.739887] Call Trace:
[ 2953.740291]  dump_stack+0x107/0x167
[ 2953.740854]  should_fail.cold+0x5/0xa
[ 2953.741434]  ? create_object.isra.0+0x3a/0xa20
[ 2953.742120]  should_failslab+0x5/0x20
[ 2953.742715]  kmem_cache_alloc+0x5b/0x310
[ 2953.743342]  ? mark_held_locks+0x9e/0xe0
[ 2953.743962]  create_object.isra.0+0x3a/0xa20
[ 2953.744619]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2953.745382]  kmem_cache_alloc_bulk+0x168/0x320
[ 2953.746062]  io_submit_sqes+0x6f76/0x85c0
[ 2953.746700]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2953.747482]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2953.748202]  ? lock_downgrade+0x6d0/0x6d0
[ 2953.748814]  ? find_held_lock+0x2c/0x110
[ 2953.749434]  ? io_submit_sqes+0x85c0/0x85c0
[ 2953.750084]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2953.750806]  ? wait_for_completion_io+0x270/0x270
[ 2953.751542]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2953.752229]  ? vfs_write+0x354/0xa70
[ 2953.752786]  ? fput_many+0x2f/0x1a0
[ 2953.753330]  ? ksys_write+0x1a9/0x260
[ 2953.753893]  ? __ia32_sys_read+0xb0/0xb0
[ 2953.754489]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2953.755303]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2953.756067]  do_syscall_64+0x33/0x40
[ 2953.756632]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2953.757386] RIP: 0033:0x7fd673b8db19
[ 2953.757940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2953.760649] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2953.761728] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2953.762781] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2953.763850] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2953.764904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2953.765970] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:12:23 executing program 0:
unshare(0x20000000)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 4:
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(0xffffffffffffffff, 0x8040942d, &(0x7f0000000040))
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0xc117, 0x0, 0x0, 0x16e, 0x0, r3})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x3, 0x4000, @fd=r4, 0x3, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/82, 0x52}, {&(0x7f0000000180)=""/13, 0xd}], 0x2, 0x10, 0x1}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 2:
r0 = syz_io_uring_setup(0x74cd, &(0x7f0000000180)={0x0, 0x1, 0x1, 0xfffffffe, 0xfffffdfa}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x430411dd, 0xffffffff}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_io_uring_setup(0xbdd, &(0x7f0000000180)={0x0, 0xa6cf, 0x8, 0x2, 0x1d}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_WRITE={0x17, 0x5, 0x2004, @fd_index=0x4, 0x1, &(0x7f0000000280)="cc38a93e921c0e3737c5c4783669b5bce0e9c5", 0x13, 0x0, 0x1}, 0x8b0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 73)

18:12:23 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(0xffffffffffffffff, 0x1)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x21, 0x9})
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
readv(r6, &(0x7f0000000240)=[{&(0x7f0000000340)=""/205, 0xcd}, {&(0x7f0000000440)=""/180, 0xb4}, {&(0x7f0000000500)=""/136, 0x88}, {&(0x7f0000000180)=""/13, 0xd}, {&(0x7f00000001c0)=""/57, 0x39}], 0x5)

18:12:23 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
pwrite64(r7, &(0x7f0000000340)="944f126166ef839d37881dc5159727745e74e90815f624f7043c6628af7eb150178715cc41fd0f40a0a902e89e0b75d568d77963066279bed59e5495ee9f7908d1f00a86cd93c20927ecd39e09c6de9acf9374160498defb6a236e9b381c9ff3462328649ea6ca677312177507a537fee3a00090b65178aa8d938d1eb9bd13b2950bf0b141b25891bc71ccff1b17ab790d98360a117fe5b73ecf0e5f82ce1b5e0dadf0849179f751327c30a0941a9b33922dd3f1bbf3184da6c97964b74429c7d77531c4d8be184884dfcbaffe7657fc759684a3074042f99cd577e4b4e0c9c692f56ab7300efe71840f80469c76496618b880c757cdf9af0a8e776a1b83aafb8cddffd1fd299cf76dc0979c7820868ed2c3b679195d049bf99cf882cca527219401cea83f9dcbc6385642c4c3faef05bccf6d712babe8444a0d25bedfc3de8b30064b8cda0b6f6eba924f271618cbeeaa9bed036045fb37b46b0f62b4d3387c3e4da13f43dc0115643021cd99c7f35d15e26c1ed464a06171e7ca89a02c525b68311331bb0d6dfeea5b070a041db4a09d2eeae7d7836a71757231c0875fc3de346b8555d3ac1683b50543c40bf92d4d56e3aae7b60907dbb3ad809ef245ca25fd9ce348b8b2629183b08b14f446d1334f1ede9f030f450b70b01585a20dbd3e55e2a5867a00a2e6ebce757a4c0e3d168cc07f553a7ff26ce223555c41279ab8e837eb9fb5925b8364fdcc09be6793b93ec9ad315c2a23c94833cc148327338c2511b7f19f69ed8735868dc190095e14eda2913b3a109c5d3b6febcc075d3779e50e4cb86c21dd29f6ef3224576b2e742dc270986d1e6b0f49759d347caea55f3dbdfd54f2e4e232bfd13024fadc4896f02755b63668d30651cb59d04c4b170be42aaead1be3a4410a74cf68951501ba33e294199334cb439d3ef0f5aa7d258591a8b4b87a998d925d49113a8666f99371a9828aeeb2a780a624a07ce0aaed74707e47498d80707aeeca2387432a43aec5fe2d999a315df02510ce45d108f8673f40d020515ca1027c3caf319d4e87cbd68cecb70660b7e0b6fa2ef748676c4bc47c4510ce32d025e813c3ea77dd5a2ce5bc28a793cee0014ddd62834ee72f6b2e6f8e86f07472a8a913e2cb8bda24a923a9b4be32e2628a5dad6b42a159cff10a5759c14a3881206dbcb5874351c4503165d6a38566d0e8b86d594da70267bb512c936ec20a16d8d0e1121654023c7823f33617b1f67fdbceb854fcca21fddc98becf9453012e0c5c948f1cca3c50d3da529cda590427ef4e2f32af2b74a131c17f6e6f2403a286d5ec66070e756bd0217eab15fd75d141fd6cacc50ebee238e012e9c666f0c70cb1c8f13943d4070257dd9c1bad2ee2e261b854c3b39586acdfd82fe8a60730474b2c1bd36286a896952928a7a4bccd1674adfd3691612dbc365ce2c0631ce36ce6fabe39f076b4c22e6f64fb1ad50d84d369b1b62f420258c9c804e15af55f64b1d8f157ca1f1b7f890d0f9196357fe258bf9885d948197a8bc8302fbed4c84e59d228b750df705cb189ad94413ca56443c318f7afde09ad881d048b36e0e935e6847718b53bbba584ff5eef98e5d45e0b9cf5963e878f6189dbe5d6809f7eb5625c79e4062836eb7f29fa0aa5f05f6a7b4860977a02b535e2260a09fb372e1dde81548a1a59e8cff33117db8e9013ecfc7320e3b5b4d5a98d1ed39ef9e0a890122d91a6a25755d25f36c91f2e3af619d70b983e845be0ec2d068bb7fe5270ed573120e9d9b550b98e74f2c21c724bcd863b22c550880c393e4ae2a341314e2a5f85e8849d8af49e65b8e6d1730a9d899186769fe3deea254176b8f27c8b50fb4ef6f0f4e072f0c756f7629e13b7e58474801dc35fc3875bbf5a2d60ee3737fc1f08f135d46113ef077880378f76b57e4987c9711fbc2a35d8f69a7bc712628d7707ad90d4090aee69b1c5975916e237124908c500e5a6ea1513864f640b8e7d71ee6880706230b20b3e9917b9e32adb63cd9e1a3ed51a4043d9eb44422710cc2631d0a4e83f53e79bb8c9906fcc20e68a38cefb8c811539fc87a0dae6a468e3cd0e8a75e6f22cf99dc435859479bb7649672a5bc8a033ed912fca1d215d4752ae6728637ad52fba3ec9e0e5bc2641be1d89e04c5d7be61238fde316c6bff821baed42303abc582db8ea5fdf1912724b970b4bf7437fc3d5b14f7f4dc13a174f5183c0ba73ebe04102dd9166215e6eb1b4a2baa48a671fd0a085df08a643ff31b19053804907591c85e802d21cbb4dacaa1c3f8297011d4a4be939e35472e39b7808c1b9e8d47f58a43df2b551d59635f629beddd2d662d4b76e931f8db97b940f04a0d3e51b6430f724a41c85e3ede63d0a7342c98addbc7b3c6d57eb823283ad8c85eefaaf32cbc9f06e2d81e78b548f3f287f82f1ecdb059f4300715901066b01508437472799395a7738c0ba027480c3a4c9fd7554b6d4829bb624132e1ed3c24b3084fe8bb3178b39700d80c8c29a0efea2662f0b11e149d2db1cea431f3f7114fba6454ada4450d871a6d9abf495dbd1f8e51065e64c8b8859bfc1a3857928b2ee4e9852220b7a6fae88b754ee5aeac1451554d70d478d9590b8914bc5e3d58c9359db20ad449248fb7bf211866cd355a40856419867678b44036be6ad3192a0dc0d8b9f830332bbaceef2fc7421efa7a597d2f9c1cf5d2f6e40a2d1e52ce71e9f50c29eb8cb190da6d7723eef152dc7ff976c76248a25849353bcdf0cee2e4047a3dd79e435fb74fccea1007c0b77fda4ab24e40bc2646b353fe375035c3dcffd898de0568dca379d175490134f74c7506add313cacbfaadb434e377462e843152b2d2860f46d9a549a4fef92eb71dd8a069e3ece8d02d07c971d4ceef36bb3e6e2b917a6c9abd941a83cd1ce580e6ca07dbb7f4662e42bbe150fbd78031f50b7ea110902aa82101dd27b38edeca3847a8e8286e452d698900bcf090255824e3b1a450e15d6287251b6f94f684fc321e90f40ee59aa27a90fbb7313cb74af0490606183fa82c646a45676b67db97d89e35cd06151d2827f7ce705414ef7e1aa1b907814fc9f61c350ccaf538587e68ca9066f923f3eab22b3e9d7a3ef7f69ae1107f089fb0c8cf7a14ea0698a292db0d749c027c5ce6edfc96fb13c7984cd30e5792b7d8948b519bd0ad6196c2d1a1aa1d4eb6298c520eac45792e8a018ef48ad6ccf0d296051db2fbf3134757fd62b0d9f09eaa39c61c586d6cdd39c1e7160d739386a07befb3051642272dc2e1cea35d8cf951c460dab4a9baa423cd0a993a3e8a455b8a1d91deb7918843d3ba7e84d2d3ec8dd854539353001990baf37d408791a359d708c46a510d491a4115325b46b2656ef5ea9048f3cfa198fd963bec72f591b32aa839950e96668a9a645a7eaa0c547d0850b200665fafb30a66b6bd87caef36dcc413008333cf49c39b826c06f67865c8a34f17be11874365a137ae585261dd7d287a79da5fb5e10c3d50db7674889f06298d1fb0c354e9a1cca0abd63e9442bf8891bcdbb6b255d692b72c8b872ec4ce678235a5fdbbb45544bb96a6472a42db2d2c6c2379582fdcedfeedf19e2f3984ee5e42feb9f3e23a3bf1eceeb19ed1f9f115d9327d749de141b150bfc1e432d6c2a316f35d926ce19fd1974c2b92522e77eabc29e2bbe92b197f9fd811ae001784bb56139b18de7267fbd147b569ebc4a2099d3841f93857d8dc2daa7b7e9c2a04009ddc35dc2850fc43a076e83cc209a38ebaccb0dc8719e46043b82ae9f7d16d542ae60a6df6bc9f7fc91fcaac8f1529628f3819de7e8d42ae6fa5a0293454464d23cd73d3f491f87f441057e7d5d84fd86a8743180c4fa7bfd89267380c8fe7b966211b9c6d2c0c8656d18eb420cb7a93c2872c3b20718a6ad668ec53a17ae780602d3fdba1c3f13460241cc6f8bada9c8f009b360432be0f4bfd9f7b1e2d9d485af99db8502677cf1f5d0a3de0025468633d0542967515496678f13dfbc8d7edacd446351cdac45018e377aa78ce285e83b464e4653e8339fed5f2452eb42d142025487ccd681f94466cc8f444153537a74926e260cbe528d5d1e65fa3b1e10a670a058bcb1f6dd64fb1311bfa8bed0926d003539f1a1fafa13d6039f132d468386560e49981a32e9ede0d766415734c0bbc7e4e41b13b2442ad0c4874e378bcc59f41aa89720a8325f1490a003d28a09e21068e2509d453b5f675b6ddc06888cc2a28dc15928b9432ce241a52b4b98cc7fc879626d1767b2063360bbc817d7afa2226df35873847f2a1581320659de80393fc79af3d566d4b66ac729f9c09f24aa087eeabb57a6c67ae6f6ce846980722babf7ec49d77433593e59934198f64193681eef45315b12fa51d33ed745a84c96386ac1bbf81e0db90123c68e0406df481701949a9fa29d0360035204bd08947a98d7859ab570d95e49c027922638826613d191cacbdc2078760b84994c7ba3cd47ea37d0cd0ce9611a573e2bd3ef40c747270452efbb6ebccdfc268791d80822b214a1fb3014306b08c1d9de8c0c95fa6c55cb0b9bd1c7bf806e81d26ed15f5178879f2524e283d916fe524144dc68cc3fd3edf215d84ca9e3347b0814f13558cf6bff609f2cf5c6da82bfbc018e462c25a7e42b6414f9aeb0fb520e5f40ca313f0a55c783597ed92ca8c7766a2b1b57777e11b97acaa7d934e825adf6464899dc8942e437542feced67becdff00e283e472caac113de24c4480654aead51eb3561b2508ecdfc2a0bf8beaec4f4bab2093f28700cf3f214f8670af7438cdf6e9fb7844c07a946277fb12e62bd943b82d551dd9ec17a766a90127c14dd8ad6c53bb3d38e31e6244af8b56c812182748e83199b7e315ce9b20dbc2e321b0bb2a86168d7bed868ea8cee11fe86859d4db5da97eea23f5747afdfa4c022d32078128689361895d282ee5247aa99fe21441ffa93539960389de96ebd6a61011d649690279c58fec0fec23ad8248a94e98788b6719041993891ad59e41c316f0c24a0e100ac3f8dea93ec973384a899a2b99be4ce8a27570b6b99369cdac9901740e2cc059ceaefeb62a0f35a1c42c368309eb269ee26a9d7a80122e93920a65cb7faafc47dfe114c44415ac00497d229a7741214a74988c6b09d722f29144cbd085eae82de65d66a3f58c17b06a6f145d78ff67e6339b66400e486ec99650ab4b6e63254267b0614b00a402956959441a40d571ab836a3f315d9583ca2d0dbb65bd8153f254b00123889c44a250e82790044188aa271a8f239209d23324a671ed4e73342f19a093ced3c3bd22df2966b56d95f9fa5d2d667da1a5f1a914f61a86e289e9e00506a2ecebf8ed2a0179ff529e919106cbb44a5bccb920d409d98257ba2aa00815342ec3f422967720502386bcb763dc155ec9a568be38f40ab85af97c1146eb0ec758f38fcf91bc0ef1756a414d00ae4ce4874b5f0d44b1aad91e6bdbd95626fe829792405b95ed509499acf8a552e17344f50d73f411ff0ea8bdeccbb64c7712f7f20a453680e968fc6fe727fd68f9e760270e7c2a743c5d60b65cf65488aaca6af0962cfbb02d9795508dce53d6efee79ee4397442568e0542e62ce97f096b36f4901d21c216eb67d5967865174daf323ef22730f0df31789b51e79ffbacc6ba1aef19b8d1bb85ffde92a1ba4910d1c3147f977d5eb7e6fb7d7d20829d232dd7c90ab2d2dfbb9bc2c1d636f1322a1c31bd43d0dc6bad14bb2352ad9b51e0cf45142f329add9093c63", 0x1000, 0x14)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x10010, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2967.560792] FAULT_INJECTION: forcing a failure.
[ 2967.560792] name failslab, interval 1, probability 0, space 0, times 0
[ 2967.562591] CPU: 1 PID: 15135 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2967.563543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2967.564628] Call Trace:
[ 2967.564999]  dump_stack+0x107/0x167
[ 2967.565496]  should_fail.cold+0x5/0xa
[ 2967.566002]  should_failslab+0x5/0x20
[ 2967.566512]  kmem_cache_alloc_bulk+0x4b/0x320
[ 2967.567117]  io_submit_sqes+0x6f76/0x85c0
[ 2967.567698]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2967.568362]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2967.569005]  ? lock_downgrade+0x6d0/0x6d0
[ 2967.569559]  ? find_held_lock+0x2c/0x110
[ 2967.570100]  ? io_submit_sqes+0x85c0/0x85c0
[ 2967.570697]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2967.571351]  ? wait_for_completion_io+0x270/0x270
[ 2967.572001]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2967.572628]  ? vfs_write+0x354/0xa70
[ 2967.573137]  ? fput_many+0x2f/0x1a0
[ 2967.573634]  ? ksys_write+0x1a9/0x260
[ 2967.574156]  ? __ia32_sys_read+0xb0/0xb0
[ 2967.574712]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2967.575441]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2967.576137]  do_syscall_64+0x33/0x40
[ 2967.576660]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2967.577372] RIP: 0033:0x7fd673b8db19
[ 2967.577879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2967.580403] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2967.581423] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2967.582384] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2967.583364] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2967.584341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2967.585299] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:12:23 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x14201)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000004, 0x110, r3, 0x10000000)
r9 = epoll_create1(0x0)
syz_io_uring_submit(r5, r8, &(0x7f0000000080)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x4, 0x0, r9, &(0x7f0000000040)={0x2000}, r3, 0x3, 0x0, 0x0, {0x0, r4}}, 0x1)
close(r3)
r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8002)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x4, 0x248}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x6, 0x2e)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, r4, 0x8000000)

18:12:23 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = syz_open_pts(r3, 0x8000)
signalfd(r4, &(0x7f00000000c0)={[0xfff]}, 0x8)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
r4 = io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x5, 0x0, r5)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x5, 0x4000, @fd_index=0x4, 0x10001, &(0x7f0000000000)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/172, 0xac}], 0x2, 0x2, 0x0, {0x0, r5}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:23 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xd, 0x100010, r3, 0x8000000)

18:12:38 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 74)

18:12:38 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
pivot_root(&(0x7f0000000180)='.\x00', &(0x7f00000001c0)='./file0\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
syz_io_uring_submit(r5, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x6000, @fd, 0x1, 0x0, 0x0, 0xf, 0x0, {0x3}}, 0x5)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}, 0x0)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r8, &(0x7f0000000240)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x9, 0x0, 0x0, 0x10001, 0x2, 0x0, {0x0, r10, r4}}, 0x0)

18:12:38 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, 0x0}, 0x0)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x4000010, r0, 0x10000000)
syz_io_uring_submit(r5, r8, &(0x7f00000000c0)=@IORING_OP_OPENAT2={0x1c, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000040)={0x4d880, 0xac, 0x14}, &(0x7f0000000080)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r4}}, 0xb72)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x5, 0x8010, r0, 0x0)
close(r3)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:38 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r5, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>r3}, './file0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x10, 0x10, r6, 0x0)

18:12:38 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0xff, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_setup(0xf7, &(0x7f0000000000)=<r4=>0x0)
io_setup(0x9, &(0x7f0000000080)=<r5=>0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
shutdown(r6, 0x0)
io_cancel(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1c5, r6, &(0x7f00000000c0)="d4ae3ebbbd998ce9c5924a2f2e6cf2797438538b107c20a152a3bb6dd7746a0f4de55771cbb720cb542ac6c7edfb19909faf5130232cc437061746d80732bb6020da2580ed1468e16a6ce83f731cfb701b14a66f7fb79778f10892d51236f7a35554e16b5ac7b1aa49e6e8ded20bf0f230ed48deb4b5ff3e5d49822c2bc1df", 0x7f, 0xfffffffffffffffa, 0x0, 0x1}, &(0x7f00000001c0))
r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0)
io_submit(r4, 0x3, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
dup(0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r8}}, 0x0)
close(r3)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)

18:12:38 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r7, 0x6, 0x2e)
ftruncate(r7, 0x1000003)
fcntl$setstatus(r7, 0x4, 0x22000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x5, 0x0, r7, &(0x7f0000000340), &(0x7f00000000c0)='./file0\x00', 0x80, 0x0, 0x0, {0x0, r4}}, 0x8)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:38 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x110, r5, 0x10000000)

18:12:38 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
pipe(&(0x7f0000000040))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
r4 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
fcntl$setstatus(r4, 0x4, 0x0)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x30800, 0x0)
splice(r3, &(0x7f00000000c0)=0x61000000, r5, &(0x7f00000001c0)=0x9, 0x8, 0x8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2982.928212] FAULT_INJECTION: forcing a failure.
[ 2982.928212] name failslab, interval 1, probability 0, space 0, times 0
[ 2982.930894] CPU: 0 PID: 15181 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2982.932312] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2982.934017] Call Trace:
[ 2982.934583]  dump_stack+0x107/0x167
[ 2982.935325]  should_fail.cold+0x5/0xa
[ 2982.936105]  ? create_object.isra.0+0x3a/0xa20
[ 2982.937017]  ? create_object.isra.0+0x3a/0xa20
[ 2982.937931]  should_failslab+0x5/0x20
[ 2982.938715]  kmem_cache_alloc+0x5b/0x310
[ 2982.939549]  create_object.isra.0+0x3a/0xa20
[ 2982.940447]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2982.941478]  kmem_cache_alloc_bulk+0x168/0x320
[ 2982.942411]  io_submit_sqes+0x6f76/0x85c0
[ 2982.943303]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2982.944323]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2982.945309]  ? lock_downgrade+0x6d0/0x6d0
[ 2982.946144]  ? find_held_lock+0x2c/0x110
[ 2982.946968]  ? io_submit_sqes+0x85c0/0x85c0
[ 2982.947869]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2982.948859]  ? wait_for_completion_io+0x270/0x270
[ 2982.949844]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2982.950785]  ? vfs_write+0x354/0xa70
[ 2982.951555]  ? fput_many+0x2f/0x1a0
[ 2982.952308]  ? ksys_write+0x1a9/0x260
[ 2982.953077]  ? __ia32_sys_read+0xb0/0xb0
[ 2982.953900]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2982.954967]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2982.956039]  do_syscall_64+0x33/0x40
[ 2982.956789]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2982.957825] RIP: 0033:0x7fd673b8db19
[ 2982.958583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2982.962308] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2982.963850] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2982.965301] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2982.966739] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2982.968204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2982.969644] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:12:38 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r5 = syz_open_dev$ptys(0xc, 0x3, 0x0)
readv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/90, 0x5a}], 0x1)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2983.032822] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2983.034782] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] 
[ 2983.036197] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 2983.037545] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00
[ 2983.039118] print_req_error: 8 callbacks suppressed
[ 2983.039136] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
18:12:38 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
io_uring_setup(0x5204, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x16e})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r4, 0x0, &(0x7f0000000340)="34ce1d76baf3e76a4b9e47a443c7ed3a05d318316d5e83d09f93b430bf5f00bc0bd72015dd6d11dd97167b137417030c01c7d769320e32750fe1911e93c139f3a0d7acc785c41b011970159f0f29d2c2d74f201b60310d9d720f9a8701d0384988f0af3abefd7d433eaeb36ee43cbb6e5ad43a4978a9d419c8deb6d185809b09db7acd922b9c2df42a348ae64e8480b7b0b08ec6e87754313f5007be", 0x9c, 0x800, 0x1}, 0x0)
close(r3)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r5, 0x6, 0x2e)
ftruncate(r5, 0x1000003)
fcntl$setstatus(r5, 0x4, 0x22000)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r5, 0xf502, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:39 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:39 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 75)

18:12:39 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
io_uring_enter(r3, 0x61bb, 0x99e3, 0x1, &(0x7f0000000040)={[0x9]}, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$SNDRV_TIMER_IOCTL_STATUS64(r6, 0x80605414, &(0x7f0000000580))
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x5, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000006c0)=@IORING_OP_WRITE={0x17, 0x2, 0x2004, @fd=r4, 0xfeb0, &(0x7f0000000600)="27af462af35a819f7f96b579fb2a3dfd34de8ea81122193cd8107132db0cb9215446e8a8444ec831a317ff10356b8b1a2d41503b5bed386b437af24d973282538d63cc32b4c18d68181b744963916fdd15e7ffceb0863e2ad48d092a9ff1681416d166c8c81b57797a7d5d0dd6db918e62017ce7ae4079b08baae834e7a2525e5bd91f0fbf8200f0ccc6349b2e2105b81b46f88399dba12e5390ec261ebd56c3c0b605141e9c91d27fafc7ec5c", 0xad, 0x19, 0x1}, 0x800)
syz_io_uring_submit(r5, r2, &(0x7f0000000540)=@IORING_OP_WRITEV={0x2, 0x1, 0x4007, @fd_index=0xa, 0x1, &(0x7f0000000240)=[{&(0x7f0000000080)="1e700d0867f89661920cb1e9f688fa824be246a8062299c75e42254abd43c0e70d47e2319b39cb031569b67f5ec4c4b9e7e86d", 0x33}, {&(0x7f0000000180)="f5781d20d7e3cd3a296607a59264988d94c047a588b9385285d599215240fc8c1d8df15a408a40081a7fcd8de278de083ed34c4d9f8df2ae7212fda1bbc0d53e3867ec237163ae09e4683055ae", 0x4d}, {&(0x7f0000000340)="af944c6a5cba350b57690819fa3d4a2f01439a7bda15267d19be4ddfd1ec886317d24bdfd156f129c3602525bbb02b547909fb1a016d1a335f10ba5dd21f27e36d0f0ea34abc544033ba26e7b858a220dc39f43e31fa8ff37fa2a0071b0fcec71677aaa4010ddda5cee7bc3dd1cd9565ce370e79ed8ce73bd8087b6804d11c8dea3aea34d4392eab4fc59ba95ece54abfe7af0de84fa70a47481b6c3483759cafb480b1ac1c19dbac32de1dcb90da9690cc8aeb733561182f3dc817a7905729bd40685ab850ded677f74a9c61ea6e21f4002f413c94f875a5d02f7deae1f1346bcfc7631b31634629a0342859817d1a444ec", 0xf2}, {&(0x7f00000000c0)="5cab650d76c60239230fceadc0af4bcd0260680e9b78ef6166aa825e71", 0x1d}, {&(0x7f0000000440)="135b45bab2cff6fc1940022bce3ad2228d3e36aaeb2367c13552ec4ab6a11d2b99d74cdbaee2ee5177a74085ec4163a07417441b4addf52f46cfaaad78581c0b5b78768808ea348981ecb6e337e692085f66a1254246e76989345044d3d5bf6af33a552598e3f7fe4fe4ae471f6107d07e80c9486f5cff5760247dbe1de018b32716ab342737281813c5da9efad5d5d94346ee5edb1a0b8603962ccc9fb1320f6d448cf947839312139a60931456c7f244393a38b84d5acd5feb064bb21555c91e14d39b9de4b6cf869e7981d20fa6fcbfd881dda8e43e87b542ad0e1b3f9c7b715af54aa84a25b6", 0xe8}], 0x5, 0x31, 0x1, {0x2}}, 0xa8)

[ 2983.628787] FAULT_INJECTION: forcing a failure.
[ 2983.628787] name failslab, interval 1, probability 0, space 0, times 0
[ 2983.631357] CPU: 0 PID: 15214 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2983.632769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2983.634449] Call Trace:
[ 2983.634996]  dump_stack+0x107/0x167
[ 2983.635762]  should_fail.cold+0x5/0xa
[ 2983.636554]  ? create_object.isra.0+0x3a/0xa20
[ 2983.637496]  should_failslab+0x5/0x20
[ 2983.638273]  kmem_cache_alloc+0x5b/0x310
[ 2983.639095]  ? mark_held_locks+0x9e/0xe0
[ 2983.639927]  create_object.isra.0+0x3a/0xa20
[ 2983.640818]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2983.641840]  kmem_cache_alloc_bulk+0x168/0x320
[ 2983.642777]  io_submit_sqes+0x6f76/0x85c0
[ 2983.643663]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2983.644674]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2983.645640]  ? lock_downgrade+0x6d0/0x6d0
[ 2983.646473]  ? find_held_lock+0x2c/0x110
[ 2983.647298]  ? io_submit_sqes+0x85c0/0x85c0
[ 2983.648198]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2983.649173]  ? wait_for_completion_io+0x270/0x270
[ 2983.650149]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2983.651084]  ? vfs_write+0x354/0xa70
[ 2983.651850]  ? fput_many+0x2f/0x1a0
[ 2983.652588]  ? ksys_write+0x1a9/0x260
[ 2983.653362]  ? __ia32_sys_read+0xb0/0xb0
[ 2983.654178]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2983.655271]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2983.656329]  do_syscall_64+0x33/0x40
[ 2983.657077]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2983.658105] RIP: 0033:0x7fd673b8db19
[ 2983.658851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2983.662481] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2983.664024] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2983.665413] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2983.666798] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2983.668187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2983.669570] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:12:39 executing program 3:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$hpet(0xffffffffffffff9c, &(0x7f00000000c0), 0x18042, 0x0)
fcntl$setpipe(r2, 0x407, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r1}}, 0x0)
close(r0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000009f2cc03eb504889bd9f30e80f015f6091f1a34554cf45a626ad5", @ANYRES32=<r6=>r3, @ANYBLOB="020000000000000000"])
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r6, 0x40189429, &(0x7f0000000180)={0x0, 0x0, 0xffffffffffffffdd})
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:53 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000180))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:53 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:53 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 76)

18:12:53 executing program 4:
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x7fffffff, 0x4}}, './file0\x00'})
r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
getpeername$unix(r0, &(0x7f0000000140)=@abs, &(0x7f00000000c0)=0x6e)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r4)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(0xffffffffffffffff, 0x1)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
vmsplice(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)="b2f8df89d1f5fe976fe0641e0c1112c259f69c576644a5b44e8112226164229167a81c90524fba848287a5f2", 0x2c}, {&(0x7f0000000340)="5b1319a14e76219fd05eb69b3a104a5e8343be660676f68910c856f50a2cbb6d73a83f2d0cc8c72fed361222483f50ffc342acb3eec38da52d8807c2881b6960e33196b29307451cccfed497823c7561f942190826ff0deb7ead3fe42c52a597d77c45bdabe362fccbeb3ad90958a51219fa5e68e6585863f814beb30156303cd4b61e03cc5f6f44231c7a5ade5d4f0840db0fa0e7f1cdde147c9e15d52e0a92ce93b7ac8e679286249f42eaa1c18a318bc1c5fb60fbbd3074993d32b2984ebf6c05717ec3420b002eb23682dffa960c718b6a2a4520e4fe0f016d4523b8c93b002b3c437cd25bd85fac90a0426609e09a6f7a4ef391a00d55032f09b5c0745559ea03059d141168eb70ca4dcf74bfcfc23d6e74a7295526af58b1bf5b3e2fe964846420b1389d960d3a318d4592633f98f179caad9092230521ea035962975ea5b5279a41cb73e86696ab8bfb9695eee10dc314742a64740a678959f23c8295d27019a2ccdb83258ebbfc457df262642f1308297cb793c9814e6d3ee935ce26eab604fc02111b9cfe0c721e09cc5a6f10088da7f79e4122fdc23806f8d8bd2b0f7eb7008d218fa8e7fd46f45f8fbd8c74eabb005648c3c3e02ce08124ed31ddce7fa8cc78486db8260a5e394b7a4f71d3dd6dbdbe3506c786d5abb572cf16d020847ed3e10eba79c9831f162a95fe535aab74ea52eaa122a144c28d3e7f2cbaed1f363ab48178cc31900896be562396c780656814cbaf39c82ebead941c50c899235a2546b3ea5503c925732a27065b9b5d63edf2a6363505ee9e4f9a57a426988f8ed030f236467287340c65bd8528c64ed2b7ed9085f76aee3c9e201355f101faaf128b95c935d3c103c4693d9b06d890d61f19c36493eee4b10772395fd50d6e4114f243e781ff9370b67e393592699669f2bf90b7492406cffb3a722c3da1a6bb21af3cba0e20d25aba426e39b76e2887ddff9a0c0d5626e1724604279409baa766e3b8458eae1b06eadac9004ad72de88f24d0ac65cce5bd5f8f7bb72328f1e0391c2d7929e400308a12c2d757ab2f2566c5afeccff56799f5443528cce612570252e471c5c2e42f644ec9b1b87bb21b963571b1ed656ec3bb2e0d168f9b39ff28ab20ccdeebfeb09da82a29c153044d9f462ab2fa57710e492cf3630687d7a0dfc04e7f95e1968fe0b6a4373f9513dd8262d0ff8b4aa190e9cdda13de13c9546fccfef97167353b0b12e0e2182e6f6f563be0bb798e84805f039827008a3db18857b75971ce1f72f699d679f7c78638eea58467eca3ea97ca181598da489031abbd32781edfd091ca92cf600d4b64bb2f4b14b1c576aa2b4df7c5030c2787cb54b883c09bc9526c5f64a96956a712e4241e7782c6dd1c59ef1fa8f0ea01dc29eba1406dab723f03c72beaebc72cb599d8d75e5077ec1c072962cfeee7d56230b2875458d4cd3c5cf88502c19db7a112ae4a15a751f2a36653517fa67f38247e93dfa329d8f7c3a70e367e7ee96d09f7bd5db1e852b497b4236cbefa4946d2d82eae01a47b7e778738de2a46beb2fbc2f3ca617021d9a423cd60e25f245fcb4e9204da9d301c52384f40f070db5f7832683b7c37c1a025e3d02862a97c3b8995b60a2536bf42b3f7aa8709f4c25ded2ba42f8eed5f606c6e0d4e3efc1287565768e1dccbd974d7f7fc889e3e5e291a481e3c4329e30c1c6eb2dde8c16208fa7646c415498486796e958b92cbdc9cfea7e5171d17ae807a59de98c47f76c4e827d66705f9815a4ed2d828543a59816acee87b588992b1413b3e3958278c6ee7d64814926c714946d74a979b865c0f5d3f304d9462aefaaeaea2fdac96cb575f08f6678fa4566cf88d401c52ca7ead21b4a3648c09f6bdb423378aeda1a7da4e4213ebd6dbcc53e521c6e54316a6786b389ddd9bd19ae3176dcc6d07f72dd109fd15d73b26330608087296119bdbd77a618403b5c8029fdf0d675d56800c145ea1dd89075a23c051c38bfb5124fc818828dce1bc208e3051fc239dea107b9afecdebf2ae23cef5ef4d24b1857d912565d9b939e067157b04c1c4d69b7c52287d8a151c35b5911848288192bf00f0d27851b227808fd80907d9722db29355194e86ff9d718ee5cdf270f3b411bb46fdfdd7cd5bcff19c6cf118ebedc02f83eab2168c1bf4776962430bcd0d9a6573f12a16225dc657e21b7594ce109aa7aee4dbb1f8b30e2f2b00660d134b67033ede3c83266ee9568272c6e7ace80c3dcb5ad60c55e3d1377b35c17c4e2175b5ce5c73261a713c4ec7e95a0e8396d42beb09a91ec0f2356f9ed63f0ff2ce2fa4aecee4b7472a7f8d19d66c5c5af23d91d300550e41272d8dbfc647ed43e5dc40ed150c1cff8f715a0fba74742f4af69a6bcf59b7d7dd85389e05b78adb4ee4a9c2765df2984c63d0fd7319bcae0710aadd5c74f7dd94d6118368b35401b54776dbcb5ae6c69154f655b7fb1950e33b3c3c79672f5bd75d3fd18b01b2607c2174f14344f2b58d8ad0ef513cffbf31b123439d5465b8a926a8657463eea0892c1e589e32d152d045d78385d0f5e8b5cffd6e6e6870db38a74bde5c8a0a1f61db7744ac8cc0c915cabdafa55a45a6d7cadec7270512eb2b676bb1d0459e10012366be3629bf88ae6c63e9bd70ffb6a6490123b632bc3bacdead970ec0a5a51f1d313b4949d96c5454e4694d84e10d9e65fbfc0ed6db1fd7ced6fa1163ac79adbdbb3ef5b4f873cd31234a74e97e783187831b3b571f08d66a3eadf5dc3b5a73609d13d607f79472ae1f1cb57284f8e246117bcc7372c9d47396d6067b8c53c0a2eb8157bef8fa925cd9b063751bb15836538b3a6c386fcdec78b7a67a8614a20838bdc5a1441018f8eb70238825504b8c9d0ff0112fe564b159c6de9f61b144af4249a8760e9f99103c246a3527c43c057f46d52847ee8785d7efccae5188a8b6bfcfe7bf1a975bc77f54e536fc38d1f5319092338b5e3aa4af8ba2164efab89311dbc5ffd26dba1d04d7a2e9308cd030a750714db6da7c25d6c62cc83e0c500cbcf24ecd55190104c1c80da28fb540c7cb1516fa418c7a847fe4d05b972d74a2a3d93991fd49082e5149c1f9109585ea8916150109dc4405ac590bf038a0ede656df8e6272914424322708035fd12e9e4ca6bdf5c8e9cae24df55bc565522887f5e05f83bb9d49618c6c4363d67e905176ebd766002028201b9ff851b9008e98246997566bc7e128fb332c1ba9d00b3d7307177c7921965096f127ad647434f54f136de2aa7c4835afcce09b4e68c1ef8c9fbe9f53a276ab94a4d7bf37dd0cb2e14aa1bbefd9437edb8eeae5fe35c4e5f23837161bf2f59b990b569796785a46e675d585e918e80b9301c7a2d57fabdcd6ae302ab87c946383783a918ab9b9ef884583429f861f53a95b9622b1f3db4e7b2b5abfa88dc14ce21d5318c2f190b70b77a2d7c357573733243f15016ef8526acbdf4b7d28b073df218e600911b9eba8bf3fd48ab849a8ee6aca0aa6dee9ee0a0c124b9d1e70f1bc40e8aea97fee60d995ef96611c3dae4c9a7a3dd203b7238403b73aa3936c1f5c9ed0f0dc833b4c906b9fcfd9cd514b6b8f8877c9ea8711b35fc1b75e41321fd6f00f67761d31a8504a0f0e11ebd0b56c4b64aca546ba45701b87dfac7eefde0bb5486cee0e0bad71e45eb69ae6ff4f5cf71af3718f135f3d1bb7d92bbdc5bc35820970faa13efca2b8da7b2634eae10bbc937be7e105f855d787056a4dca41d272a128531a2eee267e253eca518cd087eead6155c6be38355d6eca31260cf6427509e8aa5aa99b1d62eb7557045440a1c853505193e6c2489eaa2d35fefb07c3d63a8d0fba02092e2fcab2b93746b44b820bbeedd942613c1a0cf5ae06dd1f6e1b320817f7eba6e158d967659e2231bac9e37763e946ba76ef903023dca0bc931cf5116b47a65bfdbd95b484abc1bd681d97e185626dc462a66da9ac1ed2fea57780c117b6d1def042c13348a2656447dff46f39a5bb7d4e0e40d7f7dccd1dabc811c9fececeb025cf9f427cf5df7c4b4f191fea7f608199484a5ed6c2061bee5448d4f3ff2737c9d47122a10ce5c1ef629eb34105deb104ba34539dbc8580d2336af7ef1cd6540bc2b93182b383790eb20def901509ba8de41e78e140fd21755fade43e6179a082d7195da474a4e7852c5b081d6f3f9cd3557906674ca0ee4bf760eac9acdacd381e2493461e098f088a790f0dbb96d8b85e59822e4d9bc92d85139677a6c8caa6bf5dac7cce59877b053de4fbf34567d13c1782f426ea054f0de2a669f4a1523118c754887a14d4e1d332f780639a1026dd0912dd341fa0def67ea0f23f4e1684a27af761f6c7c1686f8226a000a5dbea038d5f51b99321a52f8d9eef270594133ea4a2f4358b1ab82606e3cdb6f153b3dd0a42d5e8143c1a1c3ff5a226cbf0ed3818242c280e72ab77cb11bf7b10db978a8bcf64d42cbbb1ffc914d072ad2ffc14c8463f6d72f2cc36df103eaa62476f92a265af72928f2f561efcfd9cc37b9eec9ab95ee08f591890521e7452c1b6bb39b1441a6930da6a8f9d55a95b6be254add0a03b512dabaadf7348cccea430a4bf248fe11060db01aab3cd2a3ba9bc57dd9d24d4bb1d22b7dbe7685c36dffe28148a8ed288c49bfd85ede83fa58f63cabcb16e8649668ccea25d333a50b6eaf0dc46fd528381d7ab1b6042b1826cc93ff18fc24a23e96a22eab56b7a35a08a31919829fd3f1536dc9b779a1d8ba78634c46af3fd74ea4deb89a7f08835e27b84a46fc77e95f21e36ad38712b7312ef1149918eee97a57d5ab2fdc55710ea2d975ae2c443fe26b4e92b38e2c89059011d59bdd472ca39739aa66f03b98cf0fc3d3decc0220d8b1ebaddffdede0d5a88160ed51f5b8feeddde4876097b5d1d5cc3e94b717c65fc7ead6164461d9b898a8b2c5c5350002a203c0842df5a880d709c89016d5cc0d100df15d76364a322aff35df0a642658a6e8d0f9944e233f636a075567e64d1dc938164c026cad5d662d641722e03777049c8588e0b577f4162b843c318bb2637b2832e8d26e0141def0814708d1b5c138a61242b6efd475b25279973bd0fe5ec16f035802d1143ff47498e3d14f757c6913b1a80738e62f379c34b465f19e87a395bce2f10e5298813944cf8f742926ad3f268a4b8d4c58339cc1a5b6ec30d378474d853f005a5276fd0115244ba0ac08f236b51d8e36d6b4404abb80f8d06ecdea228445f2bbf21033ae1dfe1f5ad274444c0c1cc95d0610e652150aa0770cb09f91d3d1830474e0b95db0e779a8bd7a7f6797323c12e77201517fcc1277cbcdc1f061d135208b70a8565cf40dbcfb29d36bf25160dc6ea924295c3a018d4f4b9c5ac0c97e0a6ae95233b2eb45ff32af523d48334788c8c929b87858d973352dad866ad3867c361951088e3fe6ae8d2e292f77759f58444c1ae2da3529e7b37153415f155a9a604b202c5bd48782d07a4f1d79edd63f042275cd31d0f9dbcf3c3162902bf181dc5bd3575bacca8807448dcb90169609c1478f0da494b7bc46a15ef53aa553b418ec22a5bdda692ac785a6e2943cd25a62f5800683b5083d0409c2b9b056e648af49f086f9eb5847853d8684a18cc950d3ba5a8aaa95d76e7cc5df17c32ec40a7bf7257f6af3e42aded25bbf7e294291b75e56577a05176c03fc0d22f5c3bb41b2f9479d3ec6f8b60ef57828f09d79f4205f4477125f14d67ee6d7b369d0324674f00a117b41f2f07b2d3013bb688f5fd02727e6e", 0x1000}], 0x2, 0x8)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:53 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x5, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r8 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r8, 0x4018f50b, &(0x7f0000000280)={0x0, 0xfffffffffffffffd})
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080), 0x1}, 0x0, 0x10000, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r9 = pidfd_getfd(r3, r4, 0x0)
sendmsg$nl_generic(r9, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x19, 0xa24, 0x70bd26, 0x25dfdbff, {0xc}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000004)

18:12:53 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
splice(r5, &(0x7f00000000c0)=0xfe, r7, &(0x7f0000000180)=0x100000000, 0x8000, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:53 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
finit_module(r5, &(0x7f00000000c0)=')}]{-}%\'\x00', 0x4)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:53 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
clock_gettime(0x0, &(0x7f00000028c0)={<r5=>0x0, <r6=>0x0})
recvmmsg$unix(r4, &(0x7f0000002740)=[{{&(0x7f0000000180), 0x6e, &(0x7f0000000700)=[{&(0x7f0000000240)=""/116, 0x74}, {&(0x7f0000000340)=""/133, 0x85}, {&(0x7f0000000400)=""/108, 0x6c}, {&(0x7f00000000c0)=""/28, 0x1c}, {&(0x7f0000000480)=""/236, 0xec}, {&(0x7f0000000580)=""/181, 0xb5}, {&(0x7f0000000640)=""/139, 0x8b}], 0x7, &(0x7f0000000780)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}}, {{&(0x7f0000000800), 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000880)=""/134, 0x86}, {&(0x7f0000000940)=""/85, 0x55}, {&(0x7f00000009c0)=""/176, 0xb0}], 0x3, &(0x7f0000002940)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000017f2de6327e15f8d1f21644863000001000000224c10af5814c8c053eb55d101000000", @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32=<r7=>0xffffffffffffffff, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xd8}}, {{&(0x7f0000000bc0)=@abs, 0x6e, &(0x7f0000001c40)=[{&(0x7f0000000c40)=""/4096, 0x1000}], 0x1, &(0x7f0000001c80)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}}, {{&(0x7f0000001d00), 0x6e, &(0x7f0000001f00)=[{&(0x7f0000001e00)=""/245, 0xf5}], 0x1, &(0x7f0000001f40)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000001f80)=@abs, 0x6e, &(0x7f0000002380)=[{&(0x7f0000002000)=""/173, 0xad}, {&(0x7f00000020c0)=""/77, 0x4d}, {&(0x7f0000002140)=""/100, 0x64}, {&(0x7f00000021c0)=""/148, 0x94}, {&(0x7f0000002280)=""/26, 0x1a}, {&(0x7f00000022c0)=""/91, 0x5b}, {&(0x7f0000002340)=""/39, 0x27}], 0x7}}, {{&(0x7f0000002400), 0x6e, &(0x7f0000002680)=[{&(0x7f0000002480)=""/94, 0x5e}, {&(0x7f0000002500)=""/50, 0x32}, {&(0x7f0000002540)=""/250, 0xfa}, {&(0x7f0000002640)=""/64, 0x40}], 0x4, &(0x7f00000026c0)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}}], 0x6, 0x40002000, &(0x7f0000002900)={r5, r6+60000000})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, r7, 0x2)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2997.872885] FAULT_INJECTION: forcing a failure.
[ 2997.872885] name failslab, interval 1, probability 0, space 0, times 0
[ 2997.875387] CPU: 1 PID: 15244 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 2997.876801] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2997.878427] Call Trace:
[ 2997.878964]  dump_stack+0x107/0x167
[ 2997.879691]  should_fail.cold+0x5/0xa
[ 2997.880466]  ? create_object.isra.0+0x3a/0xa20
[ 2997.881370]  should_failslab+0x5/0x20
[ 2997.882142]  kmem_cache_alloc+0x5b/0x310
[ 2997.882945]  ? mark_held_locks+0x9e/0xe0
[ 2997.883798]  create_object.isra.0+0x3a/0xa20
[ 2997.884664]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2997.885702]  kmem_cache_alloc_bulk+0x168/0x320
[ 2997.886608]  io_submit_sqes+0x6f76/0x85c0
[ 2997.887481]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 2997.888473]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 2997.889453]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.890267]  ? find_held_lock+0x2c/0x110
[ 2997.891093]  ? io_submit_sqes+0x85c0/0x85c0
[ 2997.891967]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2997.892945]  ? wait_for_completion_io+0x270/0x270
[ 2997.893901]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2997.894844]  ? vfs_write+0x354/0xa70
[ 2997.895585]  ? fput_many+0x2f/0x1a0
[ 2997.896331]  ? ksys_write+0x1a9/0x260
[ 2997.897082]  ? __ia32_sys_read+0xb0/0xb0
[ 2997.897909]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2997.898942]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2997.900001]  do_syscall_64+0x33/0x40
[ 2997.900738]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2997.901777] RIP: 0033:0x7fd673b8db19
[ 2997.902518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2997.906251] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2997.907771] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 2997.909209] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 2997.910685] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 2997.912254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2997.913655] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:12:53 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
r4 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
shutdown(r4, 0x1)
ioctl$FS_IOC_FSSETXATTR(r4, 0x40086602, &(0x7f0000000000)={0x800005, 0xffffffff, 0x8000, 0x2, 0x5})
splice(r4, &(0x7f0000000040)=0x7, r3, &(0x7f0000000080)=0x7fffffff, 0x4, 0x6)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:12:53 executing program 0:
r0 = syz_io_uring_setup(0xcd4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}, 0x1c)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_setup(0x1, &(0x7f0000000cc0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x101})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd=r6, 0x9, 0x0, 0x0, 0x1e, 0x0, {0x3}}, 0x0)
close(0xffffffffffffffff)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:07 executing program 7:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
readahead(r3, 0x6, 0x2e)
ftruncate(r3, 0x1000003)
fcntl$setstatus(r3, 0x4, 0x22000)
io_uring_enter(r3, 0x1d26, 0xc2ce, 0x3, &(0x7f00000000c0)={[0x7]}, 0x8)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, {0x12}, 0x0, {0x0, r8}}, 0x9)

18:13:07 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000540)=ANY=[@ANYBLOB="010000000100000018000000017d1811b39c68e5e87e240600e3f4077a48ab1c250017dbb80a417e4f24e6957549856ffd879be09ffb4a3c97396bc933dbbea2f48f3d6711f3cba2962de4629fff47da2ab6b79aaa83b233a5cb06252ab154a5746fbdc28207bb78", @ANYRES32, @ANYBLOB="ff030000000000002e2f66696c653000"])
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x3, 0x6000, @fd=r5, 0x400, &(0x7f0000000180)="6b0a14e1bd660cc6fbf81c3273cb90c3146da0ce07b12665e57b95314c20c61dfcfe4bcc0c217e28a9ae1e74497c86511ef8b6df5185976662cffe85259636a5581ead8515cfd5f65cf9f66cafa79aaba9fcdfe960cb1b99ab0303739d054b3ee7005cba243585a7169d75eac3fbcd54bb1817bf4dc7b99048", 0x79, 0x4, 0x1}, 0x7)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
openat$null(0xffffffffffffff9c, &(0x7f0000000400), 0x4000, 0x0)
r8 = accept$packet(r7, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14)
ioctl$BTRFS_IOC_SET_FEATURES(r8, 0x40309439, &(0x7f0000000380)={0x1, 0x2, 0x8})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="0180000000000000ff0000004a0138bd788f3fdfbaa19e3d15b41a1d0e3d8524d3c5c18152a209b6717945f2cc3370561f2add5e06870e8df2888186ae42163edc960b512df53815c1cd711a7eb3a9abfabc750ca9db983670789f64a7b2a6d23e6d00"/109, @ANYRES32=<r9=>r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:07 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r6=>0x0})
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000001280)=@getpolicy={0x108, 0x15, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@multicast1, @in6=@remote, 0x4e20, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x87, r6, r7}, 0x6e6bb9, 0x2}, [@algo_aead={0x8c, 0x12, {{'rfc7539esp(cbc-aes-ce,sha224-ce)\x00'}, 0x200, 0x60, "a3f5e69e83c849545068c65e8c08ba2cf68cc0d1cad9a68aea4dea38ab91bac99be493041d0aaa8671adcb31f510f7adb3f57611cf1a30e3d9564f44757ee210"}}, @encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e21, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, @tfcpad={0x8, 0x16, 0x5}, @extra_flags={0x8}]}, 0x108}, 0x1, 0x0, 0x0, 0x24000000}, 0x20040000)
quotactl(0x101, &(0x7f00000000c0)='./file0\x00', r7, &(0x7f0000000180)="203444f7ea65ba2053da5aea60c621a12e2042bd4d9b1e37bd621cc5c1ae2434762e5ae6670e3f429003dd894f252f94963b13a8b8f68ebf911622ee94d1eb72345d481eab815b5c6a41")
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x11, r0, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:07 executing program 4:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
read(r3, &(0x7f0000000040)=""/156, 0x9c)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:07 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 77)

18:13:07 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
close(0xffffffffffffffff)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r7 = pidfd_getfd(r4, r5, 0x0)
setsockopt$SO_TIMESTAMP(r7, 0x1, 0x0, &(0x7f00000000c0)=0x11, 0x4)

18:13:07 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r5}}, 0x0)
close(r3)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001300)={<r6=>0x0, ""/256, <r7=>0x0, <r8=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}], 0x0, "46dacd8396fe92"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000505c0)={0x200, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r9=>0x0}], 0xfb, "3476c31b10b819"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000515c0)={0x0, ""/256, 0x0, <r10=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f00000517c0)={0x1, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {0x0, r9}, {0x0, r10}], 0x2, "653b3b77f546ce"})
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000340))
r11 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r11, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:07 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r7=>0x0})
r8 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000001280)=@getpolicy={0x108, 0x15, 0x2, 0x70bd27, 0x25dfdbff, {{@in=@multicast1, @in6=@remote, 0x4e20, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x87, r7, r8}, 0x6e6bb9, 0x2}, [@algo_aead={0x8c, 0x12, {{'rfc7539esp(cbc-aes-ce,sha224-ce)\x00'}, 0x200, 0x60, "a3f5e69e83c849545068c65e8c08ba2cf68cc0d1cad9a68aea4dea38ab91bac99be493041d0aaa8671adcb31f510f7adb3f57611cf1a30e3d9564f44757ee210"}}, @encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e21, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, @tfcpad={0x8, 0x16, 0x5}, @extra_flags={0x8}]}, 0x108}, 0x1, 0x0, 0x0, 0x24000000}, 0x20040000)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x240000, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_any}, {@posixacl}, {@access_any}, {@mmap}, {@access_client}, {@cache_none}, {@loose}, {@dfltgid={'dfltgid', 0x3d, 0xee00}}, {@version_u}], [{@euid_lt={'euid<', r8}}, {@measure}, {@dont_hash}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/snd/timer\x00'}}, {@measure}, {@dont_appraise}]}})
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 3012.032983] FAULT_INJECTION: forcing a failure.
[ 3012.032983] name failslab, interval 1, probability 0, space 0, times 0
[ 3012.035761] CPU: 0 PID: 15288 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 3012.037303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3012.038957] Call Trace:
[ 3012.039546]  dump_stack+0x107/0x167
[ 3012.040291]  should_fail.cold+0x5/0xa
[ 3012.041127]  ? create_object.isra.0+0x3a/0xa20
[ 3012.042039]  should_failslab+0x5/0x20
[ 3012.042853]  kmem_cache_alloc+0x5b/0x310
[ 3012.043672]  ? mark_held_locks+0x9e/0xe0
[ 3012.044596]  create_object.isra.0+0x3a/0xa20
[ 3012.045475]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3012.046604]  kmem_cache_alloc_bulk+0x168/0x320
[ 3012.047523]  io_submit_sqes+0x6f76/0x85c0
[ 3012.048470]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 3012.049467]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 3012.050505]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.051351]  ? find_held_lock+0x2c/0x110
[ 3012.052207]  ? io_submit_sqes+0x85c0/0x85c0
[ 3012.053094]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3012.054078]  ? wait_for_completion_io+0x270/0x270
[ 3012.055061]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3012.056015]  ? vfs_write+0x354/0xa70
[ 3012.056782]  ? fput_many+0x2f/0x1a0
[ 3012.057531]  ? ksys_write+0x1a9/0x260
[ 3012.058309]  ? __ia32_sys_read+0xb0/0xb0
[ 3012.059144]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3012.060233]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3012.061289]  do_syscall_64+0x33/0x40
[ 3012.062050]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3012.063094] RIP: 0033:0x7fd673b8db19
[ 3012.063865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3012.067613] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3012.069175] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 3012.070631] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 3012.072139] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 3012.073590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3012.075050] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:13:07 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x5, 0x0, @fd_index=0x9, 0x8, 0x0, 0x8}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:07 executing program 4:
r0 = syz_io_uring_setup(0x4955, &(0x7f0000000040), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000000c0)={r4, 0x4, 0x9c})
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r5 = accept4$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000400)=0x14, 0x800)
pwritev(r5, &(0x7f0000000480)=[{&(0x7f0000000440)="152be38628416f690578d6bac6192d09b9f2bf073039f9", 0x17}], 0x1, 0x1, 0xe9)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r7 = syz_io_uring_setup(0x1cf8, &(0x7f0000000180)={0x0, 0x6627, 0x8, 0x3, 0x14e}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000240), &(0x7f0000000280))
ioctl(r7, 0x2, &(0x7f00000002c0)="efbf328087bb2f6f7a448ca80131aa06a4d7a506a1207262844129078b3fa40d2d5a11e164aa8dcdc85e0448c7a86e2de523adb9a777872207b0327081d2cd03ce7e4f44838a8d61d00b67526af856fce5d86ce24c8750c8f73753222a6e7ab17e092d32c3204c00ba8dafbc4540c6824fe90f4f3682d9a48c052008c990e4bb5057b16b3ddd64755e2d001d038eee178a2a5caffad0ea5343dc89c8d13a6175af62dd982624ee2b927d1c9d312639ddff75c709929ae4816087eef1e536c851d8da332e40dd6d398cc40247aeb1085f5dc162a527b5f7d626919d")
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 78)

18:13:08 executing program 4:
r0 = syz_io_uring_setup(0x420a, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x10000)
r7 = fcntl$dupfd(r4, 0x0, r6)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x5, 0x0, 0x3daf, 0x0, 0x0, 0x0, 0x0, 0x1, {0x1, r5}}, 0x20020000)
close(r3)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
r9 = openat$cgroup_procs(r7, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000c, 0x10010, r9, 0x9ea3e000)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r10, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xff)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 3012.590944] FAULT_INJECTION: forcing a failure.
[ 3012.590944] name failslab, interval 1, probability 0, space 0, times 0
[ 3012.593667] CPU: 0 PID: 15313 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 3012.595106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3012.596850] Call Trace:
[ 3012.597413]  dump_stack+0x107/0x167
[ 3012.598169]  should_fail.cold+0x5/0xa
[ 3012.598958]  ? create_object.isra.0+0x3a/0xa20
[ 3012.599912]  should_failslab+0x5/0x20
[ 3012.600695]  kmem_cache_alloc+0x5b/0x310
[ 3012.601527]  ? mark_held_locks+0x9e/0xe0
[ 3012.602362]  create_object.isra.0+0x3a/0xa20
[ 3012.603268]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3012.604324]  kmem_cache_alloc_bulk+0x168/0x320
[ 3012.605272]  io_submit_sqes+0x6f76/0x85c0
[ 3012.606153]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 3012.607178]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 3012.608193]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.609041]  ? find_held_lock+0x2c/0x110
[ 3012.609879]  ? io_submit_sqes+0x85c0/0x85c0
[ 3012.610771]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3012.611763]  ? wait_for_completion_io+0x270/0x270
[ 3012.612766]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3012.613725]  ? vfs_write+0x354/0xa70
[ 3012.614498]  ? fput_many+0x2f/0x1a0
[ 3012.615247]  ? ksys_write+0x1a9/0x260
[ 3012.616043]  ? __ia32_sys_read+0xb0/0xb0
[ 3012.616889]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3012.617969]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3012.619029]  do_syscall_64+0x33/0x40
[ 3012.619811]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3012.620869] RIP: 0033:0x7fd673b8db19
[ 3012.621637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3012.625443] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3012.627000] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 3012.628480] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 3012.629943] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 3012.631403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3012.632874] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:13:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
close(0xffffffffffffffff)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f0000000180)={<r4=>0x0, <r5=>0x0})
utimensat(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={{r2, r3/1000+60000}, {r4, r5/1000+10000}}, 0x0)

18:13:08 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
r4 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00')
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000180)={0x3, 0x0, 0x6a, 0x94, 0x401})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e24, 0xffffffee, @dev={0xfe, 0x80, '\x00', 0x27}, 0xfffffc75}, 0x1c)

18:13:08 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
name_to_handle_at(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="90000000240000000001000001000080050000008000c88b162338c01e2b37d18a02827ef6b1b87be05dc477e9a70d0c4cac87e176ab0100000000000000eb268589451a7e57711d36a89df63dc5be75623749f4648e4011e08ceff4dc10d8446719811f04009d0d9a50ba22142f44200a62067db0aaec62584c7d4a52de543f0a04617b251b09bddc3b17dededbed883e620bccfc7a0000"], &(0x7f0000000180), 0x200)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:08 executing program 2:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
io_uring_enter(r0, 0xb6d, 0x8505, 0x3, &(0x7f00000000c0)={[0xe0000000]}, 0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:08 executing program 7:
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0)='wg1\x00', 0x4)
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r3}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:08 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 79)

18:13:08 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt(r3, 0xffff, 0x1, &(0x7f0000000340)=""/156, &(0x7f00000000c0)=0x9c)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 3013.181951] FAULT_INJECTION: forcing a failure.
[ 3013.181951] name failslab, interval 1, probability 0, space 0, times 0
[ 3013.183979] CPU: 0 PID: 15340 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 3013.185063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3013.186302] Call Trace:
[ 3013.186704]  dump_stack+0x107/0x167
[ 3013.187256]  should_fail.cold+0x5/0xa
[ 3013.187849]  ? create_object.isra.0+0x3a/0xa20
[ 3013.188553]  should_failslab+0x5/0x20
[ 3013.189130]  kmem_cache_alloc+0x5b/0x310
[ 3013.189745]  ? mark_held_locks+0x9e/0xe0
[ 3013.190377]  create_object.isra.0+0x3a/0xa20
[ 3013.191048]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3013.191819]  kmem_cache_alloc_bulk+0x168/0x320
[ 3013.192520]  io_submit_sqes+0x6f76/0x85c0
[ 3013.193166]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 3013.193921]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 3013.194652]  ? lock_downgrade+0x6d0/0x6d0
[ 3013.195269]  ? find_held_lock+0x2c/0x110
[ 3013.195927]  ? io_submit_sqes+0x85c0/0x85c0
[ 3013.196584]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3013.197315]  ? wait_for_completion_io+0x270/0x270
[ 3013.198040]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3013.198719]  ? vfs_write+0x354/0xa70
[ 3013.199236]  ? fput_many+0x2f/0x1a0
[ 3013.199758]  ? ksys_write+0x1a9/0x260
[ 3013.200392]  ? __ia32_sys_read+0xb0/0xb0
[ 3013.201107]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3013.202131]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3013.202986]  do_syscall_64+0x33/0x40
[ 3013.203603]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3013.204467] RIP: 0033:0x7fd673b8db19
[ 3013.205087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3013.208140] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3013.209398] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 3013.210538] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 3013.211529] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 3013.212587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3013.213632] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:13:08 executing program 3:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x140033, r5, 0x10000000)
readahead(0xffffffffffffffff, 0x6, 0x2e)
ftruncate(0xffffffffffffffff, 0x1000003)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22000)
io_uring_enter(0xffffffffffffffff, 0x556c, 0x993, 0x0, &(0x7f00000000c0)={[0x7]}, 0x8)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x8000, 0x3}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xfffffffffffeffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:08 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x10000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
fcntl$getown(r6, 0x9)
preadv(r3, &(0x7f0000001600)=[{&(0x7f00000001c0)=""/17, 0x11}, {&(0x7f0000000340)=""/183, 0xb7}, {&(0x7f0000000400)=""/147, 0x93}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f0000000240)=""/7, 0x7}, {&(0x7f00000014c0)=""/160, 0xa0}, {&(0x7f0000001580)=""/69, 0x45}], 0x7, 0x30f967dc, 0x8001)
close(0xffffffffffffffff)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r8 = openat$incfs(r5, &(0x7f00000000c0)='.pending_reads\x00', 0x684240, 0x9c)
io_uring_enter(r8, 0x8, 0x69a3, 0x0, &(0x7f0000000180)={[0x4]}, 0x8)

18:13:09 executing program 6:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040))
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r5, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r5, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000080)=0x29eb, 0x4)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmmsg$inet6(r5, &(0x7f0000004d00), 0x2f, 0x20040000)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x100000000000000, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:09 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 80)

18:13:09 executing program 1:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index=0x9, 0x9, 0x0, 0x0, 0x10, 0x1, {0x0, r4}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x5, 0x0, 0x0, 0x1, &(0x7f0000000340)="60e79d950b9299838d0968d492e01c3a129ede65912f8160577e636f6ecee2a68eeb46fdb0ac6d2c51d0ad4d0daa1c66dff023933eb3a996c15f95a9d43a548a918070ed75c6b75aa9b31c845834360a5be754bb18bc631542c930f553efcdc49765d2ede534f00e792f00a1dce6dc66b44b220c8209d8787527820ee4b4872cb1a7bd39e4ec621522712e15e2b87ed270f5843dbf10d3f7f57bd0f6a7a60efbbcd1d0e52a43f2e1136a16f2c24dc10e47", 0x2, 0x0, 0x1, {0x3}}, 0x8ef9)
close(r3)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x2)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=<r8=>0x0, &(0x7f0000002a40)=<r9=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0xfffffffffffffffb, 0x400004}, 0x0)
io_uring_enter(r7, 0x76d3, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 3013.574071] FAULT_INJECTION: forcing a failure.
[ 3013.574071] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3013.576792] CPU: 1 PID: 15358 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 3013.578205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3013.579903] Call Trace:
[ 3013.580460]  dump_stack+0x107/0x167
[ 3013.581209]  should_fail.cold+0x5/0xa
[ 3013.582012]  __alloc_pages_nodemask+0x182/0x600
[ 3013.582969]  ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130
[ 3013.584256]  alloc_pages_current+0x187/0x280
[ 3013.585166]  allocate_slab+0x26f/0x380
[ 3013.585974]  ___slab_alloc+0x470/0x700
[ 3013.586770]  ? io_submit_sqes+0x6f76/0x85c0
[ 3013.587671]  ? kmem_cache_alloc_bulk+0x1ec/0x320
[ 3013.588648]  kmem_cache_alloc_bulk+0x1ec/0x320
[ 3013.589584]  io_submit_sqes+0x6f76/0x85c0
[ 3013.590457]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 3013.591477]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 3013.592473]  ? lock_downgrade+0x6d0/0x6d0
[ 3013.593319]  ? find_held_lock+0x2c/0x110
[ 3013.594147]  ? io_submit_sqes+0x85c0/0x85c0
[ 3013.595031]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3013.596022]  ? wait_for_completion_io+0x270/0x270
[ 3013.597000]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3013.597938]  ? vfs_write+0x354/0xa70
[ 3013.598697]  ? fput_many+0x2f/0x1a0
[ 3013.599445]  ? ksys_write+0x1a9/0x260
[ 3013.600237]  ? __ia32_sys_read+0xb0/0xb0
[ 3013.601120]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3013.602454]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3013.603767]  do_syscall_64+0x33/0x40
[ 3013.604598]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3013.605648] RIP: 0033:0x7fd673b8db19
[ 3013.606418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3013.610200] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3013.611761] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 3013.613225] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 3013.614692] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 3013.616110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3013.617514] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
18:13:09 executing program 0:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000040))
r3 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x9, 0x9}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ftruncate(r4, 0x1000003)
fcntl$setstatus(r4, 0x4, 0x22000)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000000c0)={{0x0, 0x3, 0x7, 0x2, 0x4}})
close(0xffffffffffffffff)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_open_dev$tty1(0xc, 0x4, 0x1)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x5e, 0x4800, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x2, 0xffffffff, 0x9, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x2)
poll(&(0x7f0000000240)=[{r4, 0x1006}, {r3, 0x16}], 0x2, 0x80000000)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

18:13:09 executing program 5:
r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2000, @fd_index}, 0x0)
close(0xffffffffffffffff)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
pipe(&(0x7f0000000100))
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 81)

[ 3014.030701] FAULT_INJECTION: forcing a failure.
[ 3014.030701] name failslab, interval 1, probability 0, space 0, times 0
[ 3014.033532] CPU: 1 PID: 15377 Comm: syz-executor.5 Not tainted 5.10.178 #1
[ 3014.034899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3014.036488] Call Trace:
[ 3014.037016]  dump_stack+0x107/0x167
[ 3014.037721]  should_fail.cold+0x5/0xa
[ 3014.038474]  ? create_object.isra.0+0x3a/0xa20
[ 3014.039353]  should_failslab+0x5/0x20
[ 3014.040134]  kmem_cache_alloc+0x5b/0x310
[ 3014.040914]  ? mark_held_locks+0x9e/0xe0
[ 3014.041736]  create_object.isra.0+0x3a/0xa20
[ 3014.042580]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3014.043576]  kmem_cache_alloc_bulk+0x168/0x320
[ 3014.044481]  io_submit_sqes+0x6f76/0x85c0
[ 3014.045318]  ? __do_sys_io_uring_enter+0x6b5/0x1730
[ 3014.046269]  __do_sys_io_uring_enter+0x6b5/0x1730
[ 3014.047212]  ? lock_downgrade+0x6d0/0x6d0
[ 3014.048018]  ? find_held_lock+0x2c/0x110
[ 3014.048817]  ? io_submit_sqes+0x85c0/0x85c0
[ 3014.049650]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3014.050592]  ? wait_for_completion_io+0x270/0x270
[ 3014.051523]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3014.052449]  ? vfs_write+0x354/0xa70
[ 3014.053182]  ? fput_many+0x2f/0x1a0
[ 3014.053880]  ? ksys_write+0x1a9/0x260
[ 3014.054625]  ? __ia32_sys_read+0xb0/0xb0
[ 3014.055412]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3014.056443]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3014.057439]  do_syscall_64+0x33/0x40
[ 3014.058167]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3014.059148] RIP: 0033:0x7fd673b8db19
[ 3014.059884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3014.063385] RSP: 002b:00007fd671103188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3014.064971] RAX: ffffffffffffffda RBX: 00007fd673ca0f60 RCX: 00007fd673b8db19
[ 3014.066397] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 3014.067833] RBP: 00007fd6711031d0 R08: 0000000000000000 R09: 0000000000000000
[ 3014.069258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3014.070683] R13: 00007ffdbb9b887f R14: 00007fd671103300 R15: 0000000000022000
[ 3030.017591] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[ 3030.020180] CPU: 1 PID: 273 Comm: syz-fuzzer Not tainted 5.10.178 #1
[ 3030.021495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3030.023181] Call Trace:
[ 3030.023737]  dump_stack+0x107/0x167
[ 3030.024497]  dump_header+0x106/0x65e
[ 3030.025264]  oom_kill_process.cold+0x10/0x15
[ 3030.026166]  out_of_memory+0x1149/0x1440
[ 3030.027003]  ? oom_killer_disable+0x280/0x280
[ 3030.027938]  ? mutex_trylock+0x237/0x2b0
[ 3030.028793]  ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130
[ 3030.030015]  __alloc_pages_slowpath.constprop.0+0x1b25/0x2130
[ 3030.031257]  ? lock_acquire+0xc7/0x470
[ 3030.032079]  ? warn_alloc+0x190/0x190
[ 3030.032909]  __alloc_pages_nodemask+0x51d/0x600
[ 3030.033886]  ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130
[ 3030.035141]  ? find_get_entry+0x2c8/0x740
[ 3030.035996]  alloc_pages_current+0x187/0x280
[ 3030.037007]  __page_cache_alloc+0x2d2/0x360
[ 3030.037897]  pagecache_get_page+0x2c7/0xc80
[ 3030.038786]  filemap_fault+0x177d/0x2210
[ 3030.039656]  ? read_cache_page_gfp+0x30/0x30
[ 3030.040567]  ? handle_mm_fault+0x28d0/0x3520
[ 3030.041460]  ? lock_downgrade+0x6d0/0x6d0
[ 3030.042305]  ext4_filemap_fault+0x87/0xc0
[ 3030.043151]  __do_fault+0x113/0x410
[ 3030.043898]  handle_mm_fault+0x1e72/0x3520
[ 3030.044789]  ? find_held_lock+0x2c/0x110
[ 3030.045628]  ? __pmd_alloc+0x5e0/0x5e0
[ 3030.046423]  ? vmacache_find+0x55/0x2a0
[ 3030.047245]  do_user_addr_fault+0x56e/0xc60
[ 3030.048141]  exc_page_fault+0xa2/0x1a0
[ 3030.048958]  ? asm_exc_page_fault+0x8/0x30
[ 3030.049825]  asm_exc_page_fault+0x1e/0x30
[ 3030.050678] RIP: 0033:0x4be170
[ 3030.051348] Code: Unable to access opcode bytes at RIP 0x4be146.
[ 3030.052632] RSP: 002b:000000c00042dd28 EFLAGS: 00010246
[ 3030.053720] RAX: 00000000008e4d20 RBX: 000000c000080238 RCX: 00000000008e4d20
[ 3030.055168] RDX: 0000000000b12b70 RSI: 000002c1a69dbb96 RDI: 000000c00a194180
[ 3030.056667] RBP: 000000c00042dd60 R08: 0000000000000000 R09: 0000000000000003
[ 3030.058130] R10: 000002c1d6df740f R11: 0000000000000001 R12: 000002c1d6df740f
[ 3030.059591] R13: 0000000000000001 R14: 000002c1d6df740f R15: ffffffffffffffff
[ 3030.061157] Mem-Info:
[ 3030.061719] active_anon:20270 inactive_anon:57936 isolated_anon:0
[ 3030.061719]  active_file:1012 inactive_file:926 isolated_file:0
[ 3030.061719]  unevictable:0 dirty:0 writeback:0
[ 3030.061719]  slab_reclaimable:8534 slab_unreclaimable:242829
[ 3030.061719]  mapped:69640 shmem:109 pagetables:1845 bounce:0
[ 3030.061719]  free:3545 free_pcp:61 free_cma:0
[ 3030.068737] Node 0 active_anon:81080kB inactive_anon:231744kB active_file:4204kB inactive_file:3996kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278896kB dirty:0kB writeback:0kB shmem:436kB writeback_tmp:0kB kernel_stack:4576kB all_unreclaimable? no
[ 3030.073473] Node 0 DMA free:6488kB min:48kB low:60kB high:72kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3030.078991] lowmem_reserve[]: 0 1616 1616 1616
[ 3030.080029] Node 0 DMA32 free:6676kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:81080kB inactive_anon:231744kB active_file:4220kB inactive_file:3908kB unevictable:0kB writepending:0kB present:2080640kB managed:1660512kB mlocked:0kB pagetables:7380kB bounce:0kB free_pcp:896kB local_pcp:16kB free_cma:0kB
[ 3030.085978] lowmem_reserve[]: 0 0 0 0
[ 3030.086829] Node 0 DMA: 0*4kB 1*8kB (H) 1*16kB (H) 0*32kB 1*64kB (H) 0*128kB 1*256kB (H) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6488kB
[ 3030.089667] Node 0 DMA32: 1672*4kB (U) 0*8kB 1*16kB (U) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6704kB
[ 3030.092183] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 3030.093880] 2047 total pagecache pages
[ 3030.094690] 0 pages in swap cache
[ 3030.095410] Swap cache stats: add 0, delete 0, find 0/0
[ 3030.096510] Free swap  = 0kB
[ 3030.097132] Total swap = 0kB
[ 3030.097790] 524158 pages RAM
[ 3030.098434] 0 pages HighMem/MovableOnly
[ 3030.099244] 105053 pages reserved
[ 3030.100074] Unreclaimable slab info:
[ 3030.101231] Name                      Used          Total
[ 3030.102467] pid_4                      7KB          7KB
[ 3030.103766] pid_3                      7KB          7KB
[ 3030.105055] pid_2                     51KB         71KB
[ 3030.106174] IEEE-802.15.4-MAC         63KB         63KB
[ 3030.107298] IEEE-802.15.4-RAW         63KB         63KB
[ 3030.108439] p9_req_t                   4KB          4KB
[ 3030.109564] fib6_nodes                28KB         28KB
[ 3030.110678] ip6_dst_cache             41KB         41KB
[ 3030.111781] PINGv6                    63KB         63KB
[ 3030.112915] RAWv6                    213KB        346KB
[ 3030.114162] UDPLITEv6                 62KB         62KB
[ 3030.115294] UDPv6                     93KB         93KB
[ 3030.116428] tw_sock_TCPv6             15KB         15KB
[ 3030.117714] request_sock_TCPv6         15KB         15KB
[ 3030.118942] TCPv6                     62KB         62KB
[ 3030.120083] scsi_sense_cache           4KB          4KB
[ 3030.121193] sd_ext_cdb                 3KB          3KB
[ 3030.122316] virtio_scsi_cmd           16KB         16KB
[ 3030.123427] sgpool-128                59KB         59KB
[ 3030.124549] sgpool-64                 63KB         63KB
[ 3030.125766] sgpool-32                 63KB         63KB
[ 3030.126897] sgpool-16                 45KB         45KB
[ 3030.128114] sgpool-8                  52KB         52KB
[ 3030.129303] io_kiocb                1545KB       2272KB
[ 3030.130446] mqueue_inode_cache         62KB         62KB
[ 3030.131576] nfs_commit_data           15KB         15KB
[ 3030.132692] nfs_write_data            47KB         47KB
[ 3030.133894] jbd2_inode                 7KB          7KB
[ 3030.135116] ext4_system_zone           7KB          7KB
[ 3030.136315] ext4_io_end_vec            7KB          7KB
[ 3030.137409] ext4_bio_post_read_ctx         15KB         15KB
[ 3030.138589] kioctx                    31KB         31KB
[ 3030.139688] aio_kiocb                  7KB          7KB
[ 3030.140803] dnotify_mark               7KB          7KB
[ 3030.142093] dnotify_struct             7KB          7KB
[ 3030.143299] bio-2                      4KB          4KB
[ 3030.144561] fasync_cache               7KB          7KB
[ 3030.145680] pid_namespace              7KB          7KB
[ 3030.146790] posix_timers_cache         15KB         15KB
[ 3030.147937] rpc_buffers               31KB         31KB
[ 3030.149067] rpc_tasks                  3KB          3KB
[ 3030.150172] UNIX                     191KB        341KB
[ 3030.151379] UDP-Lite                  63KB         63KB
[ 3030.152619] tcp_bind_bucket            8KB          8KB
[ 3030.153711] inet_peer_cache            4KB          4KB
[ 3030.154823] xfrm_state                32KB         32KB
[ 3030.155919] ip_fib_trie                8KB          8KB
[ 3030.157037] ip_fib_alias              15KB         15KB
[ 3030.158250] ip_dst_cache              77KB        108KB
[ 3030.159371] PING                      62KB         62KB
[ 3030.160594] RAW                      187KB        187KB
[ 3030.161738] UDP                      225KB        315KB
[ 3030.162843] tw_sock_TCP               15KB         15KB
[ 3030.163961] request_sock_TCP           7KB          7KB
[ 3030.165217] TCP                       90KB         90KB
[ 3030.166425] hugetlbfs_inode_cache         30KB         30KB
[ 3030.167694] bio-1                     11KB         11KB
[ 3030.168840] eventpoll_pwq             23KB         23KB
[ 3030.169944] eventpoll_epi             55KB         55KB
[ 3030.171049] inotify_inode_mark         58KB         58KB
[ 3030.172189] request_queue             90KB         90KB
[ 3030.173358] blkdev_ioc                22KB         22KB
[ 3030.174522] bio-0                    108KB        108KB
[ 3030.175639] biovec-max               922KB        922KB
[ 3030.176777] biovec-64                220KB        220KB
[ 3030.178010] biovec-16                 63KB         63KB
[ 3030.179139] user_namespace            31KB         31KB
[ 3030.180295] uid_cache                  8KB          8KB
[ 3030.181406] dmaengine-unmap-2          4KB          4KB
[ 3030.182509] audit_buffer               7KB          7KB
[ 3030.183613] skbuff_fclone_cache        112KB        112KB
[ 3030.184747] skbuff_head_cache        205KB        213KB
[ 3030.185818] file_lock_cache           66KB         66KB
[ 3030.186886] file_lock_ctx              7KB          7KB
[ 3030.187983] fsnotify_mark_connector         28KB         28KB
[ 3030.189231] net_namespace            172KB        172KB
[ 3030.190340] task_delay_info          119KB        119KB
[ 3030.191451] taskstats                 61KB         61KB
[ 3030.192548] proc_dir_entry           468KB        468KB
[ 3030.193659] pde_opener                35KB         35KB
[ 3030.194756] seq_file                  52KB         52KB
[ 3030.195875] sigqueue                 102KB        102KB
[ 3030.196985] shmem_inode_cache       1283KB       1383KB
[ 3030.198086] kernfs_iattrs_cache        231KB        231KB
[ 3030.199213] kernfs_node_cache       5754KB       5754KB
[ 3030.200354] mnt_cache                259KB        259KB
[ 3030.201472] filp                    1540KB       2070KB
[ 3030.202604] names_cache             9694KB      11543KB
[ 3030.203719] hashtab_node             274KB        274KB
[ 3030.204846] ebitmap_node            1149KB       1149KB
[ 3030.205948] avtab_node              4976KB       4976KB
[ 3030.207054] avc_node                  35KB         35KB
[ 3030.208171] lsm_inode_cache         3218KB       3308KB
[ 3030.209296] lsm_file_cache           142KB        192KB
[ 3030.210395] key_jar                   39KB         39KB
[ 3030.211496] uts_namespace             15KB         15KB
[ 3030.212620] nsproxy                   11KB         11KB
[ 3030.213779] vm_area_struct          1051KB       1336KB
[ 3030.214886] mm_struct                364KB        441KB
[ 3030.216004] fs_cache                  52KB         68KB
[ 3030.217129] files_cache              178KB        255KB
[ 3030.218237] signal_cache             355KB        494KB
[ 3030.219341] sighand_cache            346KB        390KB
[ 3030.220463] task_struct             1223KB       1648KB
[ 3030.221560] cred_jar                 117KB        196KB
[ 3030.222663] anon_vma_chain           274KB        322KB
[ 3030.223778] anon_vma                 293KB        310KB
[ 3030.224906] pid                       52KB         82KB
[ 3030.226018] Acpi-Operand             179KB        217KB
[ 3030.227128] Acpi-ParseExt             27KB         27KB
[ 3030.228245] Acpi-Parse               158KB        173KB
[ 3030.229356] Acpi-State               185KB        200KB
[ 3030.230469] Acpi-Namespace            24KB         24KB
[ 3030.231596] shared_policy_node          4KB          4KB
[ 3030.232744] numa_policy                7KB          7KB
[ 3030.233848] trace_event_file         163KB        163KB
[ 3030.234956] ftrace_event_field        280KB        280KB
[ 3030.236080] pool_workqueue            40KB         40KB
[ 3030.237184] task_group                16KB         16KB
[ 3030.238301] vmap_area                177KB        240KB
[ 3030.239420] page->ptl                225KB        311KB
[ 3030.240551] kmemleak_scan_area        149KB        187KB
[ 3030.241680] kmemleak_object       737550KB     737550KB
[ 3030.242807] kmalloc-8k              4848KB       4896KB
[ 3030.243933] kmalloc-4k              7312KB       8128KB
[ 3030.245047] kmalloc-2k              4936KB       5408KB
[ 3030.246170] kmalloc-1k              2474KB       3520KB
[ 3030.247296] kmalloc-512            25940KB      25940KB
[ 3030.248402] kmalloc-256             1360KB       1400KB
[ 3030.249550] kmalloc-192              539KB        552KB
[ 3030.250695] kmalloc-128              542KB        564KB
[ 3030.251893] kmalloc-96               690KB       1580KB
[ 3030.253041] kmalloc-64              1101KB       1584KB
[ 3030.254181] kmalloc-32             87128KB      87128KB
[ 3030.255292] kmalloc-16               331KB        372KB
[ 3030.256446] kmalloc-8                304KB        334KB
[ 3030.257532] kmem_cache_node           47KB         47KB
[ 3030.258675] kmem_cache                75KB         75KB
[ 3030.259814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=syz-fuzzer,pid=273,uid=0
[ 3030.265040] Out of memory (oom_kill_allocating_task): Killed process 253 (syz-fuzzer) total-vm:1240724kB, anon-rss:274480kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:964kB oom_score_adj:0

VM DIAGNOSIS:
18:13:27  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff888038437a40 RCX=ffffffff81625f3c RDX=00000000000001fe
RSI=ffffffff81625f4a RDI=0000000000000004 RBP=00000000000001fe RSP=ffff888038437720
R8 =0000000000000000 R9 =ffffea0000fd1fb3 R10=0000000000000011 R11=0000000000000001
R12=0000000000000000 R13=ffffea0000fd1f80 R14=ffff888038437a68 R15=0000000000000011
RIP=ffffffff81405cf4 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8aa361f760 CR3=000000004fd7e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=756e696c2d34365f3638782f62696c2f XMM01=706d6f6363657362696c2f756e672d78
XMM02=00322e6f732e706d6f6363657362696c XMM03=2f756e672d78756e696c2d34365f3638
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=1ffff1100947ee6c RCX=ffffffff81266555 RDX=0000000000000000
RSI=0000000000000008 RDI=ffffffff8685d6e0 RBP=0000000000000009 RSP=ffff88804a3f7310
R8 =0000000000000000 R9 =ffffffff8685d6e0 R10=fffffbfff0d0bade R11=0000000000000001
R12=ffff888047335620 R13=0000000000000006 R14=ffff888047335640 R15=0000000000000200
RIP=ffffffff816c0843 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 ffffc90000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055927a9a19e0 CR3=000000004efb2000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffffffffffffffffffff XMM01=00007f83a428be9000007f83a428be80
XMM02=00ffffffffffffff0000000000000000 XMM03=0000000000000000000000ff000000ff
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=2000000000000000646873732f6e7572 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000200000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000