0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
r4 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r4})
tgkill(r0, r4, 0x1e)
tgkill(r0, r0, 0x39)

03:34:39 executing program 2:
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)
syz_clone(0x4000, &(0x7f0000000140)="e1adfc9a2eba97df4c035f58a64178f8dd3b9e754ae3956053bda161ff17c4bd8f8043369b7b6098a5f284c67aacea94362e29175dbffb4d91ae13f5b5cc9ae98bb6e7877b9e60fd43b848e30dc3deaa39a39e79b92cbb1d7b24b00e522b752697dcc8cfe6e394212fae33b2f08d3b", 0x6f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="3966e7fb12edc4b53a1fccfae2925b978c52b7e831")

03:34:39 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000380)={0x0, 0xfffffffc, 0x0, 0x3}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x200)
r1 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r1})
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x7, 0x6, 0x0, 0x3, 0xa901, r1})
syz_open_dev$loop(&(0x7f0000000200), 0x9, 0x842)
r2 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f00000002c0)=""/176, 0x10000, 0x0, 0x5, 0x2}, 0x20)
ioctl$EVIOCGBITSW(r3, 0x80404525, &(0x7f0000000140)=""/33)
r4 = io_uring_setup(0x920c, &(0x7f0000000240)={0x0, 0x3af2, 0x800, 0x2000, 0xae})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r4, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000380)={0x0, 0xfffffffc, 0x0, 0x3}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x200) (async)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940)) (async)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r1}) (async)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x7, 0x6, 0x0, 0x3, 0xa901, r1}) (async)
syz_open_dev$loop(&(0x7f0000000200), 0x9, 0x842) (async)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) (async)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r3, 0x0, 0x0) (async)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f00000002c0)=""/176, 0x10000, 0x0, 0x5, 0x2}, 0x20) (async)
ioctl$EVIOCGBITSW(r3, 0x80404525, &(0x7f0000000140)=""/33) (async)
io_uring_setup(0x920c, &(0x7f0000000240)={0x0, 0x3af2, 0x800, 0x2000, 0xae}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r4, 0x0) (async)

03:34:39 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:39 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
tgkill(r0, r0, 0x39)

03:34:39 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
r4 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r4})
tgkill(r0, r4, 0x1e)
tgkill(r0, r0, 0x39)

03:34:39 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:39 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000380)={0x0, 0xfffffffc, 0x0, 0x3}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x200)
r1 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r1}) (async)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x7, 0x6, 0x0, 0x3, 0xa901, r1})
syz_open_dev$loop(&(0x7f0000000200), 0x9, 0x842) (async)
r2 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) (async)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0) (async)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f00000002c0)=""/176, 0x10000, 0x0, 0x5, 0x2}, 0x20) (async)
ioctl$EVIOCGBITSW(r3, 0x80404525, &(0x7f0000000140)=""/33) (async)
r4 = io_uring_setup(0x920c, &(0x7f0000000240)={0x0, 0x3af2, 0x800, 0x2000, 0xae})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r4, 0x0)

03:34:39 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010100}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008004}, 0x800)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)

03:34:39 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010100}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008004}, 0x800) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)

03:34:39 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010100}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008004}, 0x800)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010100}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008004}, 0x800) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0) (async)

03:34:39 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
tgkill(r0, r0, 0x39)

03:34:40 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
tgkill(r0, r0, 0x39)

03:34:40 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
syz_clone(0x0, &(0x7f0000000140)="e1adfc9a2eba97df4c035f58a64178f8dd3b9e754ae3956053bda161ff17c4bd8f8043369b7b6098a5f284c67aacea94362e29175dbffb4d91ae13f5b5cc9ae98bb6e7877b9e60fd43b848e30dc3deaa39a39e79b92cbb1d7b24b00e522b752697dcc8cfe6e394212fae33b2f08d3b", 0x6f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="3966e7fb12edc4b53a1fccfae2925b978c52b7e831")

03:34:40 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:40 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140))
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@delnexthop={0x20, 0x69, 0x300, 0x70bd26, 0x25dfdbfb, {}, [{0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20}, 0x20000800)

03:34:40 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
r4 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r4})
tgkill(r0, r0, 0x39)

03:34:40 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
tgkill(r0, r0, 0x39)

03:34:40 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
tgkill(r0, r0, 0x39)

03:34:40 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140))
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@delnexthop={0x20, 0x69, 0x300, 0x70bd26, 0x25dfdbfb, {}, [{0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20}, 0x20000800)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0) (async)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140)) (async)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@delnexthop={0x20, 0x69, 0x300, 0x70bd26, 0x25dfdbfb, {}, [{0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20}, 0x20000800) (async)

03:34:40 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140))
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@delnexthop={0x20, 0x69, 0x300, 0x70bd26, 0x25dfdbfb, {}, [{0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20}, 0x20000800)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0) (async)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140)) (async)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@delnexthop={0x20, 0x69, 0x300, 0x70bd26, 0x25dfdbfb, {}, [{0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20}, 0x20000800) (async)

03:34:40 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1b)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)

03:34:40 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:40 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:40 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="3966e7fb12edc4b53a1fccfae2925b978c52b7e831")

03:34:40 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
tgkill(r0, r0, 0x39)

03:34:40 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
tgkill(r0, r0, 0x39)

03:34:41 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1b)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1b) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0) (async)

03:34:41 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), &(0x7f00000002c0)="3966e7fb12edc4b53a1fccfae2925b978c52b7e831")

03:34:41 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1b)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1b) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0) (async)

03:34:41 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x40c)

03:34:41 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:41 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:41 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
tgkill(r0, r0, 0x39)

03:34:41 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r1, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x40c)

03:34:41 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)="3966e7fb12edc4b53a1fccfae2925b978c52b7e831")

03:34:41 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r1, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4) (async)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x40c)

03:34:41 executing program 1:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
tgkill(r0, r0, 0x39)

03:34:41 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
tgkill(r0, r0, 0x39)

03:34:41 executing program 1:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
tgkill(r0, r0, 0x39)

03:34:41 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:41 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:41 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

03:34:41 executing program 4:
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:41 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:41 executing program 1:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
r3 = syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r3, 0x25)
tgkill(r0, r0, 0x39)

03:34:41 executing program 2:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r3 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r3, 0x0)

03:34:41 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
tgkill(r0, r0, 0x39)

03:34:41 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:41 executing program 4:
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:41 executing program 1:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:41 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
syz_io_uring_setup(0x76ed, &(0x7f0000000040)={0x0, 0x472a, 0x800, 0x0, 0x22c}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_open_dev$mouse(&(0x7f0000000000), 0x3, 0x282040)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:41 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
tgkill(r0, r0, 0x39)

03:34:41 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
tgkill(r0, r0, 0x39)

03:34:41 executing program 1:
ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, &(0x7f0000000000))
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)

03:34:41 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
syz_io_uring_setup(0x76ed, &(0x7f0000000040)={0x0, 0x472a, 0x800, 0x0, 0x22c}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_open_dev$mouse(&(0x7f0000000000), 0x3, 0x282040)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:41 executing program 4:
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:41 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
tgkill(r0, r0, 0x39)

03:34:41 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:41 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
tgkill(r0, r0, 0x39)

03:34:41 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x5559, &(0x7f0000000000)={0x0, 0x8681, 0x0, 0x2, 0x2be, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x59a0, &(0x7f00000002c0)={0x0, 0x2b6, 0x200, 0x0, 0x59, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x1010, r1, 0x10000000)
io_uring_setup(0x5cfc, &(0x7f0000000340)={0x0, 0x40f6, 0x2, 0x3, 0x3a3})

03:34:42 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
syz_io_uring_setup(0x76ed, &(0x7f0000000040)={0x0, 0x472a, 0x800, 0x0, 0x22c}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_open_dev$mouse(&(0x7f0000000000), 0x3, 0x282040)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:42 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x71}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), 0x0)
getitimer(0x2, &(0x7f0000000000))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
getitimer(0x2, &(0x7f0000000080))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000007, 0x110, r0, 0x0)
socket$packet(0x11, 0x2, 0x300)

03:34:42 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:42 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:42 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(0xffffffffffffffff, r0, 0x24)
tgkill(r0, r0, 0x39)

03:34:42 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:42 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)
ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004)

03:34:42 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x40e001, 0x0)
syz_io_uring_setup(0x6cf1, &(0x7f0000000040)={0x0, 0x390c, 0x20, 0x0, 0x28c, 0x0, r0}, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r1, 0x0)

03:34:42 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000000)=""/138)
ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, &(0x7f00000002c0)=""/239)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
write$bt_hci(r0, &(0x7f0000000100)={0x1, @write_page_scan_activity={{0xc1c, 0x4}, {0x3, 0x9}}}, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r1, 0x0)

03:34:42 executing program 3:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:42 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:42 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000180)=[{}, {}], 0x10, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x840, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000040)=0x6, 0x4)

03:34:42 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120e, &(0x7f0000000240)={0x0, 0x1, 0x0, 0x0, 0x1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x3589, &(0x7f0000000000)={0x0, 0xfa24, 0x800, 0x2, 0x374}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x14, 0xb, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x2}, [@generic={0xff, 0x6, 0x1, 0x28, 0x8}, @map_val={0x18, 0xa}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2687e150}, @exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1fe}]}, &(0x7f0000000140)='GPL\x00', 0x8000, 0x7c, &(0x7f0000000340)=""/124, 0x40f00, 0x9, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x10, 0xb88, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)=[0xffffffffffffffff]}, 0x80)
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f00000004c0)=r2)

03:34:42 executing program 5:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:42 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:42 executing program 1:
socket$nl_route(0x10, 0x3, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
syz_io_uring_setup(0x17bf, &(0x7f0000000000)={0x0, 0xd647, 0x4, 0x3, 0x3e8, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/module/haltpoll', 0x20000, 0x100)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x3, 0x810, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x2400, 0x0)
ioctl$RTC_WIE_OFF(r2, 0x7010)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000200)={0x1, 'veth1_to_team\x00', {}, 0x312})
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x1b854d100101543b, 0x13, 0xffffffffffffffff, 0x10000000)

03:34:42 executing program 3:
tgkill(0x0, 0x0, 0x39)

03:34:42 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000600)={0x100, 0x0, &(0x7f0000000480)=[@free_buffer, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000100)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x3, 0x1, 0xe}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/138, 0xffffffffffffff97, 0x2, 0x1a}}, &(0x7f0000000200)={0x0, 0x18, 0x38}}}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x6, 0x1, 0x14}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0xb}, @fda={0x66646185, 0x0, 0x0, 0xf}}, &(0x7f0000000380)={0x0, 0x20, 0x48}}}, @increfs={0x40046304, 0x2}, @increfs_done={0x40106308, 0x2}, @register_looper, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f00000003c0)=ANY=[@ANYBLOB="852a6873011000000100000000002246165fb04b000000000000000000e2b52a62770b000000000000008fbd305d000002000000000000000000"], &(0x7f0000000440)={0x0, 0x18, 0x30}}, 0x400}], 0x68, 0x0, &(0x7f0000000580)="6c1262b53c8c2755c54f1a581fdae0db06e2df21b8e1cb94d480eb6f4770b5c013b1a516a795010ac8445f7fdc8e78e2c9ae0f6d8b8a34211df03fe1f04412d77468b79f8a8702446e283467ee1116b106fb890ed8cc88f3014bb5f76c379a37d6b9f02bce517105"})
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000002c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getsockname$packet(r0, &(0x7f0000000680)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000006c0)=0x14)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000700)='/sys/power/wakeup_count', 0x480000, 0x50)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000780)=0x14)
sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000880)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x60, 0x0, 0x4, 0x70bd25, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_LINK={0x8, 0x1, r2}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_LINK={0x8, 0x1, r4}, @GTPA_PEER_ADDRESS={0x8, 0x4, @broadcast}, @GTPA_TID={0xc}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010101}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x8040)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x400, 0x0, 0x0, 0x0, r3}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000900), 0x0)
ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f00000008c0))
r5 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r5, 0x0)

03:34:42 executing program 3:
tgkill(0x0, 0x0, 0x39)

03:34:42 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:42 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
socket$inet(0x2, 0x5, 0x8)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8)
ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0)

03:34:42 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x89be})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000000)=0x847f, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r1, 0x0)

03:34:42 executing program 3:
tgkill(0x0, 0x0, 0x39)

03:34:42 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
socket$inet(0x2, 0x5, 0x8)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8)
ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0)

03:34:42 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:42 executing program 5:
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(0x0, 0x0, 0x39)

03:34:42 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x89be})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000000)=0x847f, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r1, 0x0)

03:34:42 executing program 3:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:42 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
socket$inet(0x2, 0x5, 0x8)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8)
ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0)

03:34:42 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:42 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x89be})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000000)=0x847f, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r1, 0x0)

03:34:42 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:42 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
socket$inet(0x2, 0x5, 0x8)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8)

03:34:42 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)
socket$inet(0x2, 0x5, 0x8)

03:34:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x89be})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, &(0x7f0000000000)=0x847f, 0x4)

03:34:43 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:43 executing program 4:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:43 executing program 5:
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(0x0, 0x0, 0x39)

03:34:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x89be})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)

03:34:43 executing program 1:
io_uring_setup(0x120c, &(0x7f0000000240))
socket$inet(0x2, 0x5, 0x8)

03:34:43 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
tgkill(r0, r0, 0x39)

03:34:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x89be})
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)

03:34:43 executing program 1:
socket$inet(0x2, 0x5, 0x8)

03:34:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x89be})

03:34:43 executing program 1:
socket$inet(0x2, 0x0, 0x8)

03:34:43 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
tgkill(r0, r0, 0x39)

03:34:43 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)

03:34:43 executing program 4:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:43 executing program 5:
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(0x0, 0x0, 0x39)

03:34:43 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)

03:34:43 executing program 1:
socket$inet(0x2, 0x0, 0x8)

03:34:43 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x39)

03:34:43 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
tgkill(r0, r0, 0x39)

03:34:43 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)

03:34:43 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(0x0, r0, 0x39)

03:34:43 executing program 1:
socket$inet(0x2, 0x0, 0x8)

03:34:43 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)

03:34:43 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:43 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(0x0, r0, 0x39)

03:34:43 executing program 4:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:43 executing program 1:
socket$inet(0x2, 0x5, 0x0)

03:34:43 executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)

03:34:43 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:43 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(0x0, r0, 0x39)

03:34:43 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:43 executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)

03:34:43 executing program 1:
socket$inet(0x2, 0x5, 0x0)

03:34:43 executing program 1:
socket$inet(0x2, 0x5, 0x0)

03:34:44 executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040)=0x3ff, 0x4)

03:34:44 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:44 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:44 executing program 4:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:44 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:44 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:44 executing program 5:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:44 executing program 1:
socket$inet(0x2, 0x5, 0x0)

03:34:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000040)=0x3ff, 0x4)

03:34:44 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x0)

03:34:44 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x0)

03:34:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000040)=0x3ff, 0x4)

03:34:44 executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x0)

03:34:44 executing program 1:
socket$inet(0x2, 0x5, 0x0)

03:34:44 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x16, 0x32, &(0x7f0000000100)="977a1b13ac83e9c48a146f87fbdccb9a1ad76acc967ed8cb67ccb3a53ad05d25a56b04ea38b58977d43ef8285df30809d67e"})
r2 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b, 0x0, r1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)

03:34:44 executing program 4:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000040)=0x3ff, 0x4)

03:34:44 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x16, 0x32, &(0x7f0000000100)="977a1b13ac83e9c48a146f87fbdccb9a1ad76acc967ed8cb67ccb3a53ad05d25a56b04ea38b58977d43ef8285df30809d67e"})
r2 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b, 0x0, r1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)

03:34:44 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:44 executing program 1:
socket$inet(0x2, 0x5, 0x0)

03:34:44 executing program 5:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:44 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x16, 0x32, &(0x7f0000000100)="977a1b13ac83e9c48a146f87fbdccb9a1ad76acc967ed8cb67ccb3a53ad05d25a56b04ea38b58977d43ef8285df30809d67e"})
r2 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b, 0x0, r1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)

03:34:44 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x16, 0x32, &(0x7f0000000100)="977a1b13ac83e9c48a146f87fbdccb9a1ad76acc967ed8cb67ccb3a53ad05d25a56b04ea38b58977d43ef8285df30809d67e"})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:44 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x16, 0x32, &(0x7f0000000100)="977a1b13ac83e9c48a146f87fbdccb9a1ad76acc967ed8cb67ccb3a53ad05d25a56b04ea38b58977d43ef8285df30809d67e"})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, 0x0, 0x0)

03:34:44 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x16, 0x32, &(0x7f0000000100)="977a1b13ac83e9c48a146f87fbdccb9a1ad76acc967ed8cb67ccb3a53ad05d25a56b04ea38b58977d43ef8285df30809d67e"})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:44 executing program 1:
socket$inet(0x2, 0x0, 0x0)

03:34:45 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, 0x0, 0x0)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b, 0x0, r1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)

03:34:45 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:45 executing program 1:
socket$inet(0x2, 0x0, 0x0)

03:34:45 executing program 5:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, 0x0, 0x0)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b, 0x0, r1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)

03:34:45 executing program 1:
socket$inet(0x2, 0x0, 0x0)

03:34:45 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:45 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:45 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:45 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:45 executing program 0:
r0 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:45 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:45 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:45 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:45 executing program 0:
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6})
tgkill(0x0, 0x0, 0x39)

03:34:45 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:45 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:45 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:45 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:45 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:45 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:46 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:46 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:46 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:46 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:46 executing program 0:
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6})
tgkill(0x0, 0x0, 0x39)

03:34:46 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:46 executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:46 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:46 executing program 3:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:46 executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:46 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
tgkill(r0, r0, 0x39)

03:34:46 executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000000040), 0x4)

03:34:46 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:46 executing program 3:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:46 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000040), 0x4)

03:34:46 executing program 0:
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6})
tgkill(0x0, 0x0, 0x39)

03:34:46 executing program 1:
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(0x0, 0x0, 0x39)

03:34:46 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:46 executing program 1:
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(0x0, 0x0, 0x39)

03:34:46 executing program 3:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:46 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000040), 0x4)

03:34:47 executing program 1:
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(0x0, 0x0, 0x39)

03:34:47 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000040), 0x4)

03:34:47 executing program 3:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:47 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:47 executing program 3:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:47 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:47 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, 0x0, 0x0)

03:34:47 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:47 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:47 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, 0x0, 0x0)

03:34:47 executing program 3:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:47 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:47 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, 0x0, 0x0)

03:34:47 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:47 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:47 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:47 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:47 executing program 2:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:47 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:47 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:47 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:47 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:47 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:48 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:48 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:48 executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:48 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x800, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:48 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:48 executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:48 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:48 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:48 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:48 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:48 executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:48 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:48 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:48 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, 0xffffffffffffffff, 0x0)

03:34:48 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:48 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:48 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:48 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, 0xffffffffffffffff, 0x0)

03:34:48 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:48 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:48 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:48 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:49 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, 0xffffffffffffffff, 0x0)

03:34:49 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:49 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:49 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:49 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:49 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d482", 0x12, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:49 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:49 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:49 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:49 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d482", 0x12, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:49 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x39)

03:34:49 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:49 executing program 2:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:49 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d482", 0x12, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:49 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(0x0, r0, 0x39)

03:34:49 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:49 executing program 2:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:49 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4be", 0x1b, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:49 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:49 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:49 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4be", 0x1b, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:49 executing program 2:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:49 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(0x0, r0, 0x39)

03:34:49 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:49 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4be", 0x1b, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:49 executing program 2:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:49 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(0x0, r0, 0x39)

03:34:49 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:49 executing program 2:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:49 executing program 2:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045c", 0x20, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:50 executing program 2:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:50 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:50 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045c", 0x20, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:50 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:50 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045c", 0x20, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:50 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:50 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:50 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x0)

03:34:50 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befe", 0x1c, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:50 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:50 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x0)

03:34:50 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c0", 0x18, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:50 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:50 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:51 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0)="d63fe3ced7")
tgkill(r0, r0, 0x39)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, r0, 0x0)

03:34:51 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c0", 0x18, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x5b})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x10, r0, 0x0)

03:34:51 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x0)

03:34:51 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c0", 0x18, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:51 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x10, r0, 0x0)

03:34:51 executing program 1:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(0x0, r0, 0x39)

03:34:51 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4", 0x1a, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:51 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x39)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x10, r0, 0x0)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x10, r1, 0x0)

03:34:51 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c0", 0x18, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:51 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r1, 0x4008700e, 0x9)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:51 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, 0xffffffffffffffff, 0x0)

03:34:51 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2e", 0x16, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x10, r1, 0x0)

03:34:51 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r1, 0x4008700e, 0x9)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
r1 = io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x10, r1, 0x0)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, 0xffffffffffffffff, 0x0)

03:34:51 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x39)

03:34:51 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r1, 0x4008700e, 0x9)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4001013, 0xffffffffffffffff, 0x0)

03:34:51 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2e", 0x16, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:51 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:51 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2e", 0x16, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:51 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:51 executing program 1:
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x9)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:51 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:51 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:52 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
tgkill(r0, r0, 0x39)

03:34:52 executing program 1:
io_uring_setup(0x120c, &(0x7f0000000240))
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)

03:34:52 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:52 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x122012, r0, 0x0)
io_uring_setup(0x1be9, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:52 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:52 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:52 executing program 1:
io_uring_setup(0x120c, &(0x7f0000000240))
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)

03:34:52 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000100)=0x80)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000008, 0x8010, r0, 0x0)

03:34:52 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2e", 0x16, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:52 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:52 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(r0, r0, 0x39)

03:34:52 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2e", 0x16, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:52 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
io_uring_setup(0x1276, &(0x7f0000000000)={0x0, 0x5, 0x800, 0x1, 0x14a})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x0)

03:34:52 executing program 1:
io_uring_setup(0x120c, &(0x7f0000000240))
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)

03:34:52 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:52 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x9)

03:34:52 executing program 3:
r0 = io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})
ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)

03:34:52 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:52 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2e", 0x16, &(0x7f00000008c0), 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:52 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:52 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x9)

03:34:52 executing program 3:
r0 = io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})
ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)

03:34:52 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(0x0, r0, 0x39)

03:34:52 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x9)

03:34:52 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:52 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:52 executing program 3:
r0 = io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})
ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r0, 0x0)

03:34:52 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:52 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, &(0x7f0000000300)="d9a66e473d28e08e0b0bfc5aaa235e61bb4d4661653c4aa4c6da0415141a46966e9b7894c242df0d6dc6d5644926199ff626ed6636bfa60df30dec19fef2e25dfd6523bc3e72402875be0500a48cc77c7b7fa981ff11d7599bcb59431993034f6d507af7f67a50616f4a74ddf820bb85ac522967b19448cc3136a7dfa02240125e51ae171cdee367dedd8c247d9c9ce0c50a94e1ef80d5caedce12b66bf0fc2cdcb6633adb822a")
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:53 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r1, 0x0)

03:34:53 executing program 3:
io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})
ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, &(0x7f0000000000))

03:34:53 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x9)

03:34:53 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:53 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:53 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(0x0, r0, 0x39)

03:34:53 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)

03:34:53 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:53 executing program 3:
io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})

03:34:53 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:53 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)

03:34:53 executing program 2:
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:53 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:53 executing program 3:
io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})

03:34:53 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)

03:34:53 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:53 executing program 2:
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:53 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(0x0, r0, 0x39)

03:34:54 executing program 2:
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:54 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x0)

03:34:54 executing program 3:
io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r0})
tgkill(r0, r0, 0x39)

03:34:54 executing program 3:
io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x22000001})

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:54 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x1)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140), 0xf868b19fc2cafc5a, 0x0)
ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000200)={0x16, 0xb8, &(0x7f00000002c0)="130b27df097667d45ec8bac686a446802b009ec84843bc291a907035ede86e94606de92458a75801bce13fea5fe5f7b1f67831963833ed2d86fe77d8da1acf85c188349fca980fad1d29548fa48074bee1dc51c19d9361dcd85d2b8d3c78f7b36342285dc75e9326d5c20bb413dbf16e78eaa936ec3ef46a56d43e2bcfb795d475a9195b0cf1e649a1fae4a2d32009a41121717d9568bc1dec3a2b181ca0873bb11c8a699c9711de00f28ca308ad3de7fc077e8b2ef1e6f2"})
ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000100)=""/58)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = io_uring_setup(0x1a0c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000009, 0x4000013, r3, 0x0)
io_uring_setup(0x297c, &(0x7f0000000000)={0x0, 0xde21, 0x40, 0x2, 0x1de, 0x0, r3})

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(r0, r0, 0x39)

03:34:54 executing program 3:
io_uring_setup(0x4120c, 0x0)

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(r0, 0x0, 0x39)

03:34:54 executing program 3:
io_uring_setup(0x4120c, 0x0)

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x2000000000000000)

03:34:54 executing program 3:
io_uring_setup(0x4120c, 0x0)

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(0x0, r0, 0x39)

03:34:54 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 1:
r0 = io_uring_setup(0x1f53, &(0x7f0000000000)={0x0, 0xa886, 0x9, 0x1, 0x135})
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xe795, 0x4, 0x3, 0x0, 0x0, r0})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r1, 0x0)
setrlimit(0xc, &(0x7f00000000c0)={0xfffffffffffeffff, 0xe6d})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
bind$802154_raw(r2, &(0x7f0000000080)={0x24, @short={0x2, 0x0, 0xaaa0}}, 0x14)

03:34:54 executing program 3:
io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x22000001})

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(0x0, r0, 0x39)

03:34:54 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(r0, 0x0, 0x39)

03:34:54 executing program 3:
io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x22000001})

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(0x0, r0, 0x39)

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000100))
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/bsg', 0x402400, 0x15b)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f00000000c0)=0x1, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 3:
io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x22000001})

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:54 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 3:
io_uring_setup(0x4120c, &(0x7f0000000240)={0x0, 0x0, 0x10})

03:34:54 executing program 1:
syz_io_uring_setup(0x2417, &(0x7f0000000180)={0x0, 0xcefb, 0x2}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/hid_elo', 0x10000, 0x49)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x400, 0x2, 0x7f, 0x0, r0})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x741200, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:54 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(r0, 0x0, 0x39)

03:34:54 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80000, 0x0, 0x4000013, r0, 0x400000000000)

03:34:54 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(r0, 0x0, 0x39)

03:34:54 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:54 executing program 3:
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x208, 0x9, {r0, r1/1000+60000}, {}, {0x1}, 0x1, @canfd={{0x3, 0x1, 0x0, 0x1}, 0x15, 0x3, 0x0, 0x0, "7e1b6155232eac37839cc9498b5de84a757da6425c4e69f29d7b950c760f3de1335e9b5915c03a0b594e2fb207bd2caf01dd7ce0a074c098c31e8dea74777173"}}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x8014)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r2, 0x0)

03:34:55 executing program 3:
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x208, 0x9, {r0, r1/1000+60000}, {}, {0x1}, 0x1, @canfd={{0x3, 0x1, 0x0, 0x1}, 0x15, 0x3, 0x0, 0x0, "7e1b6155232eac37839cc9498b5de84a757da6425c4e69f29d7b950c760f3de1335e9b5915c03a0b594e2fb207bd2caf01dd7ce0a074c098c31e8dea74777173"}}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x8014)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r2, 0x0)

03:34:55 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(r0, r0, 0x0)

03:34:55 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:55 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r0, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000000))

03:34:55 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:55 executing program 3:
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x208, 0x9, {r0, r1/1000+60000}, {}, {0x1}, 0x1, @canfd={{0x3, 0x1, 0x0, 0x1}, 0x15, 0x3, 0x0, 0x0, "7e1b6155232eac37839cc9498b5de84a757da6425c4e69f29d7b950c760f3de1335e9b5915c03a0b594e2fb207bd2caf01dd7ce0a074c098c31e8dea74777173"}}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x8014)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r2, 0x0)

03:34:55 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(r0, r0, 0x0)

03:34:55 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(r0, r0, 0x0)

03:34:55 executing program 3:
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x208, 0x9, {r0, r1/1000+60000}, {}, {0x1}, 0x1, @canfd={{0x3, 0x1, 0x0, 0x1}, 0x15, 0x3, 0x0, 0x0, "7e1b6155232eac37839cc9498b5de84a757da6425c4e69f29d7b950c760f3de1335e9b5915c03a0b594e2fb207bd2caf01dd7ce0a074c098c31e8dea74777173"}}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x8014)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:55 executing program 0:
r0 = syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0", 0x17, 0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
tgkill(r0, r0, 0x0)

03:34:55 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r0, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000000))

03:34:55 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:55 executing program 3:
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x208, 0x9, {r0, r1/1000+60000}, {}, {0x1}, 0x1, @canfd={{0x3, 0x1, 0x0, 0x1}, 0x15, 0x3, 0x0, 0x0, "7e1b6155232eac37839cc9498b5de84a757da6425c4e69f29d7b950c760f3de1335e9b5915c03a0b594e2fb207bd2caf01dd7ce0a074c098c31e8dea74777173"}}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x8014)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:55 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r0, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000000))

03:34:55 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x8a0, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:55 executing program 3:
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x208, 0x9, {r0, r1/1000+60000}, {}, {0x1}, 0x1, @canfd={{0x3, 0x1, 0x0, 0x1}, 0x15, 0x3, 0x0, 0x0, "7e1b6155232eac37839cc9498b5de84a757da6425c4e69f29d7b950c760f3de1335e9b5915c03a0b594e2fb207bd2caf01dd7ce0a074c098c31e8dea74777173"}}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x8014)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:55 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r3 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r3})
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={'\x00', 0x2, 0x7f, 0xfffeffff, 0x7, 0x1, r3})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x1, 0xfffffffe, 0x8, 0x28, r5, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x3, 0xd}, 0x48)

03:34:55 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:55 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r0, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)

03:34:55 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(r0, r0, 0x0)

03:34:55 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:55 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xff23, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:55 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r0, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)

03:34:55 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r0, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:55 executing program 3:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:55 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r3 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r3})
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={'\x00', 0x2, 0x7f, 0xfffeffff, 0x7, 0x1, r3})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x1, 0xfffffffe, 0x8, 0x28, r5, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x3, 0xd}, 0x48)

03:34:56 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:56 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, 0x0, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000b, 0x10, r0, 0x10000000)

03:34:56 executing program 3:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r3 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r3})
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={'\x00', 0x2, 0x7f, 0xfffeffff, 0x7, 0x1, r3})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x1, 0xfffffffe, 0x8, 0x28, r5, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x3, 0xd}, 0x48)

03:34:56 executing program 5:
r0 = syz_clone(0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
tgkill(r0, r0, 0x0)

03:34:56 executing program 3:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, 0x0, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000b, 0x40010, r0, 0x0)

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r3 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r3})
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={'\x00', 0x2, 0x7f, 0xfffeffff, 0x7, 0x1, r3})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r5, 0x0, 0x0)

03:34:56 executing program 3:
clock_gettime(0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, 0x0, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:56 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r3 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r3})
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={'\x00', 0x2, 0x7f, 0xfffeffff, 0x7, 0x1, r3})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)

03:34:56 executing program 3:
clock_gettime(0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:56 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x4000013, r0, 0x400000)

03:34:56 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:56 executing program 1:
io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})

03:34:56 executing program 3:
clock_gettime(0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r3 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r3})
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={'\x00', 0x2, 0x7f, 0xfffeffff, 0x7, 0x1, r3})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 1:
io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})

03:34:56 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:56 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r2 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r2})
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={'\x00', 0x2, 0x7f, 0xfffeffff, 0x7, 0x1, r2})

03:34:56 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 1:
io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0xffffffff, 0x2, 0x1, 0xfffffffc})

03:34:56 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc900, 0x103)
r1 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00')
io_uring_setup(0x63de, &(0x7f00000002c0)={0x0, 0x25ad, 0x40, 0x1, 0x3c2, 0x0, r1})

03:34:56 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
r2 = syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x1c5, 0x20, 0x7ff, 0x0, 0x6, r2})

03:34:56 executing program 1:
io_uring_setup(0x54b, 0x0)

03:34:56 executing program 1:
io_uring_setup(0x54b, 0x0)

03:34:56 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x0, 0x0, 0xdd, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:56 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)
recvmsg$can_bcm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/84, 0x54}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/178, 0xb2}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/209, 0xd1}, {&(0x7f0000000600)=""/228, 0xe4}], 0x7, &(0x7f0000000780)=""/70, 0x46}, 0x21)

03:34:56 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:34:56 executing program 1:
io_uring_setup(0x54b, 0x0)

03:34:56 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc900, 0x103)
r1 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00')
io_uring_setup(0x63de, &(0x7f00000002c0)={0x0, 0x25ad, 0x40, 0x1, 0x3c2, 0x0, r1})

03:34:56 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x1, 0xfffffffc})

03:34:56 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:56 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/workqueue', 0x200, 0x0)

03:34:56 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x10, r0, 0x0)

03:34:56 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:57 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180)="5d8e7ae9403a025635195d9b87909cf12e1bad5751404f345c0ce074b5590e", 0x1f, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:57 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0xfffffffc})

03:34:57 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:57 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:57 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x10, r0, 0x0)

03:34:57 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc900, 0x103)
r1 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00')
io_uring_setup(0x63de, &(0x7f00000002c0)={0x0, 0x25ad, 0x40, 0x1, 0x3c2, 0x0, r1})

03:34:57 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x10, r0, 0x0)

03:34:57 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0xfffffffc})

03:34:57 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:57 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:57 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0xfffffffc})

03:34:57 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:57 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:57 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:57 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:34:57 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:57 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x0, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:57 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc900, 0x103)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00')

03:34:57 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:57 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:57 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:57 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2})

03:34:57 executing program 3:
clock_gettime(0x0, &(0x7f0000000040))
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:57 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:58 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:58 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2})

03:34:58 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 3:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000200)={0x0, &(0x7f0000000080)})
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:58 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc900, 0x103)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x10, r0, 0x0)

03:34:58 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2})

03:34:58 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 3:
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x4})
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000))
socket$packet(0x11, 0x3, 0x300)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7fffdf004000, 0x0, 0x4000013, r0, 0x0)

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x10, r0, 0x0)

03:34:58 executing program 1:
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x2, 0x4000013, r0, 0x0)

03:34:58 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:58 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
r1 = syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r3 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r4, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r4})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0x12, r6, 0x0)
syz_io_uring_setup(0x5d24, &(0x7f0000000480)={0x0, 0x5c5a, 0x400, 0x3, 0x9b, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540))
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000002c0)={'vxcan0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r3, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000800)={&(0x7f0000000700), 0x10, &(0x7f00000007c0)={&(0x7f0000000740)={0x4, 0x800, 0x9, {0x0, 0xea60}, {0x77359400}, {0x2, 0x1, 0x1}, 0x1, @can={{0x1, 0x1}, 0x4, 0x0, 0x0, 0x0, "1c0836872dae4084"}}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)

03:34:58 executing program 1:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x10, r0, 0x0)

03:34:58 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:34:58 executing program 0:
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:58 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 1)

03:34:58 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
r1 = syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r3 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r4, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r4})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0x12, r6, 0x0)
syz_io_uring_setup(0x5d24, &(0x7f0000000480)={0x0, 0x5c5a, 0x400, 0x3, 0x9b, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540))
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000002c0)={'vxcan0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r3, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000800)={&(0x7f0000000700), 0x10, &(0x7f00000007c0)={&(0x7f0000000740)={0x4, 0x800, 0x9, {0x0, 0xea60}, {0x77359400}, {0x2, 0x1, 0x1}, 0x1, @can={{0x1, 0x1}, 0x4, 0x0, 0x0, 0x0, "1c0836872dae4084"}}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)

03:34:58 executing program 0:
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:34:58 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
r1 = syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r3 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r4, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r4})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0x12, r6, 0x0)
syz_io_uring_setup(0x5d24, &(0x7f0000000480)={0x0, 0x5c5a, 0x400, 0x3, 0x9b, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540))
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000002c0)={'vxcan0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r3, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000800)={&(0x7f0000000700), 0x10, &(0x7f00000007c0)={&(0x7f0000000740)={0x4, 0x800, 0x9, {0x0, 0xea60}, {0x77359400}, {0x2, 0x1, 0x1}, 0x1, @can={{0x1, 0x1}, 0x4, 0x0, 0x0, 0x0, "1c0836872dae4084"}}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)

[ 1529.655353][T23172] FAULT_INJECTION: forcing a failure.
[ 1529.655353][T23172] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1529.703532][T23172] CPU: 0 PID: 23172 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1529.713614][T23172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1529.723509][T23172] Call Trace:
[ 1529.726631][T23172]  <TASK>
[ 1529.729409][T23172]  dump_stack_lvl+0x151/0x1b7
[ 1529.734187][T23172]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1529.739481][T23172]  ? security_file_permission+0xf3/0x5f0
[ 1529.744950][T23172]  dump_stack+0x15/0x17
[ 1529.748938][T23172]  should_fail+0x3c0/0x510
[ 1529.753192][T23172]  should_fail_usercopy+0x1a/0x20
[ 1529.758051][T23172]  _copy_from_user+0x20/0xd0
[ 1529.762479][T23172]  __do_sys_io_uring_setup+0xac/0x39e0
[ 1529.768033][T23172]  ? __kasan_check_write+0x14/0x20
[ 1529.772977][T23172]  ? mutex_lock+0xb6/0x130
[ 1529.777231][T23172]  ? __kasan_check_write+0x14/0x20
[ 1529.782186][T23172]  ? mutex_unlock+0xa2/0x110
[ 1529.786605][T23172]  ? __mutex_lock_slowpath+0x10/0x10
[ 1529.791723][T23172]  ? __kasan_check_write+0x14/0x20
[ 1529.796671][T23172]  ? fput_many+0x47/0x1a0
[ 1529.800839][T23172]  ? io_rsrc_data_free+0x100/0x100
[ 1529.805792][T23172]  ? ksys_write+0x25f/0x2c0
[ 1529.810126][T23172]  ? debug_smp_processor_id+0x17/0x20
[ 1529.815331][T23172]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1529.820541][T23172]  do_syscall_64+0x44/0xd0
[ 1529.824799][T23172]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1529.830623][T23172] RIP: 0033:0x7f2f114600c9
[ 1529.834950][T23172] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1529.854392][T23172] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1529.862641][T23172] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1529.870442][T23172] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1529.878252][T23172] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1529.886078][T23172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1529.893877][T23172] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1529.901698][T23172]  </TASK>
03:34:58 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:58 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
r1 = syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r3 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r4, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r4})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0x12, r6, 0x0)
syz_io_uring_setup(0x5d24, &(0x7f0000000480)={0x0, 0x5c5a, 0x400, 0x3, 0x9b, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540))
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000002c0)={'vxcan0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r3, 0x0)

03:34:58 executing program 0:
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:58 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 2)

03:34:58 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (fail_nth: 1)

03:34:58 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:34:58 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

[ 1530.119848][T23195] FAULT_INJECTION: forcing a failure.
[ 1530.119848][T23195] name failslab, interval 1, probability 0, space 0, times 0
[ 1530.126932][T23198] FAULT_INJECTION: forcing a failure.
[ 1530.126932][T23198] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1530.154189][T23195] CPU: 1 PID: 23195 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1530.164269][T23195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1530.174166][T23195] Call Trace:
[ 1530.177287][T23195]  <TASK>
[ 1530.180066][T23195]  dump_stack_lvl+0x151/0x1b7
[ 1530.184576][T23195]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1530.189967][T23195]  ? __kasan_check_write+0x14/0x20
[ 1530.194906][T23195]  ? proc_fail_nth_write+0x213/0x290
[ 1530.200027][T23195]  dump_stack+0x15/0x17
[ 1530.204018][T23195]  should_fail+0x3c0/0x510
[ 1530.208272][T23195]  ? __do_sys_io_uring_setup+0x3c8/0x39e0
[ 1530.213826][T23195]  __should_failslab+0x9f/0xe0
[ 1530.218429][T23195]  should_failslab+0x9/0x20
[ 1530.222853][T23195]  kmem_cache_alloc_trace+0x4a/0x310
[ 1530.227973][T23195]  ? __kasan_check_write+0x14/0x20
[ 1530.232920][T23195]  __do_sys_io_uring_setup+0x3c8/0x39e0
[ 1530.238314][T23195]  ? __kasan_check_write+0x14/0x20
[ 1530.243347][T23195]  ? mutex_lock+0xb6/0x130
[ 1530.247585][T23195]  ? __kasan_check_write+0x14/0x20
[ 1530.252622][T23195]  ? mutex_unlock+0xa2/0x110
[ 1530.257046][T23195]  ? __mutex_lock_slowpath+0x10/0x10
[ 1530.262172][T23195]  ? __kasan_check_write+0x14/0x20
[ 1530.267115][T23195]  ? fput_many+0x47/0x1a0
[ 1530.271279][T23195]  ? io_rsrc_data_free+0x100/0x100
[ 1530.276226][T23195]  ? ksys_write+0x25f/0x2c0
[ 1530.280570][T23195]  ? debug_smp_processor_id+0x17/0x20
[ 1530.285785][T23195]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1530.290983][T23195]  do_syscall_64+0x44/0xd0
[ 1530.295243][T23195]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1530.300962][T23195] RIP: 0033:0x7f2f114600c9
[ 1530.305221][T23195] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1530.324657][T23195] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1530.333296][T23195] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1530.341205][T23195] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1530.349002][T23195] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1530.356818][T23195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1530.364711][T23195] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1530.372527][T23195]  </TASK>
[ 1530.377041][T23198] CPU: 0 PID: 23198 Comm: syz-executor.2 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1530.387105][T23198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1530.397002][T23198] Call Trace:
[ 1530.400127][T23198]  <TASK>
[ 1530.402900][T23198]  dump_stack_lvl+0x151/0x1b7
[ 1530.407415][T23198]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1530.412718][T23198]  ? __kasan_check_read+0x11/0x20
[ 1530.417569][T23198]  dump_stack+0x15/0x17
[ 1530.421564][T23198]  should_fail+0x3c0/0x510
[ 1530.425815][T23198]  should_fail_usercopy+0x1a/0x20
[ 1530.430689][T23198]  _copy_to_user+0x20/0x90
[ 1530.434927][T23198]  simple_read_from_buffer+0xdd/0x160
[ 1530.440135][T23198]  proc_fail_nth_read+0x1af/0x220
[ 1530.444998][T23198]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 1530.450464][T23198]  ? security_file_permission+0x497/0x5f0
[ 1530.456021][T23198]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 1530.461483][T23198]  vfs_read+0x299/0xd80
[ 1530.465479][T23198]  ? kernel_read+0x1f0/0x1f0
[ 1530.469903][T23198]  ? __kasan_check_write+0x14/0x20
[ 1530.474850][T23198]  ? mutex_lock+0xb6/0x130
[ 1530.479104][T23198]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1530.485532][T23198]  ? __fdget_pos+0x26d/0x310
[ 1530.489952][T23198]  ? ksys_read+0x77/0x2c0
[ 1530.494120][T23198]  ksys_read+0x198/0x2c0
[ 1530.498200][T23198]  ? vfs_write+0x1050/0x1050
[ 1530.502627][T23198]  ? sched_clock_cpu+0x18/0x3b0
[ 1530.507317][T23198]  __x64_sys_read+0x7b/0x90
[ 1530.511652][T23198]  do_syscall_64+0x44/0xd0
[ 1530.515917][T23198]  ? irqentry_exit+0x12/0x40
[ 1530.520332][T23198]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1530.526061][T23198] RIP: 0033:0x7f4686253eec
[ 1530.530315][T23198] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1530.549755][T23198] RSP: 002b:00007f4685015160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1530.557999][T23198] RAX: ffffffffffffffda RBX: 00007f46863c1f80 RCX: 00007f4686253eec
03:34:59 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
r1 = syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r3 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r4, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r4})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0x12, r5, 0x0)
syz_io_uring_setup(0x5d24, &(0x7f0000000480)={0x0, 0x5c5a, 0x400, 0x3, 0x9b, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r3, 0x0)

03:34:59 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r3})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0x12, r4, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:34:59 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

[ 1530.565819][T23198] RDX: 000000000000000f RSI: 00007f46850151e0 RDI: 0000000000000006
[ 1530.573624][T23198] RBP: 00007f46850151d0 R08: 0000000000000000 R09: 0000000000000000
[ 1530.581432][T23198] R10: 0000000004000013 R11: 0000000000000246 R12: 0000000000000001
[ 1530.589245][T23198] R13: 00007fffebe35c6f R14: 00007f4685015300 R15: 0000000000022000
[ 1530.597059][T23198]  </TASK>
03:34:59 executing program 0:
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:59 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r3})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:34:59 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:34:59 executing program 0:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:34:59 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r3})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:34:59 executing program 5:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:34:59 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:34:59 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 3)

03:34:59 executing program 0:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

[ 1530.911223][T23236] FAULT_INJECTION: forcing a failure.
[ 1530.911223][T23236] name failslab, interval 1, probability 0, space 0, times 0
[ 1530.935570][T23236] CPU: 1 PID: 23236 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1530.945736][T23236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1530.955635][T23236] Call Trace:
[ 1530.958757][T23236]  <TASK>
[ 1530.961540][T23236]  dump_stack_lvl+0x151/0x1b7
[ 1530.966047][T23236]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1530.971344][T23236]  dump_stack+0x15/0x17
[ 1530.975330][T23236]  should_fail+0x3c0/0x510
[ 1530.979592][T23236]  ? __do_sys_io_uring_setup+0x49a/0x39e0
[ 1530.985140][T23236]  __should_failslab+0x9f/0xe0
[ 1530.989738][T23236]  should_failslab+0x9/0x20
[ 1530.994085][T23236]  __kmalloc+0x6d/0x350
[ 1530.998068][T23236]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1531.003450][T23236]  ? __do_sys_io_uring_setup+0x3c8/0x39e0
03:34:59 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1531.009011][T23236]  __do_sys_io_uring_setup+0x49a/0x39e0
[ 1531.014387][T23236]  ? __kasan_check_write+0x14/0x20
[ 1531.019334][T23236]  ? mutex_lock+0xb6/0x130
[ 1531.023596][T23236]  ? __kasan_check_write+0x14/0x20
[ 1531.028537][T23236]  ? mutex_unlock+0xa2/0x110
[ 1531.032962][T23236]  ? __mutex_lock_slowpath+0x10/0x10
[ 1531.038081][T23236]  ? fput_many+0x47/0x1a0
[ 1531.042263][T23236]  ? io_rsrc_data_free+0x100/0x100
[ 1531.047196][T23236]  ? ksys_write+0x25f/0x2c0
[ 1531.056138][T23236]  ? debug_smp_processor_id+0x17/0x20
[ 1531.061348][T23236]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1531.066551][T23236]  do_syscall_64+0x44/0xd0
[ 1531.070808][T23236]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1531.076537][T23236] RIP: 0033:0x7f2f114600c9
[ 1531.080786][T23236] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1531.100226][T23236] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
03:34:59 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff004, 0x0, 0x4000013, r0, 0x0)

03:34:59 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 4)

[ 1531.108475][T23236] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1531.116281][T23236] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1531.124093][T23236] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1531.131905][T23236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1531.139716][T23236] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1531.147532][T23236]  </TASK>
03:34:59 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r3})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:34:59 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x20ffb000, 0x0, 0x4000013, r0, 0x0)

[ 1531.218483][T23248] FAULT_INJECTION: forcing a failure.
[ 1531.218483][T23248] name failslab, interval 1, probability 0, space 0, times 0
[ 1531.278236][T23248] CPU: 0 PID: 23248 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1531.288315][T23248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1531.298209][T23248] Call Trace:
[ 1531.301332][T23248]  <TASK>
[ 1531.304109][T23248]  dump_stack_lvl+0x151/0x1b7
[ 1531.308627][T23248]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1531.313921][T23248]  dump_stack+0x15/0x17
[ 1531.317910][T23248]  should_fail+0x3c0/0x510
[ 1531.322172][T23248]  ? __do_sys_io_uring_setup+0x541/0x39e0
[ 1531.327718][T23248]  __should_failslab+0x9f/0xe0
[ 1531.332314][T23248]  should_failslab+0x9/0x20
[ 1531.336762][T23248]  kmem_cache_alloc_trace+0x4a/0x310
[ 1531.341869][T23248]  __do_sys_io_uring_setup+0x541/0x39e0
[ 1531.347245][T23248]  ? __kasan_check_write+0x14/0x20
[ 1531.352224][T23248]  ? mutex_lock+0xb6/0x130
[ 1531.356447][T23248]  ? __kasan_check_write+0x14/0x20
[ 1531.361551][T23248]  ? mutex_unlock+0xa2/0x110
[ 1531.365926][T23248]  ? __mutex_lock_slowpath+0x10/0x10
[ 1531.371047][T23248]  ? fput_many+0x47/0x1a0
[ 1531.375213][T23248]  ? io_rsrc_data_free+0x100/0x100
[ 1531.380170][T23248]  ? ksys_write+0x25f/0x2c0
[ 1531.384498][T23248]  ? debug_smp_processor_id+0x17/0x20
[ 1531.389713][T23248]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1531.394915][T23248]  do_syscall_64+0x44/0xd0
[ 1531.399167][T23248]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1531.404915][T23248] RIP: 0033:0x7f2f114600c9
[ 1531.409146][T23248] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1531.428933][T23248] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1531.437180][T23248] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1531.444997][T23248] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1531.452800][T23248] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1531.460614][T23248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1531.468426][T23248] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1531.476238][T23248]  </TASK>
03:35:00 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:00 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:35:00 executing program 0:
syz_io_uring_setup(0x2413, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:35:00 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x7ffffffff000, 0x0, 0x4000013, r0, 0x0)

03:35:00 executing program 5:
syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:00 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 5)

03:35:00 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:35:00 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:35:00 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x4, 0x4000013, r0, 0x0)

[ 1531.661366][T23271] FAULT_INJECTION: forcing a failure.
[ 1531.661366][T23271] name failslab, interval 1, probability 0, space 0, times 0
03:35:00 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x60, 0x4000013, r0, 0x0)

03:35:00 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:35:00 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x6000, 0x4000013, r0, 0x0)

[ 1531.703360][T23271] CPU: 1 PID: 23271 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1531.713437][T23271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1531.723421][T23271] Call Trace:
[ 1531.726541][T23271]  <TASK>
[ 1531.729318][T23271]  dump_stack_lvl+0x151/0x1b7
[ 1531.733836][T23271]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1531.739123][T23271]  ? trace_raw_output_percpu_destroy_chunk+0xc0/0xc0
[ 1531.745636][T23271]  ? _find_next_bit+0x20a/0x210
[ 1531.750323][T23271]  dump_stack+0x15/0x17
[ 1531.754316][T23271]  should_fail+0x3c0/0x510
[ 1531.758570][T23271]  ? percpu_ref_init+0xc8/0x340
[ 1531.763262][T23271]  __should_failslab+0x9f/0xe0
[ 1531.767861][T23271]  should_failslab+0x9/0x20
[ 1531.772203][T23271]  kmem_cache_alloc_trace+0x4a/0x310
[ 1531.777404][T23271]  ? __do_sys_io_uring_setup+0x39e0/0x39e0
[ 1531.783047][T23271]  percpu_ref_init+0xc8/0x340
[ 1531.787557][T23271]  ? __do_sys_io_uring_setup+0x39e0/0x39e0
[ 1531.793201][T23271]  ? __do_sys_io_uring_setup+0x541/0x39e0
[ 1531.798755][T23271]  __do_sys_io_uring_setup+0x5bc/0x39e0
[ 1531.804136][T23271]  ? __kasan_check_write+0x14/0x20
[ 1531.809078][T23271]  ? mutex_lock+0xb6/0x130
[ 1531.813335][T23271]  ? __kasan_check_write+0x14/0x20
[ 1531.818285][T23271]  ? mutex_unlock+0xa2/0x110
[ 1531.822706][T23271]  ? __mutex_lock_slowpath+0x10/0x10
[ 1531.827829][T23271]  ? fput_many+0x47/0x1a0
[ 1531.831996][T23271]  ? io_rsrc_data_free+0x100/0x100
[ 1531.836954][T23271]  ? ksys_write+0x25f/0x2c0
[ 1531.841280][T23271]  ? debug_smp_processor_id+0x17/0x20
[ 1531.846489][T23271]  __x64_sys_io_uring_setup+0x5b/0x70
03:35:00 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:00 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:35:00 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x600000, 0x4000013, r0, 0x0)

03:35:00 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x80ffff, 0x4000013, r0, 0x0)

[ 1531.851871][T23271]  do_syscall_64+0x44/0xd0
[ 1531.856128][T23271]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1531.861854][T23271] RIP: 0033:0x7f2f114600c9
[ 1531.866116][T23271] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1531.885543][T23271] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1531.893786][T23271] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1531.901602][T23271] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1531.909410][T23271] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1531.917222][T23271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1531.925036][T23271] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1531.932849][T23271]  </TASK>
03:35:00 executing program 5:
syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:00 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 6)

03:35:00 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0xc0ffff, 0x4000013, r0, 0x0)

03:35:00 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:35:00 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940))

03:35:00 executing program 5:
syz_io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:00 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x1000000, 0x4000013, r0, 0x0)

03:35:01 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

03:35:01 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x4000000, 0x4000013, r0, 0x0)

03:35:01 executing program 5:
syz_io_uring_setup(0x769b, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:01 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

[ 1532.262360][T23322] FAULT_INJECTION: forcing a failure.
[ 1532.262360][T23322] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1532.345722][T23322] CPU: 1 PID: 23322 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1532.355803][T23322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1532.365698][T23322] Call Trace:
[ 1532.368823][T23322]  <TASK>
[ 1532.372118][T23322]  dump_stack_lvl+0x151/0x1b7
[ 1532.376735][T23322]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1532.382042][T23322]  dump_stack+0x15/0x17
[ 1532.386030][T23322]  should_fail+0x3c0/0x510
[ 1532.390285][T23322]  should_fail_alloc_page+0x58/0x70
[ 1532.395315][T23322]  __alloc_pages+0x1de/0x7c0
[ 1532.399965][T23322]  ? __count_vm_events+0x30/0x30
[ 1532.404730][T23322]  ? selinux_capable+0x39/0x50
[ 1532.409418][T23322]  ? security_capable+0xb2/0xd0
[ 1532.414105][T23322]  __get_free_pages+0xe/0x30
[ 1532.418530][T23322]  __do_sys_io_uring_setup+0x1286/0x39e0
[ 1532.424008][T23322]  ? __kasan_check_write+0x14/0x20
[ 1532.428945][T23322]  ? mutex_unlock+0xa2/0x110
[ 1532.433544][T23322]  ? fput_many+0x47/0x1a0
[ 1532.437711][T23322]  ? io_rsrc_data_free+0x100/0x100
[ 1532.442742][T23322]  ? ksys_write+0x25f/0x2c0
[ 1532.447086][T23322]  ? debug_smp_processor_id+0x17/0x20
[ 1532.452289][T23322]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1532.457505][T23322]  do_syscall_64+0x44/0xd0
[ 1532.462009][T23322]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1532.467740][T23322] RIP: 0033:0x7f2f114600c9
[ 1532.471991][T23322] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:01 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 7)

03:35:01 executing program 5:
syz_io_uring_setup(0x769b, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:01 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, 0xffffffffffffffff, 0x0)

03:35:01 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0xffff8000, 0x4000013, r0, 0x0)

03:35:01 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

[ 1532.491432][T23322] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1532.499679][T23322] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1532.507490][T23322] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1532.515302][T23322] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1532.523116][T23322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1532.530926][T23322] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1532.538744][T23322]  </TASK>
03:35:01 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, 0xffffffffffffffff, 0x0)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0xffffc000, 0x4000013, r0, 0x0)

03:35:01 executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0xfeffffff0f00, 0x4000013, r0, 0x0)

[ 1532.602347][T23354] FAULT_INJECTION: forcing a failure.
[ 1532.602347][T23354] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1532.636622][T23354] CPU: 0 PID: 23354 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1532.646698][T23354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1532.656592][T23354] Call Trace:
[ 1532.659719][T23354]  <TASK>
[ 1532.662491][T23354]  dump_stack_lvl+0x151/0x1b7
[ 1532.667008][T23354]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1532.672298][T23354]  ? prep_compound_page+0x273/0x500
[ 1532.677337][T23354]  dump_stack+0x15/0x17
[ 1532.681330][T23354]  should_fail+0x3c0/0x510
[ 1532.685583][T23354]  should_fail_alloc_page+0x58/0x70
[ 1532.690632][T23354]  __alloc_pages+0x1de/0x7c0
[ 1532.695044][T23354]  ? __count_vm_events+0x30/0x30
03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0xffffffffe0000, 0x4000013, r0, 0x0)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x60000000000000, 0x4000013, r0, 0x0)

[ 1532.699820][T23354]  ? selinux_capable+0x39/0x50
[ 1532.704420][T23354]  ? security_capable+0xb2/0xd0
[ 1532.709102][T23354]  __get_free_pages+0xe/0x30
[ 1532.713526][T23354]  __do_sys_io_uring_setup+0x1415/0x39e0
[ 1532.718994][T23354]  ? __kasan_check_write+0x14/0x20
[ 1532.723942][T23354]  ? mutex_unlock+0xa2/0x110
[ 1532.728370][T23354]  ? io_rsrc_data_free+0x100/0x100
[ 1532.733312][T23354]  ? ksys_write+0x25f/0x2c0
[ 1532.737660][T23354]  ? debug_smp_processor_id+0x17/0x20
[ 1532.742863][T23354]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1532.748073][T23354]  do_syscall_64+0x44/0xd0
[ 1532.752320][T23354]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1532.758049][T23354] RIP: 0033:0x7f2f114600c9
[ 1532.762306][T23354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1532.781748][T23354] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1532.789991][T23354] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1532.797801][T23354] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1532.805613][T23354] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1532.813431][T23354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1532.821756][T23354] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1532.829570][T23354]  </TASK>
03:35:01 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 8)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x80ffff00000000, 0x4000013, r0, 0x0)

03:35:01 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, 0xffffffffffffffff, 0x0)

03:35:01 executing program 5:
syz_io_uring_setup(0x769b, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:01 executing program 0:
syz_io_uring_setup(0x769b, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1532.999694][T23379] FAULT_INJECTION: forcing a failure.
[ 1532.999694][T23379] name failslab, interval 1, probability 0, space 0, times 0
[ 1533.012314][T23379] CPU: 0 PID: 23379 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1533.022380][T23379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1533.032445][T23379] Call Trace:
[ 1533.035744][T23379]  <TASK>
[ 1533.038519][T23379]  dump_stack_lvl+0x151/0x1b7
[ 1533.043033][T23379]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1533.048325][T23379]  ? __alloc_pages+0x3a8/0x7c0
[ 1533.052928][T23379]  dump_stack+0x15/0x17
[ 1533.056918][T23379]  should_fail+0x3c0/0x510
[ 1533.061172][T23379]  ? __do_sys_io_uring_setup+0x168f/0x39e0
[ 1533.066816][T23379]  __should_failslab+0x9f/0xe0
[ 1533.071416][T23379]  should_failslab+0x9/0x20
[ 1533.075752][T23379]  kmem_cache_alloc_trace+0x4a/0x310
[ 1533.080871][T23379]  __do_sys_io_uring_setup+0x168f/0x39e0
[ 1533.086340][T23379]  ? __kasan_check_write+0x14/0x20
[ 1533.091288][T23379]  ? mutex_unlock+0xa2/0x110
03:35:01 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:01 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0xc0ffff00000000, 0x4000013, r0, 0x0)

03:35:01 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r2, 0x0)

03:35:01 executing program 0:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
r1 = syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0x2888, &(0x7f0000000580)={0x0, 0x77a0, 0x1, 0x0, 0x266}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000600), &(0x7f0000000640))
r3 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_io_uring_setup(0x3107, &(0x7f0000000340)={0x0, 0x6034, 0x400, 0x3, 0x224}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r4, 0x0, 0x0)
io_uring_setup(0x2e5c, &(0x7f0000000680)={0x0, 0xc679, 0x20, 0x1, 0x13a, 0x0, r4})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x8040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0x12, r5, 0x0)
syz_io_uring_setup(0x5d24, &(0x7f0000000480)={0x0, 0x5c5a, 0x400, 0x3, 0x9b, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r3, 0x0)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x100000000000000, 0x4000013, r0, 0x0)

[ 1533.095717][T23379]  ? io_rsrc_data_free+0x100/0x100
[ 1533.100658][T23379]  ? ksys_write+0x25f/0x2c0
[ 1533.105052][T23379]  ? debug_smp_processor_id+0x17/0x20
[ 1533.110207][T23379]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1533.115417][T23379]  do_syscall_64+0x44/0xd0
[ 1533.120196][T23379]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1533.125918][T23379] RIP: 0033:0x7f2f114600c9
[ 1533.130170][T23379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x400000000000000, 0x4000013, r0, 0x0)

03:35:01 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 9)

03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x4)

03:35:01 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r1, 0x0)

03:35:01 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1533.149615][T23379] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1533.157855][T23379] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1533.165670][T23379] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1533.173481][T23379] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1533.181305][T23379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1533.189102][T23379] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1533.196916][T23379]  </TASK>
03:35:01 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x60)

[ 1533.249683][T23404] FAULT_INJECTION: forcing a failure.
[ 1533.249683][T23404] name failslab, interval 1, probability 0, space 0, times 0
[ 1533.293456][T23404] CPU: 1 PID: 23404 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1533.303547][T23404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1533.313444][T23404] Call Trace:
[ 1533.316572][T23404]  <TASK>
[ 1533.319344][T23404]  dump_stack_lvl+0x151/0x1b7
[ 1533.323856][T23404]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1533.329150][T23404]  ? is_module_text_address+0xe1/0x140
[ 1533.334533][T23404]  ? stack_trace_save+0x1f0/0x1f0
[ 1533.339395][T23404]  dump_stack+0x15/0x17
[ 1533.343560][T23404]  should_fail+0x3c0/0x510
[ 1533.348075][T23404]  __should_failslab+0x9f/0xe0
[ 1533.352695][T23404]  should_failslab+0x9/0x20
[ 1533.357022][T23404]  kmem_cache_alloc+0x4f/0x2f0
[ 1533.361613][T23404]  ? dup_task_struct+0x53/0xa60
[ 1533.366384][T23404]  ? __kasan_check_write+0x14/0x20
[ 1533.371333][T23404]  dup_task_struct+0x53/0xa60
[ 1533.375843][T23404]  ? __kasan_check_write+0x14/0x20
[ 1533.380792][T23404]  copy_process+0x579/0x3250
[ 1533.385219][T23404]  ? __do_sys_io_uring_setup+0x168f/0x39e0
[ 1533.390859][T23404]  ? ____kasan_kmalloc+0xee/0x110
[ 1533.395717][T23404]  ? ____kasan_kmalloc+0xdc/0x110
[ 1533.400596][T23404]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1533.405961][T23404]  ? __do_sys_io_uring_setup+0x168f/0x39e0
[ 1533.411601][T23404]  ? do_syscall_64+0x44/0xd0
[ 1533.416035][T23404]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1533.422628][T23404]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1533.428439][T23404]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1533.433649][T23404]  create_io_thread+0x16b/0x1e0
[ 1533.438336][T23404]  ? dup_mm+0x330/0x330
[ 1533.442332][T23404]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1533.447540][T23404]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1533.453960][T23404]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1533.459512][T23404]  __do_sys_io_uring_setup+0x211b/0x39e0
[ 1533.465265][T23404]  ? __kasan_check_write+0x14/0x20
[ 1533.470216][T23404]  ? io_rsrc_data_free+0x100/0x100
[ 1533.475158][T23404]  ? ksys_write+0x25f/0x2c0
[ 1533.479500][T23404]  ? debug_smp_processor_id+0x17/0x20
[ 1533.484713][T23404]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1533.489912][T23404]  do_syscall_64+0x44/0xd0
[ 1533.494175][T23404]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1533.499900][T23404] RIP: 0033:0x7f2f114600c9
[ 1533.504151][T23404] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1533.523847][T23404] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1533.532099][T23404] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
03:35:02 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:02 executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:02 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x6000)

03:35:02 executing program 3:
r0 = io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r1, 0x0)

03:35:02 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1533.539988][T23404] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1533.547819][T23404] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1533.555617][T23404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1533.563562][T23404] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1533.571711][T23404]  </TASK>
03:35:02 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 10)

03:35:02 executing program 3:
io_uring_setup(0x19cc, &(0x7f0000000000)={0x0, 0x9766, 0x500, 0x3, 0x363})
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:02 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x600000)

03:35:02 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:02 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x80ffff)

[ 1533.635676][T23423] FAULT_INJECTION: forcing a failure.
[ 1533.635676][T23423] name failslab, interval 1, probability 0, space 0, times 0
[ 1533.666007][T23423] CPU: 1 PID: 23423 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1533.676089][T23423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1533.685983][T23423] Call Trace:
[ 1533.689108][T23423]  <TASK>
[ 1533.691885][T23423]  dump_stack_lvl+0x151/0x1b7
[ 1533.696400][T23423]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1533.701706][T23423]  ? __mod_node_page_state+0xac/0xf0
[ 1533.706814][T23423]  dump_stack+0x15/0x17
[ 1533.710805][T23423]  should_fail+0x3c0/0x510
[ 1533.715061][T23423]  __should_failslab+0x9f/0xe0
[ 1533.719660][T23423]  should_failslab+0x9/0x20
[ 1533.724002][T23423]  kmem_cache_alloc+0x4f/0x2f0
[ 1533.728608][T23423]  ? copy_thread+0x353/0x750
[ 1533.733026][T23423]  ? alloc_pid+0x9c/0xad0
[ 1533.737202][T23423]  alloc_pid+0x9c/0xad0
[ 1533.741181][T23423]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1533.746396][T23423]  copy_process+0x1658/0x3250
[ 1533.750903][T23423]  ? ____kasan_kmalloc+0xee/0x110
[ 1533.755762][T23423]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1533.761233][T23423]  ? do_syscall_64+0x44/0xd0
[ 1533.765664][T23423]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1533.770607][T23423]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1533.775810][T23423]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1533.781020][T23423]  create_io_thread+0x16b/0x1e0
[ 1533.785708][T23423]  ? dup_mm+0x330/0x330
[ 1533.789697][T23423]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1533.794908][T23423]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1533.801332][T23423]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1533.806712][T23423]  __do_sys_io_uring_setup+0x211b/0x39e0
[ 1533.812178][T23423]  ? __kasan_check_write+0x14/0x20
[ 1533.817129][T23423]  ? io_rsrc_data_free+0x100/0x100
[ 1533.822080][T23423]  ? ksys_write+0x25f/0x2c0
[ 1533.826431][T23423]  ? debug_smp_processor_id+0x17/0x20
[ 1533.831619][T23423]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1533.836828][T23423]  do_syscall_64+0x44/0xd0
[ 1533.841077][T23423]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1533.846806][T23423] RIP: 0033:0x7f2f114600c9
[ 1533.851060][T23423] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1533.870590][T23423] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1533.878833][T23423] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
03:35:02 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0xc0ffff)

03:35:02 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

[ 1533.886645][T23423] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1533.894456][T23423] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1533.902268][T23423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1533.910079][T23423] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1533.917893][T23423]  </TASK>
03:35:03 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:03 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x1000000)

03:35:03 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:03 executing program 0:
syz_clone(0x200, &(0x7f0000000880)="ab974ff4b33e15355ed53f668a1be173d4822b1edf2ee0c007d4befead00045ce9db2251", 0x24, &(0x7f00000008c0), 0x0, &(0x7f0000000940))

03:35:03 executing program 3:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:03 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (fail_nth: 11)

03:35:03 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:03 executing program 3:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:03 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x0, &(0x7f0000000140))

03:35:03 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x4000000)

[ 1534.327747][T23451] FAULT_INJECTION: forcing a failure.
[ 1534.327747][T23451] name failslab, interval 1, probability 0, space 0, times 0
[ 1534.363305][T23451] CPU: 1 PID: 23451 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
03:35:03 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0xffff8000)

03:35:03 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0xffffc000)

[ 1534.373560][T23451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1534.383455][T23451] Call Trace:
[ 1534.386578][T23451]  <TASK>
[ 1534.389358][T23451]  dump_stack_lvl+0x151/0x1b7
[ 1534.393871][T23451]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1534.399161][T23451]  ? __get_vm_area_node+0x13a/0x380
[ 1534.404200][T23451]  ? ____kasan_kmalloc+0xee/0x110
[ 1534.409057][T23451]  ? ____kasan_kmalloc+0xdc/0x110
[ 1534.413917][T23451]  dump_stack+0x15/0x17
[ 1534.417910][T23451]  should_fail+0x3c0/0x510
[ 1534.422165][T23451]  __should_failslab+0x9f/0xe0
[ 1534.426766][T23451]  should_failslab+0x9/0x20
[ 1534.431190][T23451]  kmem_cache_alloc+0x4f/0x2f0
[ 1534.435789][T23451]  ? alloc_vmap_area+0x19a/0x1a90
[ 1534.440649][T23451]  alloc_vmap_area+0x19a/0x1a90
[ 1534.445337][T23451]  ? vm_map_ram+0xa80/0xa80
[ 1534.449677][T23451]  ? __kasan_kmalloc+0x9/0x10
[ 1534.454187][T23451]  ? __get_vm_area_node+0x13a/0x380
[ 1534.459227][T23451]  __get_vm_area_node+0x17b/0x380
[ 1534.464084][T23451]  __vmalloc_node_range+0xda/0x800
[ 1534.469031][T23451]  ? copy_process+0x579/0x3250
[ 1534.473631][T23451]  ? kmem_cache_alloc+0x1c1/0x2f0
[ 1534.478492][T23451]  ? dup_task_struct+0x53/0xa60
[ 1534.483175][T23451]  dup_task_struct+0x61f/0xa60
[ 1534.487774][T23451]  ? copy_process+0x579/0x3250
[ 1534.492382][T23451]  ? __kasan_check_write+0x14/0x20
[ 1534.497325][T23451]  copy_process+0x579/0x3250
[ 1534.501749][T23451]  ? __do_sys_io_uring_setup+0x168f/0x39e0
[ 1534.507389][T23451]  ? ____kasan_kmalloc+0xee/0x110
[ 1534.512272][T23451]  ? ____kasan_kmalloc+0xdc/0x110
[ 1534.517110][T23451]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1534.522489][T23451]  ? __do_sys_io_uring_setup+0x168f/0x39e0
[ 1534.528132][T23451]  ? do_syscall_64+0x44/0xd0
[ 1534.532563][T23451]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1534.537507][T23451]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1534.542716][T23451]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1534.547927][T23451]  create_io_thread+0x16b/0x1e0
[ 1534.552701][T23451]  ? dup_mm+0x330/0x330
[ 1534.556772][T23451]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1534.561981][T23451]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1534.568406][T23451]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1534.573959][T23451]  __do_sys_io_uring_setup+0x211b/0x39e0
[ 1534.579425][T23451]  ? __kasan_check_write+0x14/0x20
[ 1534.584377][T23451]  ? io_rsrc_data_free+0x100/0x100
[ 1534.589325][T23451]  ? ksys_write+0x25f/0x2c0
[ 1534.593671][T23451]  ? debug_smp_processor_id+0x17/0x20
[ 1534.598873][T23451]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1534.604077][T23451]  do_syscall_64+0x44/0xd0
[ 1534.608363][T23451]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1534.614056][T23451] RIP: 0033:0x7f2f114600c9
[ 1534.618309][T23451] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1534.639312][T23451] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1534.647556][T23451] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1534.655367][T23451] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1534.663177][T23451] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1534.670992][T23451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:03 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:03 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0xfeffffff0f00)

03:35:03 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x4000000)

03:35:03 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x0, &(0x7f0000000140))

03:35:03 executing program 3:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000100)={0x0, 0x8977, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

[ 1534.678805][T23451] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1534.686618][T23451]  </TASK>
[ 1534.955118][T23451] syz-executor.1: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 1534.993464][T23451] CPU: 1 PID: 23451 Comm: syz-executor.1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1535.003541][T23451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1535.013606][T23451] Call Trace:
[ 1535.016727][T23451]  <TASK>
[ 1535.019514][T23451]  dump_stack_lvl+0x151/0x1b7
[ 1535.024021][T23451]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1535.029314][T23451]  ? pr_cont_kernfs_name+0xe6/0x100
[ 1535.034349][T23451]  dump_stack+0x15/0x17
[ 1535.038340][T23451]  warn_alloc+0x242/0x3d0
[ 1535.042504][T23451]  ? zone_watermark_ok_safe+0x280/0x280
[ 1535.049279][T23451]  ? __get_vm_area_node+0x190/0x380
[ 1535.054311][T23451]  __vmalloc_node_range+0x2be/0x800
[ 1535.059345][T23451]  ? dup_task_struct+0x53/0xa60
[ 1535.064028][T23451]  dup_task_struct+0x61f/0xa60
[ 1535.068630][T23451]  ? copy_process+0x579/0x3250
[ 1535.073258][T23451]  ? __kasan_check_write+0x14/0x20
[ 1535.078178][T23451]  copy_process+0x579/0x3250
[ 1535.082604][T23451]  ? __do_sys_io_uring_setup+0x168f/0x39e0
[ 1535.088249][T23451]  ? ____kasan_kmalloc+0xee/0x110
[ 1535.093104][T23451]  ? ____kasan_kmalloc+0xdc/0x110
[ 1535.097966][T23451]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1535.103350][T23451]  ? __do_sys_io_uring_setup+0x168f/0x39e0
[ 1535.108988][T23451]  ? do_syscall_64+0x44/0xd0
[ 1535.113419][T23451]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1535.118362][T23451]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1535.123570][T23451]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1535.128793][T23451]  create_io_thread+0x16b/0x1e0
[ 1535.133466][T23451]  ? dup_mm+0x330/0x330
[ 1535.137459][T23451]  ? io_fallback_req_func+0x3d0/0x3d0
[ 1535.142682][T23451]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1535.149086][T23451]  ? kmem_cache_alloc_trace+0x1e3/0x310
[ 1535.154471][T23451]  __do_sys_io_uring_setup+0x211b/0x39e0
[ 1535.159934][T23451]  ? __kasan_check_write+0x14/0x20
[ 1535.164887][T23451]  ? io_rsrc_data_free+0x100/0x100
[ 1535.169828][T23451]  ? ksys_write+0x25f/0x2c0
[ 1535.174209][T23451]  ? debug_smp_processor_id+0x17/0x20
[ 1535.179553][T23451]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1535.184758][T23451]  do_syscall_64+0x44/0xd0
[ 1535.189012][T23451]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1535.194740][T23451] RIP: 0033:0x7f2f114600c9
[ 1535.199004][T23451] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1535.218435][T23451] RSP: 002b:00007f2f101d3168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1535.226681][T23451] RAX: ffffffffffffffda RBX: 00007f2f1157ff80 RCX: 00007f2f114600c9
[ 1535.234490][T23451] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000054b
[ 1535.242316][T23451] RBP: 00007f2f101d31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1535.250121][T23451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1535.258012][T23451] R13: 00007ffd4ed9d9ff R14: 00007f2f101d3300 R15: 0000000000022000
[ 1535.265826][T23451]  </TASK>
[ 1535.343298][T23451] Mem-Info:
[ 1535.346261][T23451] active_anon:15477 inactive_anon:12940 isolated_anon:0
[ 1535.346261][T23451]  active_file:6829 inactive_file:65411 isolated_file:0
[ 1535.346261][T23451]  unevictable:0 dirty:15072 writeback:0
[ 1535.346261][T23451]  slab_reclaimable:38840 slab_unreclaimable:52489
[ 1535.346261][T23451]  mapped:30555 shmem:15535 pagetables:840 bounce:0
[ 1535.346261][T23451]  kernel_misc_reclaimable:0
[ 1535.346261][T23451]  free:1472722 free_pcp:24053 free_cma:0
[ 1535.388312][T23451] Node 0 active_anon:61908kB inactive_anon:51760kB active_file:27316kB inactive_file:264144kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:122220kB dirty:64188kB writeback:0kB shmem:62140kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:10208kB pagetables:3360kB all_unreclaimable? no
[ 1535.420875][T23451] DMA32 free:2976724kB min:62592kB low:78240kB high:93888kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2982424kB mlocked:0kB bounce:0kB free_pcp:5700kB local_pcp:5644kB free_cma:0kB
[ 1535.448051][T23451] lowmem_reserve[]: 0 3941 3941
[ 1535.452692][T23451] Normal free:2914164kB min:84860kB low:106072kB high:127284kB reserved_highatomic:0KB active_anon:61908kB inactive_anon:51760kB active_file:27316kB inactive_file:266844kB unevictable:0kB writepending:69880kB present:5242880kB managed:4035848kB mlocked:0kB bounce:0kB free_pcp:84768kB local_pcp:45408kB free_cma:0kB
[ 1535.482233][T23451] lowmem_reserve[]: 0 0 0
[ 1535.486606][T23451] DMA32: 3*4kB (M) 1*8kB (M) 2*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (UM) 4*2048kB (UM) 723*4096kB (M) = 2976724kB
[ 1535.502169][T23451] Normal: 19789*4kB (UME) 8553*8kB (UME) 4630*16kB (UME) 3159*32kB (UME) 1461*64kB (UME) 463*128kB (UME) 615*256kB (UME) 233*512kB (UME) 37*1024kB (UM) 5*2048kB (UME) 516*4096kB (UM) = 2913916kB
[ 1535.521387][T23451] 89841 total pagecache pages
[ 1535.526061][T23451] 0 pages in swap cache
[ 1535.530020][T23451] Swap cache stats: add 0, delete 0, find 0/0
[ 1535.536164][T23451] Free swap  = 0kB
[ 1535.539694][T23451] Total swap = 0kB
03:35:04 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:04 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x4000000)

03:35:04 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0xffffffffe0000)

03:35:04 executing program 3:
r0 = syz_io_uring_setup(0x72e5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:04 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x0, &(0x7f0000000140))

03:35:04 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:04 executing program 3:
r0 = syz_io_uring_setup(0x72e5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:04 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), 0x0)

03:35:04 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x60000000000000)

03:35:04 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

[ 1535.543494][T23451] 2097051 pages RAM
[ 1535.547210][T23451] 0 pages HighMem/MovableOnly
[ 1535.551714][T23451] 342483 pages reserved
[ 1535.555992][T23451] 0 pages cma reserved
03:35:04 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x80ffff00000000)

03:35:04 executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000002c0)="d63fe3ced7")
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:04 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), 0x0)

03:35:04 executing program 3:
r0 = syz_io_uring_setup(0x72e5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:04 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x2, 0x2, 0x0, 0xfffffffc})

03:35:04 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), 0x0)

03:35:04 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0xc0ffff00000000)

03:35:04 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:04 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x2, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:04 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x3, 0x2, 0x0, 0xfffffffc})

03:35:04 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x9be7, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xc64f, 0x22, 0x1, 0xfa}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:04 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 1)

03:35:04 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x100000000000000)

03:35:04 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:04 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x400000000000000)

03:35:04 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1)

03:35:04 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4, 0x2, 0x0, 0xfffffffc})

[ 1535.742665][T23594] FAULT_INJECTION: forcing a failure.
[ 1535.742665][T23594] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1535.777166][T23603] FAULT_INJECTION: forcing a failure.
[ 1535.777166][T23603] name failslab, interval 1, probability 0, space 0, times 0
[ 1535.782576][T23594] CPU: 0 PID: 23594 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1535.799655][T23594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1535.809555][T23594] Call Trace:
[ 1535.812674][T23594]  <TASK>
[ 1535.815539][T23594]  dump_stack_lvl+0x151/0x1b7
[ 1535.820054][T23594]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1535.825355][T23594]  ? security_file_permission+0xf3/0x5f0
[ 1535.830816][T23594]  dump_stack+0x15/0x17
[ 1535.834805][T23594]  should_fail+0x3c0/0x510
[ 1535.839062][T23594]  should_fail_usercopy+0x1a/0x20
[ 1535.843919][T23594]  _copy_from_user+0x20/0xd0
[ 1535.848343][T23594]  __do_sys_io_uring_setup+0xac/0x39e0
[ 1535.853653][T23594]  ? __kasan_check_write+0x14/0x20
[ 1535.858584][T23594]  ? mutex_lock+0xb6/0x130
[ 1535.862836][T23594]  ? __kasan_check_write+0x14/0x20
[ 1535.867783][T23594]  ? mutex_unlock+0xa2/0x110
[ 1535.872223][T23594]  ? __mutex_lock_slowpath+0x10/0x10
[ 1535.877333][T23594]  ? __kasan_check_write+0x14/0x20
[ 1535.882279][T23594]  ? fput_many+0x47/0x1a0
[ 1535.886446][T23594]  ? io_rsrc_data_free+0x100/0x100
[ 1535.891393][T23594]  ? ksys_write+0x25f/0x2c0
[ 1535.895739][T23594]  ? debug_smp_processor_id+0x17/0x20
[ 1535.900939][T23594]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1535.906148][T23594]  do_syscall_64+0x44/0xd0
[ 1535.910399][T23594]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1535.916128][T23594] RIP: 0033:0x7f12bd6530c9
[ 1535.920380][T23594] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:04 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x21a}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:04 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x5caf, &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
sendmsg$can_raw(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0x10, &(0x7f0000000280)={&(0x7f0000000200)=@canfd={{0x2, 0x1, 0x1, 0x1}, 0x8, 0x1, 0x0, 0x0, "6b5ac800d76380a1c8ff9aabb88e658916ce6314bb9b0bfaee8f8041323ea44a7753bacb75d2f6a0ac99cc25e5e47a2afb7c12bf3550b223dc1a49b507a5bffa"}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
r2 = syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x1)
ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000000340)=""/17)

[ 1535.939831][T23594] RSP: 002b:00007f12bc3c60e8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 1535.948071][T23594] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd6530c9
[ 1535.955877][T23594] RDX: 0000000020ffd000 RSI: 0000000020000040 RDI: 000000000000769b
[ 1535.963689][T23594] RBP: 0000000020000040 R08: 0000000020000140 R09: 0000000020000140
[ 1535.971504][T23594] R10: 0000000020000100 R11: 0000000000000206 R12: 0000000020000140
[ 1535.979311][T23594] R13: 0000000020ffd000 R14: 0000000020000100 R15: 0000000020ffe000
[ 1535.987127][T23594]  </TASK>
[ 1535.993822][T23603] CPU: 1 PID: 23603 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1536.003898][T23603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1536.013787][T23603] Call Trace:
[ 1536.016908][T23603]  <TASK>
[ 1536.019686][T23603]  dump_stack_lvl+0x151/0x1b7
[ 1536.024204][T23603]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1536.029494][T23603]  ? __stack_depot_save+0x34/0x4b0
[ 1536.034443][T23603]  dump_stack+0x15/0x17
[ 1536.038432][T23603]  should_fail+0x3c0/0x510
[ 1536.042687][T23603]  __should_failslab+0x9f/0xe0
[ 1536.047285][T23603]  should_failslab+0x9/0x20
[ 1536.051626][T23603]  kmem_cache_alloc+0x4f/0x2f0
[ 1536.056226][T23603]  ? dup_task_struct+0x53/0xa60
[ 1536.060922][T23603]  ? __kasan_check_write+0x14/0x20
[ 1536.065869][T23603]  dup_task_struct+0x53/0xa60
[ 1536.070373][T23603]  ? __kasan_check_write+0x14/0x20
[ 1536.075320][T23603]  copy_process+0x579/0x3250
[ 1536.079749][T23603]  ? __kasan_check_write+0x14/0x20
[ 1536.084693][T23603]  ? proc_fail_nth_write+0x213/0x290
[ 1536.089814][T23603]  ? proc_fail_nth_read+0x220/0x220
[ 1536.094848][T23603]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1536.100237][T23603]  ? vfs_write+0x9af/0x1050
[ 1536.104573][T23603]  kernel_clone+0x22d/0x990
[ 1536.108997][T23603]  ? file_end_write+0x1b0/0x1b0
[ 1536.113681][T23603]  ? __kasan_check_write+0x14/0x20
[ 1536.118629][T23603]  ? create_io_thread+0x1e0/0x1e0
[ 1536.123488][T23603]  ? __mutex_lock_slowpath+0x10/0x10
[ 1536.128611][T23603]  __x64_sys_clone+0x289/0x310
[ 1536.133218][T23603]  ? __do_sys_vfork+0x130/0x130
[ 1536.137896][T23603]  ? debug_smp_processor_id+0x17/0x20
[ 1536.143125][T23603]  do_syscall_64+0x44/0xd0
[ 1536.147356][T23603]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1536.153086][T23603] RIP: 0033:0x7fed39e510c9
[ 1536.157347][T23603] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1536.176779][T23603] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1536.185116][T23603] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
03:35:05 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:05 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x7, 0x2, 0x0, 0xfffffffc})

03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:05 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 2)

03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:05 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x5caf, &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
sendmsg$can_raw(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0x10, &(0x7f0000000280)={&(0x7f0000000200)=@canfd={{0x2, 0x1, 0x1, 0x1}, 0x8, 0x1, 0x0, 0x0, "6b5ac800d76380a1c8ff9aabb88e658916ce6314bb9b0bfaee8f8041323ea44a7753bacb75d2f6a0ac99cc25e5e47a2afb7c12bf3550b223dc1a49b507a5bffa"}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
r2 = syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x1)
ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000000340)=""/17)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x5caf, &(0x7f0000000100)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
sendmsg$can_raw(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0x10, &(0x7f0000000280)={&(0x7f0000000200)=@canfd={{0x2, 0x1, 0x1, 0x1}, 0x8, 0x1, 0x0, 0x0, "6b5ac800d76380a1c8ff9aabb88e658916ce6314bb9b0bfaee8f8041323ea44a7753bacb75d2f6a0ac99cc25e5e47a2afb7c12bf3550b223dc1a49b507a5bffa"}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40) (async)
syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x1) (async)
ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000000340)=""/17) (async)

03:35:05 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x8, 0x2, 0x0, 0xfffffffc})

[ 1536.192920][T23603] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1536.202747][T23603] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1536.210541][T23603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1536.218364][T23603] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1536.226166][T23603]  </TASK>
03:35:05 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x9, 0x2, 0x0, 0xfffffffc})

[ 1536.364847][T23642] FAULT_INJECTION: forcing a failure.
[ 1536.364847][T23642] name failslab, interval 1, probability 0, space 0, times 0
[ 1536.378460][T23642] CPU: 0 PID: 23642 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1536.388523][T23642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1536.398421][T23642] Call Trace:
[ 1536.401542][T23642]  <TASK>
[ 1536.404318][T23642]  dump_stack_lvl+0x151/0x1b7
[ 1536.408831][T23642]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1536.414216][T23642]  ? __kasan_check_write+0x14/0x20
[ 1536.419161][T23642]  ? proc_fail_nth_write+0x213/0x290
[ 1536.424281][T23642]  dump_stack+0x15/0x17
[ 1536.428273][T23642]  should_fail+0x3c0/0x510
[ 1536.432527][T23642]  ? __do_sys_io_uring_setup+0x3c8/0x39e0
[ 1536.438089][T23642]  __should_failslab+0x9f/0xe0
[ 1536.442682][T23642]  should_failslab+0x9/0x20
[ 1536.447021][T23642]  kmem_cache_alloc_trace+0x4a/0x310
[ 1536.452325][T23642]  ? __kasan_check_write+0x14/0x20
[ 1536.457438][T23642]  __do_sys_io_uring_setup+0x3c8/0x39e0
[ 1536.462912][T23642]  ? __kasan_check_write+0x14/0x20
[ 1536.467858][T23642]  ? mutex_lock+0xb6/0x130
[ 1536.472112][T23642]  ? __kasan_check_write+0x14/0x20
[ 1536.477056][T23642]  ? mutex_unlock+0xa2/0x110
[ 1536.481525][T23642]  ? __mutex_lock_slowpath+0x10/0x10
[ 1536.486607][T23642]  ? __kasan_check_write+0x14/0x20
[ 1536.491548][T23642]  ? fput_many+0x47/0x1a0
[ 1536.495717][T23642]  ? io_rsrc_data_free+0x100/0x100
[ 1536.500663][T23642]  ? ksys_write+0x25f/0x2c0
[ 1536.505006][T23642]  ? debug_smp_processor_id+0x17/0x20
[ 1536.510211][T23642]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1536.515420][T23642]  do_syscall_64+0x44/0xd0
[ 1536.519676][T23642]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1536.525396][T23642] RIP: 0033:0x7f12bd6530c9
[ 1536.529652][T23642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1536.550219][T23642] RSP: 002b:00007f12bc3c60e8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
03:35:05 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2)

03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:05 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x5caf, &(0x7f0000000100))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
sendmsg$can_raw(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0x10, &(0x7f0000000280)={&(0x7f0000000200)=@canfd={{0x2, 0x1, 0x1, 0x1}, 0x8, 0x1, 0x0, 0x0, "6b5ac800d76380a1c8ff9aabb88e658916ce6314bb9b0bfaee8f8041323ea44a7753bacb75d2f6a0ac99cc25e5e47a2afb7c12bf3550b223dc1a49b507a5bffa"}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40) (async)
r2 = syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x1)
ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000000340)=""/17)

03:35:05 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x14, 0x2, 0x0, 0xfffffffc})

[ 1536.558462][T23642] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd6530c9
[ 1536.566287][T23642] RDX: 0000000020ffd000 RSI: 0000000020000040 RDI: 000000000000769b
[ 1536.574111][T23642] RBP: 0000000020000040 R08: 0000000020000140 R09: 0000000020000140
[ 1536.581898][T23642] R10: 0000000020000100 R11: 0000000000000206 R12: 0000000020000140
[ 1536.589711][T23642] R13: 0000000020ffd000 R14: 0000000020000100 R15: 0000000020ffe000
[ 1536.597524][T23642]  </TASK>
[ 1536.621461][T23656] FAULT_INJECTION: forcing a failure.
[ 1536.621461][T23656] name failslab, interval 1, probability 0, space 0, times 0
[ 1536.646437][T23656] CPU: 0 PID: 23656 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1536.656512][T23656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1536.666406][T23656] Call Trace:
[ 1536.669527][T23656]  <TASK>
[ 1536.672308][T23656]  dump_stack_lvl+0x151/0x1b7
[ 1536.676825][T23656]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1536.682117][T23656]  ? __this_cpu_preempt_check+0x13/0x20
[ 1536.687505][T23656]  dump_stack+0x15/0x17
[ 1536.691484][T23656]  should_fail+0x3c0/0x510
[ 1536.695743][T23656]  __should_failslab+0x9f/0xe0
[ 1536.700342][T23656]  should_failslab+0x9/0x20
[ 1536.704679][T23656]  kmem_cache_alloc+0x4f/0x2f0
[ 1536.709279][T23656]  ? __kasan_check_write+0x14/0x20
[ 1536.714227][T23656]  ? prepare_creds+0x30/0x690
03:35:05 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:05 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 3)

03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:05 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x2b, 0x2, 0x0, 0xfffffffc})

03:35:05 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x4000010, r0, 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

[ 1536.718739][T23656]  ? _raw_spin_lock_irqsave+0xf8/0x210
[ 1536.724036][T23656]  prepare_creds+0x30/0x690
[ 1536.728376][T23656]  copy_creds+0xde/0x640
[ 1536.732467][T23656]  copy_process+0x775/0x3250
[ 1536.736886][T23656]  ? __kasan_check_write+0x14/0x20
[ 1536.741832][T23656]  ? proc_fail_nth_write+0x213/0x290
[ 1536.746949][T23656]  ? proc_fail_nth_read+0x220/0x220
[ 1536.751986][T23656]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1536.756930][T23656]  ? vfs_write+0x9af/0x1050
[ 1536.761267][T23656]  kernel_clone+0x22d/0x990
[ 1536.765610][T23656]  ? file_end_write+0x1b0/0x1b0
03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

[ 1536.770296][T23656]  ? __kasan_check_write+0x14/0x20
[ 1536.775330][T23656]  ? create_io_thread+0x1e0/0x1e0
[ 1536.780197][T23656]  ? __mutex_lock_slowpath+0x10/0x10
[ 1536.785311][T23656]  __x64_sys_clone+0x289/0x310
[ 1536.789911][T23656]  ? __do_sys_vfork+0x130/0x130
[ 1536.794600][T23656]  ? debug_smp_processor_id+0x17/0x20
[ 1536.799807][T23656]  do_syscall_64+0x44/0xd0
[ 1536.804056][T23656]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1536.809786][T23656] RIP: 0033:0x7fed39e510c9
[ 1536.814044][T23656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1536.833566][T23656] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1536.841813][T23656] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1536.849623][T23656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1536.857435][T23656] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1536.865267][T23656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1536.873056][T23656] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1536.880870][T23656]  </TASK>
[ 1536.890839][T23667] FAULT_INJECTION: forcing a failure.
[ 1536.890839][T23667] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1536.906725][T23667] CPU: 0 PID: 23667 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
03:35:05 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3)

03:35:05 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:05 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x4000010, r0, 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x4000010, r0, 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)

03:35:05 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x32, 0x2, 0x0, 0xfffffffc})

[ 1536.916976][T23667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1536.926952][T23667] Call Trace:
[ 1536.930072][T23667]  <TASK>
[ 1536.932852][T23667]  dump_stack_lvl+0x151/0x1b7
[ 1536.937366][T23667]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1536.942660][T23667]  ? __stack_depot_save+0x34/0x4b0
[ 1536.947845][T23667]  dump_stack+0x15/0x17
[ 1536.951801][T23667]  should_fail+0x3c0/0x510
[ 1536.956058][T23667]  should_fail_alloc_page+0x58/0x70
[ 1536.961093][T23667]  __alloc_pages+0x1de/0x7c0
[ 1536.965514][T23667]  ? __count_vm_events+0x30/0x30
[ 1536.970288][T23667]  kmalloc_order+0x4c/0x110
[ 1536.974631][T23667]  kmalloc_order_trace+0x1a/0xb0
[ 1536.979402][T23667]  __kmalloc+0x24a/0x350
[ 1536.983480][T23667]  ? __do_sys_io_uring_setup+0x3c8/0x39e0
[ 1536.989037][T23667]  __do_sys_io_uring_setup+0x49a/0x39e0
[ 1536.994428][T23667]  ? __kasan_check_write+0x14/0x20
[ 1536.999372][T23667]  ? mutex_lock+0xb6/0x130
[ 1537.003617][T23667]  ? __kasan_check_write+0x14/0x20
[ 1537.008566][T23667]  ? mutex_unlock+0xa2/0x110
[ 1537.012988][T23667]  ? __mutex_lock_slowpath+0x10/0x10
[ 1537.018717][T23667]  ? fput_many+0x47/0x1a0
[ 1537.022888][T23667]  ? io_rsrc_data_free+0x100/0x100
[ 1537.027831][T23667]  ? ksys_write+0x25f/0x2c0
[ 1537.032267][T23667]  ? debug_smp_processor_id+0x17/0x20
[ 1537.033738][T23688] FAULT_INJECTION: forcing a failure.
[ 1537.033738][T23688] name failslab, interval 1, probability 0, space 0, times 0
[ 1537.038964][T23667]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1537.056572][T23667]  do_syscall_64+0x44/0xd0
[ 1537.060821][T23667]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1537.066636][T23667] RIP: 0033:0x7f12bd6530c9
[ 1537.070896][T23667] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1537.090332][T23667] RSP: 002b:00007f12bc3c60e8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 1537.098578][T23667] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd6530c9
[ 1537.106390][T23667] RDX: 0000000020ffd000 RSI: 0000000020000040 RDI: 000000000000769b
[ 1537.114290][T23667] RBP: 0000000020000040 R08: 0000000020000140 R09: 0000000020000140
[ 1537.123225][T23667] R10: 0000000020000100 R11: 0000000000000206 R12: 0000000020000140
[ 1537.131031][T23667] R13: 0000000020ffd000 R14: 0000000020000100 R15: 0000000020ffe000
[ 1537.138850][T23667]  </TASK>
[ 1537.142071][T23688] CPU: 1 PID: 23688 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1537.152301][T23688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1537.162199][T23688] Call Trace:
[ 1537.165843][T23688]  <TASK>
[ 1537.168703][T23688]  dump_stack_lvl+0x151/0x1b7
[ 1537.173218][T23688]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1537.178610][T23688]  ? __get_vm_area_node+0x13a/0x380
[ 1537.183728][T23688]  ? ____kasan_kmalloc+0xee/0x110
[ 1537.188587][T23688]  ? ____kasan_kmalloc+0xdc/0x110
[ 1537.193452][T23688]  dump_stack+0x15/0x17
[ 1537.197445][T23688]  should_fail+0x3c0/0x510
[ 1537.201699][T23688]  __should_failslab+0x9f/0xe0
[ 1537.206294][T23688]  should_failslab+0x9/0x20
[ 1537.210638][T23688]  kmem_cache_alloc+0x4f/0x2f0
[ 1537.215234][T23688]  ? alloc_vmap_area+0x19a/0x1a90
[ 1537.220103][T23688]  alloc_vmap_area+0x19a/0x1a90
[ 1537.224782][T23688]  ? vm_map_ram+0xa80/0xa80
[ 1537.229205][T23688]  ? __kasan_kmalloc+0x9/0x10
[ 1537.233778][T23688]  ? __get_vm_area_node+0x13a/0x380
[ 1537.238757][T23688]  __get_vm_area_node+0x17b/0x380
[ 1537.243621][T23688]  __vmalloc_node_range+0xda/0x800
[ 1537.248561][T23688]  ? copy_process+0x579/0x3250
[ 1537.253258][T23688]  ? kmem_cache_alloc+0x1c1/0x2f0
[ 1537.258111][T23688]  ? dup_task_struct+0x53/0xa60
[ 1537.262793][T23688]  dup_task_struct+0x61f/0xa60
[ 1537.267395][T23688]  ? copy_process+0x579/0x3250
[ 1537.271998][T23688]  ? __kasan_check_write+0x14/0x20
[ 1537.276944][T23688]  copy_process+0x579/0x3250
[ 1537.281458][T23688]  ? __kasan_check_write+0x14/0x20
[ 1537.286403][T23688]  ? proc_fail_nth_write+0x213/0x290
[ 1537.291539][T23688]  ? proc_fail_nth_read+0x220/0x220
[ 1537.296731][T23688]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1537.301680][T23688]  ? vfs_write+0x9af/0x1050
[ 1537.306035][T23688]  ? vmacache_update+0xb7/0x120
[ 1537.310713][T23688]  kernel_clone+0x22d/0x990
[ 1537.315060][T23688]  ? file_end_write+0x1b0/0x1b0
[ 1537.319733][T23688]  ? __kasan_check_write+0x14/0x20
[ 1537.324683][T23688]  ? create_io_thread+0x1e0/0x1e0
[ 1537.329537][T23688]  ? __mutex_lock_slowpath+0x10/0x10
[ 1537.334669][T23688]  __x64_sys_clone+0x289/0x310
[ 1537.339262][T23688]  ? __do_sys_vfork+0x130/0x130
[ 1537.343950][T23688]  ? debug_smp_processor_id+0x17/0x20
[ 1537.349159][T23688]  do_syscall_64+0x44/0xd0
[ 1537.353408][T23688]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1537.359135][T23688] RIP: 0033:0x7fed39e510c9
[ 1537.363388][T23688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1537.382921][T23688] RSP: 002b:00007fed38ba3118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1537.391165][T23688] RAX: ffffffffffffffda RBX: 00007fed39f71050 RCX: 00007fed39e510c9
[ 1537.398975][T23688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1537.406788][T23688] RBP: 00007fed38ba31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1537.415035][T23688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
03:35:06 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:06 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0)

03:35:06 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 4)

03:35:06 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x4000010, r0, 0x0) (async, rerun: 32)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (rerun: 32)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:06 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x34, 0x2, 0x0, 0xfffffffc})

03:35:06 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4)

[ 1537.422836][T23688] R13: 00007ffef667485f R14: 00007fed38ba3300 R15: 0000000000022000
[ 1537.430653][T23688]  </TASK>
[ 1537.475319][T23700] FAULT_INJECTION: forcing a failure.
[ 1537.475319][T23700] name failslab, interval 1, probability 0, space 0, times 0
[ 1537.491483][T23704] FAULT_INJECTION: forcing a failure.
[ 1537.491483][T23704] name failslab, interval 1, probability 0, space 0, times 0
[ 1537.501868][T23700] CPU: 1 PID: 23700 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1537.513965][T23700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1537.523863][T23700] Call Trace:
[ 1537.526990][T23700]  <TASK>
[ 1537.529762][T23700]  dump_stack_lvl+0x151/0x1b7
[ 1537.534366][T23700]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1537.539663][T23700]  dump_stack+0x15/0x17
[ 1537.543644][T23700]  should_fail+0x3c0/0x510
[ 1537.547900][T23700]  ? __do_sys_io_uring_setup+0x541/0x39e0
[ 1537.553451][T23700]  __should_failslab+0x9f/0xe0
[ 1537.558051][T23700]  should_failslab+0x9/0x20
[ 1537.562392][T23700]  kmem_cache_alloc_trace+0x4a/0x310
[ 1537.567520][T23700]  __do_sys_io_uring_setup+0x541/0x39e0
[ 1537.572892][T23700]  ? __kasan_check_write+0x14/0x20
[ 1537.577848][T23700]  ? mutex_lock+0xb6/0x130
[ 1537.582092][T23700]  ? __kasan_check_write+0x14/0x20
[ 1537.587038][T23700]  ? mutex_unlock+0xa2/0x110
[ 1537.591467][T23700]  ? __mutex_lock_slowpath+0x10/0x10
[ 1537.596588][T23700]  ? fput_many+0x47/0x1a0
[ 1537.600752][T23700]  ? io_rsrc_data_free+0x100/0x100
[ 1537.605872][T23700]  ? ksys_write+0x25f/0x2c0
[ 1537.610214][T23700]  ? debug_smp_processor_id+0x17/0x20
[ 1537.615424][T23700]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1537.620631][T23700]  do_syscall_64+0x44/0xd0
[ 1537.624881][T23700]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1537.630608][T23700] RIP: 0033:0x7f12bd6530c9
[ 1537.634874][T23700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1537.654301][T23700] RSP: 002b:00007f12bc3c60e8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 1537.662549][T23700] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd6530c9
03:35:06 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0)

03:35:06 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x30)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:06 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x41, 0x2, 0x0, 0xfffffffc})

[ 1537.670358][T23700] RDX: 0000000020ffd000 RSI: 0000000020000040 RDI: 000000000000769b
[ 1537.678170][T23700] RBP: 0000000020000040 R08: 0000000020000140 R09: 0000000020000140
[ 1537.686504][T23700] R10: 0000000020000100 R11: 0000000000000206 R12: 0000000020000140
[ 1537.694313][T23700] R13: 0000000020ffd000 R14: 0000000020000100 R15: 0000000020ffe000
[ 1537.702215][T23700]  </TASK>
[ 1537.729404][T23704] CPU: 0 PID: 23704 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1537.739482][T23704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1537.749383][T23704] Call Trace:
[ 1537.752500][T23704]  <TASK>
[ 1537.755277][T23704]  dump_stack_lvl+0x151/0x1b7
[ 1537.759886][T23704]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1537.765263][T23704]  dump_stack+0x15/0x17
[ 1537.769249][T23704]  should_fail+0x3c0/0x510
[ 1537.773602][T23704]  __should_failslab+0x9f/0xe0
[ 1537.778190][T23704]  should_failslab+0x9/0x20
[ 1537.782529][T23704]  kmem_cache_alloc+0x4f/0x2f0
[ 1537.787128][T23704]  ? alloc_vmap_area+0x6c3/0x1a90
[ 1537.791995][T23704]  alloc_vmap_area+0x6c3/0x1a90
[ 1537.796770][T23704]  ? vm_map_ram+0xa80/0xa80
[ 1537.801107][T23704]  ? __kasan_kmalloc+0x9/0x10
[ 1537.805618][T23704]  ? __get_vm_area_node+0x13a/0x380
[ 1537.810652][T23704]  __get_vm_area_node+0x17b/0x380
[ 1537.815510][T23704]  __vmalloc_node_range+0xda/0x800
[ 1537.820458][T23704]  ? copy_process+0x579/0x3250
[ 1537.825068][T23704]  ? kmem_cache_alloc+0x1c1/0x2f0
[ 1537.829962][T23704]  ? dup_task_struct+0x53/0xa60
[ 1537.834614][T23704]  dup_task_struct+0x61f/0xa60
[ 1537.839205][T23704]  ? copy_process+0x579/0x3250
[ 1537.843803][T23704]  ? __kasan_check_write+0x14/0x20
[ 1537.848752][T23704]  copy_process+0x579/0x3250
[ 1537.853179][T23704]  ? __kasan_check_write+0x14/0x20
[ 1537.858127][T23704]  ? proc_fail_nth_write+0x213/0x290
[ 1537.863245][T23704]  ? proc_fail_nth_read+0x220/0x220
[ 1537.868369][T23704]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1537.873315][T23704]  ? vfs_write+0x9af/0x1050
[ 1537.877657][T23704]  kernel_clone+0x22d/0x990
[ 1537.881992][T23704]  ? file_end_write+0x1b0/0x1b0
[ 1537.886806][T23704]  ? __kasan_check_write+0x14/0x20
[ 1537.891759][T23704]  ? create_io_thread+0x1e0/0x1e0
[ 1537.896607][T23704]  ? __mutex_lock_slowpath+0x10/0x10
[ 1537.901724][T23704]  __x64_sys_clone+0x289/0x310
[ 1537.906325][T23704]  ? __do_sys_vfork+0x130/0x130
[ 1537.911011][T23704]  ? debug_smp_processor_id+0x17/0x20
[ 1537.916226][T23704]  do_syscall_64+0x44/0xd0
[ 1537.920472][T23704]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1537.926199][T23704] RIP: 0033:0x7fed39e510c9
[ 1537.930539][T23704] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1537.949981][T23704] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1537.958222][T23704] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1537.966037][T23704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:06 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x30) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:06 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 5)

03:35:06 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x42, 0x2, 0x0, 0xfffffffc})

03:35:06 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:06 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0)

03:35:06 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5)

[ 1537.973858][T23704] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1537.981655][T23704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1537.989475][T23704] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1537.997282][T23704]  </TASK>
[ 1538.016235][T23722] FAULT_INJECTION: forcing a failure.
[ 1538.016235][T23722] name failslab, interval 1, probability 0, space 0, times 0
03:35:06 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x30)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0) (async)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x30) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)

03:35:06 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x204, 0x2, 0x0, 0xfffffffc})

03:35:06 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0xc0803, 0x0)
syz_io_uring_setup(0x559a, &(0x7f0000000180)={0x0, 0x800d359, 0x20, 0x2000000, 0xffffffff, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:06 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x300, 0x2, 0x0, 0xfffffffc})

03:35:06 executing program 3:
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0)

[ 1538.043967][T23722] CPU: 0 PID: 23722 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1538.054052][T23722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1538.064036][T23722] Call Trace:
[ 1538.067147][T23722]  <TASK>
[ 1538.069965][T23722]  dump_stack_lvl+0x151/0x1b7
[ 1538.074446][T23722]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1538.079819][T23722]  ? trace_raw_output_percpu_destroy_chunk+0xc0/0xc0
[ 1538.086675][T23722]  ? _find_next_bit+0x20a/0x210
03:35:06 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x402, 0x2, 0x0, 0xfffffffc})

03:35:06 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0xc0803, 0x0)
syz_io_uring_setup(0x559a, &(0x7f0000000180)={0x0, 0x800d359, 0x20, 0x2000000, 0xffffffff, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0xc0803, 0x0) (async)
syz_io_uring_setup(0x559a, &(0x7f0000000180)={0x0, 0x800d359, 0x20, 0x2000000, 0xffffffff, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)

[ 1538.091363][T23722]  dump_stack+0x15/0x17
[ 1538.095368][T23722]  should_fail+0x3c0/0x510
[ 1538.099705][T23722]  ? percpu_ref_init+0xc8/0x340
[ 1538.104393][T23722]  __should_failslab+0x9f/0xe0
[ 1538.108993][T23722]  should_failslab+0x9/0x20
[ 1538.113333][T23722]  kmem_cache_alloc_trace+0x4a/0x310
[ 1538.118455][T23722]  ? __do_sys_io_uring_setup+0x39e0/0x39e0
[ 1538.124096][T23722]  percpu_ref_init+0xc8/0x340
[ 1538.128616][T23722]  ? __do_sys_io_uring_setup+0x39e0/0x39e0
[ 1538.134254][T23722]  ? __do_sys_io_uring_setup+0x541/0x39e0
[ 1538.139814][T23722]  __do_sys_io_uring_setup+0x5bc/0x39e0
[ 1538.145188][T23722]  ? __kasan_check_write+0x14/0x20
[ 1538.150133][T23722]  ? mutex_lock+0xb6/0x130
[ 1538.154397][T23722]  ? __kasan_check_write+0x14/0x20
[ 1538.159333][T23722]  ? mutex_unlock+0xa2/0x110
[ 1538.163761][T23722]  ? __mutex_lock_slowpath+0x10/0x10
[ 1538.169318][T23722]  ? fput_many+0x47/0x1a0
[ 1538.173478][T23722]  ? io_rsrc_data_free+0x100/0x100
[ 1538.178607][T23722]  ? ksys_write+0x25f/0x2c0
[ 1538.182946][T23722]  ? debug_smp_processor_id+0x17/0x20
[ 1538.188152][T23722]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1538.193363][T23722]  do_syscall_64+0x44/0xd0
[ 1538.197609][T23722]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1538.203346][T23722] RIP: 0033:0x7f12bd6530c9
[ 1538.207596][T23722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1538.227027][T23722] RSP: 002b:00007f12bc3c60e8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 1538.235276][T23722] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd6530c9
03:35:07 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 6)

03:35:07 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x406, 0x2, 0x0, 0xfffffffc})

03:35:07 executing program 3:
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0)

03:35:07 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0xc0803, 0x0)
syz_io_uring_setup(0x559a, &(0x7f0000000180)={0x0, 0x800d359, 0x20, 0x2000000, 0xffffffff, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0xc0803, 0x0) (async)
syz_io_uring_setup(0x559a, &(0x7f0000000180)={0x0, 0x800d359, 0x20, 0x2000000, 0xffffffff, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)

[ 1538.243078][T23722] RDX: 0000000020ffd000 RSI: 0000000020000040 RDI: 000000000000769b
[ 1538.250891][T23722] RBP: 0000000020000040 R08: 0000000020000140 R09: 0000000020000140
[ 1538.258702][T23722] R10: 0000000020000100 R11: 0000000000000206 R12: 0000000020000140
[ 1538.266515][T23722] R13: 0000000020ffd000 R14: 0000000020000100 R15: 0000000020ffe000
[ 1538.274326][T23722]  </TASK>
[ 1538.331553][T23772] FAULT_INJECTION: forcing a failure.
[ 1538.331553][T23772] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1538.360150][T23772] CPU: 1 PID: 23772 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1538.370234][T23772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1538.380128][T23772] Call Trace:
[ 1538.383245][T23772]  <TASK>
[ 1538.386031][T23772]  dump_stack_lvl+0x151/0x1b7
[ 1538.390537][T23772]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1538.395835][T23772]  dump_stack+0x15/0x17
[ 1538.399822][T23772]  should_fail+0x3c0/0x510
[ 1538.404080][T23772]  should_fail_alloc_page+0x58/0x70
[ 1538.409110][T23772]  __alloc_pages+0x1de/0x7c0
[ 1538.413639][T23772]  ? __count_vm_events+0x30/0x30
[ 1538.418401][T23772]  ? selinux_capable+0x39/0x50
[ 1538.423258][T23772]  ? security_capable+0xb2/0xd0
[ 1538.428039][T23772]  __get_free_pages+0xe/0x30
[ 1538.432457][T23772]  __do_sys_io_uring_setup+0x1286/0x39e0
[ 1538.438035][T23772]  ? __kasan_check_write+0x14/0x20
[ 1538.442963][T23772]  ? mutex_unlock+0xa2/0x110
[ 1538.447386][T23772]  ? fput_many+0x47/0x1a0
[ 1538.451552][T23772]  ? io_rsrc_data_free+0x100/0x100
[ 1538.456503][T23772]  ? ksys_write+0x25f/0x2c0
[ 1538.460840][T23772]  ? debug_smp_processor_id+0x17/0x20
[ 1538.466220][T23772]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1538.471429][T23772]  do_syscall_64+0x44/0xd0
[ 1538.475677][T23772]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1538.481408][T23772] RIP: 0033:0x7f12bd6530c9
[ 1538.485662][T23772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1538.505111][T23772] RSP: 002b:00007f12bc3c60e8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 1538.506029][T23773] FAULT_INJECTION: forcing a failure.
[ 1538.506029][T23773] name failslab, interval 1, probability 0, space 0, times 0
[ 1538.513442][T23772] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd6530c9
[ 1538.513465][T23772] RDX: 0000000020ffd000 RSI: 0000000020000040 RDI: 000000000000769b
[ 1538.513478][T23772] RBP: 0000000020000040 R08: 0000000020000140 R09: 0000000020000140
[ 1538.513489][T23772] R10: 0000000020000100 R11: 0000000000000206 R12: 0000000020000140
[ 1538.557726][T23772] R13: 0000000020ffd000 R14: 0000000020000100 R15: 0000000020ffe000
[ 1538.565637][T23772]  </TASK>
[ 1538.570586][T23773] CPU: 0 PID: 23773 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1538.580654][T23773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1538.590551][T23773] Call Trace:
[ 1538.593671][T23773]  <TASK>
[ 1538.596462][T23773]  dump_stack_lvl+0x151/0x1b7
[ 1538.600967][T23773]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1538.606346][T23773]  dump_stack+0x15/0x17
[ 1538.610342][T23773]  should_fail+0x3c0/0x510
[ 1538.614678][T23773]  ? alloc_fdtable+0xaf/0x2b0
[ 1538.619277][T23773]  __should_failslab+0x9f/0xe0
[ 1538.623876][T23773]  should_failslab+0x9/0x20
[ 1538.628217][T23773]  kmem_cache_alloc_trace+0x4a/0x310
[ 1538.633341][T23773]  ? __kasan_check_write+0x14/0x20
[ 1538.638283][T23773]  ? _raw_spin_lock+0xa3/0x1b0
[ 1538.644272][T23773]  alloc_fdtable+0xaf/0x2b0
[ 1538.648791][T23773]  dup_fd+0x781/0xa40
[ 1538.652605][T23773]  ? avc_has_perm+0x16d/0x260
[ 1538.657402][T23773]  copy_files+0xe6/0x200
[ 1538.661738][T23773]  ? perf_event_attrs+0x30/0x30
[ 1538.666403][T23773]  ? dup_task_struct+0xa60/0xa60
[ 1538.671178][T23773]  ? security_task_alloc+0x132/0x150
[ 1538.676297][T23773]  copy_process+0x11e9/0x3250
[ 1538.680815][T23773]  ? proc_fail_nth_write+0x213/0x290
[ 1538.685934][T23773]  ? proc_fail_nth_read+0x220/0x220
[ 1538.690969][T23773]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1538.695914][T23773]  ? vfs_write+0x9af/0x1050
[ 1538.700253][T23773]  kernel_clone+0x22d/0x990
[ 1538.704593][T23773]  ? file_end_write+0x1b0/0x1b0
[ 1538.709278][T23773]  ? __kasan_check_write+0x14/0x20
[ 1538.714227][T23773]  ? create_io_thread+0x1e0/0x1e0
[ 1538.719088][T23773]  ? __mutex_lock_slowpath+0x10/0x10
[ 1538.724207][T23773]  __x64_sys_clone+0x289/0x310
[ 1538.728808][T23773]  ? __do_sys_vfork+0x130/0x130
[ 1538.733496][T23773]  ? debug_smp_processor_id+0x17/0x20
[ 1538.738701][T23773]  do_syscall_64+0x44/0xd0
[ 1538.742959][T23773]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1538.748682][T23773] RIP: 0033:0x7fed39e510c9
[ 1538.753022][T23773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1538.772462][T23773] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1538.780797][T23773] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1538.788603][T23773] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1538.796422][T23773] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1538.804223][T23773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1538.812033][T23773] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1538.819848][T23773]  </TASK>
03:35:07 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6)

03:35:07 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:07 executing program 3:
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0)

03:35:07 executing program 2:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x6400, 0x0)
getdents(r0, &(0x7f0000000100), 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:07 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x604, 0x2, 0x0, 0xfffffffc})

03:35:07 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 7)

03:35:07 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (fail_nth: 1)

03:35:07 executing program 2:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x6400, 0x0)
getdents(r0, &(0x7f0000000100), 0x0) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:07 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x700, 0x2, 0x0, 0xfffffffc})

[ 1538.963996][T23781] FAULT_INJECTION: forcing a failure.
[ 1538.963996][T23781] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1538.979528][T23785] FAULT_INJECTION: forcing a failure.
[ 1538.979528][T23785] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1538.993466][T23781] CPU: 0 PID: 23781 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1539.003535][T23781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1539.013431][T23781] Call Trace:
[ 1539.016552][T23781]  <TASK>
[ 1539.019350][T23781]  dump_stack_lvl+0x151/0x1b7
[ 1539.023932][T23781]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1539.029223][T23781]  ? prep_compound_page+0x273/0x500
[ 1539.034286][T23781]  dump_stack+0x15/0x17
[ 1539.038253][T23781]  should_fail+0x3c0/0x510
[ 1539.042600][T23781]  should_fail_alloc_page+0x58/0x70
[ 1539.047632][T23781]  __alloc_pages+0x1de/0x7c0
[ 1539.052060][T23781]  ? __count_vm_events+0x30/0x30
[ 1539.056834][T23781]  ? selinux_capable+0x39/0x50
[ 1539.061434][T23781]  ? security_capable+0xb2/0xd0
[ 1539.066478][T23781]  __get_free_pages+0xe/0x30
[ 1539.070903][T23781]  __do_sys_io_uring_setup+0x1415/0x39e0
[ 1539.076370][T23781]  ? __kasan_check_write+0x14/0x20
[ 1539.081319][T23781]  ? mutex_unlock+0xa2/0x110
[ 1539.085748][T23781]  ? io_rsrc_data_free+0x100/0x100
[ 1539.090691][T23781]  ? ksys_write+0x25f/0x2c0
[ 1539.095035][T23781]  ? debug_smp_processor_id+0x17/0x20
[ 1539.100246][T23781]  __x64_sys_io_uring_setup+0x5b/0x70
[ 1539.105448][T23781]  do_syscall_64+0x44/0xd0
[ 1539.109701][T23781]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1539.115425][T23781] RIP: 0033:0x7f12bd6530c9
[ 1539.119706][T23781] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1539.139122][T23781] RSP: 002b:00007f12bc3c60e8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 1539.147463][T23781] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd6530c9
[ 1539.155279][T23781] RDX: 0000000020ffd000 RSI: 0000000020000040 RDI: 000000000000769b
[ 1539.163176][T23781] RBP: 0000000020000040 R08: 0000000020000140 R09: 0000000020000140
[ 1539.170989][T23781] R10: 0000000020000100 R11: 0000000000000206 R12: 0000000020000140
[ 1539.178791][T23781] R13: 0000000020ffd000 R14: 0000000020000100 R15: 0000000020ffe000
[ 1539.186611][T23781]  </TASK>
[ 1539.192660][T23785] CPU: 1 PID: 23785 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1539.197365][T23796] FAULT_INJECTION: forcing a failure.
[ 1539.197365][T23796] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1539.202822][T23785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1539.225565][T23785] Call Trace:
[ 1539.228691][T23785]  <TASK>
[ 1539.231462][T23785]  dump_stack_lvl+0x151/0x1b7
[ 1539.235977][T23785]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1539.241268][T23785]  dump_stack+0x15/0x17
[ 1539.245261][T23785]  should_fail+0x3c0/0x510
[ 1539.249516][T23785]  should_fail_alloc_page+0x58/0x70
[ 1539.254548][T23785]  __alloc_pages+0x1de/0x7c0
[ 1539.258974][T23785]  ? __count_vm_events+0x30/0x30
[ 1539.263747][T23785]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1539.268956][T23785]  __get_free_pages+0xe/0x30
[ 1539.273381][T23785]  kasan_populate_vmalloc_pte+0x39/0x130
[ 1539.278847][T23785]  ? __apply_to_page_range+0x8a5/0xb90
[ 1539.284143][T23785]  __apply_to_page_range+0x8b8/0xb90
[ 1539.289274][T23785]  ? kasan_populate_vmalloc+0x70/0x70
[ 1539.294478][T23785]  ? kasan_populate_vmalloc+0x70/0x70
[ 1539.299683][T23785]  apply_to_page_range+0x3b/0x50
[ 1539.304461][T23785]  kasan_populate_vmalloc+0x65/0x70
[ 1539.309488][T23785]  alloc_vmap_area+0x1946/0x1a90
[ 1539.314266][T23785]  ? vm_map_ram+0xa80/0xa80
[ 1539.318604][T23785]  ? __kasan_kmalloc+0x9/0x10
[ 1539.323112][T23785]  ? __get_vm_area_node+0x13a/0x380
[ 1539.328148][T23785]  __get_vm_area_node+0x17b/0x380
[ 1539.333010][T23785]  __vmalloc_node_range+0xda/0x800
[ 1539.338062][T23785]  ? copy_process+0x579/0x3250
[ 1539.342675][T23785]  ? kmem_cache_alloc+0x1c1/0x2f0
[ 1539.347511][T23785]  ? dup_task_struct+0x53/0xa60
[ 1539.352207][T23785]  dup_task_struct+0x61f/0xa60
[ 1539.356798][T23785]  ? copy_process+0x579/0x3250
[ 1539.361485][T23785]  ? __kasan_check_write+0x14/0x20
[ 1539.366430][T23785]  copy_process+0x579/0x3250
[ 1539.370862][T23785]  ? __kasan_check_write+0x14/0x20
[ 1539.375807][T23785]  ? proc_fail_nth_write+0x213/0x290
[ 1539.380925][T23785]  ? proc_fail_nth_read+0x220/0x220
[ 1539.385961][T23785]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1539.390907][T23785]  ? vfs_write+0x9af/0x1050
[ 1539.395260][T23785]  kernel_clone+0x22d/0x990
[ 1539.399585][T23785]  ? file_end_write+0x1b0/0x1b0
[ 1539.404271][T23785]  ? __kasan_check_write+0x14/0x20
[ 1539.409219][T23785]  ? create_io_thread+0x1e0/0x1e0
[ 1539.414171][T23785]  ? __mutex_lock_slowpath+0x10/0x10
[ 1539.419417][T23785]  __x64_sys_clone+0x289/0x310
[ 1539.424165][T23785]  ? __do_sys_vfork+0x130/0x130
[ 1539.428850][T23785]  ? debug_smp_processor_id+0x17/0x20
[ 1539.434052][T23785]  do_syscall_64+0x44/0xd0
[ 1539.438566][T23785]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1539.444293][T23785] RIP: 0033:0x7fed39e510c9
[ 1539.448741][T23785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1539.468779][T23785] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1539.477021][T23785] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1539.484823][T23785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1539.492635][T23785] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1539.500532][T23785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1539.508345][T23785] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
03:35:08 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x900, 0x2, 0x0, 0xfffffffc})

[ 1539.516177][T23785]  </TASK>
[ 1539.519023][T23796] CPU: 0 PID: 23796 Comm: syz-executor.3 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1539.529090][T23796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1539.538984][T23796] Call Trace:
[ 1539.542107][T23796]  <TASK>
[ 1539.544969][T23796]  dump_stack_lvl+0x151/0x1b7
[ 1539.549484][T23796]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1539.554783][T23796]  dump_stack+0x15/0x17
[ 1539.558768][T23796]  should_fail+0x3c0/0x510
[ 1539.563022][T23796]  should_fail_usercopy+0x1a/0x20
[ 1539.567887][T23796]  _copy_to_user+0x20/0x90
[ 1539.572137][T23796]  simple_read_from_buffer+0xdd/0x160
[ 1539.577345][T23796]  proc_fail_nth_read+0x1af/0x220
[ 1539.582204][T23796]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 1539.587679][T23796]  ? security_file_permission+0x497/0x5f0
[ 1539.593227][T23796]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 1539.598693][T23796]  vfs_read+0x299/0xd80
[ 1539.602694][T23796]  ? userfaultfd_unmap_prep+0x4d0/0x4d0
[ 1539.608075][T23796]  ? kernel_read+0x1f0/0x1f0
[ 1539.612498][T23796]  ? __kasan_check_write+0x14/0x20
[ 1539.617449][T23796]  ? mutex_lock+0xb6/0x130
[ 1539.621696][T23796]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1539.628118][T23796]  ? __fdget_pos+0x26d/0x310
[ 1539.632554][T23796]  ? ksys_read+0x77/0x2c0
[ 1539.636712][T23796]  ksys_read+0x198/0x2c0
[ 1539.640791][T23796]  ? __kasan_check_write+0x14/0x20
[ 1539.645735][T23796]  ? vfs_write+0x1050/0x1050
[ 1539.650177][T23796]  ? fput+0x1a/0x20
[ 1539.653808][T23796]  ? debug_smp_processor_id+0x17/0x20
[ 1539.659017][T23796]  __x64_sys_read+0x7b/0x90
[ 1539.663352][T23796]  do_syscall_64+0x44/0xd0
[ 1539.667610][T23796]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1539.673339][T23796] RIP: 0033:0x7f41f8ad3eec
[ 1539.677591][T23796] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1539.697035][T23796] RSP: 002b:00007f41f7895160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1539.705273][T23796] RAX: ffffffffffffffda RBX: 00007f41f8c41f80 RCX: 00007f41f8ad3eec
03:35:08 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 8)

03:35:08 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:08 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7)

[ 1539.713083][T23796] RDX: 000000000000000f RSI: 00007f41f78951e0 RDI: 0000000000000004
[ 1539.720899][T23796] RBP: 00007f41f78951d0 R08: 0000000000000000 R09: 0000000000000000
[ 1539.728708][T23796] R10: 00000000000a6010 R11: 0000000000000246 R12: 0000000000000001
[ 1539.736520][T23796] R13: 00007ffe7052cedf R14: 00007f41f7895300 R15: 0000000000022000
[ 1539.744333][T23796]  </TASK>
[ 1539.780631][T23806] FAULT_INJECTION: forcing a failure.
[ 1539.780631][T23806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1539.791503][T23808] FAULT_INJECTION: forcing a failure.
[ 1539.791503][T23808] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1539.796946][T23806] CPU: 1 PID: 23806 Comm: syz-executor.5 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1539.816574][T23806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1539.826471][T23806] Call Trace:
[ 1539.829719][T23806]  <TASK>
[ 1539.832455][T23806]  dump_stack_lvl+0x151/0x1b7
[ 1539.837054][T23806]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1539.842353][T23806]  dump_stack+0x15/0x17
[ 1539.846862][T23806]  should_fail+0x3c0/0x510
[ 1539.851114][T23806]  should_fail_usercopy+0x1a/0x20
[ 1539.856234][T23806]  _copy_to_user+0x20/0x90
[ 1539.860489][T23806]  simple_read_from_buffer+0xdd/0x160
[ 1539.865693][T23806]  proc_fail_nth_read+0x1af/0x220
[ 1539.870556][T23806]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 1539.876023][T23806]  ? security_file_permission+0x497/0x5f0
[ 1539.881584][T23806]  ? proc_fault_inject_write+0x3a0/0x3a0
[ 1539.887047][T23806]  vfs_read+0x299/0xd80
[ 1539.891049][T23806]  ? sched_clock_cpu+0x18/0x3b0
[ 1539.895726][T23806]  ? kernel_read+0x1f0/0x1f0
[ 1539.900151][T23806]  ? __kasan_check_write+0x14/0x20
[ 1539.905099][T23806]  ? mutex_lock+0xb6/0x130
[ 1539.909349][T23806]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1539.915772][T23806]  ? __fdget_pos+0x26d/0x310
[ 1539.920199][T23806]  ? ksys_read+0x77/0x2c0
[ 1539.924366][T23806]  ksys_read+0x198/0x2c0
[ 1539.928531][T23806]  ? vfs_write+0x1050/0x1050
[ 1539.932961][T23806]  ? debug_smp_processor_id+0x17/0x20
[ 1539.938165][T23806]  __x64_sys_read+0x7b/0x90
[ 1539.942506][T23806]  do_syscall_64+0x44/0xd0
[ 1539.946759][T23806]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1539.952489][T23806] RIP: 0033:0x7f12bd604eec
[ 1539.956741][T23806] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
03:35:08 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x10, r2, 0x0)

03:35:08 executing program 2:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x6400, 0x0)
getdents(r0, &(0x7f0000000100), 0x0) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:08 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x1400, 0x2, 0x0, 0xfffffffc})

03:35:08 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2, 0x0, 0xa6010, r0, 0x0)

03:35:08 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000080)={0x7, &(0x7f00000002c0)=[{@none}, {}, {}, {@none}, {@fixed}, {@fixed}, {@none}]})

03:35:08 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async, rerun: 64)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (rerun: 64)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000080)={0x7, &(0x7f00000002c0)=[{@none}, {}, {}, {@none}, {@fixed}, {@fixed}, {@none}]})

[ 1539.976191][T23806] RSP: 002b:00007f12bc3c6160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1539.984424][T23806] RAX: ffffffffffffffda RBX: 00007f12bd772f80 RCX: 00007f12bd604eec
[ 1539.992238][T23806] RDX: 000000000000000f RSI: 00007f12bc3c61e0 RDI: 0000000000000003
[ 1540.000046][T23806] RBP: 00007f12bc3c61d0 R08: 0000000000000000 R09: 0000000010000000
[ 1540.007858][T23806] R10: 0000000000008011 R11: 0000000000000246 R12: 0000000000000001
[ 1540.015669][T23806] R13: 00007ffdd2bf4aef R14: 00007f12bc3c6300 R15: 0000000000022000
[ 1540.023489][T23806]  </TASK>
[ 1540.029111][T23808] CPU: 0 PID: 23808 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1540.039175][T23808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1540.049066][T23808] Call Trace:
[ 1540.052191][T23808]  <TASK>
[ 1540.054971][T23808]  dump_stack_lvl+0x151/0x1b7
[ 1540.059487][T23808]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1540.064776][T23808]  dump_stack+0x15/0x17
[ 1540.068774][T23808]  should_fail+0x3c0/0x510
[ 1540.073020][T23808]  should_fail_alloc_page+0x58/0x70
[ 1540.078054][T23808]  __alloc_pages+0x1de/0x7c0
[ 1540.082484][T23808]  ? __count_vm_events+0x30/0x30
[ 1540.087264][T23808]  ? __kasan_kmalloc+0x9/0x10
[ 1540.091768][T23808]  ? __kmalloc+0x203/0x350
[ 1540.096020][T23808]  ? __vmalloc_node_range+0x2e3/0x800
[ 1540.101227][T23808]  __vmalloc_node_range+0x48f/0x800
[ 1540.106264][T23808]  dup_task_struct+0x61f/0xa60
[ 1540.110863][T23808]  ? copy_process+0x579/0x3250
[ 1540.115463][T23808]  ? __kasan_check_write+0x14/0x20
[ 1540.120453][T23808]  copy_process+0x579/0x3250
[ 1540.124837][T23808]  ? __kasan_check_write+0x14/0x20
[ 1540.129787][T23808]  ? proc_fail_nth_write+0x213/0x290
[ 1540.134902][T23808]  ? proc_fail_nth_read+0x220/0x220
[ 1540.139953][T23808]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1540.144882][T23808]  ? vfs_write+0x9af/0x1050
[ 1540.149226][T23808]  kernel_clone+0x22d/0x990
[ 1540.153562][T23808]  ? file_end_write+0x1b0/0x1b0
[ 1540.158248][T23808]  ? __kasan_check_write+0x14/0x20
[ 1540.163194][T23808]  ? create_io_thread+0x1e0/0x1e0
[ 1540.168055][T23808]  ? __mutex_lock_slowpath+0x10/0x10
[ 1540.173176][T23808]  __x64_sys_clone+0x289/0x310
[ 1540.177784][T23808]  ? __do_sys_vfork+0x130/0x130
[ 1540.182465][T23808]  ? debug_smp_processor_id+0x17/0x20
[ 1540.187673][T23808]  do_syscall_64+0x44/0xd0
[ 1540.191922][T23808]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1540.197651][T23808] RIP: 0033:0x7fed39e510c9
[ 1540.201914][T23808] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1540.221482][T23808] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:09 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x2b00, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8)

[ 1540.229725][T23808] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1540.237535][T23808] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1540.245352][T23808] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1540.253158][T23808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1540.260970][T23808] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1540.268782][T23808]  </TASK>
03:35:09 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x10, r2, 0x0)

03:35:09 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000080)={0x7, &(0x7f00000002c0)=[{@none}, {}, {}, {@none}, {@fixed}, {@fixed}, {@none}]})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000080)={0x7, &(0x7f00000002c0)=[{@none}, {}, {}, {@none}, {@fixed}, {@fixed}, {@none}]}) (async)

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x3200, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2002, 0x0, 0xa6010, r0, 0x0)

03:35:09 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x3400, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4000, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4100, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x10})
arch_prctl$ARCH_SET_CPUID(0x1012, 0x1)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x1010, r1, 0x10000000)
syz_io_uring_setup(0x37e6, &(0x7f0000000100)={0x0, 0xa148, 0x2, 0x0, 0xc9, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2003, 0x0, 0xa6010, r0, 0x0)

03:35:09 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x2, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1540.371707][T23830] FAULT_INJECTION: forcing a failure.
[ 1540.371707][T23830] name failslab, interval 1, probability 0, space 0, times 0
[ 1540.429265][T23830] CPU: 0 PID: 23830 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1540.440422][T23830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1540.450308][T23830] Call Trace:
[ 1540.453438][T23830]  <TASK>
[ 1540.456211][T23830]  dump_stack_lvl+0x151/0x1b7
[ 1540.460729][T23830]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1540.466017][T23830]  ? _raw_spin_lock+0xa3/0x1b0
[ 1540.470616][T23830]  ? dup_fd+0x51f/0xa40
[ 1540.474610][T23830]  dump_stack+0x15/0x17
[ 1540.478779][T23830]  should_fail+0x3c0/0x510
[ 1540.483033][T23830]  __should_failslab+0x9f/0xe0
[ 1540.487641][T23830]  should_failslab+0x9/0x20
[ 1540.491985][T23830]  kmem_cache_alloc+0x4f/0x2f0
[ 1540.496575][T23830]  ? copy_fs_struct+0x4e/0x230
[ 1540.501177][T23830]  copy_fs_struct+0x4e/0x230
[ 1540.505602][T23830]  copy_fs+0x72/0x140
[ 1540.509504][T23830]  copy_process+0x1214/0x3250
[ 1540.514020][T23830]  ? proc_fail_nth_write+0x213/0x290
[ 1540.519140][T23830]  ? proc_fail_nth_read+0x220/0x220
[ 1540.524177][T23830]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1540.529121][T23830]  ? vfs_write+0x9af/0x1050
[ 1540.533459][T23830]  kernel_clone+0x22d/0x990
[ 1540.537797][T23830]  ? file_end_write+0x1b0/0x1b0
[ 1540.542493][T23830]  ? __kasan_check_write+0x14/0x20
[ 1540.547436][T23830]  ? create_io_thread+0x1e0/0x1e0
[ 1540.552295][T23830]  ? __mutex_lock_slowpath+0x10/0x10
[ 1540.557423][T23830]  __x64_sys_clone+0x289/0x310
[ 1540.562015][T23830]  ? __do_sys_vfork+0x130/0x130
[ 1540.566701][T23830]  ? debug_smp_processor_id+0x17/0x20
[ 1540.571910][T23830]  do_syscall_64+0x44/0xd0
[ 1540.576166][T23830]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1540.581889][T23830] RIP: 0033:0x7fed39e510c9
[ 1540.586142][T23830] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1540.605671][T23830] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1540.613918][T23830] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1540.621726][T23830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:09 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9)

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4200, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x10, r2, 0x0)

03:35:09 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x10}) (async)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x1)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x1010, r1, 0x10000000) (async)
syz_io_uring_setup(0x37e6, &(0x7f0000000100)={0x0, 0xa148, 0x2, 0x0, 0xc9, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2004, 0x0, 0xa6010, r0, 0x0)

03:35:09 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x7, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1540.629536][T23830] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1540.637440][T23830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1540.645246][T23830] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1540.653061][T23830]  </TASK>
03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x7ffffffff000, 0x0, 0xa6010, r0, 0x0)

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x400000, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x10})
arch_prctl$ARCH_SET_CPUID(0x1012, 0x1)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x1010, r1, 0x10000000)
syz_io_uring_setup(0x37e6, &(0x7f0000000100)={0x0, 0xa148, 0x2, 0x0, 0xc9, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x10}) (async)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x1010, r1, 0x10000000) (async)
syz_io_uring_setup(0x37e6, &(0x7f0000000100)={0x0, 0xa148, 0x2, 0x0, 0xc9, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0xa6010, r0, 0x0)

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x80ffff, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x11, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1540.693360][T23885] FAULT_INJECTION: forcing a failure.
[ 1540.693360][T23885] name failslab, interval 1, probability 0, space 0, times 0
[ 1540.765469][T23885] CPU: 1 PID: 23885 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1540.775555][T23885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1540.785728][T23885] Call Trace:
[ 1540.788832][T23885]  <TASK>
[ 1540.791624][T23885]  dump_stack_lvl+0x151/0x1b7
[ 1540.796124][T23885]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1540.801421][T23885]  dump_stack+0x15/0x17
[ 1540.805409][T23885]  should_fail+0x3c0/0x510
[ 1540.809663][T23885]  __should_failslab+0x9f/0xe0
[ 1540.814261][T23885]  should_failslab+0x9/0x20
[ 1540.818601][T23885]  kmem_cache_alloc+0x4f/0x2f0
[ 1540.823205][T23885]  ? copy_sighand+0x54/0x250
[ 1540.828409][T23885]  ? _raw_spin_unlock+0x4d/0x70
[ 1540.833097][T23885]  copy_sighand+0x54/0x250
[ 1540.837359][T23885]  copy_process+0x123f/0x3250
[ 1540.841863][T23885]  ? proc_fail_nth_write+0x213/0x290
[ 1540.846980][T23885]  ? proc_fail_nth_read+0x220/0x220
[ 1540.852017][T23885]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1540.856964][T23885]  ? vfs_write+0x9af/0x1050
[ 1540.861303][T23885]  kernel_clone+0x22d/0x990
[ 1540.865644][T23885]  ? file_end_write+0x1b0/0x1b0
[ 1540.870327][T23885]  ? __kasan_check_write+0x14/0x20
[ 1540.875278][T23885]  ? create_io_thread+0x1e0/0x1e0
[ 1540.880139][T23885]  ? __mutex_lock_slowpath+0x10/0x10
[ 1540.885327][T23885]  __x64_sys_clone+0x289/0x310
[ 1540.889859][T23885]  ? __do_sys_vfork+0x130/0x130
[ 1540.894546][T23885]  ? debug_smp_processor_id+0x17/0x20
[ 1540.899752][T23885]  do_syscall_64+0x44/0xd0
[ 1540.904005][T23885]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1540.909733][T23885] RIP: 0033:0x7fed39e510c9
[ 1540.913986][T23885] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1540.933430][T23885] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1540.941764][T23885] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1540.949569][T23885] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1540.957393][T23885] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1540.965193][T23885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1540.973004][T23885] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1540.980818][T23885]  </TASK>
03:35:09 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)

03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3, 0xa6010, r0, 0x0)

03:35:09 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x18, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:09 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x6787, &(0x7f00000002c0)={0x0, 0x2d5a, 0x8, 0x3, 0x156}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200))

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x1000000, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:35:09 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x2000000, 0x2, 0x0, 0xfffffffc})

03:35:09 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async, rerun: 32)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async, rerun: 32)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x6787, &(0x7f00000002c0)={0x0, 0x2d5a, 0x8, 0x3, 0x156}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200))

03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xa6010, r0, 0x0)

03:35:09 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x204, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x60, 0xa6010, r0, 0x0)

[ 1541.095030][T23935] FAULT_INJECTION: forcing a failure.
[ 1541.095030][T23935] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1541.121848][T23935] CPU: 1 PID: 23935 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1541.132116][T23935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1541.142013][T23935] Call Trace:
[ 1541.145157][T23935]  <TASK>
[ 1541.147914][T23935]  dump_stack_lvl+0x151/0x1b7
[ 1541.152434][T23935]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1541.157725][T23935]  dump_stack+0x15/0x17
[ 1541.161717][T23935]  should_fail+0x3c0/0x510
[ 1541.165967][T23935]  should_fail_alloc_page+0x58/0x70
[ 1541.171006][T23935]  __alloc_pages+0x1de/0x7c0
[ 1541.175440][T23935]  ? __count_vm_events+0x30/0x30
[ 1541.180202][T23935]  ? __kasan_kmalloc+0x9/0x10
[ 1541.184803][T23935]  ? __kmalloc+0x203/0x350
[ 1541.189064][T23935]  ? __vmalloc_node_range+0x2e3/0x800
[ 1541.194260][T23935]  __vmalloc_node_range+0x48f/0x800
[ 1541.199304][T23935]  dup_task_struct+0x61f/0xa60
[ 1541.203907][T23935]  ? copy_process+0x579/0x3250
[ 1541.208658][T23935]  ? __kasan_check_write+0x14/0x20
[ 1541.213588][T23935]  copy_process+0x579/0x3250
[ 1541.218010][T23935]  ? __kasan_check_write+0x14/0x20
[ 1541.222963][T23935]  ? proc_fail_nth_write+0x213/0x290
[ 1541.228078][T23935]  ? proc_fail_nth_read+0x220/0x220
[ 1541.233114][T23935]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1541.238062][T23935]  ? vfs_write+0x9af/0x1050
[ 1541.242397][T23935]  kernel_clone+0x22d/0x990
[ 1541.246828][T23935]  ? file_end_write+0x1b0/0x1b0
[ 1541.251514][T23935]  ? __kasan_check_write+0x14/0x20
[ 1541.256458][T23935]  ? create_io_thread+0x1e0/0x1e0
[ 1541.261327][T23935]  ? __mutex_lock_slowpath+0x10/0x10
[ 1541.266441][T23935]  __x64_sys_clone+0x289/0x310
[ 1541.271041][T23935]  ? __do_sys_vfork+0x130/0x130
[ 1541.275727][T23935]  ? debug_smp_processor_id+0x17/0x20
[ 1541.280933][T23935]  do_syscall_64+0x44/0xd0
[ 1541.285187][T23935]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1541.290918][T23935] RIP: 0033:0x7fed39e510c9
[ 1541.295173][T23935] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1541.314702][T23935] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1541.322941][T23935] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1541.330752][T23935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:09 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x300, 0xa6010, r0, 0x0)

03:35:10 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)

03:35:10 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x6000, 0xa6010, r0, 0x0)

03:35:10 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x402, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:10 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x2040000, 0x2, 0x0, 0xfffffffc})

03:35:10 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x6787, &(0x7f00000002c0)={0x0, 0x2d5a, 0x8, 0x3, 0x156}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200))

03:35:10 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:35:10 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x406, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1541.338563][T23935] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1541.346379][T23935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1541.354186][T23935] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1541.362003][T23935]  </TASK>
03:35:10 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x600000, 0xa6010, r0, 0x0)

03:35:10 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))

03:35:10 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x3000000, 0x2, 0x0, 0xfffffffc})

03:35:10 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4000000, 0x2, 0x0, 0xfffffffc})

03:35:10 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async, rerun: 64)
io_uring_setup(0x120c, &(0x7f0000000240)) (rerun: 64)

[ 1541.441681][T23958] FAULT_INJECTION: forcing a failure.
[ 1541.441681][T23958] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1541.495789][T23958] CPU: 0 PID: 23958 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1541.505870][T23958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1541.515765][T23958] Call Trace:
[ 1541.518897][T23958]  <TASK>
[ 1541.521667][T23958]  dump_stack_lvl+0x151/0x1b7
[ 1541.526190][T23958]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1541.531477][T23958]  dump_stack+0x15/0x17
[ 1541.535466][T23958]  should_fail+0x3c0/0x510
[ 1541.539740][T23958]  should_fail_alloc_page+0x58/0x70
[ 1541.544751][T23958]  __alloc_pages+0x1de/0x7c0
[ 1541.549179][T23958]  ? __count_vm_events+0x30/0x30
[ 1541.553953][T23958]  ? __kasan_kmalloc+0x9/0x10
[ 1541.558558][T23958]  ? __kmalloc+0x203/0x350
[ 1541.563183][T23958]  ? __vmalloc_node_range+0x2e3/0x800
[ 1541.568537][T23958]  __vmalloc_node_range+0x48f/0x800
[ 1541.573570][T23958]  dup_task_struct+0x61f/0xa60
[ 1541.578166][T23958]  ? copy_process+0x579/0x3250
[ 1541.582776][T23958]  ? __kasan_check_write+0x14/0x20
[ 1541.587713][T23958]  copy_process+0x579/0x3250
[ 1541.592143][T23958]  ? __kasan_check_write+0x14/0x20
[ 1541.597086][T23958]  ? proc_fail_nth_write+0x213/0x290
[ 1541.602209][T23958]  ? proc_fail_nth_read+0x220/0x220
[ 1541.607243][T23958]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1541.612196][T23958]  ? vfs_write+0x9af/0x1050
[ 1541.616531][T23958]  kernel_clone+0x22d/0x990
[ 1541.620867][T23958]  ? file_end_write+0x1b0/0x1b0
[ 1541.625553][T23958]  ? __kasan_check_write+0x14/0x20
[ 1541.630502][T23958]  ? create_io_thread+0x1e0/0x1e0
[ 1541.635359][T23958]  ? __mutex_lock_slowpath+0x10/0x10
[ 1541.640482][T23958]  __x64_sys_clone+0x289/0x310
[ 1541.645081][T23958]  ? __do_sys_vfork+0x130/0x130
[ 1541.649779][T23958]  ? debug_smp_processor_id+0x17/0x20
[ 1541.654974][T23958]  do_syscall_64+0x44/0xd0
[ 1541.659229][T23958]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1541.664954][T23958] RIP: 0033:0x7fed39e510c9
[ 1541.669209][T23958] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1541.688651][T23958] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1541.696895][T23958] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1541.704707][T23958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1541.712523][T23958] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1541.720328][T23958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1541.728229][T23958] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1541.736058][T23958]  </TASK>
03:35:10 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)

03:35:10 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x80ffff, 0xa6010, r0, 0x0)

03:35:10 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x604, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:10 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x6040000, 0x2, 0x0, 0xfffffffc})

03:35:10 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, 0xffffffffffffffff, 0x0)

03:35:10 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)

03:35:10 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x7000000, 0x2, 0x0, 0xfffffffc})

03:35:10 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x700, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:10 executing program 2:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x1, 'syzkaller1\x00', {}, 0x20})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:10 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xc0ffff, 0xa6010, r0, 0x0)

03:35:10 executing program 2:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x1, 'syzkaller1\x00', {}, 0x20})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:10 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0xa6010, r0, 0x0)

[ 1541.808730][T23998] FAULT_INJECTION: forcing a failure.
[ 1541.808730][T23998] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1541.870756][T23998] CPU: 0 PID: 23998 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1541.880835][T23998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1541.890729][T23998] Call Trace:
[ 1541.893889][T23998]  <TASK>
[ 1541.896631][T23998]  dump_stack_lvl+0x151/0x1b7
[ 1541.901144][T23998]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1541.906443][T23998]  dump_stack+0x15/0x17
[ 1541.910431][T23998]  should_fail+0x3c0/0x510
[ 1541.914729][T23998]  should_fail_alloc_page+0x58/0x70
[ 1541.919721][T23998]  __alloc_pages+0x1de/0x7c0
[ 1541.924145][T23998]  ? __count_vm_events+0x30/0x30
[ 1541.928927][T23998]  ? __kasan_kmalloc+0x9/0x10
[ 1541.933427][T23998]  ? __kmalloc+0x203/0x350
[ 1541.937769][T23998]  ? __vmalloc_node_range+0x2e3/0x800
[ 1541.942982][T23998]  __vmalloc_node_range+0x48f/0x800
[ 1541.948023][T23998]  dup_task_struct+0x61f/0xa60
[ 1541.952613][T23998]  ? copy_process+0x579/0x3250
[ 1541.957215][T23998]  ? __kasan_check_write+0x14/0x20
[ 1541.962183][T23998]  copy_process+0x579/0x3250
[ 1541.966587][T23998]  ? __kasan_check_write+0x14/0x20
[ 1541.971532][T23998]  ? proc_fail_nth_write+0x213/0x290
[ 1541.976654][T23998]  ? proc_fail_nth_read+0x220/0x220
[ 1541.981691][T23998]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1541.986721][T23998]  ? vfs_write+0x9af/0x1050
[ 1541.991064][T23998]  kernel_clone+0x22d/0x990
[ 1541.995399][T23998]  ? file_end_write+0x1b0/0x1b0
[ 1542.000085][T23998]  ? __kasan_check_write+0x14/0x20
[ 1542.005091][T23998]  ? create_io_thread+0x1e0/0x1e0
[ 1542.009991][T23998]  ? __mutex_lock_slowpath+0x10/0x10
[ 1542.015100][T23998]  __x64_sys_clone+0x289/0x310
[ 1542.019717][T23998]  ? __do_sys_vfork+0x130/0x130
[ 1542.024388][T23998]  ? debug_smp_processor_id+0x17/0x20
[ 1542.029683][T23998]  do_syscall_64+0x44/0xd0
[ 1542.033936][T23998]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1542.039663][T23998] RIP: 0033:0x7fed39e510c9
[ 1542.043917][T23998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:10 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)

03:35:10 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x1100, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:10 executing program 2:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x1, 'syzkaller1\x00', {}, 0x20})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:10 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0xa6010, r0, 0x0)

03:35:10 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x8000000, 0x2, 0x0, 0xfffffffc})

03:35:10 executing program 4:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xa6010, r0, 0x0)

03:35:10 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8, 0x8010, r0, 0x10000000)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

[ 1542.063449][T23998] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1542.071700][T23998] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1542.079501][T23998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1542.087324][T23998] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1542.095120][T23998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1542.102940][T23998] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1542.110759][T23998]  </TASK>
03:35:10 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000000, 0xa6010, r0, 0x0)

03:35:10 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x9000000, 0x2, 0x0, 0xfffffffc})

03:35:10 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x1800, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1542.158027][T24028] FAULT_INJECTION: forcing a failure.
[ 1542.158027][T24028] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1542.187942][T24028] CPU: 1 PID: 24028 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1542.198057][T24028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1542.207910][T24028] Call Trace:
[ 1542.211036][T24028]  <TASK>
[ 1542.213832][T24028]  dump_stack_lvl+0x151/0x1b7
[ 1542.218325][T24028]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1542.223706][T24028]  ? pcpu_block_update_hint_alloc+0x972/0xd00
[ 1542.229607][T24028]  dump_stack+0x15/0x17
[ 1542.233694][T24028]  should_fail+0x3c0/0x510
[ 1542.237940][T24028]  should_fail_alloc_page+0x58/0x70
[ 1542.242974][T24028]  __alloc_pages+0x1de/0x7c0
[ 1542.247403][T24028]  ? __count_vm_events+0x30/0x30
[ 1542.252181][T24028]  __get_free_pages+0xe/0x30
[ 1542.256601][T24028]  pgd_alloc+0x22/0x2c0
[ 1542.260592][T24028]  mm_init+0x5bf/0x960
[ 1542.264501][T24028]  dup_mm+0x7d/0x330
[ 1542.268229][T24028]  copy_mm+0x108/0x1b0
[ 1542.272134][T24028]  copy_process+0x1295/0x3250
[ 1542.276648][T24028]  ? proc_fail_nth_write+0x213/0x290
[ 1542.281768][T24028]  ? proc_fail_nth_read+0x220/0x220
[ 1542.286802][T24028]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1542.291753][T24028]  ? vfs_write+0x9af/0x1050
[ 1542.296196][T24028]  kernel_clone+0x22d/0x990
[ 1542.300621][T24028]  ? file_end_write+0x1b0/0x1b0
[ 1542.305305][T24028]  ? __kasan_check_write+0x14/0x20
[ 1542.310255][T24028]  ? create_io_thread+0x1e0/0x1e0
[ 1542.315117][T24028]  ? __mutex_lock_slowpath+0x10/0x10
[ 1542.320237][T24028]  __x64_sys_clone+0x289/0x310
[ 1542.324836][T24028]  ? __do_sys_vfork+0x130/0x130
[ 1542.329526][T24028]  ? debug_smp_processor_id+0x17/0x20
[ 1542.334730][T24028]  do_syscall_64+0x44/0xd0
[ 1542.339000][T24028]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1542.344709][T24028] RIP: 0033:0x7fed39e510c9
[ 1542.348966][T24028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1542.368617][T24028] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1542.376846][T24028] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1542.384658][T24028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1542.392471][T24028] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1542.400280][T24028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:11 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x14000000, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)

03:35:11 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8, 0x8010, r0, 0x10000000) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x2b000000, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x1000000, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1542.408086][T24028] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1542.415908][T24028]  </TASK>
03:35:11 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8, 0x8010, r0, 0x10000000) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x2000000, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:11 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000000, 0xa6010, r0, 0x0)

03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x32000000, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xffff8000, 0xa6010, r0, 0x0)

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x2040000, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1542.520795][T24073] FAULT_INJECTION: forcing a failure.
[ 1542.520795][T24073] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1542.553394][T24073] CPU: 0 PID: 24073 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1542.563482][T24073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1542.573452][T24073] Call Trace:
[ 1542.576579][T24073]  <TASK>
[ 1542.579440][T24073]  dump_stack_lvl+0x151/0x1b7
[ 1542.583955][T24073]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1542.589251][T24073]  dump_stack+0x15/0x17
[ 1542.593247][T24073]  should_fail+0x3c0/0x510
[ 1542.597522][T24073]  should_fail_alloc_page+0x58/0x70
[ 1542.602526][T24073]  __alloc_pages+0x1de/0x7c0
[ 1542.606955][T24073]  ? __count_vm_events+0x30/0x30
[ 1542.611728][T24073]  ? __kasan_kmalloc+0x9/0x10
[ 1542.616245][T24073]  ? __kmalloc+0x203/0x350
[ 1542.620900][T24073]  ? __vmalloc_node_range+0x2e3/0x800
[ 1542.626100][T24073]  __vmalloc_node_range+0x48f/0x800
[ 1542.631136][T24073]  dup_task_struct+0x61f/0xa60
[ 1542.635732][T24073]  ? copy_process+0x579/0x3250
[ 1542.640332][T24073]  ? __kasan_check_write+0x14/0x20
[ 1542.645282][T24073]  copy_process+0x579/0x3250
[ 1542.649707][T24073]  ? __kasan_check_write+0x14/0x20
[ 1542.654650][T24073]  ? proc_fail_nth_write+0x213/0x290
[ 1542.659772][T24073]  ? proc_fail_nth_read+0x220/0x220
[ 1542.664817][T24073]  ? pidfd_show_fdinfo+0x2b0/0x2b0
03:35:11 executing program 4:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x9000000, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000080)={'full', 0x20, 0x0, 0x20, 0x200}, 0x2f)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000002c0)=""/4096)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000140), 0x2, 0x80800)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000015c0)=@bpf_tracing={0x1a, 0xa, &(0x7f00000013c0)=@raw=[@map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1b}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x2, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x3}, @ldst={0x3, 0x3, 0x0, 0xa, 0xb, 0xfffffffffffffff8, 0xfffffffffffffff0}, @ldst={0x6, 0x2, 0x3, 0x7, 0x9, 0xfffffffffffffe66, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x4}], &(0x7f0000001440)='syzkaller\x00', 0x9, 0x62, &(0x7f0000001480)=""/98, 0x40f00, 0x1c, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000001500)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000001540)={0x5, 0x2, 0x5, 0x4}, 0x10, 0x2581, r1, 0x0, &(0x7f0000001580)=[r2, r2, r1, r1, 0x1]}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000001640)={0x0, r3}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000001380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001340)={&(0x7f00000012c0)=@ipv6_delrule={0x4c, 0x21, 0x10, 0x70bd27, 0x25dfdbfd, {0xa, 0x94, 0x0, 0x7, 0x80, 0x0, 0x0, 0x5, 0x10017}, [@FRA_SRC={0x14, 0x2, @loopback}, @FIB_RULE_POLICY=@FRA_FWMASK={0x8, 0x10, 0x6}, @FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20000811)

[ 1542.669754][T24073]  ? vfs_write+0x9af/0x1050
[ 1542.674097][T24073]  ? vmacache_update+0xb7/0x120
[ 1542.678783][T24073]  kernel_clone+0x22d/0x990
[ 1542.683127][T24073]  ? file_end_write+0x1b0/0x1b0
[ 1542.687811][T24073]  ? __kasan_check_write+0x14/0x20
[ 1542.692756][T24073]  ? create_io_thread+0x1e0/0x1e0
[ 1542.697614][T24073]  ? __mutex_lock_slowpath+0x10/0x10
[ 1542.702735][T24073]  __x64_sys_clone+0x289/0x310
[ 1542.707338][T24073]  ? __do_sys_vfork+0x130/0x130
[ 1542.712023][T24073]  ? debug_smp_processor_id+0x17/0x20
[ 1542.717229][T24073]  do_syscall_64+0x44/0xd0
[ 1542.721486][T24073]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1542.727211][T24073] RIP: 0033:0x7fed39e510c9
[ 1542.731465][T24073] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1542.750913][T24073] RSP: 002b:00007fed38ba3118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1542.759149][T24073] RAX: ffffffffffffffda RBX: 00007fed39f71050 RCX: 00007fed39e510c9
03:35:11 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)

03:35:11 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xffffc000, 0xa6010, r0, 0x0)

03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x34000000, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x6040000, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:11 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)) (async)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000080)={'full', 0x20, 0x0, 0x20, 0x200}, 0x2f) (async)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000002c0)=""/4096) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
r2 = syz_open_dev$mouse(&(0x7f0000000140), 0x2, 0x80800)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000015c0)=@bpf_tracing={0x1a, 0xa, &(0x7f00000013c0)=@raw=[@map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1b}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x2, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x3}, @ldst={0x3, 0x3, 0x0, 0xa, 0xb, 0xfffffffffffffff8, 0xfffffffffffffff0}, @ldst={0x6, 0x2, 0x3, 0x7, 0x9, 0xfffffffffffffe66, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x4}], &(0x7f0000001440)='syzkaller\x00', 0x9, 0x62, &(0x7f0000001480)=""/98, 0x40f00, 0x1c, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000001500)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000001540)={0x5, 0x2, 0x5, 0x4}, 0x10, 0x2581, r1, 0x0, &(0x7f0000001580)=[r2, r2, r1, r1, 0x1]}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000001640)={0x0, r3}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000001380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001340)={&(0x7f00000012c0)=@ipv6_delrule={0x4c, 0x21, 0x10, 0x70bd27, 0x25dfdbfd, {0xa, 0x94, 0x0, 0x7, 0x80, 0x0, 0x0, 0x5, 0x10017}, [@FRA_SRC={0x14, 0x2, @loopback}, @FIB_RULE_POLICY=@FRA_FWMASK={0x8, 0x10, 0x6}, @FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20000811)

03:35:11 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xffffffffffffd, 0xa6010, r0, 0x0)

[ 1542.766966][T24073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1542.774775][T24073] RBP: 00007fed38ba31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1542.782583][T24073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1542.790395][T24073] R13: 00007ffef667485f R14: 00007fed38ba3300 R15: 0000000000022000
[ 1542.798211][T24073]  </TASK>
03:35:11 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000080)={'full', 0x20, 0x0, 0x20, 0x200}, 0x2f)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000002c0)=""/4096)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000140), 0x2, 0x80800)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000015c0)=@bpf_tracing={0x1a, 0xa, &(0x7f00000013c0)=@raw=[@map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1b}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x2, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x4, 0x4, 0x0, 0x3}, @ldst={0x3, 0x3, 0x0, 0xa, 0xb, 0xfffffffffffffff8, 0xfffffffffffffff0}, @ldst={0x6, 0x2, 0x3, 0x7, 0x9, 0xfffffffffffffe66, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x4}], &(0x7f0000001440)='syzkaller\x00', 0x9, 0x62, &(0x7f0000001480)=""/98, 0x40f00, 0x1c, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000001500)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000001540)={0x5, 0x2, 0x5, 0x4}, 0x10, 0x2581, r1, 0x0, &(0x7f0000001580)=[r2, r2, r1, r1, 0x1]}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000001640)={0x0, r3}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000001380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001340)={&(0x7f00000012c0)=@ipv6_delrule={0x4c, 0x21, 0x10, 0x70bd27, 0x25dfdbfd, {0xa, 0x94, 0x0, 0x7, 0x80, 0x0, 0x0, 0x5, 0x10017}, [@FRA_SRC={0x14, 0x2, @loopback}, @FIB_RULE_POLICY=@FRA_FWMASK={0x8, 0x10, 0x6}, @FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20000811)

03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x40000000, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x7000000, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1542.843753][T24085] FAULT_INJECTION: forcing a failure.
[ 1542.843753][T24085] name failslab, interval 1, probability 0, space 0, times 0
[ 1542.863365][T24085] CPU: 1 PID: 24085 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1542.873439][T24085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1542.883334][T24085] Call Trace:
[ 1542.886459][T24085]  <TASK>
[ 1542.889234][T24085]  dump_stack_lvl+0x151/0x1b7
[ 1542.893758][T24085]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1542.899054][T24085]  dump_stack+0x15/0x17
[ 1542.903031][T24085]  should_fail+0x3c0/0x510
[ 1542.907807][T24085]  __should_failslab+0x9f/0xe0
[ 1542.912417][T24085]  should_failslab+0x9/0x20
[ 1542.916748][T24085]  kmem_cache_alloc+0x4f/0x2f0
[ 1542.921350][T24085]  ? vm_area_dup+0x26/0x1d0
[ 1542.925685][T24085]  ? __kasan_check_read+0x11/0x20
[ 1542.930548][T24085]  vm_area_dup+0x26/0x1d0
[ 1542.934715][T24085]  dup_mmap+0x6b8/0xea0
[ 1542.938711][T24085]  ? __delayed_free_task+0x20/0x20
[ 1542.943654][T24085]  ? mm_init+0x807/0x960
[ 1542.947735][T24085]  dup_mm+0x91/0x330
[ 1542.951487][T24085]  copy_mm+0x108/0x1b0
[ 1542.955370][T24085]  copy_process+0x1295/0x3250
[ 1542.959884][T24085]  ? proc_fail_nth_write+0x213/0x290
[ 1542.965006][T24085]  ? proc_fail_nth_read+0x220/0x220
[ 1542.970083][T24085]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1542.974987][T24085]  ? vfs_write+0x9af/0x1050
[ 1542.979326][T24085]  kernel_clone+0x22d/0x990
[ 1542.983667][T24085]  ? file_end_write+0x1b0/0x1b0
[ 1542.988350][T24085]  ? __kasan_check_write+0x14/0x20
[ 1542.993305][T24085]  ? create_io_thread+0x1e0/0x1e0
[ 1542.998508][T24085]  ? __mutex_lock_slowpath+0x10/0x10
[ 1543.003624][T24085]  __x64_sys_clone+0x289/0x310
[ 1543.008223][T24085]  ? __do_sys_vfork+0x130/0x130
[ 1543.012922][T24085]  ? debug_smp_processor_id+0x17/0x20
[ 1543.018119][T24085]  do_syscall_64+0x44/0xd0
[ 1543.022373][T24085]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1543.028098][T24085] RIP: 0033:0x7fed39e510c9
[ 1543.032353][T24085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1543.051975][T24085] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1543.060214][T24085] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1543.068023][T24085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1543.077486][T24085] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1543.085294][T24085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x41000000, 0x2, 0x0, 0xfffffffc})

[ 1543.093106][T24085] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1543.101017][T24085]  </TASK>
03:35:11 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0) (fail_nth: 1)

03:35:11 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000600)=0x400, 0x4)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x5ac3, &(0x7f0000000000)={0x0, 0xff33}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x3, 0x9, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x1d, r1}, 0x10, &(0x7f0000000580)={&(0x7f0000000500)=@canfd={{0x1, 0x0, 0x0, 0x1}, 0x12, 0x2, 0x0, 0x0, "6d39b71f8412c6b2afe641faa62e8939f64026ea94834dd164ea73f59d01dc8b6708cc03dce8f3a0639552c888a508b9e5d9aa2f9b1b876694dc9e741e577e68"}, 0x48}, 0x1, 0x0, 0x0, 0x80000}, 0x4c814)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0xe2f, &(0x7f0000000640)={0x0, 0xf557, 0x20, 0x2, 0x38c, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000006c0), &(0x7f0000000700))

03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x42000000, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x60000000000000, 0xa6010, r0, 0x0)

03:35:11 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x11000000, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:11 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x80ffff00000000, 0xa6010, r0, 0x0)

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x18000000, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:11 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xfeffffff, 0x2, 0x0, 0xfffffffc})

03:35:11 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xc0ffff00000000, 0xa6010, r0, 0x0)

03:35:11 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:11 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000600)=0x400, 0x4) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x5ac3, &(0x7f0000000000)={0x0, 0xff33}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x3, 0x9, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x1d, r1}, 0x10, &(0x7f0000000580)={&(0x7f0000000500)=@canfd={{0x1, 0x0, 0x0, 0x1}, 0x12, 0x2, 0x0, 0x0, "6d39b71f8412c6b2afe641faa62e8939f64026ea94834dd164ea73f59d01dc8b6708cc03dce8f3a0639552c888a508b9e5d9aa2f9b1b876694dc9e741e577e68"}, 0x48}, 0x1, 0x0, 0x0, 0x80000}, 0x4c814) (async)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0xe2f, &(0x7f0000000640)={0x0, 0xf557, 0x20, 0x2, 0x38c, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000006c0), &(0x7f0000000700))

[ 1543.173901][T24115] FAULT_INJECTION: forcing a failure.
[ 1543.173901][T24115] name failslab, interval 1, probability 0, space 0, times 0
[ 1543.243288][T24115] CPU: 0 PID: 24115 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1543.253367][T24115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1543.263261][T24115] Call Trace:
[ 1543.266384][T24115]  <TASK>
[ 1543.269172][T24115]  dump_stack_lvl+0x151/0x1b7
[ 1543.273678][T24115]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1543.278971][T24115]  ? __this_cpu_preempt_check+0x13/0x20
[ 1543.284351][T24115]  dump_stack+0x15/0x17
[ 1543.288342][T24115]  should_fail+0x3c0/0x510
[ 1543.292596][T24115]  __should_failslab+0x9f/0xe0
[ 1543.297195][T24115]  should_failslab+0x9/0x20
[ 1543.301536][T24115]  kmem_cache_alloc+0x4f/0x2f0
[ 1543.306134][T24115]  ? __kasan_check_write+0x14/0x20
[ 1543.311079][T24115]  ? prepare_creds+0x30/0x690
[ 1543.315593][T24115]  ? _raw_spin_lock_irqsave+0xf8/0x210
[ 1543.320905][T24115]  prepare_creds+0x30/0x690
[ 1543.325230][T24115]  copy_creds+0xde/0x640
[ 1543.329311][T24115]  copy_process+0x775/0x3250
[ 1543.333741][T24115]  ? __kasan_check_write+0x14/0x20
[ 1543.338682][T24115]  ? proc_fail_nth_write+0x213/0x290
[ 1543.343804][T24115]  ? proc_fail_nth_read+0x220/0x220
[ 1543.348839][T24115]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1543.353782][T24115]  ? vfs_write+0x9af/0x1050
[ 1543.358128][T24115]  kernel_clone+0x22d/0x990
[ 1543.362463][T24115]  ? file_end_write+0x1b0/0x1b0
[ 1543.367174][T24115]  ? __kasan_check_write+0x14/0x20
[ 1543.367519][T24135] FAULT_INJECTION: forcing a failure.
[ 1543.367519][T24135] name failslab, interval 1, probability 0, space 0, times 0
[ 1543.372094][T24115]  ? create_io_thread+0x1e0/0x1e0
[ 1543.372123][T24115]  ? __mutex_lock_slowpath+0x10/0x10
[ 1543.394853][T24115]  __x64_sys_clone+0x289/0x310
[ 1543.399436][T24115]  ? __do_sys_vfork+0x130/0x130
[ 1543.404120][T24115]  ? fpregs_restore_userregs+0x1f0/0x3a0
[ 1543.409594][T24115]  ? switch_fpu_return+0xe/0x10
[ 1543.414306][T24115]  do_syscall_64+0x44/0xd0
[ 1543.418531][T24115]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1543.424347][T24115] RIP: 0033:0x7fed39e510c9
[ 1543.428602][T24115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1543.448055][T24115] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1543.456286][T24115] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1543.464097][T24115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1543.471907][T24115] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1543.479721][T24115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1543.487528][T24115] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1543.495344][T24115]  </TASK>
[ 1543.503712][T24135] CPU: 0 PID: 24135 Comm: syz-executor.4 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1543.513784][T24135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1543.523674][T24135] Call Trace:
[ 1543.526792][T24135]  <TASK>
[ 1543.529572][T24135]  dump_stack_lvl+0x151/0x1b7
[ 1543.534085][T24135]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1543.539378][T24135]  ? handle_pte_fault+0x517/0x11d0
[ 1543.544329][T24135]  dump_stack+0x15/0x17
[ 1543.548322][T24135]  should_fail+0x3c0/0x510
[ 1543.552575][T24135]  __should_failslab+0x9f/0xe0
[ 1543.557258][T24135]  should_failslab+0x9/0x20
[ 1543.561601][T24135]  kmem_cache_alloc+0x4f/0x2f0
[ 1543.566200][T24135]  ? do_handle_mm_fault+0x16f6/0x2370
[ 1543.571490][T24135]  ? vm_area_dup+0x26/0x1d0
[ 1543.575834][T24135]  vm_area_dup+0x26/0x1d0
[ 1543.579999][T24135]  __split_vma+0xc0/0x480
[ 1543.584172][T24135]  ? vmacache_update+0xb7/0x120
[ 1543.588861][T24135]  __do_munmap+0x3b3/0x1ad0
[ 1543.593190][T24135]  ? memset+0x35/0x40
[ 1543.597097][T24135]  mmap_region+0x9ec/0x1af0
[ 1543.601434][T24135]  ? __kasan_check_write+0x14/0x20
[ 1543.606399][T24135]  ? file_mmap_ok+0x150/0x150
[ 1543.610904][T24135]  ? file_mmap_ok+0x104/0x150
[ 1543.615409][T24135]  do_mmap+0x785/0xe40
[ 1543.619309][T24135]  vm_mmap_pgoff+0x1d4/0x420
[ 1543.623736][T24135]  ? account_locked_vm+0x260/0x260
[ 1543.628686][T24135]  ksys_mmap_pgoff+0x15d/0x1e0
[ 1543.633288][T24135]  __x64_sys_mmap+0x103/0x120
[ 1543.637796][T24135]  do_syscall_64+0x44/0xd0
[ 1543.642049][T24135]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1543.647779][T24135] RIP: 0033:0x7f0abd0f90c9
[ 1543.652211][T24135] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1543.671645][T24135] RSP: 002b:00007f0abbe6c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1543.679891][T24135] RAX: ffffffffffffffda RBX: 00007f0abd218f80 RCX: 00007f0abd0f90c9
03:35:12 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0) (fail_nth: 2)

03:35:12 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xffff8000, 0x2, 0x0, 0xfffffffc})

03:35:12 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:12 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000000000000, 0xa6010, r0, 0x0)

03:35:12 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000600)=0x400, 0x4)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x5ac3, &(0x7f0000000000)={0x0, 0xff33}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x3, 0x9, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x1d, r1}, 0x10, &(0x7f0000000580)={&(0x7f0000000500)=@canfd={{0x1, 0x0, 0x0, 0x1}, 0x12, 0x2, 0x0, 0x0, "6d39b71f8412c6b2afe641faa62e8939f64026ea94834dd164ea73f59d01dc8b6708cc03dce8f3a0639552c888a508b9e5d9aa2f9b1b876694dc9e741e577e68"}, 0x48}, 0x1, 0x0, 0x0, 0x80000}, 0x4c814) (async)
r2 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r2, 0x0)
syz_io_uring_setup(0xe2f, &(0x7f0000000640)={0x0, 0xf557, 0x20, 0x2, 0x38c, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000006c0), &(0x7f0000000700))

03:35:12 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)

03:35:12 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x7}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:12 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x200000000000000, 0xa6010, r0, 0x0)

[ 1543.687701][T24135] RDX: 0000000000000000 RSI: 0000000000080004 RDI: 0000000020ffb000
[ 1543.695513][T24135] RBP: 00007f0abbe6c1d0 R08: 0000000000000004 R09: 0000000000000000
[ 1543.703321][T24135] R10: 0000000004000013 R11: 0000000000000246 R12: 0000000000000001
[ 1543.711137][T24135] R13: 00007ffea28c73cf R14: 00007f0abbe6c300 R15: 0000000000022000
[ 1543.718948][T24135]  </TASK>
03:35:12 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0xfffffffe, 0x2, 0x0, 0xfffffffc})

03:35:12 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000080)=0xeb3)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:12 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x300000000000000, 0xa6010, r0, 0x0)

03:35:12 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x11}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1543.757937][T24150] FAULT_INJECTION: forcing a failure.
[ 1543.757937][T24150] name failslab, interval 1, probability 0, space 0, times 0
[ 1543.835620][T24150] CPU: 0 PID: 24150 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1543.845698][T24150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1543.855600][T24150] Call Trace:
[ 1543.858714][T24150]  <TASK>
[ 1543.861785][T24150]  dump_stack_lvl+0x151/0x1b7
[ 1543.866274][T24150]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1543.871588][T24150]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 1543.877820][T24150]  dump_stack+0x15/0x17
[ 1543.881803][T24150]  should_fail+0x3c0/0x510
[ 1543.886059][T24150]  __should_failslab+0x9f/0xe0
[ 1543.890753][T24150]  should_failslab+0x9/0x20
[ 1543.895087][T24150]  kmem_cache_alloc+0x4f/0x2f0
[ 1543.899678][T24150]  ? anon_vma_fork+0xf7/0x4f0
[ 1543.904199][T24150]  anon_vma_fork+0xf7/0x4f0
[ 1543.908542][T24150]  ? anon_vma_name+0x4c/0x70
[ 1543.912963][T24150]  dup_mmap+0x750/0xea0
[ 1543.916956][T24150]  ? __delayed_free_task+0x20/0x20
[ 1543.921917][T24150]  ? mm_init+0x807/0x960
[ 1543.926061][T24150]  dup_mm+0x91/0x330
[ 1543.929708][T24150]  copy_mm+0x108/0x1b0
[ 1543.933623][T24150]  copy_process+0x1295/0x3250
[ 1543.938130][T24150]  ? proc_fail_nth_write+0x213/0x290
[ 1543.943249][T24150]  ? proc_fail_nth_read+0x220/0x220
[ 1543.948281][T24150]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1543.953231][T24150]  ? vfs_write+0x9af/0x1050
[ 1543.957569][T24150]  kernel_clone+0x22d/0x990
[ 1543.961996][T24150]  ? file_end_write+0x1b0/0x1b0
[ 1543.966793][T24150]  ? __kasan_check_write+0x14/0x20
[ 1543.971737][T24150]  ? create_io_thread+0x1e0/0x1e0
[ 1543.976600][T24150]  ? __mutex_lock_slowpath+0x10/0x10
[ 1543.981723][T24150]  __x64_sys_clone+0x289/0x310
[ 1543.986327][T24150]  ? __do_sys_vfork+0x130/0x130
[ 1543.991013][T24150]  ? debug_smp_processor_id+0x17/0x20
[ 1543.996215][T24150]  do_syscall_64+0x44/0xd0
[ 1544.000475][T24150]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1544.007326][T24150] RIP: 0033:0x7fed39e510c9
[ 1544.011578][T24150] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1544.031018][T24150] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1544.039264][T24150] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1544.044041][T24167] FAULT_INJECTION: forcing a failure.
[ 1544.044041][T24167] name failslab, interval 1, probability 0, space 0, times 0
[ 1544.047072][T24150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1544.047091][T24150] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1544.075106][T24150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1544.082920][T24150] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1544.090733][T24150]  </TASK>
[ 1544.203266][T24167] CPU: 0 PID: 24167 Comm: syz-executor.4 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1544.213352][T24167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1544.223397][T24167] Call Trace:
[ 1544.226705][T24167]  <TASK>
[ 1544.229468][T24167]  dump_stack_lvl+0x151/0x1b7
[ 1544.233980][T24167]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1544.239275][T24167]  dump_stack+0x15/0x17
[ 1544.243264][T24167]  should_fail+0x3c0/0x510
[ 1544.247522][T24167]  __should_failslab+0x9f/0xe0
[ 1544.252121][T24167]  should_failslab+0x9/0x20
[ 1544.256548][T24167]  kmem_cache_alloc+0x4f/0x2f0
[ 1544.261145][T24167]  ? anon_vma_clone+0xa1/0x4f0
[ 1544.265927][T24167]  anon_vma_clone+0xa1/0x4f0
[ 1544.270419][T24167]  __split_vma+0x193/0x480
[ 1544.274608][T24167]  __do_munmap+0x3b3/0x1ad0
[ 1544.278948][T24167]  ? memset+0x35/0x40
[ 1544.282777][T24167]  mmap_region+0x9ec/0x1af0
[ 1544.287106][T24167]  ? __kasan_check_write+0x14/0x20
[ 1544.292056][T24167]  ? file_mmap_ok+0x150/0x150
[ 1544.296567][T24167]  ? file_mmap_ok+0x104/0x150
[ 1544.301083][T24167]  do_mmap+0x785/0xe40
[ 1544.304985][T24167]  vm_mmap_pgoff+0x1d4/0x420
[ 1544.309415][T24167]  ? account_locked_vm+0x260/0x260
[ 1544.314361][T24167]  ksys_mmap_pgoff+0x15d/0x1e0
[ 1544.318956][T24167]  __x64_sys_mmap+0x103/0x120
[ 1544.323489][T24167]  do_syscall_64+0x44/0xd0
[ 1544.327722][T24167]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1544.333492][T24167] RIP: 0033:0x7f0abd0f90c9
[ 1544.337705][T24167] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1544.357240][T24167] RSP: 002b:00007f0abbe6c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1544.365486][T24167] RAX: ffffffffffffffda RBX: 00007f0abd218f80 RCX: 00007f0abd0f90c9
[ 1544.373382][T24167] RDX: 0000000000000000 RSI: 0000000000080004 RDI: 0000000020ffb000
[ 1544.381193][T24167] RBP: 00007f0abbe6c1d0 R08: 0000000000000004 R09: 0000000000000000
[ 1544.389011][T24167] R10: 0000000004000013 R11: 0000000000000246 R12: 0000000000000001
[ 1544.396816][T24167] R13: 00007ffea28c73cf R14: 00007f0abbe6c300 R15: 0000000000022000
[ 1544.404650][T24167]  </TASK>
03:35:13 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x0)

03:35:13 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x18}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:13 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x0, 0xfffffffc})

03:35:13 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000080)=0xeb3) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:13 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x400000000000000, 0xa6010, r0, 0x0)

03:35:13 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)

03:35:13 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x204}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:13 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x5, 0x0, 0xfffffffc})

[ 1545.088814][T24183] FAULT_INJECTION: forcing a failure.
[ 1545.088814][T24183] name failslab, interval 1, probability 0, space 0, times 0
[ 1545.109889][T24183] CPU: 1 PID: 24183 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1545.119971][T24183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1545.129863][T24183] Call Trace:
[ 1545.133905][T24183]  <TASK>
[ 1545.136681][T24183]  dump_stack_lvl+0x151/0x1b7
[ 1545.141192][T24183]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1545.146489][T24183]  ? avc_has_perm_noaudit+0x358/0x450
[ 1545.151783][T24183]  dump_stack+0x15/0x17
[ 1545.155786][T24183]  should_fail+0x3c0/0x510
[ 1545.160027][T24183]  __should_failslab+0x9f/0xe0
[ 1545.164629][T24183]  should_failslab+0x9/0x20
[ 1545.168967][T24183]  kmem_cache_alloc+0x4f/0x2f0
[ 1545.173660][T24183]  ? dup_fd+0x71/0xa40
[ 1545.177563][T24183]  dup_fd+0x71/0xa40
[ 1545.181292][T24183]  ? avc_has_perm+0x16d/0x260
[ 1545.185807][T24183]  ? avc_has_perm_noaudit+0x450/0x450
[ 1545.191019][T24183]  copy_files+0xe6/0x200
[ 1545.195183][T24183]  ? perf_event_attrs+0x30/0x30
[ 1545.199885][T24183]  ? dup_task_struct+0xa60/0xa60
[ 1545.204639][T24183]  ? security_task_alloc+0x132/0x150
[ 1545.209763][T24183]  copy_process+0x11e9/0x3250
[ 1545.214277][T24183]  ? proc_fail_nth_write+0x213/0x290
[ 1545.219394][T24183]  ? proc_fail_nth_read+0x220/0x220
[ 1545.224432][T24183]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1545.229414][T24183]  ? vfs_write+0x9af/0x1050
[ 1545.233716][T24183]  kernel_clone+0x22d/0x990
[ 1545.238054][T24183]  ? file_end_write+0x1b0/0x1b0
[ 1545.242742][T24183]  ? __kasan_check_write+0x14/0x20
[ 1545.247772][T24183]  ? create_io_thread+0x1e0/0x1e0
[ 1545.252636][T24183]  ? __mutex_lock_slowpath+0x10/0x10
[ 1545.257767][T24183]  __x64_sys_clone+0x289/0x310
[ 1545.262362][T24183]  ? __do_sys_vfork+0x130/0x130
[ 1545.267043][T24183]  ? debug_smp_processor_id+0x17/0x20
[ 1545.272252][T24183]  do_syscall_64+0x44/0xd0
[ 1545.276504][T24183]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1545.282229][T24183] RIP: 0033:0x7fed39e510c9
[ 1545.286483][T24183] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1545.305928][T24183] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1545.314167][T24183] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1545.321981][T24183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1545.329791][T24183] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
03:35:14 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x7, 0x0, 0xfffffffc})

03:35:14 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000080)=0xeb3) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async, rerun: 32)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)) (rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:14 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xfdffffffffff0f00, 0xa6010, r0, 0x0)

03:35:14 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x402}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1545.337601][T24183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1545.345413][T24183] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1545.353228][T24183]  </TASK>
03:35:14 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x406}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:14 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x33, 0x0, 0xfffffffc})

03:35:14 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)

03:35:14 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x2)

03:35:14 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14, 0x13, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:14 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x2, 0x4000013, r2, 0x0)

03:35:14 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14, 0x13, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14, 0x13, r1, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:14 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x604}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:14 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x42, 0x0, 0xfffffffc})

03:35:14 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14, 0x13, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14, 0x13, r1, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:14 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x3)

03:35:14 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x700}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:14 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x34c00, 0x0, 0xfffffffc})

[ 1545.579482][T24210] FAULT_INJECTION: forcing a failure.
[ 1545.579482][T24210] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1545.652413][T24210] CPU: 0 PID: 24210 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1545.662497][T24210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1545.672392][T24210] Call Trace:
[ 1545.675512][T24210]  <TASK>
[ 1545.678287][T24210]  dump_stack_lvl+0x151/0x1b7
[ 1545.682804][T24210]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1545.688110][T24210]  ? stack_trace_save+0x1f0/0x1f0
[ 1545.692955][T24210]  ? __kernel_text_address+0x9a/0x110
[ 1545.698165][T24210]  dump_stack+0x15/0x17
[ 1545.702157][T24210]  should_fail+0x3c0/0x510
[ 1545.706410][T24210]  should_fail_alloc_page+0x58/0x70
[ 1545.711443][T24210]  __alloc_pages+0x1de/0x7c0
[ 1545.715870][T24210]  ? stack_trace_save+0x12d/0x1f0
[ 1545.720727][T24210]  ? stack_trace_snprint+0x100/0x100
[ 1545.725849][T24210]  ? __count_vm_events+0x30/0x30
[ 1545.730629][T24210]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1545.735485][T24210]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1545.740344][T24210]  ? kmem_cache_alloc+0x189/0x2f0
[ 1545.745203][T24210]  ? anon_vma_fork+0x1b9/0x4f0
03:35:14 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x4, 0x4000013, r2, 0x0)

03:35:14 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x4)

[ 1545.749803][T24210]  get_zeroed_page+0x19/0x40
[ 1545.754254][T24210]  __pud_alloc+0x8b/0x260
[ 1545.758401][T24210]  ? do_handle_mm_fault+0x2370/0x2370
[ 1545.763609][T24210]  copy_page_range+0xd9e/0x1090
[ 1545.768476][T24210]  ? pfn_valid+0x1e0/0x1e0
[ 1545.772725][T24210]  dup_mmap+0x99f/0xea0
[ 1545.776715][T24210]  ? __delayed_free_task+0x20/0x20
[ 1545.781700][T24210]  ? mm_init+0x807/0x960
[ 1545.785749][T24210]  dup_mm+0x91/0x330
[ 1545.789656][T24210]  copy_mm+0x108/0x1b0
[ 1545.793556][T24210]  copy_process+0x1295/0x3250
[ 1545.798063][T24210]  ? proc_fail_nth_write+0x213/0x290
[ 1545.803183][T24210]  ? proc_fail_nth_read+0x220/0x220
[ 1545.808222][T24210]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1545.813162][T24210]  ? vfs_write+0x9af/0x1050
[ 1545.817505][T24210]  kernel_clone+0x22d/0x990
[ 1545.821849][T24210]  ? file_end_write+0x1b0/0x1b0
[ 1545.826530][T24210]  ? __kasan_check_write+0x14/0x20
[ 1545.831477][T24210]  ? create_io_thread+0x1e0/0x1e0
[ 1545.836336][T24210]  ? __mutex_lock_slowpath+0x10/0x10
[ 1545.841458][T24210]  __x64_sys_clone+0x289/0x310
[ 1545.846058][T24210]  ? __do_sys_vfork+0x130/0x130
[ 1545.850749][T24210]  ? debug_smp_processor_id+0x17/0x20
[ 1545.856039][T24210]  do_syscall_64+0x44/0xd0
[ 1545.860292][T24210]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1545.866022][T24210] RIP: 0033:0x7fed39e510c9
[ 1545.870356][T24210] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1545.889884][T24210] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:14 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)

03:35:14 executing program 2:
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f00000002c0)=""/204)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:14 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1100}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:14 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:14 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x60)

03:35:14 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x2, 0xfffffffc})

03:35:14 executing program 2:
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f00000002c0)=""/204) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:14 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1800}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:14 executing program 2:
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f00000002c0)=""/204) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

[ 1545.898135][T24210] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1545.905948][T24210] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1545.913756][T24210] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1545.921567][T24210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1545.929379][T24210] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1545.937279][T24210]  </TASK>
03:35:14 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1545.986404][T24262] FAULT_INJECTION: forcing a failure.
[ 1545.986404][T24262] name failslab, interval 1, probability 0, space 0, times 0
[ 1546.020474][T24262] CPU: 1 PID: 24262 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1546.030549][T24262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1546.040444][T24262] Call Trace:
[ 1546.043570][T24262]  <TASK>
[ 1546.046345][T24262]  dump_stack_lvl+0x151/0x1b7
[ 1546.050859][T24262]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1546.056154][T24262]  dump_stack+0x15/0x17
[ 1546.060145][T24262]  should_fail+0x3c0/0x510
[ 1546.064489][T24262]  ? kvmalloc_node+0x82/0x130
[ 1546.068999][T24262]  __should_failslab+0x9f/0xe0
[ 1546.073601][T24262]  should_failslab+0x9/0x20
[ 1546.078285][T24262]  __kmalloc+0x6d/0x350
[ 1546.082276][T24262]  ? __kasan_kmalloc+0x9/0x10
[ 1546.086794][T24262]  kvmalloc_node+0x82/0x130
[ 1546.091154][T24262]  alloc_fdtable+0xea/0x2b0
[ 1546.098074][T24262]  dup_fd+0x781/0xa40
[ 1546.101896][T24262]  ? avc_has_perm+0x16d/0x260
[ 1546.106421][T24262]  copy_files+0xe6/0x200
[ 1546.110486][T24262]  ? perf_event_attrs+0x30/0x30
[ 1546.115173][T24262]  ? dup_task_struct+0xa60/0xa60
[ 1546.120137][T24262]  ? security_task_alloc+0x132/0x150
[ 1546.125241][T24262]  copy_process+0x11e9/0x3250
[ 1546.129755][T24262]  ? proc_fail_nth_write+0x213/0x290
[ 1546.134891][T24262]  ? proc_fail_nth_read+0x220/0x220
[ 1546.139913][T24262]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1546.145027][T24262]  ? vfs_write+0x9af/0x1050
[ 1546.149662][T24262]  kernel_clone+0x22d/0x990
[ 1546.153986][T24262]  ? file_end_write+0x1b0/0x1b0
[ 1546.158763][T24262]  ? __kasan_check_write+0x14/0x20
[ 1546.163711][T24262]  ? create_io_thread+0x1e0/0x1e0
[ 1546.168575][T24262]  ? __mutex_lock_slowpath+0x10/0x10
[ 1546.173687][T24262]  __x64_sys_clone+0x289/0x310
[ 1546.178286][T24262]  ? __do_sys_vfork+0x130/0x130
[ 1546.182976][T24262]  ? debug_smp_processor_id+0x17/0x20
[ 1546.188182][T24262]  do_syscall_64+0x44/0xd0
[ 1546.192433][T24262]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1546.198163][T24262] RIP: 0033:0x7fed39e510c9
[ 1546.202417][T24262] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1546.222029][T24262] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:15 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x8, 0x4000013, r2, 0x0)

03:35:15 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x3, 0xfffffffc})

[ 1546.230276][T24262] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1546.238088][T24262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1546.245987][T24262] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1546.253803][T24262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1546.261614][T24262] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1546.269427][T24262]  </TASK>
03:35:15 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)

03:35:15 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x2e1c}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080), 0x8)
r1 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r1, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:15 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x300)

03:35:15 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x2000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:15 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x4, 0xfffffffc})

03:35:15 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x6000)

03:35:15 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x2040000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:15 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x7, 0xfffffffc})

03:35:15 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x2e1c}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async, rerun: 32)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)) (rerun: 32)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080), 0x8) (async)
r1 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r1, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:15 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x8, 0xfffffffc})

[ 1546.360328][T24293] FAULT_INJECTION: forcing a failure.
[ 1546.360328][T24293] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1546.394118][T24293] CPU: 1 PID: 24293 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1546.404282][T24293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1546.414262][T24293] Call Trace:
[ 1546.417393][T24293]  <TASK>
[ 1546.420164][T24293]  dump_stack_lvl+0x151/0x1b7
[ 1546.424780][T24293]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1546.430065][T24293]  dump_stack+0x15/0x17
[ 1546.434048][T24293]  should_fail+0x3c0/0x510
[ 1546.438306][T24293]  should_fail_alloc_page+0x58/0x70
[ 1546.443336][T24293]  __alloc_pages+0x1de/0x7c0
[ 1546.447764][T24293]  ? __count_vm_events+0x30/0x30
[ 1546.452540][T24293]  ? dup_mm+0x91/0x330
[ 1546.456615][T24293]  ? copy_mm+0x108/0x1b0
[ 1546.460704][T24293]  ? copy_process+0x1295/0x3250
[ 1546.465379][T24293]  ? kernel_clone+0x22d/0x990
[ 1546.469899][T24293]  ? __x64_sys_clone+0x289/0x310
[ 1546.475718][T24293]  pte_alloc_one+0x73/0x1b0
[ 1546.480048][T24293]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1546.485082][T24293]  ? __kasan_check_write+0x14/0x20
[ 1546.490029][T24293]  ? __set_page_owner+0x2ee/0x310
[ 1546.494892][T24293]  __pte_alloc+0x86/0x350
[ 1546.499062][T24293]  ? post_alloc_hook+0x1ab/0x1b0
[ 1546.503837][T24293]  ? free_pgtables+0x210/0x210
[ 1546.508428][T24293]  ? get_page_from_freelist+0x38b/0x400
[ 1546.513827][T24293]  copy_pte_range+0x1b1f/0x20b0
[ 1546.518500][T24293]  ? __kunmap_atomic+0x80/0x80
[ 1546.523095][T24293]  ? __pud_alloc+0x260/0x260
[ 1546.527524][T24293]  ? __pud_alloc+0x218/0x260
[ 1546.531975][T24293]  ? do_handle_mm_fault+0x2370/0x2370
[ 1546.537178][T24293]  copy_page_range+0xc1e/0x1090
[ 1546.541852][T24293]  ? pfn_valid+0x1e0/0x1e0
[ 1546.546108][T24293]  dup_mmap+0x99f/0xea0
[ 1546.550184][T24293]  ? __delayed_free_task+0x20/0x20
[ 1546.555217][T24293]  ? mm_init+0x807/0x960
[ 1546.559290][T24293]  dup_mm+0x91/0x330
[ 1546.563031][T24293]  copy_mm+0x108/0x1b0
[ 1546.566952][T24293]  copy_process+0x1295/0x3250
[ 1546.571441][T24293]  ? proc_fail_nth_write+0x213/0x290
[ 1546.576564][T24293]  ? proc_fail_nth_read+0x220/0x220
[ 1546.581594][T24293]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1546.586542][T24293]  ? vfs_write+0x9af/0x1050
[ 1546.590883][T24293]  kernel_clone+0x22d/0x990
[ 1546.595230][T24293]  ? file_end_write+0x1b0/0x1b0
[ 1546.599911][T24293]  ? __kasan_check_write+0x14/0x20
[ 1546.604857][T24293]  ? create_io_thread+0x1e0/0x1e0
[ 1546.609715][T24293]  ? __mutex_lock_slowpath+0x10/0x10
[ 1546.614838][T24293]  __x64_sys_clone+0x289/0x310
[ 1546.619444][T24293]  ? __do_sys_vfork+0x130/0x130
[ 1546.624138][T24293]  ? debug_smp_processor_id+0x17/0x20
[ 1546.629342][T24293]  do_syscall_64+0x44/0xd0
[ 1546.633584][T24293]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1546.639314][T24293] RIP: 0033:0x7fed39e510c9
[ 1546.643562][T24293] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1546.664139][T24293] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1546.672376][T24293] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1546.680276][T24293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1546.688097][T24293] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1546.695896][T24293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1546.703708][T24293] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
03:35:15 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf, 0x4000013, r2, 0x0)

03:35:15 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x600000)

03:35:15 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)

03:35:15 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x2e1c}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)) (async)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080), 0x8) (async)
r1 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r1, 0x80000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:15 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x80ffff)

03:35:15 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x10, 0x4000013, r2, 0x0)

03:35:15 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x6040000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:15 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x7000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:15 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x9, 0xfffffffc})

03:35:15 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0xc0ffff)

[ 1546.711613][T24293]  </TASK>
03:35:15 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x11000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:15 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x200}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000100)=0x11c020, 0x4)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
write$bt_hci(r2, &(0x7f0000001800)={0x1, @write_auth_payload_to={{0xc7c, 0x4}, {0xc9, 0x200}}}, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x11, r3, 0x10000000)
sendmsg$xdp(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, 0x4, 0x0, 0x3}, 0x10, &(0x7f0000001780)=[{&(0x7f00000002c0)="48197e2bf40086940cbbc7ba192b805b0c23541c159d727950e8445f649654fb7f93018087d4b1b9476a7c0efda37a2a05e440b8706da9df33c14bd7bdeba775d88488571e749d122fc6f74e6820d2056357717e21af00ba8bf143c64f299a149c943edab9667e3920", 0x69}, {&(0x7f0000000340)="490bd57ad6def4d0fbce4e770e5c3d4f5533dc44e07f47cf8c8955b9822d62079b1710d39174bf482298bd51ef87a2aa88ea33995a97fe5285ef61f9c1863ff4ebb609e94d8f1b412abb13f7b95a45ec636eeb712c0fcf40a2da208eebd4bd29df6ede4582e07840b4eb986d120d91b84f18fbbd71c68c1903038e2e6f99dd2e8d7d658fdab361b95fe7d880746e16f0183a73e6d7711e9c6fd1def6b315629e04e46696b4b53e8148f2f75e6184b2093f8e783b2816bb9452e3ec14618ddf816e971a5fb75a5b85fe611e9459a704325440244074d1117971c82d72c4f8d006e1248509e3979fc37d3abff43529", 0xee}, {&(0x7f0000000440)="9ddcd281d12dad74545320e985be4c2135ec1b79aa6c457c2f7c070eb8bb044d1f8ddb8a6a23847b36c318cbfb9d0fa8952fb313afa3a0cc0c4e337894cfd8fe6d4820f699e8b5797a7be4e80fb8e1248aceed79329afd1fc31576e579f314e6d5f180b6a96199d18a59e3bb02a0a1e440619c95ebfa98dbd225818bceeee7b1ec0effb9160ebfa92b114b82221ecd4d19e49700f3303da3a824d98bfefbc68a9f65cb9693dc2e7052fa0218337fa3970076612dc9db65f58cc1ee8fccdcfd53ec9b14bc0e87f3761dca36d576602752885d35a32c7995", 0xd7}, {&(0x7f0000000540)="5a9b79a191042fc4bad069cfc36834b4e9d4967f7e39ba886ad760511d70d5f00c543ac99bd3248ece2262c294c303cfccaffde38bf057f9e9f5d5ee424ae7cea4082de523e375306bae7b2af3192ee9c4728bc7b8a8c74993bfcb2294f12415f7da17d25afb4f0b08379c06c1146a1f7dfa6fe237f9d073ab7768170a647a3407d52bd5080bbf9f", 0x88}, {&(0x7f0000000600)="0c53639efc350960673c1fbc4fc85fab7a5c6720026740f851f6d4c085411cdcbb8721318ca7afeed589fec2c09f73785e3157677d00d225cda7b781b33e2fff46b62c04a2e660caf3e67d9488b35ab1d507ea844ab45c5d20e3128272a371fd097d40151badc34cf5bc6b31321ef5344e3bdf0f8bdc43662fb03f4d46cefb30457d98b442f7f478a82f0e69be9e6d31232fab41b52857eb8698b8aca160dcf5fcc0ee4ecba322b6d8cd7f3abb428361e30a87ba613050", 0xb7}, {&(0x7f00000006c0)="19699222ffb069402537fb3031e7af53bafdd4e7c60a01285437c2426b76bd1cf9cc08be64d144945c1e96daefab1db47f8158ef9fd75f83fcd45f54a76c34b9d5d5a3f47da5158c5fb89b1e8c9378f63df7da1914edfd8883e0a50beec465b55cad97da32832ff5932b38ce62dd08f98c047398f1c07c88947065043b7ec6d3f746e2b7385c2ed8abd34b650f8a07f132856e2d70c9fc6579427a886054ded9bc6e153f5cbc4ba791436705b6fdfe0424731f078f6c95e5506596a67bb134a6a97a31eb3403f3f867f05a0dff61347cc924e547c22b6de826bd8ecef6ef3f33ce743554324a609381a643cd5bd78f1e982f0ece29b85af14daf3d5b6fffb32cba1b4e77500a55592851f037a7b18958ab779e364e79459054ae9196a9d379b3827eb7a55195cd695d082097d8ebf4f6d68237e01eb5eeb5694c2beb15b946f0d80d4f7b51616c2287cca10f518bf82410cfbe98c96be860742e5ca44c71b65b6b6e6389943fe016b76ca41796b67d0d7da64056a65417211aa92313e535380449980daa34f78291f2b3ed60741db6c0a46bf25a2050669353e0da2091e59212b1d1efefe57d1d6003767784e8c790fe950c3674ead719b3c794aaa8fe08f3d3c4a9b53ce34af3b716dd0c4695503b33686919a46493354b5fe5f02c32cc09ebfd7c62144608e29aedc8a3ef98e9d6bcc757278f0608514a17cb5a9f2b7cbaa1a00ad27fcc33369b07685c00a765bb1f5eec3943ab9f463469b32e349dd661c9a6f2459a6693f7de4497a6860f5102881d411d25d774c578aa123178825f83ada377e214d51a76dc0335f04da1ee87c62a934fd2dd346cf4dce8fdf27158ae128ea3f1be4933ac0e98705e8d8cfbc57159405629939568354e79af0f8e54d277da8564a428ebe8743fb08412bf02e9b785a287ac82937b7f66510895cda8d78c95475f6fff35ddc64beefe67b40adbd00a8cea04dce206a041a98266494d7dedac2de769f71acdacde00620c85070180d83842a6fc60d288277be147c45c23327a4b205100926be01fab4a00b73abe3b716ba9d3de436d5bdc6850044377c2932bdd97844b51afe38d7fd1119d2a81de15c01261ec611886009d0fd7b1dc0b64998fd86e479f97ae24c3c12e96d2532bee8c3907c6d47c1d9bd3659c764e84d1fc52964f703708461eeedf8d4f117d1cdcb1460ccc300cc48c40905f4c551a41e2790aa0dd328e9546cd20a4a4fbb159892dda3f388fc300bc2a06086105af48f011e5a7bf61ffc53e6e1088fb824aa9f91166825a16a052c06a9c99cc05f3c2c4d41dd80eeeb5024b07605a21c5cde85b54e029dae79651f4a7924ad96b65473e6e157f43bdf9bd0ce5c1181cc65bfa93ec848dbd0f3be75502134742bd0b4a18e5e2769d7ff1c43b15db56657b1cc89d6ca540a26725bec1faccdce54a4c6f0c615b8e51fba471d254ed39ccd476589f6251815c640576773727cf1990fe4588cafdf5abdf182e630ce4a528ec0f74ceb3333c017cebf79315f0f3fa9fbd50a851a18010a86e69e63fc3fe854c0a4c2824e29d57c2811f12798e0b090ab31e26ae31123f02cc132de94138c40875782d1cbdb63f2366f7487402bd7b05c5574ccfc740d22f6d089863b0165a638dcc890d36bd1b84d9aad76fe793e77e2fee21dc253c9dd0f3a487b1b83e8753cc1e5514a7fb0d7be292eb48fad2b2cfd75b8c4c13295d86f62ec153351e469fddbe889498a915acf34737bcf54f6dee3e3580f791ac78a6837b98d915d34a2b7590ec9f92640a19fe581643aaa8fe3d07b20ffddca5767f2d71adbf6181e6c11a57fbf7663871579be51a54ba368749c1228586cb499c2911e476da44add61b11d67eca70fa557e683faa4554a9014c1f8ac0ef0434cf6d5d0aa3de16a82eb9da2fbc52257fc47d044ad23743067648df3529c0a92eef07a50f9ee48b2b358ae8c8df38101d745889ccb13dc1f314d06d0f07068a0556d7d28bbb09a3988fce31b3e485d78d144f4c08dcfeff2664de348a1f205da7f423cbf798b7fc36a4659a0ca067e8f26daa9480e518110593a195ae9760b4842d9b1028600bed9ece63296188668b4bb82087b259c85b9624f5e7cdd06d3c570a147131b64844f0d2b8983747e67aebc218f944e53472e1d83ded39650a78a153c01b4a60779dcc6ecb256306ef27b78d0dd022193f0a3bec4c0959c51176a9f66a15a8cbdb6dd6fde343540f09138958d71167e68a22866ae26629bc61400e794742a355869bba241d14bdf7652fa79cf52b1e046fbafcf27a28e79118e0767a68efd69fbf7010daeda17f987b410593f47d1d46c6b3a4bb34d07093dc2ebbfd8d86edd995e2e9e024453cc23b428b8142ce65a1abfd9d384d1ed9058505e73683b933489ffc85736e2b5daf01bdb5697643de7026c206405883c1bad17a28f439bdc2692650d60d0919c2ca5517f3a89493599d62c968a494bb753050a65e7a25291f1509deb5fab1c271db072b58dce3be48a19ddb2b6f01a6b9136d2217bbb6bc81f59e72fa34a55c434e0c05861d355207925a4a509b4627b1af1918843e833c92754f5e50dac90b91ee5ebb8b55e9b14c64c02bdac53b18c34ca0b68c2fdb52aa40fb5d6cb2df7253c94fc54a2778a059e7002f9af72cd024bbd30aa626ca67d8de66f0a1bd0dd224def75052cd164e092b59f6f8599c0f270663c4de2fa4d8f4f78b738ac0cd0a4e3b04d6843965cc31322d3fe335ffaf052bc77012f9df4c7244b8532b57137ddb2b2a04ca653ace8b6a8ca573cd53a4541d5830acbd0e86e2c2fb51f891292062facaefee807d056fff2a1965a67b1821c8555a6dcb7a1f4e6240fb5936d547a0fa08debbadc72e051d153043942f3ce29139ae1f7ca7db57009ed38090090d4621fc5f8fc15036a29906a3069bc953f3a3029033212d5eb3127ff818b4c4a8b0183b65d1a5c636955bd1e68346c297dbff2ab5c59fc71a6794a8b1fd935e7360a9c78b78a5292038dfb3dc36aaa019d85d42f0190a43c200d185cc9d661d90d613e28b97b3f7ec8018e8a1ddedc667983654a046bce2be19e59830f4db9cf11f311aec1db5410bbe7f1912de6d26f6c7af7b1250cb7c0922b7cee863014abda66b5a6e0c0824fe51e1feb446a680fa0ef30ca07f3254116d4bdb9c80606fd23ccf5f5ec3a03a2ccda876a00d2c619ab43f2886ec7b076ade05e114f98aecb7da5c0be1dbaf99e0c1f960de33a755af4c2500ef143e67fa76a41a9aa3b1bf8cebe44eef1796bf854c7dc3a414d814cbc8189b2454c87f129fc8eadcb10fb58c1e48bbf639c7b487fb15dce79cad703ad800be9adff6cee54c9e3a86e035093373e22a8291a95e10bc0470d420ff391786cdccdf472e61aa15d651ad11db06e367e463c80d4e5d4a555a1bd567e48dcf3ff02c67c91bef8a62cf77397ca7f95755f6f1e0f62f6e2f23da1073f630f3603ebfe7a61cf908eb4cbadd86c4bde079bf1675c63ac86bd6f022e669df90d16e787a750194d66ffddcb7d2a0715379a4d905445e6e95815e3cc642d3f51d7096d8a0943d8e68782f24581c0161da37b0d5b815adc05248389d0c44c54af939f2e2a1cc1edabbfc0b24794d8b35462431da7729cb554e0df26403498e68f65614aa4414faac251ca14848cebb353ef977c593078aa4d2ceef12cae250832c28d65573a228c1b3e702e93c11351e71f41035e1de7a47a725d30361ce7d1a0f71ebc4ac904afe3985b5105ad8f0652a0d8038822d5ba1976504441c7a5849db2ffa876a7596ea3bac115dd452348a2c8c3ee77b56fd0c8f5184e533b5fa803e3fd45680acb77fbd4ad6c3cc8b0e0654a35409054b604b451940caff96133165d7b8d702078ed17e8a6ca776ee84cffd20a8815b050db48cc3ef16c559b08e38ba11da2ea68a1b51549a43d5f736ae920e8fc7f38cb2f3cf7337ae3e6afa6e88d0ff6051ca65793d5b6bf06cf4a8c694b7e05d3d0fd926ffb94ded232d9332b5413224e717a9fda9607a3e3f9fcaeed7c993e40aa3d79be752e94abee9dce897d9adb6ee19f406ab3dacf4f3dfdbda70e4023361547ed85b94a8fc4a1a44dc7320413536d0f2b9afa19c771efc722fda9c5dcf139ca7e0bebfd233d3feedc979f5d598d4a7812320aa04cc2ef92b68ff684d434261ae5d9fc2a8273abceee1fa66653ea61535f4da759d231fba962f8a72b2b781033e61decd07da33a0ab0d406b2a21d5e4928fadef2f171cada8ef37493f9c3aca15dd2fc9e0c6c34b55685dcc6099aec2cf29a41626bf8efed55887901008cc0e9cba898078745449ed66a2f24c4faf99a9abfbbbc0f18bc42fb84e019016d618052ee5134c8dd6d5d43897022f5ad33ea4b096fc9505c0c39fe7ab5a1a386846853f7f079c41801395e75e6da2347848313f1416764266bf4ab62047af65cb9bda474fe4dbb938b82ad51462c7a400802e3ad467b82149d64f8b01a4fbb85f012541c6a1069fc1ac646885ee47a2e30e48cdfd60071a028f342cc2f0bb69a05e4b54f20fbccfae7e7c5890d5bec1e66b226244a1ace4386fdb60d60a9c461d205ddc19ad79fff29cd5a6a175365f47cb0277e694de61b32405d51bc0a3ad4f31852af4b1334b9274f7831e32d1a912d1b4508a4026b518f8d582f49bb3dbefaccf5f7a29fb5975897f14975ce691b4838e5a055f4444006250410af6fc529a0fe4eec53c86c0889ff5958f06d9931d64ea83b951bbc27b5ba4d15940848b60e1f3307386135a5e7052d7a2bd3449def362d6941a4b7238b7c127f6ee3595c02b3b01b34bc5b4ad612dd2871fa80130311517a2bad447ade07fbe8cf4c004b4d9a62df32255db4fdd0805cd33c9e3d008ffcfa140e0463e8b9b3b3219d35145bba92f1fe7aac504de78cb0570a6aa839464f7919e04b0af8a59ec3c93091f1565447ef6ed9ef6fe7d4c4e81183fd2160fda0c7eb62598fb64cbaf43ff454afbefacc037b8c7b260a1ed7fcbf1597854d055a6d4f97e6244bdddf6eb6c75130bc02f53133367607207dad0e859d95af025a1a9d5184d1b130cb9098649136794f2e46d280c3a78e5ab7090ad3418d2362c9e92def454a26d308e2ddecfa3145d3242194c99177f0ed1c3029db9d9334e2f0a98479a45a25934c8d967b2c500577badeb570c8f9fbb261e641a423de42f69d637bc733d5178dc197bd418367e193660fa2bef47aa1c811917c1bc4e934359893d2a8927159feec4b35fe86c322a56477ed63e826159d373f9a9d44d4c9a76fbbd46952a11844e959913b5d672465ddbb4db6c573c69d9606d4f0338099f449f19e5ae0ee8cc4e084df37dd19fd33c51a0ae8455e6455fcc519e8aa1295844bda9213ed3c94294cdb06f865af9d6a02447b691c82de1c1166dcca92d5c7f2e2274f5bf17a0d04d68b1da859ff67a4d02bb574e183fb8e8b25a7fbda95b33966acb01066dee9cea818b5151e26703bc5692431240e61765b4ad60af78b5e51283cc5a734e3077e453b89d5195c8df1d8f85c243f3bb2bd94960354e437984e5d5b24b9b518f020b67295a1694d7f414589b744233c5f16e72a982aeab53e204ba194be6b2c205c15372574647af743789fdc33ee48686f1c6677094314a258c2cdc9822b0ba191afb69e8df6a0e77d678af090c4ad772b2211db9bbb607a45b757e6eafb4051de898ec610f08ece34672933b3a8a5ec6d453d681bd61a2a7d20bf3e18eca9372e09bff6b71dce6e50274dd91cb04d7a8ba5fd3201631dd", 0x1000}, {&(0x7f00000016c0)="b6e6ba4278b73aae5301d5c943c1c3ac186194b6161d1d9ceaca1a57b606545980717ce713a38498f559c407a54bdf57a183c9b9cd908a6a4c7daac9363859622b8bc17485a4f45b9f1ad5c3847615669600c2d4c03852b43c1277ab85ed81c7649e0f5e07c7e4e2cfaa49b6d86c6852febf8614363a739c155d73e9cb0492a63690c9e5a1f5809c507825c20986251e06b26365c094c9", 0x97}], 0x7, 0x0, 0x0, 0x8800}, 0x0)

03:35:15 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x1000000)

03:35:15 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x18000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1546.955921][T24345] FAULT_INJECTION: forcing a failure.
[ 1546.955921][T24345] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1546.986421][T24345] CPU: 0 PID: 24345 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1546.996500][T24345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1547.006391][T24345] Call Trace:
[ 1547.009515][T24345]  <TASK>
[ 1547.012293][T24345]  dump_stack_lvl+0x151/0x1b7
[ 1547.016820][T24345]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1547.022100][T24345]  dump_stack+0x15/0x17
[ 1547.026178][T24345]  should_fail+0x3c0/0x510
[ 1547.030437][T24345]  should_fail_alloc_page+0x58/0x70
[ 1547.035467][T24345]  __alloc_pages+0x1de/0x7c0
[ 1547.040048][T24345]  ? __count_vm_events+0x30/0x30
[ 1547.044896][T24345]  ? __this_cpu_preempt_check+0x13/0x20
[ 1547.050278][T24345]  ? __mod_node_page_state+0xac/0xf0
[ 1547.055397][T24345]  ? __mod_lruvec_page_state+0x15f/0x1c0
[ 1547.060866][T24345]  pte_alloc_one+0x73/0x1b0
[ 1547.065203][T24345]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1547.070246][T24345]  ? __kasan_check_write+0x14/0x20
[ 1547.075190][T24345]  ? __set_page_owner+0x2ee/0x310
[ 1547.080201][T24345]  __pte_alloc+0x86/0x350
[ 1547.084365][T24345]  ? free_pgtables+0x210/0x210
[ 1547.088966][T24345]  ? _raw_spin_lock+0xa3/0x1b0
[ 1547.093577][T24345]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1547.098774][T24345]  copy_pte_range+0x1b1f/0x20b0
[ 1547.103476][T24345]  ? __kunmap_atomic+0x80/0x80
[ 1547.108059][T24345]  ? __pud_alloc+0x260/0x260
[ 1547.112482][T24345]  ? __pud_alloc+0x218/0x260
[ 1547.116911][T24345]  ? do_handle_mm_fault+0x2370/0x2370
[ 1547.122121][T24345]  copy_page_range+0xc1e/0x1090
[ 1547.126811][T24345]  ? pfn_valid+0x1e0/0x1e0
[ 1547.131065][T24345]  dup_mmap+0x99f/0xea0
[ 1547.135052][T24345]  ? __delayed_free_task+0x20/0x20
[ 1547.140018][T24345]  ? mm_init+0x807/0x960
[ 1547.144080][T24345]  dup_mm+0x91/0x330
[ 1547.147815][T24345]  copy_mm+0x108/0x1b0
[ 1547.151714][T24345]  copy_process+0x1295/0x3250
[ 1547.156231][T24345]  ? proc_fail_nth_write+0x213/0x290
[ 1547.161348][T24345]  ? proc_fail_nth_read+0x220/0x220
[ 1547.166384][T24345]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1547.171336][T24345]  ? vfs_write+0x9af/0x1050
[ 1547.175669][T24345]  kernel_clone+0x22d/0x990
[ 1547.180008][T24345]  ? file_end_write+0x1b0/0x1b0
[ 1547.184696][T24345]  ? __kasan_check_write+0x14/0x20
[ 1547.189643][T24345]  ? create_io_thread+0x1e0/0x1e0
[ 1547.194504][T24345]  ? __mutex_lock_slowpath+0x10/0x10
[ 1547.199625][T24345]  __x64_sys_clone+0x289/0x310
[ 1547.204223][T24345]  ? __do_sys_vfork+0x130/0x130
[ 1547.208910][T24345]  ? debug_smp_processor_id+0x17/0x20
[ 1547.214120][T24345]  do_syscall_64+0x44/0xd0
[ 1547.218369][T24345]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1547.224097][T24345] RIP: 0033:0x7fed39e510c9
[ 1547.228346][T24345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1547.247788][T24345] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:16 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)

03:35:16 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x2000000)

03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x14, 0xfffffffc})

03:35:16 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x200}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000100)=0x11c020, 0x4)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
write$bt_hci(r2, &(0x7f0000001800)={0x1, @write_auth_payload_to={{0xc7c, 0x4}, {0xc9, 0x200}}}, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x11, r3, 0x10000000)
sendmsg$xdp(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, 0x4, 0x0, 0x3}, 0x10, &(0x7f0000001780)=[{&(0x7f00000002c0)="48197e2bf40086940cbbc7ba192b805b0c23541c159d727950e8445f649654fb7f93018087d4b1b9476a7c0efda37a2a05e440b8706da9df33c14bd7bdeba775d88488571e749d122fc6f74e6820d2056357717e21af00ba8bf143c64f299a149c943edab9667e3920", 0x69}, {&(0x7f0000000340)="490bd57ad6def4d0fbce4e770e5c3d4f5533dc44e07f47cf8c8955b9822d62079b1710d39174bf482298bd51ef87a2aa88ea33995a97fe5285ef61f9c1863ff4ebb609e94d8f1b412abb13f7b95a45ec636eeb712c0fcf40a2da208eebd4bd29df6ede4582e07840b4eb986d120d91b84f18fbbd71c68c1903038e2e6f99dd2e8d7d658fdab361b95fe7d880746e16f0183a73e6d7711e9c6fd1def6b315629e04e46696b4b53e8148f2f75e6184b2093f8e783b2816bb9452e3ec14618ddf816e971a5fb75a5b85fe611e9459a704325440244074d1117971c82d72c4f8d006e1248509e3979fc37d3abff43529", 0xee}, {&(0x7f0000000440)="9ddcd281d12dad74545320e985be4c2135ec1b79aa6c457c2f7c070eb8bb044d1f8ddb8a6a23847b36c318cbfb9d0fa8952fb313afa3a0cc0c4e337894cfd8fe6d4820f699e8b5797a7be4e80fb8e1248aceed79329afd1fc31576e579f314e6d5f180b6a96199d18a59e3bb02a0a1e440619c95ebfa98dbd225818bceeee7b1ec0effb9160ebfa92b114b82221ecd4d19e49700f3303da3a824d98bfefbc68a9f65cb9693dc2e7052fa0218337fa3970076612dc9db65f58cc1ee8fccdcfd53ec9b14bc0e87f3761dca36d576602752885d35a32c7995", 0xd7}, {&(0x7f0000000540)="5a9b79a191042fc4bad069cfc36834b4e9d4967f7e39ba886ad760511d70d5f00c543ac99bd3248ece2262c294c303cfccaffde38bf057f9e9f5d5ee424ae7cea4082de523e375306bae7b2af3192ee9c4728bc7b8a8c74993bfcb2294f12415f7da17d25afb4f0b08379c06c1146a1f7dfa6fe237f9d073ab7768170a647a3407d52bd5080bbf9f", 0x88}, {&(0x7f0000000600)="0c53639efc350960673c1fbc4fc85fab7a5c6720026740f851f6d4c085411cdcbb8721318ca7afeed589fec2c09f73785e3157677d00d225cda7b781b33e2fff46b62c04a2e660caf3e67d9488b35ab1d507ea844ab45c5d20e3128272a371fd097d40151badc34cf5bc6b31321ef5344e3bdf0f8bdc43662fb03f4d46cefb30457d98b442f7f478a82f0e69be9e6d31232fab41b52857eb8698b8aca160dcf5fcc0ee4ecba322b6d8cd7f3abb428361e30a87ba613050", 0xb7}, {&(0x7f00000006c0)="19699222ffb069402537fb3031e7af53bafdd4e7c60a01285437c2426b76bd1cf9cc08be64d144945c1e96daefab1db47f8158ef9fd75f83fcd45f54a76c34b9d5d5a3f47da5158c5fb89b1e8c9378f63df7da1914edfd8883e0a50beec465b55cad97da32832ff5932b38ce62dd08f98c047398f1c07c88947065043b7ec6d3f746e2b7385c2ed8abd34b650f8a07f132856e2d70c9fc6579427a886054ded9bc6e153f5cbc4ba791436705b6fdfe0424731f078f6c95e5506596a67bb134a6a97a31eb3403f3f867f05a0dff61347cc924e547c22b6de826bd8ecef6ef3f33ce743554324a609381a643cd5bd78f1e982f0ece29b85af14daf3d5b6fffb32cba1b4e77500a55592851f037a7b18958ab779e364e79459054ae9196a9d379b3827eb7a55195cd695d082097d8ebf4f6d68237e01eb5eeb5694c2beb15b946f0d80d4f7b51616c2287cca10f518bf82410cfbe98c96be860742e5ca44c71b65b6b6e6389943fe016b76ca41796b67d0d7da64056a65417211aa92313e535380449980daa34f78291f2b3ed60741db6c0a46bf25a2050669353e0da2091e59212b1d1efefe57d1d6003767784e8c790fe950c3674ead719b3c794aaa8fe08f3d3c4a9b53ce34af3b716dd0c4695503b33686919a46493354b5fe5f02c32cc09ebfd7c62144608e29aedc8a3ef98e9d6bcc757278f0608514a17cb5a9f2b7cbaa1a00ad27fcc33369b07685c00a765bb1f5eec3943ab9f463469b32e349dd661c9a6f2459a6693f7de4497a6860f5102881d411d25d774c578aa123178825f83ada377e214d51a76dc0335f04da1ee87c62a934fd2dd346cf4dce8fdf27158ae128ea3f1be4933ac0e98705e8d8cfbc57159405629939568354e79af0f8e54d277da8564a428ebe8743fb08412bf02e9b785a287ac82937b7f66510895cda8d78c95475f6fff35ddc64beefe67b40adbd00a8cea04dce206a041a98266494d7dedac2de769f71acdacde00620c85070180d83842a6fc60d288277be147c45c23327a4b205100926be01fab4a00b73abe3b716ba9d3de436d5bdc6850044377c2932bdd97844b51afe38d7fd1119d2a81de15c01261ec611886009d0fd7b1dc0b64998fd86e479f97ae24c3c12e96d2532bee8c3907c6d47c1d9bd3659c764e84d1fc52964f703708461eeedf8d4f117d1cdcb1460ccc300cc48c40905f4c551a41e2790aa0dd328e9546cd20a4a4fbb159892dda3f388fc300bc2a06086105af48f011e5a7bf61ffc53e6e1088fb824aa9f91166825a16a052c06a9c99cc05f3c2c4d41dd80eeeb5024b07605a21c5cde85b54e029dae79651f4a7924ad96b65473e6e157f43bdf9bd0ce5c1181cc65bfa93ec848dbd0f3be75502134742bd0b4a18e5e2769d7ff1c43b15db56657b1cc89d6ca540a26725bec1faccdce54a4c6f0c615b8e51fba471d254ed39ccd476589f6251815c640576773727cf1990fe4588cafdf5abdf182e630ce4a528ec0f74ceb3333c017cebf79315f0f3fa9fbd50a851a18010a86e69e63fc3fe854c0a4c2824e29d57c2811f12798e0b090ab31e26ae31123f02cc132de94138c40875782d1cbdb63f2366f7487402bd7b05c5574ccfc740d22f6d089863b0165a638dcc890d36bd1b84d9aad76fe793e77e2fee21dc253c9dd0f3a487b1b83e8753cc1e5514a7fb0d7be292eb48fad2b2cfd75b8c4c13295d86f62ec153351e469fddbe889498a915acf34737bcf54f6dee3e3580f791ac78a6837b98d915d34a2b7590ec9f92640a19fe581643aaa8fe3d07b20ffddca5767f2d71adbf6181e6c11a57fbf7663871579be51a54ba368749c1228586cb499c2911e476da44add61b11d67eca70fa557e683faa4554a9014c1f8ac0ef0434cf6d5d0aa3de16a82eb9da2fbc52257fc47d044ad23743067648df3529c0a92eef07a50f9ee48b2b358ae8c8df38101d745889ccb13dc1f314d06d0f07068a0556d7d28bbb09a3988fce31b3e485d78d144f4c08dcfeff2664de348a1f205da7f423cbf798b7fc36a4659a0ca067e8f26daa9480e518110593a195ae9760b4842d9b1028600bed9ece63296188668b4bb82087b259c85b9624f5e7cdd06d3c570a147131b64844f0d2b8983747e67aebc218f944e53472e1d83ded39650a78a153c01b4a60779dcc6ecb256306ef27b78d0dd022193f0a3bec4c0959c51176a9f66a15a8cbdb6dd6fde343540f09138958d71167e68a22866ae26629bc61400e794742a355869bba241d14bdf7652fa79cf52b1e046fbafcf27a28e79118e0767a68efd69fbf7010daeda17f987b410593f47d1d46c6b3a4bb34d07093dc2ebbfd8d86edd995e2e9e024453cc23b428b8142ce65a1abfd9d384d1ed9058505e73683b933489ffc85736e2b5daf01bdb5697643de7026c206405883c1bad17a28f439bdc2692650d60d0919c2ca5517f3a89493599d62c968a494bb753050a65e7a25291f1509deb5fab1c271db072b58dce3be48a19ddb2b6f01a6b9136d2217bbb6bc81f59e72fa34a55c434e0c05861d355207925a4a509b4627b1af1918843e833c92754f5e50dac90b91ee5ebb8b55e9b14c64c02bdac53b18c34ca0b68c2fdb52aa40fb5d6cb2df7253c94fc54a2778a059e7002f9af72cd024bbd30aa626ca67d8de66f0a1bd0dd224def75052cd164e092b59f6f8599c0f270663c4de2fa4d8f4f78b738ac0cd0a4e3b04d6843965cc31322d3fe335ffaf052bc77012f9df4c7244b8532b57137ddb2b2a04ca653ace8b6a8ca573cd53a4541d5830acbd0e86e2c2fb51f891292062facaefee807d056fff2a1965a67b1821c8555a6dcb7a1f4e6240fb5936d547a0fa08debbadc72e051d153043942f3ce29139ae1f7ca7db57009ed38090090d4621fc5f8fc15036a29906a3069bc953f3a3029033212d5eb3127ff818b4c4a8b0183b65d1a5c636955bd1e68346c297dbff2ab5c59fc71a6794a8b1fd935e7360a9c78b78a5292038dfb3dc36aaa019d85d42f0190a43c200d185cc9d661d90d613e28b97b3f7ec8018e8a1ddedc667983654a046bce2be19e59830f4db9cf11f311aec1db5410bbe7f1912de6d26f6c7af7b1250cb7c0922b7cee863014abda66b5a6e0c0824fe51e1feb446a680fa0ef30ca07f3254116d4bdb9c80606fd23ccf5f5ec3a03a2ccda876a00d2c619ab43f2886ec7b076ade05e114f98aecb7da5c0be1dbaf99e0c1f960de33a755af4c2500ef143e67fa76a41a9aa3b1bf8cebe44eef1796bf854c7dc3a414d814cbc8189b2454c87f129fc8eadcb10fb58c1e48bbf639c7b487fb15dce79cad703ad800be9adff6cee54c9e3a86e035093373e22a8291a95e10bc0470d420ff391786cdccdf472e61aa15d651ad11db06e367e463c80d4e5d4a555a1bd567e48dcf3ff02c67c91bef8a62cf77397ca7f95755f6f1e0f62f6e2f23da1073f630f3603ebfe7a61cf908eb4cbadd86c4bde079bf1675c63ac86bd6f022e669df90d16e787a750194d66ffddcb7d2a0715379a4d905445e6e95815e3cc642d3f51d7096d8a0943d8e68782f24581c0161da37b0d5b815adc05248389d0c44c54af939f2e2a1cc1edabbfc0b24794d8b35462431da7729cb554e0df26403498e68f65614aa4414faac251ca14848cebb353ef977c593078aa4d2ceef12cae250832c28d65573a228c1b3e702e93c11351e71f41035e1de7a47a725d30361ce7d1a0f71ebc4ac904afe3985b5105ad8f0652a0d8038822d5ba1976504441c7a5849db2ffa876a7596ea3bac115dd452348a2c8c3ee77b56fd0c8f5184e533b5fa803e3fd45680acb77fbd4ad6c3cc8b0e0654a35409054b604b451940caff96133165d7b8d702078ed17e8a6ca776ee84cffd20a8815b050db48cc3ef16c559b08e38ba11da2ea68a1b51549a43d5f736ae920e8fc7f38cb2f3cf7337ae3e6afa6e88d0ff6051ca65793d5b6bf06cf4a8c694b7e05d3d0fd926ffb94ded232d9332b5413224e717a9fda9607a3e3f9fcaeed7c993e40aa3d79be752e94abee9dce897d9adb6ee19f406ab3dacf4f3dfdbda70e4023361547ed85b94a8fc4a1a44dc7320413536d0f2b9afa19c771efc722fda9c5dcf139ca7e0bebfd233d3feedc979f5d598d4a7812320aa04cc2ef92b68ff684d434261ae5d9fc2a8273abceee1fa66653ea61535f4da759d231fba962f8a72b2b781033e61decd07da33a0ab0d406b2a21d5e4928fadef2f171cada8ef37493f9c3aca15dd2fc9e0c6c34b55685dcc6099aec2cf29a41626bf8efed55887901008cc0e9cba898078745449ed66a2f24c4faf99a9abfbbbc0f18bc42fb84e019016d618052ee5134c8dd6d5d43897022f5ad33ea4b096fc9505c0c39fe7ab5a1a386846853f7f079c41801395e75e6da2347848313f1416764266bf4ab62047af65cb9bda474fe4dbb938b82ad51462c7a400802e3ad467b82149d64f8b01a4fbb85f012541c6a1069fc1ac646885ee47a2e30e48cdfd60071a028f342cc2f0bb69a05e4b54f20fbccfae7e7c5890d5bec1e66b226244a1ace4386fdb60d60a9c461d205ddc19ad79fff29cd5a6a175365f47cb0277e694de61b32405d51bc0a3ad4f31852af4b1334b9274f7831e32d1a912d1b4508a4026b518f8d582f49bb3dbefaccf5f7a29fb5975897f14975ce691b4838e5a055f4444006250410af6fc529a0fe4eec53c86c0889ff5958f06d9931d64ea83b951bbc27b5ba4d15940848b60e1f3307386135a5e7052d7a2bd3449def362d6941a4b7238b7c127f6ee3595c02b3b01b34bc5b4ad612dd2871fa80130311517a2bad447ade07fbe8cf4c004b4d9a62df32255db4fdd0805cd33c9e3d008ffcfa140e0463e8b9b3b3219d35145bba92f1fe7aac504de78cb0570a6aa839464f7919e04b0af8a59ec3c93091f1565447ef6ed9ef6fe7d4c4e81183fd2160fda0c7eb62598fb64cbaf43ff454afbefacc037b8c7b260a1ed7fcbf1597854d055a6d4f97e6244bdddf6eb6c75130bc02f53133367607207dad0e859d95af025a1a9d5184d1b130cb9098649136794f2e46d280c3a78e5ab7090ad3418d2362c9e92def454a26d308e2ddecfa3145d3242194c99177f0ed1c3029db9d9334e2f0a98479a45a25934c8d967b2c500577badeb570c8f9fbb261e641a423de42f69d637bc733d5178dc197bd418367e193660fa2bef47aa1c811917c1bc4e934359893d2a8927159feec4b35fe86c322a56477ed63e826159d373f9a9d44d4c9a76fbbd46952a11844e959913b5d672465ddbb4db6c573c69d9606d4f0338099f449f19e5ae0ee8cc4e084df37dd19fd33c51a0ae8455e6455fcc519e8aa1295844bda9213ed3c94294cdb06f865af9d6a02447b691c82de1c1166dcca92d5c7f2e2274f5bf17a0d04d68b1da859ff67a4d02bb574e183fb8e8b25a7fbda95b33966acb01066dee9cea818b5151e26703bc5692431240e61765b4ad60af78b5e51283cc5a734e3077e453b89d5195c8df1d8f85c243f3bb2bd94960354e437984e5d5b24b9b518f020b67295a1694d7f414589b744233c5f16e72a982aeab53e204ba194be6b2c205c15372574647af743789fdc33ee48686f1c6677094314a258c2cdc9822b0ba191afb69e8df6a0e77d678af090c4ad772b2211db9bbb607a45b757e6eafb4051de898ec610f08ece34672933b3a8a5ec6d453d681bd61a2a7d20bf3e18eca9372e09bff6b71dce6e50274dd91cb04d7a8ba5fd3201631dd", 0x1000}, {&(0x7f00000016c0)="b6e6ba4278b73aae5301d5c943c1c3ac186194b6161d1d9ceaca1a57b606545980717ce713a38498f559c407a54bdf57a183c9b9cd908a6a4c7daac9363859622b8bc17485a4f45b9f1ad5c3847615669600c2d4c03852b43c1277ab85ed81c7649e0f5e07c7e4e2cfaa49b6d86c6852febf8614363a739c155d73e9cb0492a63690c9e5a1f5809c507825c20986251e06b26365c094c9", 0x97}], 0x7, 0x0, 0x0, 0x8800}, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x200}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0) (async)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000100)=0x11c020, 0x4) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
write$bt_hci(r2, &(0x7f0000001800)={0x1, @write_auth_payload_to={{0xc7c, 0x4}, {0xc9, 0x200}}}, 0x8) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r3, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x11, r3, 0x10000000) (async)
sendmsg$xdp(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, 0x4, 0x0, 0x3}, 0x10, &(0x7f0000001780)=[{&(0x7f00000002c0)="48197e2bf40086940cbbc7ba192b805b0c23541c159d727950e8445f649654fb7f93018087d4b1b9476a7c0efda37a2a05e440b8706da9df33c14bd7bdeba775d88488571e749d122fc6f74e6820d2056357717e21af00ba8bf143c64f299a149c943edab9667e3920", 0x69}, {&(0x7f0000000340)="490bd57ad6def4d0fbce4e770e5c3d4f5533dc44e07f47cf8c8955b9822d62079b1710d39174bf482298bd51ef87a2aa88ea33995a97fe5285ef61f9c1863ff4ebb609e94d8f1b412abb13f7b95a45ec636eeb712c0fcf40a2da208eebd4bd29df6ede4582e07840b4eb986d120d91b84f18fbbd71c68c1903038e2e6f99dd2e8d7d658fdab361b95fe7d880746e16f0183a73e6d7711e9c6fd1def6b315629e04e46696b4b53e8148f2f75e6184b2093f8e783b2816bb9452e3ec14618ddf816e971a5fb75a5b85fe611e9459a704325440244074d1117971c82d72c4f8d006e1248509e3979fc37d3abff43529", 0xee}, {&(0x7f0000000440)="9ddcd281d12dad74545320e985be4c2135ec1b79aa6c457c2f7c070eb8bb044d1f8ddb8a6a23847b36c318cbfb9d0fa8952fb313afa3a0cc0c4e337894cfd8fe6d4820f699e8b5797a7be4e80fb8e1248aceed79329afd1fc31576e579f314e6d5f180b6a96199d18a59e3bb02a0a1e440619c95ebfa98dbd225818bceeee7b1ec0effb9160ebfa92b114b82221ecd4d19e49700f3303da3a824d98bfefbc68a9f65cb9693dc2e7052fa0218337fa3970076612dc9db65f58cc1ee8fccdcfd53ec9b14bc0e87f3761dca36d576602752885d35a32c7995", 0xd7}, {&(0x7f0000000540)="5a9b79a191042fc4bad069cfc36834b4e9d4967f7e39ba886ad760511d70d5f00c543ac99bd3248ece2262c294c303cfccaffde38bf057f9e9f5d5ee424ae7cea4082de523e375306bae7b2af3192ee9c4728bc7b8a8c74993bfcb2294f12415f7da17d25afb4f0b08379c06c1146a1f7dfa6fe237f9d073ab7768170a647a3407d52bd5080bbf9f", 0x88}, {&(0x7f0000000600)="0c53639efc350960673c1fbc4fc85fab7a5c6720026740f851f6d4c085411cdcbb8721318ca7afeed589fec2c09f73785e3157677d00d225cda7b781b33e2fff46b62c04a2e660caf3e67d9488b35ab1d507ea844ab45c5d20e3128272a371fd097d40151badc34cf5bc6b31321ef5344e3bdf0f8bdc43662fb03f4d46cefb30457d98b442f7f478a82f0e69be9e6d31232fab41b52857eb8698b8aca160dcf5fcc0ee4ecba322b6d8cd7f3abb428361e30a87ba613050", 0xb7}, {&(0x7f00000006c0)="19699222ffb069402537fb3031e7af53bafdd4e7c60a01285437c2426b76bd1cf9cc08be64d144945c1e96daefab1db47f8158ef9fd75f83fcd45f54a76c34b9d5d5a3f47da5158c5fb89b1e8c9378f63df7da1914edfd8883e0a50beec465b55cad97da32832ff5932b38ce62dd08f98c047398f1c07c88947065043b7ec6d3f746e2b7385c2ed8abd34b650f8a07f132856e2d70c9fc6579427a886054ded9bc6e153f5cbc4ba791436705b6fdfe0424731f078f6c95e5506596a67bb134a6a97a31eb3403f3f867f05a0dff61347cc924e547c22b6de826bd8ecef6ef3f33ce743554324a609381a643cd5bd78f1e982f0ece29b85af14daf3d5b6fffb32cba1b4e77500a55592851f037a7b18958ab779e364e79459054ae9196a9d379b3827eb7a55195cd695d082097d8ebf4f6d68237e01eb5eeb5694c2beb15b946f0d80d4f7b51616c2287cca10f518bf82410cfbe98c96be860742e5ca44c71b65b6b6e6389943fe016b76ca41796b67d0d7da64056a65417211aa92313e535380449980daa34f78291f2b3ed60741db6c0a46bf25a2050669353e0da2091e59212b1d1efefe57d1d6003767784e8c790fe950c3674ead719b3c794aaa8fe08f3d3c4a9b53ce34af3b716dd0c4695503b33686919a46493354b5fe5f02c32cc09ebfd7c62144608e29aedc8a3ef98e9d6bcc757278f0608514a17cb5a9f2b7cbaa1a00ad27fcc33369b07685c00a765bb1f5eec3943ab9f463469b32e349dd661c9a6f2459a6693f7de4497a6860f5102881d411d25d774c578aa123178825f83ada377e214d51a76dc0335f04da1ee87c62a934fd2dd346cf4dce8fdf27158ae128ea3f1be4933ac0e98705e8d8cfbc57159405629939568354e79af0f8e54d277da8564a428ebe8743fb08412bf02e9b785a287ac82937b7f66510895cda8d78c95475f6fff35ddc64beefe67b40adbd00a8cea04dce206a041a98266494d7dedac2de769f71acdacde00620c85070180d83842a6fc60d288277be147c45c23327a4b205100926be01fab4a00b73abe3b716ba9d3de436d5bdc6850044377c2932bdd97844b51afe38d7fd1119d2a81de15c01261ec611886009d0fd7b1dc0b64998fd86e479f97ae24c3c12e96d2532bee8c3907c6d47c1d9bd3659c764e84d1fc52964f703708461eeedf8d4f117d1cdcb1460ccc300cc48c40905f4c551a41e2790aa0dd328e9546cd20a4a4fbb159892dda3f388fc300bc2a06086105af48f011e5a7bf61ffc53e6e1088fb824aa9f91166825a16a052c06a9c99cc05f3c2c4d41dd80eeeb5024b07605a21c5cde85b54e029dae79651f4a7924ad96b65473e6e157f43bdf9bd0ce5c1181cc65bfa93ec848dbd0f3be75502134742bd0b4a18e5e2769d7ff1c43b15db56657b1cc89d6ca540a26725bec1faccdce54a4c6f0c615b8e51fba471d254ed39ccd476589f6251815c640576773727cf1990fe4588cafdf5abdf182e630ce4a528ec0f74ceb3333c017cebf79315f0f3fa9fbd50a851a18010a86e69e63fc3fe854c0a4c2824e29d57c2811f12798e0b090ab31e26ae31123f02cc132de94138c40875782d1cbdb63f2366f7487402bd7b05c5574ccfc740d22f6d089863b0165a638dcc890d36bd1b84d9aad76fe793e77e2fee21dc253c9dd0f3a487b1b83e8753cc1e5514a7fb0d7be292eb48fad2b2cfd75b8c4c13295d86f62ec153351e469fddbe889498a915acf34737bcf54f6dee3e3580f791ac78a6837b98d915d34a2b7590ec9f92640a19fe581643aaa8fe3d07b20ffddca5767f2d71adbf6181e6c11a57fbf7663871579be51a54ba368749c1228586cb499c2911e476da44add61b11d67eca70fa557e683faa4554a9014c1f8ac0ef0434cf6d5d0aa3de16a82eb9da2fbc52257fc47d044ad23743067648df3529c0a92eef07a50f9ee48b2b358ae8c8df38101d745889ccb13dc1f314d06d0f07068a0556d7d28bbb09a3988fce31b3e485d78d144f4c08dcfeff2664de348a1f205da7f423cbf798b7fc36a4659a0ca067e8f26daa9480e518110593a195ae9760b4842d9b1028600bed9ece63296188668b4bb82087b259c85b9624f5e7cdd06d3c570a147131b64844f0d2b8983747e67aebc218f944e53472e1d83ded39650a78a153c01b4a60779dcc6ecb256306ef27b78d0dd022193f0a3bec4c0959c51176a9f66a15a8cbdb6dd6fde343540f09138958d71167e68a22866ae26629bc61400e794742a355869bba241d14bdf7652fa79cf52b1e046fbafcf27a28e79118e0767a68efd69fbf7010daeda17f987b410593f47d1d46c6b3a4bb34d07093dc2ebbfd8d86edd995e2e9e024453cc23b428b8142ce65a1abfd9d384d1ed9058505e73683b933489ffc85736e2b5daf01bdb5697643de7026c206405883c1bad17a28f439bdc2692650d60d0919c2ca5517f3a89493599d62c968a494bb753050a65e7a25291f1509deb5fab1c271db072b58dce3be48a19ddb2b6f01a6b9136d2217bbb6bc81f59e72fa34a55c434e0c05861d355207925a4a509b4627b1af1918843e833c92754f5e50dac90b91ee5ebb8b55e9b14c64c02bdac53b18c34ca0b68c2fdb52aa40fb5d6cb2df7253c94fc54a2778a059e7002f9af72cd024bbd30aa626ca67d8de66f0a1bd0dd224def75052cd164e092b59f6f8599c0f270663c4de2fa4d8f4f78b738ac0cd0a4e3b04d6843965cc31322d3fe335ffaf052bc77012f9df4c7244b8532b57137ddb2b2a04ca653ace8b6a8ca573cd53a4541d5830acbd0e86e2c2fb51f891292062facaefee807d056fff2a1965a67b1821c8555a6dcb7a1f4e6240fb5936d547a0fa08debbadc72e051d153043942f3ce29139ae1f7ca7db57009ed38090090d4621fc5f8fc15036a29906a3069bc953f3a3029033212d5eb3127ff818b4c4a8b0183b65d1a5c636955bd1e68346c297dbff2ab5c59fc71a6794a8b1fd935e7360a9c78b78a5292038dfb3dc36aaa019d85d42f0190a43c200d185cc9d661d90d613e28b97b3f7ec8018e8a1ddedc667983654a046bce2be19e59830f4db9cf11f311aec1db5410bbe7f1912de6d26f6c7af7b1250cb7c0922b7cee863014abda66b5a6e0c0824fe51e1feb446a680fa0ef30ca07f3254116d4bdb9c80606fd23ccf5f5ec3a03a2ccda876a00d2c619ab43f2886ec7b076ade05e114f98aecb7da5c0be1dbaf99e0c1f960de33a755af4c2500ef143e67fa76a41a9aa3b1bf8cebe44eef1796bf854c7dc3a414d814cbc8189b2454c87f129fc8eadcb10fb58c1e48bbf639c7b487fb15dce79cad703ad800be9adff6cee54c9e3a86e035093373e22a8291a95e10bc0470d420ff391786cdccdf472e61aa15d651ad11db06e367e463c80d4e5d4a555a1bd567e48dcf3ff02c67c91bef8a62cf77397ca7f95755f6f1e0f62f6e2f23da1073f630f3603ebfe7a61cf908eb4cbadd86c4bde079bf1675c63ac86bd6f022e669df90d16e787a750194d66ffddcb7d2a0715379a4d905445e6e95815e3cc642d3f51d7096d8a0943d8e68782f24581c0161da37b0d5b815adc05248389d0c44c54af939f2e2a1cc1edabbfc0b24794d8b35462431da7729cb554e0df26403498e68f65614aa4414faac251ca14848cebb353ef977c593078aa4d2ceef12cae250832c28d65573a228c1b3e702e93c11351e71f41035e1de7a47a725d30361ce7d1a0f71ebc4ac904afe3985b5105ad8f0652a0d8038822d5ba1976504441c7a5849db2ffa876a7596ea3bac115dd452348a2c8c3ee77b56fd0c8f5184e533b5fa803e3fd45680acb77fbd4ad6c3cc8b0e0654a35409054b604b451940caff96133165d7b8d702078ed17e8a6ca776ee84cffd20a8815b050db48cc3ef16c559b08e38ba11da2ea68a1b51549a43d5f736ae920e8fc7f38cb2f3cf7337ae3e6afa6e88d0ff6051ca65793d5b6bf06cf4a8c694b7e05d3d0fd926ffb94ded232d9332b5413224e717a9fda9607a3e3f9fcaeed7c993e40aa3d79be752e94abee9dce897d9adb6ee19f406ab3dacf4f3dfdbda70e4023361547ed85b94a8fc4a1a44dc7320413536d0f2b9afa19c771efc722fda9c5dcf139ca7e0bebfd233d3feedc979f5d598d4a7812320aa04cc2ef92b68ff684d434261ae5d9fc2a8273abceee1fa66653ea61535f4da759d231fba962f8a72b2b781033e61decd07da33a0ab0d406b2a21d5e4928fadef2f171cada8ef37493f9c3aca15dd2fc9e0c6c34b55685dcc6099aec2cf29a41626bf8efed55887901008cc0e9cba898078745449ed66a2f24c4faf99a9abfbbbc0f18bc42fb84e019016d618052ee5134c8dd6d5d43897022f5ad33ea4b096fc9505c0c39fe7ab5a1a386846853f7f079c41801395e75e6da2347848313f1416764266bf4ab62047af65cb9bda474fe4dbb938b82ad51462c7a400802e3ad467b82149d64f8b01a4fbb85f012541c6a1069fc1ac646885ee47a2e30e48cdfd60071a028f342cc2f0bb69a05e4b54f20fbccfae7e7c5890d5bec1e66b226244a1ace4386fdb60d60a9c461d205ddc19ad79fff29cd5a6a175365f47cb0277e694de61b32405d51bc0a3ad4f31852af4b1334b9274f7831e32d1a912d1b4508a4026b518f8d582f49bb3dbefaccf5f7a29fb5975897f14975ce691b4838e5a055f4444006250410af6fc529a0fe4eec53c86c0889ff5958f06d9931d64ea83b951bbc27b5ba4d15940848b60e1f3307386135a5e7052d7a2bd3449def362d6941a4b7238b7c127f6ee3595c02b3b01b34bc5b4ad612dd2871fa80130311517a2bad447ade07fbe8cf4c004b4d9a62df32255db4fdd0805cd33c9e3d008ffcfa140e0463e8b9b3b3219d35145bba92f1fe7aac504de78cb0570a6aa839464f7919e04b0af8a59ec3c93091f1565447ef6ed9ef6fe7d4c4e81183fd2160fda0c7eb62598fb64cbaf43ff454afbefacc037b8c7b260a1ed7fcbf1597854d055a6d4f97e6244bdddf6eb6c75130bc02f53133367607207dad0e859d95af025a1a9d5184d1b130cb9098649136794f2e46d280c3a78e5ab7090ad3418d2362c9e92def454a26d308e2ddecfa3145d3242194c99177f0ed1c3029db9d9334e2f0a98479a45a25934c8d967b2c500577badeb570c8f9fbb261e641a423de42f69d637bc733d5178dc197bd418367e193660fa2bef47aa1c811917c1bc4e934359893d2a8927159feec4b35fe86c322a56477ed63e826159d373f9a9d44d4c9a76fbbd46952a11844e959913b5d672465ddbb4db6c573c69d9606d4f0338099f449f19e5ae0ee8cc4e084df37dd19fd33c51a0ae8455e6455fcc519e8aa1295844bda9213ed3c94294cdb06f865af9d6a02447b691c82de1c1166dcca92d5c7f2e2274f5bf17a0d04d68b1da859ff67a4d02bb574e183fb8e8b25a7fbda95b33966acb01066dee9cea818b5151e26703bc5692431240e61765b4ad60af78b5e51283cc5a734e3077e453b89d5195c8df1d8f85c243f3bb2bd94960354e437984e5d5b24b9b518f020b67295a1694d7f414589b744233c5f16e72a982aeab53e204ba194be6b2c205c15372574647af743789fdc33ee48686f1c6677094314a258c2cdc9822b0ba191afb69e8df6a0e77d678af090c4ad772b2211db9bbb607a45b757e6eafb4051de898ec610f08ece34672933b3a8a5ec6d453d681bd61a2a7d20bf3e18eca9372e09bff6b71dce6e50274dd91cb04d7a8ba5fd3201631dd", 0x1000}, {&(0x7f00000016c0)="b6e6ba4278b73aae5301d5c943c1c3ac186194b6161d1d9ceaca1a57b606545980717ce713a38498f559c407a54bdf57a183c9b9cd908a6a4c7daac9363859622b8bc17485a4f45b9f1ad5c3847615669600c2d4c03852b43c1277ab85ed81c7649e0f5e07c7e4e2cfaa49b6d86c6852febf8614363a739c155d73e9cb0492a63690c9e5a1f5809c507825c20986251e06b26365c094c9", 0x97}], 0x7, 0x0, 0x0, 0x8800}, 0x0) (async)

03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:16 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x60, 0x4000013, r2, 0x0)

[ 1547.257179][T24345] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1547.264972][T24345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1547.272782][T24345] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1547.280595][T24345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1547.288439][T24345] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1547.296222][T24345]  </TASK>
03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:16 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x3000000)

03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x2b, 0xfffffffc})

03:35:16 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x200}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000100)=0x11c020, 0x4) (async, rerun: 32)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)) (async, rerun: 32)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async, rerun: 32)
write$bt_hci(r2, &(0x7f0000001800)={0x1, @write_auth_payload_to={{0xc7c, 0x4}, {0xc9, 0x200}}}, 0x8) (rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x11, r3, 0x10000000)
sendmsg$xdp(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, 0x4, 0x0, 0x3}, 0x10, &(0x7f0000001780)=[{&(0x7f00000002c0)="48197e2bf40086940cbbc7ba192b805b0c23541c159d727950e8445f649654fb7f93018087d4b1b9476a7c0efda37a2a05e440b8706da9df33c14bd7bdeba775d88488571e749d122fc6f74e6820d2056357717e21af00ba8bf143c64f299a149c943edab9667e3920", 0x69}, {&(0x7f0000000340)="490bd57ad6def4d0fbce4e770e5c3d4f5533dc44e07f47cf8c8955b9822d62079b1710d39174bf482298bd51ef87a2aa88ea33995a97fe5285ef61f9c1863ff4ebb609e94d8f1b412abb13f7b95a45ec636eeb712c0fcf40a2da208eebd4bd29df6ede4582e07840b4eb986d120d91b84f18fbbd71c68c1903038e2e6f99dd2e8d7d658fdab361b95fe7d880746e16f0183a73e6d7711e9c6fd1def6b315629e04e46696b4b53e8148f2f75e6184b2093f8e783b2816bb9452e3ec14618ddf816e971a5fb75a5b85fe611e9459a704325440244074d1117971c82d72c4f8d006e1248509e3979fc37d3abff43529", 0xee}, {&(0x7f0000000440)="9ddcd281d12dad74545320e985be4c2135ec1b79aa6c457c2f7c070eb8bb044d1f8ddb8a6a23847b36c318cbfb9d0fa8952fb313afa3a0cc0c4e337894cfd8fe6d4820f699e8b5797a7be4e80fb8e1248aceed79329afd1fc31576e579f314e6d5f180b6a96199d18a59e3bb02a0a1e440619c95ebfa98dbd225818bceeee7b1ec0effb9160ebfa92b114b82221ecd4d19e49700f3303da3a824d98bfefbc68a9f65cb9693dc2e7052fa0218337fa3970076612dc9db65f58cc1ee8fccdcfd53ec9b14bc0e87f3761dca36d576602752885d35a32c7995", 0xd7}, {&(0x7f0000000540)="5a9b79a191042fc4bad069cfc36834b4e9d4967f7e39ba886ad760511d70d5f00c543ac99bd3248ece2262c294c303cfccaffde38bf057f9e9f5d5ee424ae7cea4082de523e375306bae7b2af3192ee9c4728bc7b8a8c74993bfcb2294f12415f7da17d25afb4f0b08379c06c1146a1f7dfa6fe237f9d073ab7768170a647a3407d52bd5080bbf9f", 0x88}, {&(0x7f0000000600)="0c53639efc350960673c1fbc4fc85fab7a5c6720026740f851f6d4c085411cdcbb8721318ca7afeed589fec2c09f73785e3157677d00d225cda7b781b33e2fff46b62c04a2e660caf3e67d9488b35ab1d507ea844ab45c5d20e3128272a371fd097d40151badc34cf5bc6b31321ef5344e3bdf0f8bdc43662fb03f4d46cefb30457d98b442f7f478a82f0e69be9e6d31232fab41b52857eb8698b8aca160dcf5fcc0ee4ecba322b6d8cd7f3abb428361e30a87ba613050", 0xb7}, {&(0x7f00000006c0)="19699222ffb069402537fb3031e7af53bafdd4e7c60a01285437c2426b76bd1cf9cc08be64d144945c1e96daefab1db47f8158ef9fd75f83fcd45f54a76c34b9d5d5a3f47da5158c5fb89b1e8c9378f63df7da1914edfd8883e0a50beec465b55cad97da32832ff5932b38ce62dd08f98c047398f1c07c88947065043b7ec6d3f746e2b7385c2ed8abd34b650f8a07f132856e2d70c9fc6579427a886054ded9bc6e153f5cbc4ba791436705b6fdfe0424731f078f6c95e5506596a67bb134a6a97a31eb3403f3f867f05a0dff61347cc924e547c22b6de826bd8ecef6ef3f33ce743554324a609381a643cd5bd78f1e982f0ece29b85af14daf3d5b6fffb32cba1b4e77500a55592851f037a7b18958ab779e364e79459054ae9196a9d379b3827eb7a55195cd695d082097d8ebf4f6d68237e01eb5eeb5694c2beb15b946f0d80d4f7b51616c2287cca10f518bf82410cfbe98c96be860742e5ca44c71b65b6b6e6389943fe016b76ca41796b67d0d7da64056a65417211aa92313e535380449980daa34f78291f2b3ed60741db6c0a46bf25a2050669353e0da2091e59212b1d1efefe57d1d6003767784e8c790fe950c3674ead719b3c794aaa8fe08f3d3c4a9b53ce34af3b716dd0c4695503b33686919a46493354b5fe5f02c32cc09ebfd7c62144608e29aedc8a3ef98e9d6bcc757278f0608514a17cb5a9f2b7cbaa1a00ad27fcc33369b07685c00a765bb1f5eec3943ab9f463469b32e349dd661c9a6f2459a6693f7de4497a6860f5102881d411d25d774c578aa123178825f83ada377e214d51a76dc0335f04da1ee87c62a934fd2dd346cf4dce8fdf27158ae128ea3f1be4933ac0e98705e8d8cfbc57159405629939568354e79af0f8e54d277da8564a428ebe8743fb08412bf02e9b785a287ac82937b7f66510895cda8d78c95475f6fff35ddc64beefe67b40adbd00a8cea04dce206a041a98266494d7dedac2de769f71acdacde00620c85070180d83842a6fc60d288277be147c45c23327a4b205100926be01fab4a00b73abe3b716ba9d3de436d5bdc6850044377c2932bdd97844b51afe38d7fd1119d2a81de15c01261ec611886009d0fd7b1dc0b64998fd86e479f97ae24c3c12e96d2532bee8c3907c6d47c1d9bd3659c764e84d1fc52964f703708461eeedf8d4f117d1cdcb1460ccc300cc48c40905f4c551a41e2790aa0dd328e9546cd20a4a4fbb159892dda3f388fc300bc2a06086105af48f011e5a7bf61ffc53e6e1088fb824aa9f91166825a16a052c06a9c99cc05f3c2c4d41dd80eeeb5024b07605a21c5cde85b54e029dae79651f4a7924ad96b65473e6e157f43bdf9bd0ce5c1181cc65bfa93ec848dbd0f3be75502134742bd0b4a18e5e2769d7ff1c43b15db56657b1cc89d6ca540a26725bec1faccdce54a4c6f0c615b8e51fba471d254ed39ccd476589f6251815c640576773727cf1990fe4588cafdf5abdf182e630ce4a528ec0f74ceb3333c017cebf79315f0f3fa9fbd50a851a18010a86e69e63fc3fe854c0a4c2824e29d57c2811f12798e0b090ab31e26ae31123f02cc132de94138c40875782d1cbdb63f2366f7487402bd7b05c5574ccfc740d22f6d089863b0165a638dcc890d36bd1b84d9aad76fe793e77e2fee21dc253c9dd0f3a487b1b83e8753cc1e5514a7fb0d7be292eb48fad2b2cfd75b8c4c13295d86f62ec153351e469fddbe889498a915acf34737bcf54f6dee3e3580f791ac78a6837b98d915d34a2b7590ec9f92640a19fe581643aaa8fe3d07b20ffddca5767f2d71adbf6181e6c11a57fbf7663871579be51a54ba368749c1228586cb499c2911e476da44add61b11d67eca70fa557e683faa4554a9014c1f8ac0ef0434cf6d5d0aa3de16a82eb9da2fbc52257fc47d044ad23743067648df3529c0a92eef07a50f9ee48b2b358ae8c8df38101d745889ccb13dc1f314d06d0f07068a0556d7d28bbb09a3988fce31b3e485d78d144f4c08dcfeff2664de348a1f205da7f423cbf798b7fc36a4659a0ca067e8f26daa9480e518110593a195ae9760b4842d9b1028600bed9ece63296188668b4bb82087b259c85b9624f5e7cdd06d3c570a147131b64844f0d2b8983747e67aebc218f944e53472e1d83ded39650a78a153c01b4a60779dcc6ecb256306ef27b78d0dd022193f0a3bec4c0959c51176a9f66a15a8cbdb6dd6fde343540f09138958d71167e68a22866ae26629bc61400e794742a355869bba241d14bdf7652fa79cf52b1e046fbafcf27a28e79118e0767a68efd69fbf7010daeda17f987b410593f47d1d46c6b3a4bb34d07093dc2ebbfd8d86edd995e2e9e024453cc23b428b8142ce65a1abfd9d384d1ed9058505e73683b933489ffc85736e2b5daf01bdb5697643de7026c206405883c1bad17a28f439bdc2692650d60d0919c2ca5517f3a89493599d62c968a494bb753050a65e7a25291f1509deb5fab1c271db072b58dce3be48a19ddb2b6f01a6b9136d2217bbb6bc81f59e72fa34a55c434e0c05861d355207925a4a509b4627b1af1918843e833c92754f5e50dac90b91ee5ebb8b55e9b14c64c02bdac53b18c34ca0b68c2fdb52aa40fb5d6cb2df7253c94fc54a2778a059e7002f9af72cd024bbd30aa626ca67d8de66f0a1bd0dd224def75052cd164e092b59f6f8599c0f270663c4de2fa4d8f4f78b738ac0cd0a4e3b04d6843965cc31322d3fe335ffaf052bc77012f9df4c7244b8532b57137ddb2b2a04ca653ace8b6a8ca573cd53a4541d5830acbd0e86e2c2fb51f891292062facaefee807d056fff2a1965a67b1821c8555a6dcb7a1f4e6240fb5936d547a0fa08debbadc72e051d153043942f3ce29139ae1f7ca7db57009ed38090090d4621fc5f8fc15036a29906a3069bc953f3a3029033212d5eb3127ff818b4c4a8b0183b65d1a5c636955bd1e68346c297dbff2ab5c59fc71a6794a8b1fd935e7360a9c78b78a5292038dfb3dc36aaa019d85d42f0190a43c200d185cc9d661d90d613e28b97b3f7ec8018e8a1ddedc667983654a046bce2be19e59830f4db9cf11f311aec1db5410bbe7f1912de6d26f6c7af7b1250cb7c0922b7cee863014abda66b5a6e0c0824fe51e1feb446a680fa0ef30ca07f3254116d4bdb9c80606fd23ccf5f5ec3a03a2ccda876a00d2c619ab43f2886ec7b076ade05e114f98aecb7da5c0be1dbaf99e0c1f960de33a755af4c2500ef143e67fa76a41a9aa3b1bf8cebe44eef1796bf854c7dc3a414d814cbc8189b2454c87f129fc8eadcb10fb58c1e48bbf639c7b487fb15dce79cad703ad800be9adff6cee54c9e3a86e035093373e22a8291a95e10bc0470d420ff391786cdccdf472e61aa15d651ad11db06e367e463c80d4e5d4a555a1bd567e48dcf3ff02c67c91bef8a62cf77397ca7f95755f6f1e0f62f6e2f23da1073f630f3603ebfe7a61cf908eb4cbadd86c4bde079bf1675c63ac86bd6f022e669df90d16e787a750194d66ffddcb7d2a0715379a4d905445e6e95815e3cc642d3f51d7096d8a0943d8e68782f24581c0161da37b0d5b815adc05248389d0c44c54af939f2e2a1cc1edabbfc0b24794d8b35462431da7729cb554e0df26403498e68f65614aa4414faac251ca14848cebb353ef977c593078aa4d2ceef12cae250832c28d65573a228c1b3e702e93c11351e71f41035e1de7a47a725d30361ce7d1a0f71ebc4ac904afe3985b5105ad8f0652a0d8038822d5ba1976504441c7a5849db2ffa876a7596ea3bac115dd452348a2c8c3ee77b56fd0c8f5184e533b5fa803e3fd45680acb77fbd4ad6c3cc8b0e0654a35409054b604b451940caff96133165d7b8d702078ed17e8a6ca776ee84cffd20a8815b050db48cc3ef16c559b08e38ba11da2ea68a1b51549a43d5f736ae920e8fc7f38cb2f3cf7337ae3e6afa6e88d0ff6051ca65793d5b6bf06cf4a8c694b7e05d3d0fd926ffb94ded232d9332b5413224e717a9fda9607a3e3f9fcaeed7c993e40aa3d79be752e94abee9dce897d9adb6ee19f406ab3dacf4f3dfdbda70e4023361547ed85b94a8fc4a1a44dc7320413536d0f2b9afa19c771efc722fda9c5dcf139ca7e0bebfd233d3feedc979f5d598d4a7812320aa04cc2ef92b68ff684d434261ae5d9fc2a8273abceee1fa66653ea61535f4da759d231fba962f8a72b2b781033e61decd07da33a0ab0d406b2a21d5e4928fadef2f171cada8ef37493f9c3aca15dd2fc9e0c6c34b55685dcc6099aec2cf29a41626bf8efed55887901008cc0e9cba898078745449ed66a2f24c4faf99a9abfbbbc0f18bc42fb84e019016d618052ee5134c8dd6d5d43897022f5ad33ea4b096fc9505c0c39fe7ab5a1a386846853f7f079c41801395e75e6da2347848313f1416764266bf4ab62047af65cb9bda474fe4dbb938b82ad51462c7a400802e3ad467b82149d64f8b01a4fbb85f012541c6a1069fc1ac646885ee47a2e30e48cdfd60071a028f342cc2f0bb69a05e4b54f20fbccfae7e7c5890d5bec1e66b226244a1ace4386fdb60d60a9c461d205ddc19ad79fff29cd5a6a175365f47cb0277e694de61b32405d51bc0a3ad4f31852af4b1334b9274f7831e32d1a912d1b4508a4026b518f8d582f49bb3dbefaccf5f7a29fb5975897f14975ce691b4838e5a055f4444006250410af6fc529a0fe4eec53c86c0889ff5958f06d9931d64ea83b951bbc27b5ba4d15940848b60e1f3307386135a5e7052d7a2bd3449def362d6941a4b7238b7c127f6ee3595c02b3b01b34bc5b4ad612dd2871fa80130311517a2bad447ade07fbe8cf4c004b4d9a62df32255db4fdd0805cd33c9e3d008ffcfa140e0463e8b9b3b3219d35145bba92f1fe7aac504de78cb0570a6aa839464f7919e04b0af8a59ec3c93091f1565447ef6ed9ef6fe7d4c4e81183fd2160fda0c7eb62598fb64cbaf43ff454afbefacc037b8c7b260a1ed7fcbf1597854d055a6d4f97e6244bdddf6eb6c75130bc02f53133367607207dad0e859d95af025a1a9d5184d1b130cb9098649136794f2e46d280c3a78e5ab7090ad3418d2362c9e92def454a26d308e2ddecfa3145d3242194c99177f0ed1c3029db9d9334e2f0a98479a45a25934c8d967b2c500577badeb570c8f9fbb261e641a423de42f69d637bc733d5178dc197bd418367e193660fa2bef47aa1c811917c1bc4e934359893d2a8927159feec4b35fe86c322a56477ed63e826159d373f9a9d44d4c9a76fbbd46952a11844e959913b5d672465ddbb4db6c573c69d9606d4f0338099f449f19e5ae0ee8cc4e084df37dd19fd33c51a0ae8455e6455fcc519e8aa1295844bda9213ed3c94294cdb06f865af9d6a02447b691c82de1c1166dcca92d5c7f2e2274f5bf17a0d04d68b1da859ff67a4d02bb574e183fb8e8b25a7fbda95b33966acb01066dee9cea818b5151e26703bc5692431240e61765b4ad60af78b5e51283cc5a734e3077e453b89d5195c8df1d8f85c243f3bb2bd94960354e437984e5d5b24b9b518f020b67295a1694d7f414589b744233c5f16e72a982aeab53e204ba194be6b2c205c15372574647af743789fdc33ee48686f1c6677094314a258c2cdc9822b0ba191afb69e8df6a0e77d678af090c4ad772b2211db9bbb607a45b757e6eafb4051de898ec610f08ece34672933b3a8a5ec6d453d681bd61a2a7d20bf3e18eca9372e09bff6b71dce6e50274dd91cb04d7a8ba5fd3201631dd", 0x1000}, {&(0x7f00000016c0)="b6e6ba4278b73aae5301d5c943c1c3ac186194b6161d1d9ceaca1a57b606545980717ce713a38498f559c407a54bdf57a183c9b9cd908a6a4c7daac9363859622b8bc17485a4f45b9f1ad5c3847615669600c2d4c03852b43c1277ab85ed81c7649e0f5e07c7e4e2cfaa49b6d86c6852febf8614363a739c155d73e9cb0492a63690c9e5a1f5809c507825c20986251e06b26365c094c9", 0x97}], 0x7, 0x0, 0x0, 0x8800}, 0x0)

03:35:16 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x4000000)

03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x7}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1547.338586][T24355] FAULT_INJECTION: forcing a failure.
[ 1547.338586][T24355] name failslab, interval 1, probability 0, space 0, times 0
[ 1547.413187][T24355] CPU: 0 PID: 24355 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1547.423272][T24355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1547.433164][T24355] Call Trace:
[ 1547.436289][T24355]  <TASK>
[ 1547.439067][T24355]  dump_stack_lvl+0x151/0x1b7
[ 1547.443578][T24355]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1547.448881][T24355]  dump_stack+0x15/0x17
[ 1547.452865][T24355]  should_fail+0x3c0/0x510
[ 1547.457118][T24355]  __should_failslab+0x9f/0xe0
[ 1547.461716][T24355]  should_failslab+0x9/0x20
[ 1547.466058][T24355]  kmem_cache_alloc+0x4f/0x2f0
[ 1547.470660][T24355]  ? vm_area_dup+0x26/0x1d0
[ 1547.475000][T24355]  vm_area_dup+0x26/0x1d0
[ 1547.479166][T24355]  dup_mmap+0x6b8/0xea0
[ 1547.483156][T24355]  ? __delayed_free_task+0x20/0x20
[ 1547.488103][T24355]  ? mm_init+0x807/0x960
[ 1547.492184][T24355]  dup_mm+0x91/0x330
[ 1547.495913][T24355]  copy_mm+0x108/0x1b0
[ 1547.499819][T24355]  copy_process+0x1295/0x3250
[ 1547.504336][T24355]  ? proc_fail_nth_write+0x213/0x290
[ 1547.509455][T24355]  ? proc_fail_nth_read+0x220/0x220
[ 1547.514490][T24355]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1547.519434][T24355]  ? vfs_write+0x9af/0x1050
[ 1547.523779][T24355]  kernel_clone+0x22d/0x990
[ 1547.528112][T24355]  ? file_end_write+0x1b0/0x1b0
[ 1547.532832][T24355]  ? __kasan_check_write+0x14/0x20
[ 1547.537753][T24355]  ? create_io_thread+0x1e0/0x1e0
[ 1547.542611][T24355]  ? __mutex_lock_slowpath+0x10/0x10
[ 1547.547737][T24355]  __x64_sys_clone+0x289/0x310
[ 1547.552337][T24355]  ? __do_sys_vfork+0x130/0x130
[ 1547.557018][T24355]  ? debug_smp_processor_id+0x17/0x20
[ 1547.562227][T24355]  do_syscall_64+0x44/0xd0
[ 1547.566506][T24355]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1547.572294][T24355] RIP: 0033:0x7fed39e510c9
[ 1547.576560][T24355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1547.596007][T24355] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1547.604230][T24355] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1547.612057][T24355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1547.619853][T24355] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1547.627663][T24355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1547.635480][T24355] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1547.643306][T24355]  </TASK>
03:35:16 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)

03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x11}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:16 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0xffff8000)

03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x32, 0xfffffffc})

03:35:16 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x3494, &(0x7f0000000100)={0x0, 0x14f4, 0x200, 0x1, 0x107}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:16 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf0, 0x4000013, r2, 0x0)

03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x34, 0xfffffffc})

03:35:16 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
syz_io_uring_setup(0x3494, &(0x7f0000000100)={0x0, 0x14f4, 0x200, 0x1, 0x107}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x18}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:16 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0xffffc000)

03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x41, 0xfffffffc})

03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x204}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1547.742699][T24395] FAULT_INJECTION: forcing a failure.
[ 1547.742699][T24395] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1547.793584][T24395] CPU: 1 PID: 24395 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1547.803668][T24395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1547.813563][T24395] Call Trace:
[ 1547.816769][T24395]  <TASK>
[ 1547.819546][T24395]  dump_stack_lvl+0x151/0x1b7
[ 1547.824059][T24395]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1547.829356][T24395]  dump_stack+0x15/0x17
[ 1547.833345][T24395]  should_fail+0x3c0/0x510
[ 1547.837600][T24395]  should_fail_alloc_page+0x58/0x70
[ 1547.842639][T24395]  __alloc_pages+0x1de/0x7c0
[ 1547.847064][T24395]  ? __count_vm_events+0x30/0x30
[ 1547.851835][T24395]  ? __this_cpu_preempt_check+0x13/0x20
[ 1547.857229][T24395]  ? __mod_node_page_state+0xac/0xf0
[ 1547.862423][T24395]  pte_alloc_one+0x73/0x1b0
[ 1547.866762][T24395]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1547.871794][T24395]  __pte_alloc+0x86/0x350
[ 1547.875966][T24395]  ? free_pgtables+0x210/0x210
[ 1547.880559][T24395]  ? _raw_spin_lock+0xa3/0x1b0
[ 1547.885158][T24395]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1547.890370][T24395]  copy_pte_range+0x1b1f/0x20b0
[ 1547.895060][T24395]  ? __kunmap_atomic+0x80/0x80
[ 1547.899739][T24395]  ? track_pfn_copy+0x21d/0x280
[ 1547.904425][T24395]  ? phys_mem_access_prot_allowed+0x130/0x130
[ 1547.910462][T24395]  ? copy_mm+0x108/0x1b0
[ 1547.914541][T24395]  ? kernel_clone+0x22d/0x990
[ 1547.919079][T24395]  ? __x64_sys_clone+0x289/0x310
[ 1547.923837][T24395]  ? do_syscall_64+0x44/0xd0
[ 1547.928253][T24395]  copy_page_range+0xc1e/0x1090
[ 1547.932945][T24395]  ? pfn_valid+0x1e0/0x1e0
[ 1547.937196][T24395]  dup_mmap+0x99f/0xea0
[ 1547.941185][T24395]  ? __delayed_free_task+0x20/0x20
[ 1547.946131][T24395]  ? mm_init+0x807/0x960
[ 1547.950207][T24395]  dup_mm+0x91/0x330
[ 1547.953944][T24395]  copy_mm+0x108/0x1b0
[ 1547.957850][T24395]  copy_process+0x1295/0x3250
[ 1547.962365][T24395]  ? proc_fail_nth_write+0x213/0x290
[ 1547.967483][T24395]  ? proc_fail_nth_read+0x220/0x220
[ 1547.972516][T24395]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1547.977464][T24395]  ? vfs_write+0x9af/0x1050
[ 1547.981808][T24395]  kernel_clone+0x22d/0x990
[ 1547.986145][T24395]  ? file_end_write+0x1b0/0x1b0
[ 1547.990831][T24395]  ? __kasan_check_write+0x14/0x20
[ 1547.995775][T24395]  ? create_io_thread+0x1e0/0x1e0
[ 1548.000656][T24395]  ? __mutex_lock_slowpath+0x10/0x10
[ 1548.005763][T24395]  __x64_sys_clone+0x289/0x310
[ 1548.010364][T24395]  ? __do_sys_vfork+0x130/0x130
[ 1548.015049][T24395]  ? debug_smp_processor_id+0x17/0x20
[ 1548.020252][T24395]  do_syscall_64+0x44/0xd0
[ 1548.024505][T24395]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1548.030229][T24395] RIP: 0033:0x7fed39e510c9
[ 1548.034485][T24395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1548.053927][T24395] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1548.062172][T24395] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1548.069992][T24395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1548.077793][T24395] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1548.085605][T24395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:16 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)

03:35:16 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0xffffffffffffd)

03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x42, 0xfffffffc})

03:35:16 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x3494, &(0x7f0000000100)={0x0, 0x14f4, 0x200, 0x1, 0x107}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x402}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1548.093607][T24395] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1548.101402][T24395]  </TASK>
03:35:16 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf00, 0x4000013, r2, 0x0)

03:35:16 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x406}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x204, 0xfffffffc})

03:35:16 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x60000000000000)

03:35:16 executing program 2:
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080))
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0xeb5, &(0x7f0000000000)={0x0, 0x1ef1, 0x0, 0x0, 0x100, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)={0x0, [0x7, 0x80], 0x1}, 0x10)

[ 1548.168066][T24427] FAULT_INJECTION: forcing a failure.
[ 1548.168066][T24427] name failslab, interval 1, probability 0, space 0, times 0
[ 1548.198493][T24427] CPU: 1 PID: 24427 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1548.208568][T24427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1548.218462][T24427] Call Trace:
[ 1548.221589][T24427]  <TASK>
[ 1548.224361][T24427]  dump_stack_lvl+0x151/0x1b7
[ 1548.228882][T24427]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1548.234173][T24427]  dump_stack+0x15/0x17
[ 1548.238164][T24427]  should_fail+0x3c0/0x510
[ 1548.242417][T24427]  ? mm_init+0x392/0x960
[ 1548.246495][T24427]  __should_failslab+0x9f/0xe0
[ 1548.251096][T24427]  should_failslab+0x9/0x20
[ 1548.255437][T24427]  kmem_cache_alloc_trace+0x4a/0x310
[ 1548.260560][T24427]  mm_init+0x392/0x960
[ 1548.264460][T24427]  dup_mm+0x7d/0x330
[ 1548.268192][T24427]  copy_mm+0x108/0x1b0
[ 1548.272102][T24427]  copy_process+0x1295/0x3250
[ 1548.276613][T24427]  ? proc_fail_nth_write+0x213/0x290
[ 1548.281738][T24427]  ? proc_fail_nth_read+0x220/0x220
[ 1548.286766][T24427]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1548.291711][T24427]  ? vfs_write+0x9af/0x1050
[ 1548.296052][T24427]  kernel_clone+0x22d/0x990
[ 1548.300393][T24427]  ? file_end_write+0x1b0/0x1b0
[ 1548.305078][T24427]  ? __kasan_check_write+0x14/0x20
[ 1548.310060][T24427]  ? create_io_thread+0x1e0/0x1e0
[ 1548.314889][T24427]  ? __mutex_lock_slowpath+0x10/0x10
[ 1548.320094][T24427]  __x64_sys_clone+0x289/0x310
[ 1548.324693][T24427]  ? __do_sys_vfork+0x130/0x130
[ 1548.329383][T24427]  ? debug_smp_processor_id+0x17/0x20
[ 1548.334587][T24427]  do_syscall_64+0x44/0xd0
[ 1548.338841][T24427]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1548.344656][T24427] RIP: 0033:0x7fed39e510c9
[ 1548.348910][T24427] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:16 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x300, 0xfffffffc})

03:35:16 executing program 2:
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080))
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0xeb5, &(0x7f0000000000)={0x0, 0x1ef1, 0x0, 0x0, 0x100, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)={0x0, [0x7, 0x80], 0x1}, 0x10)

03:35:17 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)

03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x402, 0xfffffffc})

03:35:17 executing program 2:
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080))
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0xeb5, &(0x7f0000000000)={0x0, 0x1ef1, 0x0, 0x0, 0x100, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)={0x0, [0x7, 0x80], 0x1}, 0x10)
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0xeb5, &(0x7f0000000000)={0x0, 0x1ef1, 0x0, 0x0, 0x100, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)={0x0, [0x7, 0x80], 0x1}, 0x10) (async)

03:35:17 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x6000, 0x4000013, r2, 0x0)

03:35:17 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x80ffff00000000)

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x604}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1548.368348][T24427] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1548.376598][T24427] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1548.384410][T24427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1548.392216][T24427] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1548.400028][T24427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1548.407838][T24427] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1548.415657][T24427]  </TASK>
03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x700}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:17 executing program 2:
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000100)=""/105)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f00000012c0)=""/91)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f00000002c0)=""/4096)

03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x406, 0xfffffffc})

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x1100}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x604, 0xfffffffc})

03:35:17 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0xc0ffff00000000)

[ 1548.449026][T24461] FAULT_INJECTION: forcing a failure.
[ 1548.449026][T24461] name failslab, interval 1, probability 0, space 0, times 0
[ 1548.517239][T24461] CPU: 0 PID: 24461 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1548.527317][T24461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1548.538116][T24461] Call Trace:
[ 1548.541212][T24461]  <TASK>
[ 1548.543997][T24461]  dump_stack_lvl+0x151/0x1b7
[ 1548.548619][T24461]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1548.553901][T24461]  dump_stack+0x15/0x17
[ 1548.557896][T24461]  should_fail+0x3c0/0x510
[ 1548.562136][T24461]  ? mm_init+0x392/0x960
[ 1548.566212][T24461]  __should_failslab+0x9f/0xe0
[ 1548.570816][T24461]  should_failslab+0x9/0x20
[ 1548.575165][T24461]  kmem_cache_alloc_trace+0x4a/0x310
[ 1548.580272][T24461]  mm_init+0x392/0x960
[ 1548.584179][T24461]  dup_mm+0x7d/0x330
[ 1548.587911][T24461]  copy_mm+0x108/0x1b0
[ 1548.591818][T24461]  copy_process+0x1295/0x3250
[ 1548.596334][T24461]  ? proc_fail_nth_write+0x213/0x290
[ 1548.601450][T24461]  ? proc_fail_nth_read+0x220/0x220
[ 1548.606486][T24461]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1548.611440][T24461]  ? vfs_write+0x9af/0x1050
[ 1548.615788][T24461]  kernel_clone+0x22d/0x990
[ 1548.620109][T24461]  ? file_end_write+0x1b0/0x1b0
[ 1548.624796][T24461]  ? __kasan_check_write+0x14/0x20
[ 1548.629830][T24461]  ? create_io_thread+0x1e0/0x1e0
[ 1548.634693][T24461]  ? __mutex_lock_slowpath+0x10/0x10
[ 1548.639820][T24461]  __x64_sys_clone+0x289/0x310
[ 1548.644415][T24461]  ? __do_sys_vfork+0x130/0x130
[ 1548.649102][T24461]  ? debug_smp_processor_id+0x17/0x20
[ 1548.654310][T24461]  do_syscall_64+0x44/0xd0
[ 1548.658561][T24461]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1548.664292][T24461] RIP: 0033:0x7fed39e510c9
[ 1548.668542][T24461] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1548.688070][T24461] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1548.696316][T24461] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1548.704127][T24461] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:17 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)

03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x700, 0xfffffffc})

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x1800}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:17 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x100000000000000)

03:35:17 executing program 2:
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000100)=""/105) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f00000012c0)=""/91)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f00000002c0)=""/4096)

03:35:17 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x600000, 0x4000013, r2, 0x0)

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x1000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x900, 0xfffffffc})

[ 1548.711938][T24461] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1548.719747][T24461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1548.727559][T24461] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1548.735372][T24461]  </TASK>
03:35:17 executing program 2:
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000100)=""/105) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f00000012c0)=""/91)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f00000002c0)=""/4096)

03:35:17 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x200000000000000)

03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x1400, 0xfffffffc})

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x2000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1548.780496][T24494] FAULT_INJECTION: forcing a failure.
[ 1548.780496][T24494] name failslab, interval 1, probability 0, space 0, times 0
[ 1548.814439][T24494] CPU: 0 PID: 24494 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1548.824514][T24494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1548.834493][T24494] Call Trace:
[ 1548.837618][T24494]  <TASK>
[ 1548.840394][T24494]  dump_stack_lvl+0x151/0x1b7
[ 1548.844908][T24494]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1548.850206][T24494]  dump_stack+0x15/0x17
[ 1548.854198][T24494]  should_fail+0x3c0/0x510
[ 1548.858447][T24494]  __should_failslab+0x9f/0xe0
[ 1548.863048][T24494]  should_failslab+0x9/0x20
[ 1548.867387][T24494]  kmem_cache_alloc+0x4f/0x2f0
[ 1548.871989][T24494]  ? vm_area_dup+0x26/0x1d0
[ 1548.876327][T24494]  vm_area_dup+0x26/0x1d0
[ 1548.880492][T24494]  dup_mmap+0x6b8/0xea0
[ 1548.884493][T24494]  ? __delayed_free_task+0x20/0x20
[ 1548.889432][T24494]  ? mm_init+0x807/0x960
[ 1548.893512][T24494]  dup_mm+0x91/0x330
[ 1548.897251][T24494]  copy_mm+0x108/0x1b0
[ 1548.901152][T24494]  copy_process+0x1295/0x3250
[ 1548.905666][T24494]  ? proc_fail_nth_write+0x213/0x290
[ 1548.910783][T24494]  ? proc_fail_nth_read+0x220/0x220
[ 1548.915819][T24494]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1548.920851][T24494]  ? vfs_write+0x9af/0x1050
[ 1548.925192][T24494]  kernel_clone+0x22d/0x990
[ 1548.929530][T24494]  ? file_end_write+0x1b0/0x1b0
[ 1548.934301][T24494]  ? __kasan_check_write+0x14/0x20
[ 1548.939250][T24494]  ? create_io_thread+0x1e0/0x1e0
[ 1548.944109][T24494]  ? __mutex_lock_slowpath+0x10/0x10
[ 1548.949233][T24494]  __x64_sys_clone+0x289/0x310
[ 1548.953833][T24494]  ? __do_sys_vfork+0x130/0x130
[ 1548.958518][T24494]  ? debug_smp_processor_id+0x17/0x20
[ 1548.963730][T24494]  do_syscall_64+0x44/0xd0
[ 1548.967978][T24494]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1548.973733][T24494] RIP: 0033:0x7fed39e510c9
[ 1548.977962][T24494] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1548.997404][T24494] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1549.005646][T24494] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1549.013464][T24494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1549.021267][T24494] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
03:35:17 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)

03:35:17 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000080)=""/16)

03:35:17 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x80ffff, 0x4000013, r2, 0x0)

03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x2b00, 0xfffffffc})

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x2040000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:17 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x300000000000000)

[ 1549.029082][T24494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1549.036986][T24494] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1549.044799][T24494]  </TASK>
03:35:17 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x3200, 0xfffffffc})

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x6040000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:17 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x400000000000000)

03:35:17 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000080)=""/16)

03:35:17 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x7000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1549.079083][T24521] FAULT_INJECTION: forcing a failure.
[ 1549.079083][T24521] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.115463][T24521] CPU: 0 PID: 24521 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
03:35:17 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000080)=""/16)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000080)=""/16) (async)

[ 1549.125539][T24521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1549.135434][T24521] Call Trace:
[ 1549.138569][T24521]  <TASK>
[ 1549.141335][T24521]  dump_stack_lvl+0x151/0x1b7
[ 1549.145853][T24521]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1549.151143][T24521]  dump_stack+0x15/0x17
[ 1549.155240][T24521]  should_fail+0x3c0/0x510
[ 1549.159492][T24521]  __should_failslab+0x9f/0xe0
[ 1549.164093][T24521]  should_failslab+0x9/0x20
[ 1549.168431][T24521]  kmem_cache_alloc+0x4f/0x2f0
[ 1549.173031][T24521]  ? vm_area_dup+0x26/0x1d0
[ 1549.177372][T24521]  vm_area_dup+0x26/0x1d0
[ 1549.181538][T24521]  dup_mmap+0x6b8/0xea0
[ 1549.185533][T24521]  ? __delayed_free_task+0x20/0x20
[ 1549.191410][T24521]  ? mm_init+0x807/0x960
[ 1549.195487][T24521]  dup_mm+0x91/0x330
[ 1549.199213][T24521]  copy_mm+0x108/0x1b0
[ 1549.203124][T24521]  copy_process+0x1295/0x3250
[ 1549.207651][T24521]  ? proc_fail_nth_write+0x213/0x290
[ 1549.212757][T24521]  ? proc_fail_nth_read+0x220/0x220
[ 1549.217796][T24521]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1549.222737][T24521]  ? vfs_write+0x9af/0x1050
[ 1549.227079][T24521]  kernel_clone+0x22d/0x990
[ 1549.231416][T24521]  ? file_end_write+0x1b0/0x1b0
[ 1549.236100][T24521]  ? __kasan_check_write+0x14/0x20
[ 1549.241050][T24521]  ? create_io_thread+0x1e0/0x1e0
[ 1549.245908][T24521]  ? __mutex_lock_slowpath+0x10/0x10
[ 1549.251376][T24521]  __x64_sys_clone+0x289/0x310
[ 1549.255976][T24521]  ? __do_sys_vfork+0x130/0x130
[ 1549.260661][T24521]  ? debug_smp_processor_id+0x17/0x20
[ 1549.265878][T24521]  do_syscall_64+0x44/0xd0
[ 1549.270125][T24521]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1549.275857][T24521] RIP: 0033:0x7fed39e510c9
[ 1549.280187][T24521] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1549.299637][T24521] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1549.307873][T24521] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1549.315682][T24521] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:18 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)

03:35:18 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x11000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:18 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x4, 0x2e, 0x2, 0x2, 0xb, 0x4, 0x2, 0x118, 0x1})

03:35:18 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xb0ff20, 0x4000013, r2, 0x0)

03:35:18 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0xfdffffffffff0f00)

03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x3400, 0xfffffffc})

[ 1549.323498][T24521] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1549.331315][T24521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1549.339213][T24521] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1549.347112][T24521]  </TASK>
03:35:18 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async, rerun: 64)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x4, 0x2e, 0x2, 0x2, 0xb, 0x4, 0x2, 0x118, 0x1}) (rerun: 64)

03:35:18 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x4000, 0xfffffffc})

03:35:18 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x18000000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:18 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x4, 0x2e, 0x2, 0x2, 0xb, 0x4, 0x2, 0x118, 0x1})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x4, 0x2e, 0x2, 0x2, 0xb, 0x4, 0x2, 0x118, 0x1}) (async)

[ 1549.387749][T24560] FAULT_INJECTION: forcing a failure.
[ 1549.387749][T24560] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.401088][T24560] CPU: 0 PID: 24560 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1549.411156][T24560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1549.421054][T24560] Call Trace:
[ 1549.424171][T24560]  <TASK>
[ 1549.426993][T24560]  dump_stack_lvl+0x151/0x1b7
[ 1549.431467][T24560]  ? bfq_pos_tree_add_move+0x43e/0x43e
03:35:18 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

[ 1549.436759][T24560]  dump_stack+0x15/0x17
[ 1549.440747][T24560]  should_fail+0x3c0/0x510
[ 1549.445005][T24560]  __should_failslab+0x9f/0xe0
[ 1549.449698][T24560]  should_failslab+0x9/0x20
[ 1549.454031][T24560]  kmem_cache_alloc+0x4f/0x2f0
[ 1549.458632][T24560]  ? vm_area_dup+0x26/0x1d0
[ 1549.462970][T24560]  ? __kasan_check_read+0x11/0x20
[ 1549.467835][T24560]  vm_area_dup+0x26/0x1d0
[ 1549.471998][T24560]  dup_mmap+0x6b8/0xea0
[ 1549.476337][T24560]  ? __delayed_free_task+0x20/0x20
[ 1549.481282][T24560]  ? mm_init+0x807/0x960
[ 1549.485359][T24560]  dup_mm+0x91/0x330
[ 1549.489093][T24560]  copy_mm+0x108/0x1b0
[ 1549.492999][T24560]  copy_process+0x1295/0x3250
[ 1549.497515][T24560]  ? proc_fail_nth_write+0x213/0x290
[ 1549.502633][T24560]  ? proc_fail_nth_read+0x220/0x220
[ 1549.507666][T24560]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1549.512613][T24560]  ? vfs_write+0x9af/0x1050
[ 1549.516954][T24560]  kernel_clone+0x22d/0x990
[ 1549.521292][T24560]  ? file_end_write+0x1b0/0x1b0
[ 1549.525978][T24560]  ? __kasan_check_write+0x14/0x20
[ 1549.530931][T24560]  ? create_io_thread+0x1e0/0x1e0
[ 1549.535818][T24560]  ? __mutex_lock_slowpath+0x10/0x10
[ 1549.540908][T24560]  __x64_sys_clone+0x289/0x310
[ 1549.546115][T24560]  ? __do_sys_vfork+0x130/0x130
[ 1549.550804][T24560]  ? debug_smp_processor_id+0x17/0x20
[ 1549.556449][T24560]  do_syscall_64+0x44/0xd0
[ 1549.563914][T24560]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1549.569662][T24560] RIP: 0033:0x7fed39e510c9
[ 1549.573976][T24560] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1549.593418][T24560] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1549.601660][T24560] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1549.609473][T24560] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1549.617373][T24560] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1549.625181][T24560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:18 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)

03:35:18 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:18 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xc0ffff, 0x4000013, r2, 0x0)

03:35:18 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10b102, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000000c0), 0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = syz_open_dev$mouse(&(0x7f0000000200), 0x4, 0x1)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000240)=0xa010, 0x4)
getsockopt$IP_SET_OP_GET_BYNAME(r2, 0x1, 0x53, &(0x7f0000000100)={0x6, 0x7, 'syz0\x00'}, &(0x7f00000001c0)=0x28)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000280), 0x4)
mknodat$null(r2, &(0x7f00000002c0)='./file0\x00', 0x8104, 0x103)
getsockname$packet(r1, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x46e)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x6c4, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140))

03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x4100, 0xfffffffc})

03:35:18 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)) (async, rerun: 32)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) (rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:18 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

[ 1549.632995][T24560] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1549.640895][T24560]  </TASK>
03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x4200, 0xfffffffc})

03:35:18 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10b102, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000000c0), 0x4) (async, rerun: 32)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 32)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
r3 = syz_open_dev$mouse(&(0x7f0000000200), 0x4, 0x1)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000240)=0xa010, 0x4)
getsockopt$IP_SET_OP_GET_BYNAME(r2, 0x1, 0x53, &(0x7f0000000100)={0x6, 0x7, 'syz0\x00'}, &(0x7f00000001c0)=0x28)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000280), 0x4) (async)
mknodat$null(r2, &(0x7f00000002c0)='./file0\x00', 0x8104, 0x103) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x46e) (async, rerun: 32)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x6c4, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)) (rerun: 32)

[ 1549.679840][T24595] FAULT_INJECTION: forcing a failure.
[ 1549.679840][T24595] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.718545][T24595] CPU: 0 PID: 24595 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x400000, 0xfffffffc})

03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x80ffff, 0xfffffffc})

03:35:18 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

[ 1549.728710][T24595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1549.738614][T24595] Call Trace:
[ 1549.741749][T24595]  <TASK>
[ 1549.744507][T24595]  dump_stack_lvl+0x151/0x1b7
[ 1549.749104][T24595]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1549.754408][T24595]  ? do_syscall_64+0x44/0xd0
[ 1549.758836][T24595]  dump_stack+0x15/0x17
[ 1549.762818][T24595]  should_fail+0x3c0/0x510
[ 1549.767079][T24595]  __should_failslab+0x9f/0xe0
[ 1549.771672][T24595]  should_failslab+0x9/0x20
[ 1549.776016][T24595]  kmem_cache_alloc+0x4f/0x2f0
[ 1549.780614][T24595]  ? anon_vma_clone+0xa1/0x4f0
[ 1549.785339][T24595]  anon_vma_clone+0xa1/0x4f0
[ 1549.789727][T24595]  anon_vma_fork+0x91/0x4f0
[ 1549.794064][T24595]  ? anon_vma_name+0x4c/0x70
[ 1549.798492][T24595]  dup_mmap+0x750/0xea0
[ 1549.802570][T24595]  ? __delayed_free_task+0x20/0x20
[ 1549.807604][T24595]  ? mm_init+0x807/0x960
[ 1549.811682][T24595]  dup_mm+0x91/0x330
[ 1549.815414][T24595]  copy_mm+0x108/0x1b0
[ 1549.819325][T24595]  copy_process+0x1295/0x3250
[ 1549.823834][T24595]  ? proc_fail_nth_write+0x213/0x290
[ 1549.828957][T24595]  ? proc_fail_nth_read+0x220/0x220
[ 1549.833990][T24595]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1549.839115][T24595]  ? vfs_write+0x9af/0x1050
[ 1549.843448][T24595]  kernel_clone+0x22d/0x990
[ 1549.847789][T24595]  ? file_end_write+0x1b0/0x1b0
[ 1549.852480][T24595]  ? __kasan_check_write+0x14/0x20
[ 1549.857508][T24595]  ? create_io_thread+0x1e0/0x1e0
[ 1549.862370][T24595]  ? __mutex_lock_slowpath+0x10/0x10
[ 1549.867496][T24595]  __x64_sys_clone+0x289/0x310
[ 1549.872090][T24595]  ? __do_sys_vfork+0x130/0x130
[ 1549.876779][T24595]  ? debug_smp_processor_id+0x17/0x20
[ 1549.881985][T24595]  do_syscall_64+0x44/0xd0
[ 1549.886410][T24595]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1549.892225][T24595] RIP: 0033:0x7fed39e510c9
[ 1549.896482][T24595] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1549.915917][T24595] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:18 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)

03:35:18 executing program 2:
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x10a00, 0x0)
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080))
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:18 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000180)={0x0, 0x353d}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
syz_io_uring_setup(0x2f2f, &(0x7f0000000100)={0x0, 0xb095, 0x100, 0x2, 0x121, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
getsockname$packet(r1, 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x8a081, 0x0)
ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f00000002c0)=""/4096)
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x5, &(0x7f0000000040)=[{0x7, 0x9, 0x4, 0x3}, {0x9, 0x20, 0x2, 0x5f}, {0x7fff, 0x5, 0x20, 0x80007}, {0x49ac, 0x7, 0x7e, 0x2384}, {0x1, 0x7f, 0xb6, 0x287de8c4}]})
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:18 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf0ff1f, 0x4000013, r2, 0x0)

03:35:18 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10b102, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000000c0), 0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = syz_open_dev$mouse(&(0x7f0000000200), 0x4, 0x1)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000240)=0xa010, 0x4)
getsockopt$IP_SET_OP_GET_BYNAME(r2, 0x1, 0x53, &(0x7f0000000100)={0x6, 0x7, 'syz0\x00'}, &(0x7f00000001c0)=0x28)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000280), 0x4)
mknodat$null(r2, &(0x7f00000002c0)='./file0\x00', 0x8104, 0x103)
getsockname$packet(r1, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x46e)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x6c4, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140))
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10b102, 0x0) (async)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000000c0), 0x4) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
syz_open_dev$mouse(&(0x7f0000000200), 0x4, 0x1) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000240)=0xa010, 0x4) (async)
getsockopt$IP_SET_OP_GET_BYNAME(r2, 0x1, 0x53, &(0x7f0000000100)={0x6, 0x7, 'syz0\x00'}, &(0x7f00000001c0)=0x28) (async)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000280), 0x4) (async)
mknodat$null(r2, &(0x7f00000002c0)='./file0\x00', 0x8104, 0x103) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x46e) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x6c4, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)) (async)

03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x1000000, 0xfffffffc})

03:35:18 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000180)={0x0, 0x353d}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
syz_io_uring_setup(0x2f2f, &(0x7f0000000100)={0x0, 0xb095, 0x100, 0x2, 0x121, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
getsockname$packet(r1, 0x0, 0x0) (async)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x8a081, 0x0)
ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f00000002c0)=""/4096) (async)
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x5, &(0x7f0000000040)=[{0x7, 0x9, 0x4, 0x3}, {0x9, 0x20, 0x2, 0x5f}, {0x7fff, 0x5, 0x20, 0x80007}, {0x49ac, 0x7, 0x7e, 0x2384}, {0x1, 0x7f, 0xb6, 0x287de8c4}]}) (async)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x1) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

[ 1549.924178][T24595] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1549.931972][T24595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1549.939794][T24595] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1549.947598][T24595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1549.955499][T24595] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1549.964234][T24595]  </TASK>
03:35:18 executing program 2:
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x10a00, 0x0)
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080))
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x10a00, 0x0) (async)
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:18 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000180)={0x0, 0x353d}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
syz_io_uring_setup(0x2f2f, &(0x7f0000000100)={0x0, 0xb095, 0x100, 0x2, 0x121, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))
getsockname$packet(r1, 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x8a081, 0x0)
ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f00000002c0)=""/4096)
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x5, &(0x7f0000000040)=[{0x7, 0x9, 0x4, 0x3}, {0x9, 0x20, 0x2, 0x5f}, {0x7fff, 0x5, 0x20, 0x80007}, {0x49ac, 0x7, 0x7e, 0x2384}, {0x1, 0x7f, 0xb6, 0x287de8c4}]})
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000180)={0x0, 0x353d}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
syz_io_uring_setup(0x2f2f, &(0x7f0000000100)={0x0, 0xb095, 0x100, 0x2, 0x121, 0x0, r2}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280)) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x8a081, 0x0) (async)
ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f00000002c0)=""/4096) (async)
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x5, &(0x7f0000000040)=[{0x7, 0x9, 0x4, 0x3}, {0x9, 0x20, 0x2, 0x5f}, {0x7fff, 0x5, 0x20, 0x80007}, {0x49ac, 0x7, 0x7e, 0x2384}, {0x1, 0x7f, 0xb6, 0x287de8c4}]}) (async)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x1) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:18 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/btbcm', 0x185100, 0x124)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x10000000)

03:35:18 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x2000000, 0xfffffffc})

03:35:18 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/btbcm', 0x185100, 0x124)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x10000000)

[ 1550.020223][T24638] FAULT_INJECTION: forcing a failure.
[ 1550.020223][T24638] name failslab, interval 1, probability 0, space 0, times 0
[ 1550.069989][T24638] CPU: 1 PID: 24638 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1550.080066][T24638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1550.089958][T24638] Call Trace:
[ 1550.093082][T24638]  <TASK>
[ 1550.095865][T24638]  dump_stack_lvl+0x151/0x1b7
[ 1550.100381][T24638]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1550.105670][T24638]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 1550.111916][T24638]  dump_stack+0x15/0x17
[ 1550.115911][T24638]  should_fail+0x3c0/0x510
[ 1550.120163][T24638]  __should_failslab+0x9f/0xe0
[ 1550.124762][T24638]  should_failslab+0x9/0x20
[ 1550.129100][T24638]  kmem_cache_alloc+0x4f/0x2f0
[ 1550.133708][T24638]  ? anon_vma_fork+0xf7/0x4f0
[ 1550.138219][T24638]  anon_vma_fork+0xf7/0x4f0
[ 1550.142553][T24638]  ? anon_vma_name+0x4c/0x70
[ 1550.146981][T24638]  dup_mmap+0x750/0xea0
[ 1550.151059][T24638]  ? __delayed_free_task+0x20/0x20
[ 1550.156007][T24638]  ? mm_init+0x807/0x960
[ 1550.160088][T24638]  dup_mm+0x91/0x330
[ 1550.163818][T24638]  copy_mm+0x108/0x1b0
[ 1550.167766][T24638]  copy_process+0x1295/0x3250
[ 1550.172246][T24638]  ? proc_fail_nth_write+0x213/0x290
[ 1550.177371][T24638]  ? proc_fail_nth_read+0x220/0x220
[ 1550.182397][T24638]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1550.187349][T24638]  ? vfs_write+0x9af/0x1050
[ 1550.191769][T24638]  kernel_clone+0x22d/0x990
[ 1550.196106][T24638]  ? file_end_write+0x1b0/0x1b0
[ 1550.200797][T24638]  ? __kasan_check_write+0x14/0x20
[ 1550.205742][T24638]  ? create_io_thread+0x1e0/0x1e0
[ 1550.210600][T24638]  ? __mutex_lock_slowpath+0x10/0x10
[ 1550.215725][T24638]  __x64_sys_clone+0x289/0x310
[ 1550.220326][T24638]  ? __do_sys_vfork+0x130/0x130
[ 1550.225018][T24638]  ? debug_smp_processor_id+0x17/0x20
[ 1550.230218][T24638]  do_syscall_64+0x44/0xd0
[ 1550.234476][T24638]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1550.240198][T24638] RIP: 0033:0x7fed39e510c9
[ 1550.244449][T24638] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:19 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)

03:35:19 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan0\x00'})
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x48, r3, 0x0, 0x48f8, 0x25dfdc00, {}, [@GTPA_I_TEI={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x24}}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}, @GTPA_LINK={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_TID={0xc, 0x3, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004000}, 0x44011)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0xc)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:19 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x1000000, 0x4000013, r2, 0x0)

03:35:19 executing program 2:
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x10a00, 0x0) (async)
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080))
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:19 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/btbcm', 0x185100, 0x124)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x10000000)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/btbcm', 0x185100, 0x124) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x10000000) (async)

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x2040000, 0xfffffffc})

03:35:19 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000200)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r1) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan0\x00'})
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x48, r3, 0x0, 0x48f8, 0x25dfdc00, {}, [@GTPA_I_TEI={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x24}}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}, @GTPA_LINK={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_TID={0xc, 0x3, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004000}, 0x44011)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0xc)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

[ 1550.264764][T24638] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1550.272968][T24638] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1550.280780][T24638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1550.288587][T24638] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1550.296408][T24638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1550.304212][T24638] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1550.312113][T24638]  </TASK>
03:35:19 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x40})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
getuid()

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x3000000, 0xfffffffc})

03:35:19 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x40})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
getuid()

03:35:19 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x10000, 0x2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x4000000, 0xfffffffc})

[ 1550.361795][T24703] FAULT_INJECTION: forcing a failure.
[ 1550.361795][T24703] name failslab, interval 1, probability 0, space 0, times 0
[ 1550.412425][T24703] CPU: 0 PID: 24703 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1550.422504][T24703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1550.432398][T24703] Call Trace:
[ 1550.435523][T24703]  <TASK>
[ 1550.438301][T24703]  dump_stack_lvl+0x151/0x1b7
[ 1550.442814][T24703]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1550.448117][T24703]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 1550.454530][T24703]  dump_stack+0x15/0x17
[ 1550.458521][T24703]  should_fail+0x3c0/0x510
[ 1550.462776][T24703]  __should_failslab+0x9f/0xe0
[ 1550.467374][T24703]  should_failslab+0x9/0x20
[ 1550.471715][T24703]  kmem_cache_alloc+0x4f/0x2f0
[ 1550.476330][T24703]  ? anon_vma_fork+0xf7/0x4f0
[ 1550.480852][T24703]  anon_vma_fork+0xf7/0x4f0
[ 1550.485182][T24703]  ? anon_vma_name+0x4c/0x70
[ 1550.489593][T24703]  dup_mmap+0x750/0xea0
[ 1550.493588][T24703]  ? __delayed_free_task+0x20/0x20
[ 1550.498549][T24703]  ? mm_init+0x807/0x960
[ 1550.502613][T24703]  dup_mm+0x91/0x330
[ 1550.506345][T24703]  copy_mm+0x108/0x1b0
[ 1550.510250][T24703]  copy_process+0x1295/0x3250
[ 1550.514763][T24703]  ? proc_fail_nth_write+0x213/0x290
[ 1550.519883][T24703]  ? proc_fail_nth_read+0x220/0x220
[ 1550.524917][T24703]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1550.529865][T24703]  ? vfs_write+0x9af/0x1050
[ 1550.534296][T24703]  kernel_clone+0x22d/0x990
[ 1550.538643][T24703]  ? file_end_write+0x1b0/0x1b0
[ 1550.543318][T24703]  ? __kasan_check_write+0x14/0x20
[ 1550.548263][T24703]  ? create_io_thread+0x1e0/0x1e0
[ 1550.553125][T24703]  ? __mutex_lock_slowpath+0x10/0x10
[ 1550.558245][T24703]  __x64_sys_clone+0x289/0x310
[ 1550.562852][T24703]  ? __do_sys_vfork+0x130/0x130
[ 1550.567533][T24703]  ? debug_smp_processor_id+0x17/0x20
[ 1550.572754][T24703]  do_syscall_64+0x44/0xd0
[ 1550.576991][T24703]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1550.582721][T24703] RIP: 0033:0x7fed39e510c9
[ 1550.586977][T24703] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:19 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)

03:35:19 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r1) (rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan0\x00'}) (async, rerun: 32)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x48, r3, 0x0, 0x48f8, 0x25dfdc00, {}, [@GTPA_I_TEI={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x24}}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}, @GTPA_LINK={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_TID={0xc, 0x3, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004000}, 0x44011) (async, rerun: 32)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0xc) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x6040000, 0xfffffffc})

03:35:19 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x10000, 0x2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:19 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x2000000, 0x4000013, r2, 0x0)

03:35:19 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x40})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
getuid()
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x40}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
getuid() (async)

[ 1550.606422][T24703] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1550.614663][T24703] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1550.622470][T24703] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1550.630283][T24703] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1550.638092][T24703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1550.645903][T24703] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1550.653725][T24703]  </TASK>
03:35:19 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
io_uring_setup(0x6a0b, &(0x7f0000000100)={0x0, 0xd14e, 0x10, 0x1, 0x26b, 0x0, r0})

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x7000000, 0xfffffffc})

03:35:19 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x10000, 0x2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:19 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000180)={0x0, 0x0, 0x800}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/incremental-fs', 0x191201, 0x80)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:19 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
io_uring_setup(0x6a0b, &(0x7f0000000100)={0x0, 0xd14e, 0x10, 0x1, 0x26b, 0x0, r0})

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x8000000, 0xfffffffc})

[ 1550.719206][T24751] FAULT_INJECTION: forcing a failure.
[ 1550.719206][T24751] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1550.741719][T24751] CPU: 0 PID: 24751 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1550.751822][T24751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1550.761697][T24751] Call Trace:
[ 1550.764816][T24751]  <TASK>
[ 1550.767592][T24751]  dump_stack_lvl+0x151/0x1b7
[ 1550.772110][T24751]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1550.777401][T24751]  ? stack_trace_save+0x1f0/0x1f0
[ 1550.782262][T24751]  ? __kernel_text_address+0x9a/0x110
[ 1550.787471][T24751]  dump_stack+0x15/0x17
[ 1550.791461][T24751]  should_fail+0x3c0/0x510
[ 1550.795718][T24751]  should_fail_alloc_page+0x58/0x70
[ 1550.800752][T24751]  __alloc_pages+0x1de/0x7c0
[ 1550.805176][T24751]  ? stack_trace_save+0x12d/0x1f0
[ 1550.810037][T24751]  ? stack_trace_snprint+0x100/0x100
[ 1550.815166][T24751]  ? __count_vm_events+0x30/0x30
[ 1550.819932][T24751]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1550.824789][T24751]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1550.829650][T24751]  ? kmem_cache_alloc+0x189/0x2f0
[ 1550.834509][T24751]  ? anon_vma_fork+0x1b9/0x4f0
[ 1550.839124][T24751]  get_zeroed_page+0x19/0x40
[ 1550.843533][T24751]  __pud_alloc+0x8b/0x260
[ 1550.847705][T24751]  ? do_handle_mm_fault+0x2370/0x2370
[ 1550.853008][T24751]  copy_page_range+0xd9e/0x1090
[ 1550.857687][T24751]  ? pfn_valid+0x1e0/0x1e0
[ 1550.861938][T24751]  dup_mmap+0x99f/0xea0
[ 1550.865932][T24751]  ? __delayed_free_task+0x20/0x20
[ 1550.870876][T24751]  ? mm_init+0x807/0x960
[ 1550.874977][T24751]  dup_mm+0x91/0x330
[ 1550.878684][T24751]  copy_mm+0x108/0x1b0
[ 1550.882601][T24751]  copy_process+0x1295/0x3250
[ 1550.887107][T24751]  ? proc_fail_nth_write+0x213/0x290
[ 1550.892323][T24751]  ? proc_fail_nth_read+0x220/0x220
[ 1550.897347][T24751]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1550.902292][T24751]  ? vfs_write+0x9af/0x1050
[ 1550.906633][T24751]  kernel_clone+0x22d/0x990
[ 1550.910972][T24751]  ? file_end_write+0x1b0/0x1b0
[ 1550.916186][T24751]  ? __kasan_check_write+0x14/0x20
[ 1550.921128][T24751]  ? create_io_thread+0x1e0/0x1e0
[ 1550.926074][T24751]  ? __mutex_lock_slowpath+0x10/0x10
[ 1550.931196][T24751]  __x64_sys_clone+0x289/0x310
[ 1550.935796][T24751]  ? __do_sys_vfork+0x130/0x130
[ 1550.940485][T24751]  ? debug_smp_processor_id+0x17/0x20
[ 1550.945690][T24751]  do_syscall_64+0x44/0xd0
[ 1550.949940][T24751]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1550.955680][T24751] RIP: 0033:0x7fed39e510c9
[ 1550.959928][T24751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1550.979364][T24751] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1550.987610][T24751] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1550.995421][T24751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1551.003258][T24751] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1551.011136][T24751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1551.018941][T24751] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1551.026757][T24751]  </TASK>
03:35:19 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x9000000, 0xfffffffc})

03:35:19 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000180)={0x0, 0x0, 0x800}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/incremental-fs', 0x191201, 0x80) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:19 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x4000000, 0x4000013, r2, 0x0)

03:35:19 executing program 5:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup, 0xffffffffffffffff, 0x1c}, 0x10)
syz_io_uring_setup(0x3ff7, &(0x7f0000000040)={0x0, 0x8c92, 0x22, 0x2, 0xa9}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f00000000c0))

03:35:19 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async, rerun: 32)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (rerun: 32)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
io_uring_setup(0x6a0b, &(0x7f0000000100)={0x0, 0xd14e, 0x10, 0x1, 0x26b, 0x0, r0})

03:35:19 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000180)={0x0, 0x0, 0x800}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/incremental-fs', 0x191201, 0x80) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:19 executing program 5:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup, 0xffffffffffffffff, 0x1c}, 0x10) (async)
syz_io_uring_setup(0x3ff7, &(0x7f0000000040)={0x0, 0x8c92, 0x22, 0x2, 0xa9}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f00000000c0))

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x14000000, 0xfffffffc})

03:35:19 executing program 5:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup, 0xffffffffffffffff, 0x1c}, 0x10) (async)
syz_io_uring_setup(0x3ff7, &(0x7f0000000040)={0x0, 0x8c92, 0x22, 0x2, 0xa9}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f00000000c0))

03:35:19 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x2b000000, 0xfffffffc})

03:35:19 executing program 3:
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000))
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x110, r2, 0x0)

[ 1551.255441][T24804] FAULT_INJECTION: forcing a failure.
[ 1551.255441][T24804] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1551.278993][T24804] CPU: 1 PID: 24804 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1551.289152][T24804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1551.299059][T24804] Call Trace:
[ 1551.302171][T24804]  <TASK>
[ 1551.305038][T24804]  dump_stack_lvl+0x151/0x1b7
[ 1551.309549][T24804]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1551.314844][T24804]  ? stack_trace_save+0x1f0/0x1f0
[ 1551.319815][T24804]  ? __kernel_text_address+0x9a/0x110
[ 1551.325023][T24804]  dump_stack+0x15/0x17
[ 1551.329046][T24804]  should_fail+0x3c0/0x510
[ 1551.333277][T24804]  should_fail_alloc_page+0x58/0x70
[ 1551.338300][T24804]  __alloc_pages+0x1de/0x7c0
[ 1551.342729][T24804]  ? stack_trace_save+0x12d/0x1f0
[ 1551.347585][T24804]  ? stack_trace_snprint+0x100/0x100
[ 1551.352804][T24804]  ? __count_vm_events+0x30/0x30
[ 1551.357653][T24804]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1551.362687][T24804]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1551.367547][T24804]  ? kmem_cache_alloc+0x189/0x2f0
[ 1551.372410][T24804]  ? anon_vma_fork+0x1b9/0x4f0
[ 1551.377012][T24804]  get_zeroed_page+0x19/0x40
[ 1551.381435][T24804]  __pud_alloc+0x8b/0x260
[ 1551.385776][T24804]  ? do_handle_mm_fault+0x2370/0x2370
[ 1551.390978][T24804]  copy_page_range+0xd9e/0x1090
[ 1551.395752][T24804]  ? pfn_valid+0x1e0/0x1e0
[ 1551.400003][T24804]  dup_mmap+0x99f/0xea0
[ 1551.404087][T24804]  ? __delayed_free_task+0x20/0x20
[ 1551.409031][T24804]  ? mm_init+0x807/0x960
[ 1551.413112][T24804]  dup_mm+0x91/0x330
[ 1551.416843][T24804]  copy_mm+0x108/0x1b0
[ 1551.420746][T24804]  copy_process+0x1295/0x3250
[ 1551.425263][T24804]  ? proc_fail_nth_write+0x213/0x290
[ 1551.430383][T24804]  ? proc_fail_nth_read+0x220/0x220
[ 1551.435424][T24804]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1551.440453][T24804]  ? vfs_write+0x9af/0x1050
[ 1551.444821][T24804]  kernel_clone+0x22d/0x990
[ 1551.449130][T24804]  ? file_end_write+0x1b0/0x1b0
[ 1551.453822][T24804]  ? __kasan_check_write+0x14/0x20
[ 1551.458770][T24804]  ? create_io_thread+0x1e0/0x1e0
[ 1551.463628][T24804]  ? __mutex_lock_slowpath+0x10/0x10
[ 1551.468750][T24804]  __x64_sys_clone+0x289/0x310
[ 1551.473436][T24804]  ? __do_sys_vfork+0x130/0x130
[ 1551.478411][T24804]  ? debug_smp_processor_id+0x17/0x20
[ 1551.483682][T24804]  do_syscall_64+0x44/0xd0
[ 1551.488021][T24804]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1551.493763][T24804] RIP: 0033:0x7fed39e510c9
[ 1551.498001][T24804] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1551.517836][T24804] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1551.526076][T24804] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1551.533990][T24804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1551.541786][T24804] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
03:35:20 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)

03:35:20 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x32000000, 0xfffffffc})

03:35:20 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x2000008, 0x13, r1, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:20 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x31, 0x29, 0x7, 0x3, 0x6, 0xffffffff, 0x2, 0xdc})
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = io_uring_setup(0x3f5c, &(0x7f0000000180)={0x0, 0x67ae, 0x0, 0x0, 0x8f, 0x0, r0})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r1, 0x0)
io_uring_setup(0x499a, &(0x7f0000000200)={0x0, 0xfd36, 0x8, 0x2, 0x19c})

03:35:20 executing program 3:
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000))
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x110, r2, 0x0)

03:35:20 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x8000000, 0x4000013, r2, 0x0)

03:35:20 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x34000000, 0xfffffffc})

03:35:20 executing program 3:
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000)) (async)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async, rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x110, r2, 0x0) (rerun: 32)

03:35:20 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x2000008, 0x13, r1, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x2000008, 0x13, r1, 0x10000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

[ 1551.549795][T24804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1551.557579][T24804] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1551.565395][T24804]  </TASK>
03:35:20 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x31, 0x29, 0x7, 0x3, 0x6, 0xffffffff, 0x2, 0xdc})
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = io_uring_setup(0x3f5c, &(0x7f0000000180)={0x0, 0x67ae, 0x0, 0x0, 0x8f, 0x0, r0})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r1, 0x0)
io_uring_setup(0x499a, &(0x7f0000000200)={0x0, 0xfd36, 0x8, 0x2, 0x19c})
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x31, 0x29, 0x7, 0x3, 0x6, 0xffffffff, 0x2, 0xdc}) (async)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async)
io_uring_setup(0x3f5c, &(0x7f0000000180)={0x0, 0x67ae, 0x0, 0x0, 0x8f, 0x0, r0}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r1, 0x0) (async)
io_uring_setup(0x499a, &(0x7f0000000200)={0x0, 0xfd36, 0x8, 0x2, 0x19c}) (async)

03:35:20 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000080)=""/3)
getsockname$packet(r0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x100, 0x80, 0x200, 0x3c5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040), &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)

03:35:20 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x2000008, 0x13, r1, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x2000008, 0x13, r1, 0x10000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

[ 1551.637871][T24822] FAULT_INJECTION: forcing a failure.
[ 1551.637871][T24822] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1551.663288][T24822] CPU: 1 PID: 24822 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1551.673462][T24822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1551.683434][T24822] Call Trace:
[ 1551.686560][T24822]  <TASK>
[ 1551.689343][T24822]  dump_stack_lvl+0x151/0x1b7
[ 1551.693861][T24822]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1551.699146][T24822]  dump_stack+0x15/0x17
[ 1551.703225][T24822]  should_fail+0x3c0/0x510
[ 1551.707485][T24822]  should_fail_alloc_page+0x58/0x70
[ 1551.712513][T24822]  __alloc_pages+0x1de/0x7c0
[ 1551.717024][T24822]  ? __count_vm_events+0x30/0x30
[ 1551.722232][T24822]  ? __this_cpu_preempt_check+0x13/0x20
[ 1551.727956][T24822]  ? __mod_node_page_state+0xac/0xf0
[ 1551.733179][T24822]  ? __mod_lruvec_page_state+0x15f/0x1c0
[ 1551.738702][T24822]  pte_alloc_one+0x73/0x1b0
[ 1551.742983][T24822]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1551.748113][T24822]  ? __kasan_check_write+0x14/0x20
[ 1551.753050][T24822]  ? __set_page_owner+0x2ee/0x310
[ 1551.757997][T24822]  __pte_alloc+0x86/0x350
[ 1551.762166][T24822]  ? free_pgtables+0x210/0x210
[ 1551.766768][T24822]  ? _raw_spin_lock+0xa3/0x1b0
[ 1551.771365][T24822]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1551.776570][T24822]  copy_pte_range+0x1b1f/0x20b0
[ 1551.781261][T24822]  ? __kunmap_atomic+0x80/0x80
[ 1551.785859][T24822]  ? __pud_alloc+0x260/0x260
[ 1551.790370][T24822]  ? __pud_alloc+0x218/0x260
[ 1551.794803][T24822]  ? do_handle_mm_fault+0x2370/0x2370
[ 1551.800092][T24822]  copy_page_range+0xc1e/0x1090
[ 1551.804789][T24822]  ? pfn_valid+0x1e0/0x1e0
[ 1551.809120][T24822]  dup_mmap+0x99f/0xea0
[ 1551.813034][T24822]  ? __delayed_free_task+0x20/0x20
[ 1551.817969][T24822]  ? mm_init+0x807/0x960
[ 1551.822056][T24822]  dup_mm+0x91/0x330
[ 1551.825778][T24822]  copy_mm+0x108/0x1b0
[ 1551.829692][T24822]  copy_process+0x1295/0x3250
[ 1551.834201][T24822]  ? proc_fail_nth_write+0x213/0x290
[ 1551.839321][T24822]  ? proc_fail_nth_read+0x220/0x220
[ 1551.844360][T24822]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1551.849302][T24822]  ? vfs_write+0x9af/0x1050
[ 1551.853646][T24822]  kernel_clone+0x22d/0x990
[ 1551.857981][T24822]  ? file_end_write+0x1b0/0x1b0
[ 1551.862665][T24822]  ? __kasan_check_write+0x14/0x20
[ 1551.867613][T24822]  ? create_io_thread+0x1e0/0x1e0
[ 1551.872909][T24822]  ? __mutex_lock_slowpath+0x10/0x10
[ 1551.878030][T24822]  __x64_sys_clone+0x289/0x310
[ 1551.882631][T24822]  ? __do_sys_vfork+0x130/0x130
[ 1551.887317][T24822]  ? debug_smp_processor_id+0x17/0x20
[ 1551.892526][T24822]  do_syscall_64+0x44/0xd0
[ 1551.896777][T24822]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1551.902504][T24822] RIP: 0033:0x7fed39e510c9
[ 1551.906768][T24822] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1551.926200][T24822] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:20 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)

03:35:20 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x40000000, 0xfffffffc})

03:35:20 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x31, 0x29, 0x7, 0x3, 0x6, 0xffffffff, 0x2, 0xdc})
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = io_uring_setup(0x3f5c, &(0x7f0000000180)={0x0, 0x67ae, 0x0, 0x0, 0x8f, 0x0, r0})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r1, 0x0)
io_uring_setup(0x499a, &(0x7f0000000200)={0x0, 0xfd36, 0x8, 0x2, 0x19c})
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x31, 0x29, 0x7, 0x3, 0x6, 0xffffffff, 0x2, 0xdc}) (async)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async)
io_uring_setup(0x3f5c, &(0x7f0000000180)={0x0, 0x67ae, 0x0, 0x0, 0x8f, 0x0, r0}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r1, 0x0) (async)
io_uring_setup(0x499a, &(0x7f0000000200)={0x0, 0xfd36, 0x8, 0x2, 0x19c}) (async)

03:35:20 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000080)={0x1, 0x1, {0x9, 0x15, 0x11, 0x18, 0x9, 0x1, 0x6, 0xe5}})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x1)

03:35:20 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf000000, 0x4000013, r2, 0x0)

03:35:20 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000080)=""/3)
getsockname$packet(r0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x100, 0x80, 0x200, 0x3c5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040), &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000080)=""/3) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x100, 0x80, 0x200, 0x3c5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040), &(0x7f0000000000)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) (async)

03:35:20 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000080)=""/3) (async)
getsockname$packet(r0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x100, 0x80, 0x200, 0x3c5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040), &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)

03:35:20 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x41000000, 0xfffffffc})

[ 1551.934453][T24822] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1551.942282][T24822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1551.950070][T24822] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1551.957963][T24822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1551.965863][T24822] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1551.973679][T24822]  </TASK>
03:35:20 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000000)=0x8000, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:20 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000080)={0x1, 0x1, {0x9, 0x15, 0x11, 0x18, 0x9, 0x1, 0x6, 0xe5}}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
prctl$PR_SET_UNALIGN(0x6, 0x1)

03:35:20 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x8acd, 0xaa2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000000))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x4)

03:35:20 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x42000000, 0xfffffffc})

[ 1552.041899][T24892] FAULT_INJECTION: forcing a failure.
[ 1552.041899][T24892] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1552.069109][T24892] CPU: 1 PID: 24892 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1552.079187][T24892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1552.089086][T24892] Call Trace:
[ 1552.092213][T24892]  <TASK>
[ 1552.094983][T24892]  dump_stack_lvl+0x151/0x1b7
[ 1552.099499][T24892]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1552.104793][T24892]  dump_stack+0x15/0x17
[ 1552.108782][T24892]  should_fail+0x3c0/0x510
[ 1552.113043][T24892]  should_fail_alloc_page+0x58/0x70
[ 1552.119283][T24892]  __alloc_pages+0x1de/0x7c0
[ 1552.123809][T24892]  ? __count_vm_events+0x30/0x30
[ 1552.128569][T24892]  ? __this_cpu_preempt_check+0x13/0x20
[ 1552.134049][T24892]  ? __mod_node_page_state+0xac/0xf0
[ 1552.139165][T24892]  ? __mod_lruvec_page_state+0x15f/0x1c0
[ 1552.145459][T24892]  pte_alloc_one+0x73/0x1b0
[ 1552.149795][T24892]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1552.154830][T24892]  ? __kasan_check_write+0x14/0x20
[ 1552.159953][T24892]  ? __set_page_owner+0x2ee/0x310
[ 1552.164809][T24892]  __pte_alloc+0x86/0x350
[ 1552.168975][T24892]  ? free_pgtables+0x210/0x210
[ 1552.173586][T24892]  ? _raw_spin_lock+0xa3/0x1b0
[ 1552.178175][T24892]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1552.183388][T24892]  copy_pte_range+0x1b1f/0x20b0
[ 1552.188076][T24892]  ? __kunmap_atomic+0x80/0x80
[ 1552.192676][T24892]  ? __pud_alloc+0x260/0x260
[ 1552.197095][T24892]  ? __pud_alloc+0x218/0x260
[ 1552.201520][T24892]  ? do_handle_mm_fault+0x2370/0x2370
[ 1552.206730][T24892]  copy_page_range+0xc1e/0x1090
[ 1552.211420][T24892]  ? pfn_valid+0x1e0/0x1e0
[ 1552.215805][T24892]  dup_mmap+0x99f/0xea0
[ 1552.219783][T24892]  ? __delayed_free_task+0x20/0x20
[ 1552.224730][T24892]  ? mm_init+0x807/0x960
[ 1552.228820][T24892]  dup_mm+0x91/0x330
[ 1552.232539][T24892]  copy_mm+0x108/0x1b0
[ 1552.236617][T24892]  copy_process+0x1295/0x3250
[ 1552.241134][T24892]  ? proc_fail_nth_write+0x213/0x290
[ 1552.246353][T24892]  ? proc_fail_nth_read+0x220/0x220
[ 1552.251581][T24892]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1552.256521][T24892]  ? vfs_write+0x9af/0x1050
[ 1552.260960][T24892]  kernel_clone+0x22d/0x990
[ 1552.265278][T24892]  ? file_end_write+0x1b0/0x1b0
[ 1552.269966][T24892]  ? __kasan_check_write+0x14/0x20
[ 1552.274911][T24892]  ? create_io_thread+0x1e0/0x1e0
[ 1552.279785][T24892]  ? __mutex_lock_slowpath+0x10/0x10
[ 1552.284905][T24892]  __x64_sys_clone+0x289/0x310
[ 1552.289496][T24892]  ? __do_sys_vfork+0x130/0x130
[ 1552.294178][T24892]  ? debug_smp_processor_id+0x17/0x20
[ 1552.299389][T24892]  do_syscall_64+0x44/0xd0
[ 1552.303638][T24892]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1552.309452][T24892] RIP: 0033:0x7fed39e510c9
[ 1552.313710][T24892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1552.333232][T24892] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1552.341478][T24892] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1552.349443][T24892] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1552.357878][T24892] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1552.365688][T24892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1552.373499][T24892] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1552.381313][T24892]  </TASK>
03:35:21 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)

03:35:21 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000080)={0x1, 0x1, {0x9, 0x15, 0x11, 0x18, 0x9, 0x1, 0x6, 0xe5}})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
prctl$PR_SET_UNALIGN(0x6, 0x1)

03:35:21 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000000)=0x8000, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000000)=0x8000, 0x4) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:21 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x8acd, 0xaa2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000000))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x4)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x8acd, 0xaa2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000000)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x4) (async)

03:35:21 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0xfeffffff, 0xfffffffc})

03:35:21 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x10000000, 0x4000013, r2, 0x0)

03:35:21 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x8acd, 0xaa2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000000))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x4)

03:35:21 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000000)=0x8000, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000000)=0x8000, 0x4) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:21 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0xffff8000, 0xfffffffc})

03:35:21 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x11, r0, 0x10000000)

03:35:21 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x1d26, &(0x7f0000000100)={0x0, 0x2125, 0x400, 0x2, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000300))
syz_io_uring_setup(0x67f, &(0x7f0000000000)={0x0, 0x9a40, 0x1, 0xffffffff, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4000000})
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f00000002c0)={0x9, 0x16, 0x0, 0x8, "519216ae81c771ddf30d61d98c6f4e58fc82e2744c273c92a731525ff8bd41b5"})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
clock_gettime(0x0, &(0x7f00000003c0)={<r3=>0x0, <r4=>0x0})
syz_io_uring_setup(0x152d, &(0x7f00000004c0)={0x0, 0x2c78, 0x40, 0x2, 0x355, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000540), &(0x7f0000000580))
ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0)
clock_gettime(0x0, &(0x7f0000000480)={<r5=>0x0, <r6=>0x0})
timerfd_settime(r2, 0x3, &(0x7f0000000400)={{r3, r4+60000000}, {r5, r6+10000000}}, &(0x7f0000000440))
io_uring_setup(0x17c0, &(0x7f0000000340)={0x0, 0xc6f9, 0x80, 0x3, 0xf6, 0x0, r2})

03:35:21 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0xfffffffe, 0xfffffffc})

[ 1552.519227][T24931] FAULT_INJECTION: forcing a failure.
[ 1552.519227][T24931] name failslab, interval 1, probability 0, space 0, times 0
[ 1552.565890][T24931] CPU: 1 PID: 24931 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1552.575972][T24931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1552.585866][T24931] Call Trace:
[ 1552.588989][T24931]  <TASK>
[ 1552.591768][T24931]  dump_stack_lvl+0x151/0x1b7
[ 1552.596293][T24931]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1552.601578][T24931]  dump_stack+0x15/0x17
[ 1552.605570][T24931]  should_fail+0x3c0/0x510
[ 1552.609831][T24931]  __should_failslab+0x9f/0xe0
[ 1552.614418][T24931]  should_failslab+0x9/0x20
[ 1552.618758][T24931]  kmem_cache_alloc+0x4f/0x2f0
[ 1552.623359][T24931]  ? vm_area_dup+0x26/0x1d0
[ 1552.627703][T24931]  vm_area_dup+0x26/0x1d0
[ 1552.631865][T24931]  dup_mmap+0x6b8/0xea0
[ 1552.635857][T24931]  ? __delayed_free_task+0x20/0x20
[ 1552.640819][T24931]  ? mm_init+0x807/0x960
[ 1552.645232][T24931]  dup_mm+0x91/0x330
[ 1552.648961][T24931]  copy_mm+0x108/0x1b0
[ 1552.652871][T24931]  copy_process+0x1295/0x3250
[ 1552.657380][T24931]  ? proc_fail_nth_write+0x213/0x290
[ 1552.662505][T24931]  ? proc_fail_nth_read+0x220/0x220
[ 1552.667538][T24931]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1552.672485][T24931]  ? vfs_write+0x9af/0x1050
[ 1552.676830][T24931]  kernel_clone+0x22d/0x990
[ 1552.681162][T24931]  ? file_end_write+0x1b0/0x1b0
[ 1552.685851][T24931]  ? __kasan_check_write+0x14/0x20
[ 1552.690795][T24931]  ? create_io_thread+0x1e0/0x1e0
[ 1552.695664][T24931]  ? __mutex_lock_slowpath+0x10/0x10
[ 1552.700785][T24931]  __x64_sys_clone+0x289/0x310
[ 1552.705382][T24931]  ? __do_sys_vfork+0x130/0x130
[ 1552.710065][T24931]  ? debug_smp_processor_id+0x17/0x20
[ 1552.715287][T24931]  do_syscall_64+0x44/0xd0
[ 1552.719524][T24931]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1552.725258][T24931] RIP: 0033:0x7fed39e510c9
[ 1552.729510][T24931] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1552.748950][T24931] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1552.757194][T24931] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1552.765002][T24931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1552.772899][T24931] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1552.780712][T24931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1552.788613][T24931] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1552.796424][T24931]  </TASK>
03:35:21 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)

03:35:21 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000000))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x10010, r1, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)

03:35:21 executing program 1:
getuid()
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:21 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x11, r0, 0x10000000) (async)

03:35:21 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x1d26, &(0x7f0000000100)={0x0, 0x2125, 0x400, 0x2, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000300)) (async)
syz_io_uring_setup(0x67f, &(0x7f0000000000)={0x0, 0x9a40, 0x1, 0xffffffff, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4000000})
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f00000002c0)={0x9, 0x16, 0x0, 0x8, "519216ae81c771ddf30d61d98c6f4e58fc82e2744c273c92a731525ff8bd41b5"})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
clock_gettime(0x0, &(0x7f00000003c0)={<r3=>0x0, <r4=>0x0}) (async)
syz_io_uring_setup(0x152d, &(0x7f00000004c0)={0x0, 0x2c78, 0x40, 0x2, 0x355, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000540), &(0x7f0000000580))
ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) (async)
clock_gettime(0x0, &(0x7f0000000480)={<r5=>0x0, <r6=>0x0})
timerfd_settime(r2, 0x3, &(0x7f0000000400)={{r3, r4+60000000}, {r5, r6+10000000}}, &(0x7f0000000440)) (async)
io_uring_setup(0x17c0, &(0x7f0000000340)={0x0, 0xc6f9, 0x80, 0x3, 0xf6, 0x0, r2})

03:35:21 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x1ffff000, 0x4000013, r2, 0x0)

03:35:21 executing program 1:
getuid()
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
getuid() (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)

03:35:21 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000000))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x10010, r1, 0x10000000) (async, rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0) (rerun: 32)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)

03:35:21 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x1d26, &(0x7f0000000100)={0x0, 0x2125, 0x400, 0x2, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000300)) (async)
syz_io_uring_setup(0x67f, &(0x7f0000000000)={0x0, 0x9a40, 0x1, 0xffffffff, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4000000}) (async)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f00000002c0)={0x9, 0x16, 0x0, 0x8, "519216ae81c771ddf30d61d98c6f4e58fc82e2744c273c92a731525ff8bd41b5"})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
clock_gettime(0x0, &(0x7f00000003c0)={<r3=>0x0, <r4=>0x0}) (async)
syz_io_uring_setup(0x152d, &(0x7f00000004c0)={0x0, 0x2c78, 0x40, 0x2, 0x355, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000540), &(0x7f0000000580)) (async)
ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) (async)
clock_gettime(0x0, &(0x7f0000000480)={<r5=>0x0, <r6=>0x0})
timerfd_settime(r2, 0x3, &(0x7f0000000400)={{r3, r4+60000000}, {r5, r6+10000000}}, &(0x7f0000000440)) (async)
io_uring_setup(0x17c0, &(0x7f0000000340)={0x0, 0xc6f9, 0x80, 0x3, 0xf6, 0x0, r2})

03:35:21 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x11, r0, 0x10000000) (async)

03:35:21 executing program 1:
getuid() (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:21 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000000))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x10010, r1, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000000)) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x10010, r1, 0x10000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) (async)

[ 1552.899907][T24959] FAULT_INJECTION: forcing a failure.
[ 1552.899907][T24959] name failslab, interval 1, probability 0, space 0, times 0
[ 1552.953277][T24959] CPU: 0 PID: 24959 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1552.963351][T24959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1552.973251][T24959] Call Trace:
[ 1552.976368][T24959]  <TASK>
[ 1552.979150][T24959]  dump_stack_lvl+0x151/0x1b7
[ 1552.983665][T24959]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1552.988965][T24959]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 1552.995294][T24959]  dump_stack+0x15/0x17
[ 1552.999368][T24959]  should_fail+0x3c0/0x510
[ 1553.003625][T24959]  __should_failslab+0x9f/0xe0
[ 1553.008399][T24959]  should_failslab+0x9/0x20
[ 1553.012740][T24959]  kmem_cache_alloc+0x4f/0x2f0
[ 1553.017335][T24959]  ? anon_vma_fork+0xf7/0x4f0
[ 1553.021852][T24959]  anon_vma_fork+0xf7/0x4f0
[ 1553.026190][T24959]  ? anon_vma_name+0x4c/0x70
[ 1553.030620][T24959]  dup_mmap+0x750/0xea0
[ 1553.034612][T24959]  ? __delayed_free_task+0x20/0x20
[ 1553.039560][T24959]  ? mm_init+0x807/0x960
[ 1553.043632][T24959]  dup_mm+0x91/0x330
[ 1553.047365][T24959]  copy_mm+0x108/0x1b0
[ 1553.051273][T24959]  copy_process+0x1295/0x3250
[ 1553.055785][T24959]  ? proc_fail_nth_write+0x213/0x290
[ 1553.060908][T24959]  ? proc_fail_nth_read+0x220/0x220
[ 1553.065938][T24959]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1553.070884][T24959]  ? vfs_write+0x9af/0x1050
[ 1553.075227][T24959]  kernel_clone+0x22d/0x990
[ 1553.079585][T24959]  ? file_end_write+0x1b0/0x1b0
[ 1553.084250][T24959]  ? __kasan_check_write+0x14/0x20
[ 1553.089200][T24959]  ? create_io_thread+0x1e0/0x1e0
[ 1553.094144][T24959]  ? __mutex_lock_slowpath+0x10/0x10
[ 1553.099267][T24959]  __x64_sys_clone+0x289/0x310
[ 1553.103867][T24959]  ? __do_sys_vfork+0x130/0x130
[ 1553.108563][T24959]  ? debug_smp_processor_id+0x17/0x20
[ 1553.113766][T24959]  do_syscall_64+0x44/0xd0
[ 1553.118362][T24959]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1553.124089][T24959] RIP: 0033:0x7fed39e510c9
[ 1553.128347][T24959] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:21 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)

03:35:21 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/i8042', 0x400080, 0x20)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000a, 0x12, r0, 0x10000000)
syz_io_uring_setup(0x3d86, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x20002, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200001c, 0x810, r1, 0x0)

03:35:21 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:21 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x20ffb000, 0x4000013, r2, 0x0)

03:35:21 executing program 1:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000000)=[@decrefs={0x40046307, 0x1}, @register_looper, @increfs={0x40046304, 0x3}, @register_looper, @decrefs, @decrefs={0x40046307, 0x2}, @decrefs={0x40046307, 0x3}], 0x1b, 0x0, &(0x7f0000000040)="626c298cae3c63d25877697552c1720acc4497c43b4e682adc1cff"})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:21 executing program 1:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000000)=[@decrefs={0x40046307, 0x1}, @register_looper, @increfs={0x40046304, 0x3}, @register_looper, @decrefs, @decrefs={0x40046307, 0x2}, @decrefs={0x40046307, 0x3}], 0x1b, 0x0, &(0x7f0000000040)="626c298cae3c63d25877697552c1720acc4497c43b4e682adc1cff"}) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:21 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/i8042', 0x400080, 0x20)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000a, 0x12, r0, 0x10000000)
syz_io_uring_setup(0x3d86, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x20002, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200001c, 0x810, r1, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/i8042', 0x400080, 0x20) (async)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000a, 0x12, r0, 0x10000000) (async)
syz_io_uring_setup(0x3d86, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x20002, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200001c, 0x810, r1, 0x0) (async)

[ 1553.147785][T24959] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1553.156028][T24959] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1553.163840][T24959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1553.171650][T24959] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1553.179462][T24959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1553.187270][T24959] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1553.195087][T24959]  </TASK>
03:35:21 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/i8042', 0x400080, 0x20)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000a, 0x12, r0, 0x10000000) (async)
syz_io_uring_setup(0x3d86, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x20002, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200001c, 0x810, r1, 0x0)

03:35:21 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0)
ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f00000000c0))
write$cgroup_pressure(r1, &(0x7f0000000040)={'full', 0x20, 0x0, 0x20, 0xfffffffffffffe04}, 0x2f)

03:35:22 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:22 executing program 1:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x30, 0x0, &(0x7f0000000000)=[@decrefs={0x40046307, 0x1}, @register_looper, @increfs={0x40046304, 0x3}, @register_looper, @decrefs, @decrefs={0x40046307, 0x2}, @decrefs={0x40046307, 0x3}], 0x1b, 0x0, &(0x7f0000000040)="626c298cae3c63d25877697552c1720acc4497c43b4e682adc1cff"}) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

[ 1553.235193][T25007] FAULT_INJECTION: forcing a failure.
[ 1553.235193][T25007] name failslab, interval 1, probability 0, space 0, times 0
[ 1553.272196][T25007] CPU: 1 PID: 25007 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1553.282278][T25007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1553.292182][T25007] Call Trace:
[ 1553.295381][T25007]  <TASK>
[ 1553.298159][T25007]  dump_stack_lvl+0x151/0x1b7
[ 1553.302673][T25007]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1553.307977][T25007]  dump_stack+0x15/0x17
[ 1553.311955][T25007]  should_fail+0x3c0/0x510
[ 1553.316212][T25007]  __should_failslab+0x9f/0xe0
[ 1553.320812][T25007]  should_failslab+0x9/0x20
[ 1553.325151][T25007]  kmem_cache_alloc+0x4f/0x2f0
[ 1553.329751][T25007]  ? vm_area_dup+0x26/0x1d0
[ 1553.334089][T25007]  vm_area_dup+0x26/0x1d0
[ 1553.338259][T25007]  dup_mmap+0x6b8/0xea0
[ 1553.342261][T25007]  ? __delayed_free_task+0x20/0x20
[ 1553.347204][T25007]  ? mm_init+0x807/0x960
[ 1553.351275][T25007]  dup_mm+0x91/0x330
[ 1553.355107][T25007]  copy_mm+0x108/0x1b0
[ 1553.358998][T25007]  copy_process+0x1295/0x3250
[ 1553.363512][T25007]  ? proc_fail_nth_write+0x213/0x290
[ 1553.368638][T25007]  ? proc_fail_nth_read+0x220/0x220
[ 1553.373761][T25007]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1553.381999][T25007]  ? vfs_write+0x9af/0x1050
[ 1553.386340][T25007]  kernel_clone+0x22d/0x990
[ 1553.390686][T25007]  ? file_end_write+0x1b0/0x1b0
[ 1553.395370][T25007]  ? __kasan_check_write+0x14/0x20
[ 1553.400311][T25007]  ? create_io_thread+0x1e0/0x1e0
[ 1553.405174][T25007]  ? __mutex_lock_slowpath+0x10/0x10
[ 1553.410293][T25007]  __x64_sys_clone+0x289/0x310
[ 1553.414981][T25007]  ? __do_sys_vfork+0x130/0x130
[ 1553.419732][T25007]  ? debug_smp_processor_id+0x17/0x20
[ 1553.425158][T25007]  do_syscall_64+0x44/0xd0
[ 1553.429388][T25007]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1553.435117][T25007] RIP: 0033:0x7fed39e510c9
[ 1553.439381][T25007] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1553.458809][T25007] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1553.467054][T25007] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1553.474888][T25007] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:22 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async, rerun: 64)
ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) (async, rerun: 64)
ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f00000000c0)) (async)
write$cgroup_pressure(r1, &(0x7f0000000040)={'full', 0x20, 0x0, 0x20, 0xfffffffffffffe04}, 0x2f)

03:35:22 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)

03:35:22 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xffff8000, 0x4000013, r2, 0x0)

03:35:22 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000080), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:22 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:22 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x30, r1, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$RTC_IRQP_READ(r2, 0x8008700b, &(0x7f0000000040))
io_uring_setup(0x49b6, &(0x7f0000000080)={0x0, 0x9cc5, 0x0, 0x3, 0xc9, 0x0, r0})

03:35:22 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0)
ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f00000000c0))
write$cgroup_pressure(r1, &(0x7f0000000040)={'full', 0x20, 0x0, 0x20, 0xfffffffffffffe04}, 0x2f)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) (async)
ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f00000000c0)) (async)
write$cgroup_pressure(r1, &(0x7f0000000040)={'full', 0x20, 0x0, 0x20, 0xfffffffffffffe04}, 0x2f) (async)

[ 1553.482681][T25007] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1553.490493][T25007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1553.498433][T25007] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1553.506246][T25007]  </TASK>
03:35:22 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipmr_delroute={0x24, 0x19, 0x100, 0x70bd25, 0x25dfdbfb, {0x80, 0x14, 0x20, 0x0, 0xfc, 0x3, 0xff, 0x7, 0x1680}, [@RTA_FLOW={0x8, 0xb, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x200400d0}, 0x4000000)

03:35:22 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)

03:35:22 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_open_dev$mouse(&(0x7f0000000000), 0xcca, 0x4480)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:22 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x30, r1, 0x0) (async)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$RTC_IRQP_READ(r2, 0x8008700b, &(0x7f0000000040)) (async)
io_uring_setup(0x49b6, &(0x7f0000000080)={0x0, 0x9cc5, 0x0, 0x3, 0xc9, 0x0, r0})

03:35:22 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipmr_delroute={0x24, 0x19, 0x100, 0x70bd25, 0x25dfdbfb, {0x80, 0x14, 0x20, 0x0, 0xfc, 0x3, 0xff, 0x7, 0x1680}, [@RTA_FLOW={0x8, 0xb, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x200400d0}, 0x4000000)

[ 1553.559406][T25059] FAULT_INJECTION: forcing a failure.
[ 1553.559406][T25059] name failslab, interval 1, probability 0, space 0, times 0
[ 1553.590500][T25059] CPU: 0 PID: 25059 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
03:35:22 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1553.600580][T25059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1553.610477][T25059] Call Trace:
[ 1553.613600][T25059]  <TASK>
[ 1553.616466][T25059]  dump_stack_lvl+0x151/0x1b7
[ 1553.620991][T25059]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1553.626274][T25059]  dump_stack+0x15/0x17
[ 1553.630265][T25059]  should_fail+0x3c0/0x510
[ 1553.634520][T25059]  __should_failslab+0x9f/0xe0
[ 1553.639118][T25059]  should_failslab+0x9/0x20
[ 1553.643459][T25059]  kmem_cache_alloc+0x4f/0x2f0
[ 1553.648061][T25059]  ? vm_area_dup+0x26/0x1d0
[ 1553.652403][T25059]  ? __kasan_check_read+0x11/0x20
03:35:22 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xffffc000, 0x4000013, r2, 0x0)

[ 1553.657260][T25059]  vm_area_dup+0x26/0x1d0
[ 1553.661429][T25059]  dup_mmap+0x6b8/0xea0
[ 1553.665424][T25059]  ? __delayed_free_task+0x20/0x20
[ 1553.670366][T25059]  ? mm_init+0x807/0x960
[ 1553.674443][T25059]  dup_mm+0x91/0x330
[ 1553.678177][T25059]  copy_mm+0x108/0x1b0
[ 1553.682080][T25059]  copy_process+0x1295/0x3250
[ 1553.686594][T25059]  ? proc_fail_nth_write+0x213/0x290
[ 1553.691712][T25059]  ? proc_fail_nth_read+0x220/0x220
[ 1553.696749][T25059]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1553.701698][T25059]  ? vfs_write+0x9af/0x1050
[ 1553.706038][T25059]  kernel_clone+0x22d/0x990
[ 1553.710374][T25059]  ? file_end_write+0x1b0/0x1b0
[ 1553.715057][T25059]  ? __kasan_check_write+0x14/0x20
[ 1553.720794][T25059]  ? create_io_thread+0x1e0/0x1e0
[ 1553.725653][T25059]  ? __mutex_lock_slowpath+0x10/0x10
[ 1553.730858][T25059]  __x64_sys_clone+0x289/0x310
[ 1553.735980][T25059]  ? __do_sys_vfork+0x130/0x130
[ 1553.740838][T25059]  ? debug_smp_processor_id+0x17/0x20
[ 1553.746048][T25059]  do_syscall_64+0x44/0xd0
[ 1553.750305][T25059]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1553.756027][T25059] RIP: 0033:0x7fed39e510c9
[ 1553.760281][T25059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1553.780013][T25059] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1553.788258][T25059] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1553.796079][T25059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1553.803881][T25059] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1553.812297][T25059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1553.820106][T25059] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1553.828149][T25059]  </TASK>
03:35:22 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

03:35:22 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipmr_delroute={0x24, 0x19, 0x100, 0x70bd25, 0x25dfdbfb, {0x80, 0x14, 0x20, 0x0, 0xfc, 0x3, 0xff, 0x7, 0x1680}, [@RTA_FLOW={0x8, 0xb, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x200400d0}, 0x4000000)

03:35:22 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x30, r1, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$RTC_IRQP_READ(r2, 0x8008700b, &(0x7f0000000040))
io_uring_setup(0x49b6, &(0x7f0000000080)={0x0, 0x9cc5, 0x0, 0x3, 0xc9, 0x0, r0})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x30, r1, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0) (async)
ioctl$RTC_IRQP_READ(r2, 0x8008700b, &(0x7f0000000040)) (async)
io_uring_setup(0x49b6, &(0x7f0000000080)={0x0, 0x9cc5, 0x0, 0x3, 0xc9, 0x0, r0}) (async)

03:35:22 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_open_dev$mouse(&(0x7f0000000000), 0xcca, 0x4480)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
syz_open_dev$mouse(&(0x7f0000000000), 0xcca, 0x4480) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:22 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000000), 0xaf600000, 0x1c0002)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0xb0, 0x0, &(0x7f0000000340)=[@free_buffer, @acquire={0x40046305, 0x3}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x7, 0x2, 0x1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}, 0x40}, @enter_looper, @acquire={0x40046305, 0x2}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fda={0x66646185, 0x7, 0x1, 0xf}, @ptr={0x70742a85, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0xe}, @flat=@weak_binder}, &(0x7f0000000300)={0x0, 0x20, 0x48}}}], 0xdc, 0x0, &(0x7f0000000400)="058cd173fbbc305f8c84a94ec538ca50c7c7598eb58c631fa398e5a153b786a120a1f59ba04fd7e162005998bd6cbc50b94b2df0bae5bd3790c3728f4132a443eae5cdbca2757437b7d5d217030df508e0b136d8dfaf59f029eef32e9dd30eb53a4bb4838129e8f68cedeec9ba39993e04fcaae2ec0ac73945d1973b5f408a344c4b7faec0feb8a413b1dfe6fb877e2ccc649e9a6247168574b8128eff9daccf40d95ae3296d47a0af0010f682705b5fc79f621c2df72dfb4d0db3364551cb3683c11905a0a03e81b494ea20055911cb6017d831bcf80022eb53aaf5"})
mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x7332c54755580561, 0x7)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xfffffffc, 0x800, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:22 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x800000000, 0x4000013, r2, 0x0)

03:35:22 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000000), 0xaf600000, 0x1c0002)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0xb0, 0x0, &(0x7f0000000340)=[@free_buffer, @acquire={0x40046305, 0x3}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x7, 0x2, 0x1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}, 0x40}, @enter_looper, @acquire={0x40046305, 0x2}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fda={0x66646185, 0x7, 0x1, 0xf}, @ptr={0x70742a85, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0xe}, @flat=@weak_binder}, &(0x7f0000000300)={0x0, 0x20, 0x48}}}], 0xdc, 0x0, &(0x7f0000000400)="058cd173fbbc305f8c84a94ec538ca50c7c7598eb58c631fa398e5a153b786a120a1f59ba04fd7e162005998bd6cbc50b94b2df0bae5bd3790c3728f4132a443eae5cdbca2757437b7d5d217030df508e0b136d8dfaf59f029eef32e9dd30eb53a4bb4838129e8f68cedeec9ba39993e04fcaae2ec0ac73945d1973b5f408a344c4b7faec0feb8a413b1dfe6fb877e2ccc649e9a6247168574b8128eff9daccf40d95ae3296d47a0af0010f682705b5fc79f621c2df72dfb4d0db3364551cb3683c11905a0a03e81b494ea20055911cb6017d831bcf80022eb53aaf5"})
mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x7332c54755580561, 0x7)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xfffffffc, 0x800, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_open_dev$mouse(&(0x7f0000000000), 0xaf600000, 0x1c0002) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0xb0, 0x0, &(0x7f0000000340)=[@free_buffer, @acquire={0x40046305, 0x3}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x7, 0x2, 0x1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}, 0x40}, @enter_looper, @acquire={0x40046305, 0x2}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fda={0x66646185, 0x7, 0x1, 0xf}, @ptr={0x70742a85, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0xe}, @flat=@weak_binder}, &(0x7f0000000300)={0x0, 0x20, 0x48}}}], 0xdc, 0x0, &(0x7f0000000400)="058cd173fbbc305f8c84a94ec538ca50c7c7598eb58c631fa398e5a153b786a120a1f59ba04fd7e162005998bd6cbc50b94b2df0bae5bd3790c3728f4132a443eae5cdbca2757437b7d5d217030df508e0b136d8dfaf59f029eef32e9dd30eb53a4bb4838129e8f68cedeec9ba39993e04fcaae2ec0ac73945d1973b5f408a344c4b7faec0feb8a413b1dfe6fb877e2ccc649e9a6247168574b8128eff9daccf40d95ae3296d47a0af0010f682705b5fc79f621c2df72dfb4d0db3364551cb3683c11905a0a03e81b494ea20055911cb6017d831bcf80022eb53aaf5"}) (async)
mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x7332c54755580561, 0x7) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xfffffffc, 0x800, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)

03:35:22 executing program 1:
write$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1, @sniff_mode={{0x803, 0xa}, {0xc9, 0x7fff, 0x40, 0x0, 0x100}}}, 0xe)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:22 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
syz_open_dev$mouse(&(0x7f0000000000), 0xcca, 0x4480) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:22 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000140))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x4c000, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x1, 'tunl0\x00', {}, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

[ 1553.977078][T25110] FAULT_INJECTION: forcing a failure.
[ 1553.977078][T25110] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1554.015987][T25110] CPU: 1 PID: 25110 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1554.026072][T25110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1554.035968][T25110] Call Trace:
[ 1554.039087][T25110]  <TASK>
[ 1554.041866][T25110]  dump_stack_lvl+0x151/0x1b7
[ 1554.046385][T25110]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1554.051675][T25110]  ? __kasan_check_write+0x14/0x20
[ 1554.056620][T25110]  ? __set_page_owner+0x2ee/0x310
[ 1554.061483][T25110]  dump_stack+0x15/0x17
[ 1554.065484][T25110]  should_fail+0x3c0/0x510
[ 1554.069730][T25110]  should_fail_alloc_page+0x58/0x70
[ 1554.074897][T25110]  __alloc_pages+0x1de/0x7c0
[ 1554.079322][T25110]  ? __count_vm_events+0x30/0x30
[ 1554.084107][T25110]  ? __count_vm_events+0x30/0x30
[ 1554.089055][T25110]  ? __kasan_check_write+0x14/0x20
[ 1554.093990][T25110]  ? _raw_spin_lock+0xa3/0x1b0
[ 1554.098595][T25110]  __pmd_alloc+0xb1/0x550
[ 1554.102755][T25110]  ? kmem_cache_alloc+0x189/0x2f0
[ 1554.107614][T25110]  ? anon_vma_fork+0x1b9/0x4f0
[ 1554.112218][T25110]  ? __pud_alloc+0x260/0x260
[ 1554.116644][T25110]  ? __pud_alloc+0x218/0x260
[ 1554.121154][T25110]  ? do_handle_mm_fault+0x2370/0x2370
[ 1554.126364][T25110]  copy_page_range+0xd04/0x1090
[ 1554.131075][T25110]  ? pfn_valid+0x1e0/0x1e0
[ 1554.135397][T25110]  dup_mmap+0x99f/0xea0
[ 1554.139395][T25110]  ? __delayed_free_task+0x20/0x20
[ 1554.144451][T25110]  ? mm_init+0x807/0x960
[ 1554.148613][T25110]  dup_mm+0x91/0x330
[ 1554.152353][T25110]  copy_mm+0x108/0x1b0
[ 1554.156249][T25110]  copy_process+0x1295/0x3250
[ 1554.161200][T25110]  ? proc_fail_nth_write+0x213/0x290
[ 1554.166318][T25110]  ? proc_fail_nth_read+0x220/0x220
[ 1554.171356][T25110]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1554.176297][T25110]  ? vfs_write+0x9af/0x1050
[ 1554.180644][T25110]  kernel_clone+0x22d/0x990
[ 1554.184984][T25110]  ? file_end_write+0x1b0/0x1b0
[ 1554.189663][T25110]  ? __kasan_check_write+0x14/0x20
[ 1554.194613][T25110]  ? create_io_thread+0x1e0/0x1e0
[ 1554.199474][T25110]  ? __mutex_lock_slowpath+0x10/0x10
[ 1554.204593][T25110]  __x64_sys_clone+0x289/0x310
[ 1554.209194][T25110]  ? __do_sys_vfork+0x130/0x130
[ 1554.213968][T25110]  ? debug_smp_processor_id+0x17/0x20
[ 1554.219204][T25110]  do_syscall_64+0x44/0xd0
[ 1554.223426][T25110]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1554.229416][T25110] RIP: 0033:0x7fed39e510c9
[ 1554.233794][T25110] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1554.254709][T25110] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1554.262966][T25110] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
03:35:22 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000000), 0xaf600000, 0x1c0002) (async, rerun: 64)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x0, 0x0) (async, rerun: 64)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0xb0, 0x0, &(0x7f0000000340)=[@free_buffer, @acquire={0x40046305, 0x3}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x7, 0x2, 0x1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}, 0x40}, @enter_looper, @acquire={0x40046305, 0x2}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fda={0x66646185, 0x7, 0x1, 0xf}, @ptr={0x70742a85, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0xe}, @flat=@weak_binder}, &(0x7f0000000300)={0x0, 0x20, 0x48}}}], 0xdc, 0x0, &(0x7f0000000400)="058cd173fbbc305f8c84a94ec538ca50c7c7598eb58c631fa398e5a153b786a120a1f59ba04fd7e162005998bd6cbc50b94b2df0bae5bd3790c3728f4132a443eae5cdbca2757437b7d5d217030df508e0b136d8dfaf59f029eef32e9dd30eb53a4bb4838129e8f68cedeec9ba39993e04fcaae2ec0ac73945d1973b5f408a344c4b7faec0feb8a413b1dfe6fb877e2ccc649e9a6247168574b8128eff9daccf40d95ae3296d47a0af0010f682705b5fc79f621c2df72dfb4d0db3364551cb3683c11905a0a03e81b494ea20055911cb6017d831bcf80022eb53aaf5"}) (async)
mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x7332c54755580561, 0x7)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0xfffffffc, 0x800, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:22 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000))
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x20, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)

03:35:23 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

03:35:23 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_getrule={0x1c, 0x22, 0x50e, 0x70bd27, 0x25dfdbff, {0xa, 0x80, 0x0, 0x7, 0xff, 0x0, 0x0, 0x3, 0x10012}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:23 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x1000000000, 0x4000013, r2, 0x0)

03:35:23 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async, rerun: 64)
ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000140)) (rerun: 64)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)) (async)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x4c000, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x1, 'tunl0\x00', {}, 0x4}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:23 executing program 1:
write$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1, @sniff_mode={{0x803, 0xa}, {0xc9, 0x7fff, 0x40, 0x0, 0x100}}}, 0xe)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:23 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000))
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x20, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000)) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0) (async)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x20, 0x4) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0) (async)

03:35:23 executing program 1:
write$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1, @sniff_mode={{0x803, 0xa}, {0xc9, 0x7fff, 0x40, 0x0, 0x100}}}, 0xe)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
write$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1, @sniff_mode={{0x803, 0xa}, {0xc9, 0x7fff, 0x40, 0x0, 0x100}}}, 0xe) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)

03:35:23 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_getrule={0x1c, 0x22, 0x50e, 0x70bd27, 0x25dfdbff, {0xa, 0x80, 0x0, 0x7, 0xff, 0x0, 0x0, 0x3, 0x10012}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_getrule={0x1c, 0x22, 0x50e, 0x70bd27, 0x25dfdbff, {0xa, 0x80, 0x0, 0x7, 0xff, 0x0, 0x0, 0x3, 0x10012}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)

[ 1554.270778][T25110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1554.278571][T25110] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1554.286396][T25110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1554.294195][T25110] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1554.302012][T25110]  </TASK>
03:35:23 executing program 3:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000))
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x20, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000)) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0) (async)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x20, 0x4) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0) (async)

03:35:23 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r1=>0x0})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10010, r0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0xc0000000, <r3=>0x0}, 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, [@generic={0x9, 0x3, 0xe, 0x1, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x7, 0x4f, &(0x7f0000000080)=""/79, 0x40f00, 0x8, '\x00', r1, 0x1b, r2, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0xd, 0xf5, 0x3f}, 0x10, r3}, 0x80)

03:35:23 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_getrule={0x1c, 0x22, 0x50e, 0x70bd27, 0x25dfdbff, {0xa, 0x80, 0x0, 0x7, 0xff, 0x0, 0x0, 0x3, 0x10012}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_getrule={0x1c, 0x22, 0x50e, 0x70bd27, 0x25dfdbff, {0xa, 0x80, 0x0, 0x7, 0xff, 0x0, 0x0, 0x3, 0x10012}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)

03:35:23 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r1=>0x0}) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10010, r0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0xc0000000, <r3=>0x0}, 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, [@generic={0x9, 0x3, 0xe, 0x1, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x7, 0x4f, &(0x7f0000000080)=""/79, 0x40f00, 0x8, '\x00', r1, 0x1b, r2, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0xd, 0xf5, 0x3f}, 0x10, r3}, 0x80)

[ 1554.523924][T25175] FAULT_INJECTION: forcing a failure.
[ 1554.523924][T25175] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1554.541161][T25175] CPU: 1 PID: 25175 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1554.551316][T25175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1554.561216][T25175] Call Trace:
[ 1554.564336][T25175]  <TASK>
[ 1554.567114][T25175]  dump_stack_lvl+0x151/0x1b7
[ 1554.571628][T25175]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1554.576923][T25175]  dump_stack+0x15/0x17
[ 1554.580917][T25175]  should_fail+0x3c0/0x510
[ 1554.585167][T25175]  should_fail_alloc_page+0x58/0x70
[ 1554.590210][T25175]  __alloc_pages+0x1de/0x7c0
[ 1554.594636][T25175]  ? __count_vm_events+0x30/0x30
[ 1554.599400][T25175]  ? dup_mm+0x91/0x330
[ 1554.603319][T25175]  ? copy_mm+0x108/0x1b0
[ 1554.607384][T25175]  ? copy_process+0x1295/0x3250
[ 1554.612071][T25175]  ? kernel_clone+0x22d/0x990
[ 1554.616592][T25175]  ? __x64_sys_clone+0x289/0x310
[ 1554.621358][T25175]  pte_alloc_one+0x73/0x1b0
[ 1554.625697][T25175]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1554.630732][T25175]  ? __kasan_check_write+0x14/0x20
[ 1554.635682][T25175]  ? __set_page_owner+0x2ee/0x310
[ 1554.640538][T25175]  __pte_alloc+0x86/0x350
[ 1554.644713][T25175]  ? post_alloc_hook+0x1ab/0x1b0
[ 1554.649545][T25175]  ? free_pgtables+0x210/0x210
[ 1554.654166][T25175]  ? get_page_from_freelist+0x38b/0x400
[ 1554.659555][T25175]  copy_pte_range+0x1b1f/0x20b0
[ 1554.664242][T25175]  ? __kunmap_atomic+0x80/0x80
[ 1554.668834][T25175]  ? __pud_alloc+0x260/0x260
[ 1554.673279][T25175]  ? __pud_alloc+0x218/0x260
[ 1554.677688][T25175]  ? do_handle_mm_fault+0x2370/0x2370
[ 1554.682906][T25175]  copy_page_range+0xc1e/0x1090
[ 1554.688026][T25175]  ? pfn_valid+0x1e0/0x1e0
[ 1554.692272][T25175]  dup_mmap+0x99f/0xea0
[ 1554.696259][T25175]  ? __delayed_free_task+0x20/0x20
[ 1554.701209][T25175]  ? mm_init+0x807/0x960
[ 1554.705289][T25175]  dup_mm+0x91/0x330
[ 1554.709020][T25175]  copy_mm+0x108/0x1b0
[ 1554.712926][T25175]  copy_process+0x1295/0x3250
[ 1554.717446][T25175]  ? proc_fail_nth_write+0x213/0x290
[ 1554.722560][T25175]  ? proc_fail_nth_read+0x220/0x220
[ 1554.727592][T25175]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1554.732541][T25175]  ? vfs_write+0x9af/0x1050
[ 1554.736965][T25175]  ? vmacache_update+0xb7/0x120
[ 1554.741655][T25175]  kernel_clone+0x22d/0x990
[ 1554.745996][T25175]  ? file_end_write+0x1b0/0x1b0
[ 1554.750678][T25175]  ? __kasan_check_write+0x14/0x20
[ 1554.755623][T25175]  ? create_io_thread+0x1e0/0x1e0
[ 1554.760576][T25175]  ? __mutex_lock_slowpath+0x10/0x10
[ 1554.765693][T25175]  __x64_sys_clone+0x289/0x310
[ 1554.770295][T25175]  ? __do_sys_vfork+0x130/0x130
[ 1554.774979][T25175]  ? debug_smp_processor_id+0x17/0x20
[ 1554.780190][T25175]  do_syscall_64+0x44/0xd0
[ 1554.784446][T25175]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1554.790167][T25175] RIP: 0033:0x7fed39e510c9
[ 1554.794422][T25175] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1554.813863][T25175] RSP: 002b:00007fed38ba3118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:23 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

03:35:23 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000140))
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x4c000, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x1, 'tunl0\x00', {}, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000140)) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x4c000, 0x0) (async)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x1, 'tunl0\x00', {}, 0x4}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)

03:35:23 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r1=>0x0})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10010, r0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0xc0000000, <r3=>0x0}, 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, [@generic={0x9, 0x3, 0xe, 0x1, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x7, 0x4f, &(0x7f0000000080)=""/79, 0x40f00, 0x8, '\x00', r1, 0x1b, r2, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0xd, 0xf5, 0x3f}, 0x10, r3}, 0x80)

03:35:23 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)=@newneigh={0x6c, 0x1c, 0x200, 0x70bd27, 0x25dfdbfb, {0x1c, 0x0, 0x0, 0x0, 0x10, 0x40, 0x5}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x700c}, @NDA_CACHEINFO={0x14, 0x3, {0xd9c4, 0x77c, 0x7, 0x1}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x101}, @NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x38}}, @NDA_DST_MAC={0xa, 0x1, @random="81e18339667f"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4040040}, 0x80)

03:35:23 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f0000000200))
syz_io_uring_setup(0x769b, &(0x7f0000000140)={0x0, 0x789a, 0x2b2, 0x0, 0x77}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
fchmodat(r1, &(0x7f00000000c0)='./file0\x00', 0x142)
io_uring_setup(0x2748, &(0x7f0000000040)={0x0, 0xc49c, 0x800, 0x0, 0x159, 0x0, r1})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
write$tun(r2, &(0x7f0000000280)={@void, @void, @mpls={[{0x8}, {0x2}], @llc={@llc={0xf0, 0x70, 'h', "40a42a857ca98831824c4185ee4770392fdce1580ff455ff91699986b57bd91336b7e1551542346d18a760401d8b585c373ba85e26771771450971d90f952330a7428fca75e5c98d4c88c33d2903aa2f772807bd10f2f3e2"}}}}, 0x63)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x7fffffff)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000240)=0x19001, 0x4)

03:35:23 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x553a29a79000, 0x4000013, r2, 0x0)

[ 1554.822105][T25175] RAX: ffffffffffffffda RBX: 00007fed39f71050 RCX: 00007fed39e510c9
[ 1554.829920][T25175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1554.837729][T25175] RBP: 00007fed38ba31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1554.845540][T25175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1554.853352][T25175] R13: 00007ffef667485f R14: 00007fed38ba3300 R15: 0000000000022000
[ 1554.861165][T25175]  </TASK>
03:35:23 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
getdents(r0, &(0x7f0000000100)=""/57, 0x39)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x74, 0x0, &(0x7f0000000140)=[@increfs={0x40046304, 0x3}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x3, 0x0, 0x1f}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000100)={0x0, 0x20, 0x38}}}, @dead_binder_done, @request_death={0x400c630e, 0x2}, @dead_binder_done], 0x0, 0x0, &(0x7f00000001c0)})
io_uring_setup(0x54a, &(0x7f0000000000)={0x0, 0x2, 0x800, 0xfffffffb, 0xfffffffb})

03:35:23 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)=@newneigh={0x6c, 0x1c, 0x200, 0x70bd27, 0x25dfdbfb, {0x1c, 0x0, 0x0, 0x0, 0x10, 0x40, 0x5}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x700c}, @NDA_CACHEINFO={0x14, 0x3, {0xd9c4, 0x77c, 0x7, 0x1}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x101}, @NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x38}}, @NDA_DST_MAC={0xa, 0x1, @random="81e18339667f"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4040040}, 0x80)

03:35:23 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f0000000200))
syz_io_uring_setup(0x769b, &(0x7f0000000140)={0x0, 0x789a, 0x2b2, 0x0, 0x77}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
fchmodat(r1, &(0x7f00000000c0)='./file0\x00', 0x142)
io_uring_setup(0x2748, &(0x7f0000000040)={0x0, 0xc49c, 0x800, 0x0, 0x159, 0x0, r1})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
write$tun(r2, &(0x7f0000000280)={@void, @void, @mpls={[{0x8}, {0x2}], @llc={@llc={0xf0, 0x70, 'h', "40a42a857ca98831824c4185ee4770392fdce1580ff455ff91699986b57bd91336b7e1551542346d18a760401d8b585c373ba85e26771771450971d90f952330a7428fca75e5c98d4c88c33d2903aa2f772807bd10f2f3e2"}}}}, 0x63)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x7fffffff)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000240)=0x19001, 0x4)
openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0) (async)
ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f0000000200)) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000140)={0x0, 0x789a, 0x2b2, 0x0, 0x77}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
fchmodat(r1, &(0x7f00000000c0)='./file0\x00', 0x142) (async)
io_uring_setup(0x2748, &(0x7f0000000040)={0x0, 0xc49c, 0x800, 0x0, 0x159, 0x0, r1}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
write$tun(r2, &(0x7f0000000280)={@void, @void, @mpls={[{0x8}, {0x2}], @llc={@llc={0xf0, 0x70, 'h', "40a42a857ca98831824c4185ee4770392fdce1580ff455ff91699986b57bd91336b7e1551542346d18a760401d8b585c373ba85e26771771450971d90f952330a7428fca75e5c98d4c88c33d2903aa2f772807bd10f2f3e2"}}}}, 0x63) (async)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x7fffffff) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000240)=0x19001, 0x4) (async)

03:35:23 executing program 2:
syz_io_uring_setup(0x20002413, &(0x7f0000000180)={0x0, 0xa29f}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:23 executing program 2:
syz_io_uring_setup(0x20002413, &(0x7f0000000180)={0x0, 0xa29f}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:23 executing program 2:
syz_io_uring_setup(0x20002413, &(0x7f0000000180)={0x0, 0xa29f}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

[ 1554.921651][T25209] FAULT_INJECTION: forcing a failure.
[ 1554.921651][T25209] name failslab, interval 1, probability 0, space 0, times 0
[ 1554.949218][T25209] CPU: 0 PID: 25209 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1554.959296][T25209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1554.969272][T25209] Call Trace:
[ 1554.972484][T25209]  <TASK>
[ 1554.975257][T25209]  dump_stack_lvl+0x151/0x1b7
[ 1554.979783][T25209]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1554.985246][T25209]  dump_stack+0x15/0x17
[ 1554.989234][T25209]  should_fail+0x3c0/0x510
[ 1554.993492][T25209]  __should_failslab+0x9f/0xe0
[ 1554.998088][T25209]  should_failslab+0x9/0x20
[ 1555.002427][T25209]  kmem_cache_alloc+0x4f/0x2f0
[ 1555.007027][T25209]  ? vm_area_dup+0x26/0x1d0
[ 1555.011366][T25209]  vm_area_dup+0x26/0x1d0
[ 1555.015535][T25209]  dup_mmap+0x6b8/0xea0
[ 1555.019528][T25209]  ? __delayed_free_task+0x20/0x20
[ 1555.024473][T25209]  ? mm_init+0x807/0x960
[ 1555.028550][T25209]  dup_mm+0x91/0x330
[ 1555.032281][T25209]  copy_mm+0x108/0x1b0
[ 1555.036198][T25209]  copy_process+0x1295/0x3250
[ 1555.040798][T25209]  ? proc_fail_nth_write+0x213/0x290
[ 1555.045998][T25209]  ? proc_fail_nth_read+0x220/0x220
[ 1555.051032][T25209]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1555.055985][T25209]  ? vfs_write+0x9af/0x1050
[ 1555.060326][T25209]  kernel_clone+0x22d/0x990
[ 1555.064655][T25209]  ? file_end_write+0x1b0/0x1b0
[ 1555.069348][T25209]  ? __kasan_check_write+0x14/0x20
[ 1555.074290][T25209]  ? create_io_thread+0x1e0/0x1e0
[ 1555.079153][T25209]  ? __mutex_lock_slowpath+0x10/0x10
[ 1555.084271][T25209]  __x64_sys_clone+0x289/0x310
[ 1555.088873][T25209]  ? __do_sys_vfork+0x130/0x130
[ 1555.093561][T25209]  ? debug_smp_processor_id+0x17/0x20
[ 1555.098766][T25209]  do_syscall_64+0x44/0xd0
[ 1555.103021][T25209]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1555.108750][T25209] RIP: 0033:0x7fed39e510c9
[ 1555.113235][T25209] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1555.132732][T25209] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1555.140948][T25209] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1555.148759][T25209] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1555.156569][T25209] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1555.164379][T25209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:23 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44)

03:35:23 executing program 2:
open$dir(&(0x7f0000000080)='./file0\x00', 0x200, 0x40)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x280000a, 0x80010, 0xffffffffffffffff, 0x80000000)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r1, 0x0)

03:35:23 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xfffffffffff7e, 0x4000013, r2, 0x0)

03:35:23 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
getdents(r0, &(0x7f0000000100)=""/57, 0x39) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x74, 0x0, &(0x7f0000000140)=[@increfs={0x40046304, 0x3}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x3, 0x0, 0x1f}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000100)={0x0, 0x20, 0x38}}}, @dead_binder_done, @request_death={0x400c630e, 0x2}, @dead_binder_done], 0x0, 0x0, &(0x7f00000001c0)})
io_uring_setup(0x54a, &(0x7f0000000000)={0x0, 0x2, 0x800, 0xfffffffb, 0xfffffffb})

03:35:23 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)=@newneigh={0x6c, 0x1c, 0x200, 0x70bd27, 0x25dfdbfb, {0x1c, 0x0, 0x0, 0x0, 0x10, 0x40, 0x5}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x700c}, @NDA_CACHEINFO={0x14, 0x3, {0xd9c4, 0x77c, 0x7, 0x1}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x101}, @NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x38}}, @NDA_DST_MAC={0xa, 0x1, @random="81e18339667f"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4040040}, 0x80)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)=@newneigh={0x6c, 0x1c, 0x200, 0x70bd27, 0x25dfdbfb, {0x1c, 0x0, 0x0, 0x0, 0x10, 0x40, 0x5}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x700c}, @NDA_CACHEINFO={0x14, 0x3, {0xd9c4, 0x77c, 0x7, 0x1}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x101}, @NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x38}}, @NDA_DST_MAC={0xa, 0x1, @random="81e18339667f"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4040040}, 0x80) (async)

[ 1555.172190][T25209] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1555.180006][T25209]  </TASK>
03:35:23 executing program 2:
open$dir(&(0x7f0000000080)='./file0\x00', 0x200, 0x40)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x280000a, 0x80010, 0xffffffffffffffff, 0x80000000)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r1, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x200, 0x40) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x280000a, 0x80010, 0xffffffffffffffff, 0x80000000) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r1, 0x0) (async)

03:35:23 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_uring_setup(0x9, &(0x7f0000000000)={0x0, 0x2a2, 0x2, 0x3, 0x3b0, 0x0, r1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:23 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f0000000200))
syz_io_uring_setup(0x769b, &(0x7f0000000140)={0x0, 0x789a, 0x2b2, 0x0, 0x77}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
fchmodat(r1, &(0x7f00000000c0)='./file0\x00', 0x142)
io_uring_setup(0x2748, &(0x7f0000000040)={0x0, 0xc49c, 0x800, 0x0, 0x159, 0x0, r1})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
write$tun(r2, &(0x7f0000000280)={@void, @void, @mpls={[{0x8}, {0x2}], @llc={@llc={0xf0, 0x70, 'h', "40a42a857ca98831824c4185ee4770392fdce1580ff455ff91699986b57bd91336b7e1551542346d18a760401d8b585c373ba85e26771771450971d90f952330a7428fca75e5c98d4c88c33d2903aa2f772807bd10f2f3e2"}}}}, 0x63) (async)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x7fffffff)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000240)=0x19001, 0x4)

[ 1555.219555][T25249] FAULT_INJECTION: forcing a failure.
[ 1555.219555][T25249] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1555.250787][T25249] CPU: 0 PID: 25249 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
03:35:24 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
getdents(r0, &(0x7f0000000100)=""/57, 0x39)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x74, 0x0, &(0x7f0000000140)=[@increfs={0x40046304, 0x3}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x3, 0x0, 0x1f}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000100)={0x0, 0x20, 0x38}}}, @dead_binder_done, @request_death={0x400c630e, 0x2}, @dead_binder_done], 0x0, 0x0, &(0x7f00000001c0)})
io_uring_setup(0x54a, &(0x7f0000000000)={0x0, 0x2, 0x800, 0xfffffffb, 0xfffffffb})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
getdents(r0, &(0x7f0000000100)=""/57, 0x39) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x74, 0x0, &(0x7f0000000140)=[@increfs={0x40046304, 0x3}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x3, 0x0, 0x1f}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000100)={0x0, 0x20, 0x38}}}, @dead_binder_done, @request_death={0x400c630e, 0x2}, @dead_binder_done], 0x0, 0x0, &(0x7f00000001c0)}) (async)
io_uring_setup(0x54a, &(0x7f0000000000)={0x0, 0x2, 0x800, 0xfffffffb, 0xfffffffb}) (async)

03:35:24 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_uring_setup(0x9, &(0x7f0000000000)={0x0, 0x2a2, 0x2, 0x3, 0x3b0, 0x0, r1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
io_uring_setup(0x9, &(0x7f0000000000)={0x0, 0x2a2, 0x2, 0x3, 0x3b0, 0x0, r1}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

[ 1555.260867][T25249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1555.270770][T25249] Call Trace:
[ 1555.273883][T25249]  <TASK>
[ 1555.276661][T25249]  dump_stack_lvl+0x151/0x1b7
[ 1555.281173][T25249]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1555.286566][T25249]  dump_stack+0x15/0x17
[ 1555.290549][T25249]  should_fail+0x3c0/0x510
[ 1555.294803][T25249]  should_fail_alloc_page+0x58/0x70
[ 1555.299835][T25249]  __alloc_pages+0x1de/0x7c0
[ 1555.304268][T25249]  ? __count_vm_events+0x30/0x30
[ 1555.309037][T25249]  ? __this_cpu_preempt_check+0x13/0x20
[ 1555.314415][T25249]  ? __mod_node_page_state+0xac/0xf0
[ 1555.319540][T25249]  pte_alloc_one+0x73/0x1b0
[ 1555.323884][T25249]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1555.328912][T25249]  __pte_alloc+0x86/0x350
[ 1555.333079][T25249]  ? free_pgtables+0x210/0x210
[ 1555.337677][T25249]  ? _raw_spin_lock+0xa3/0x1b0
[ 1555.342279][T25249]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1555.347483][T25249]  ? __kernel_text_address+0x9a/0x110
[ 1555.352870][T25249]  copy_pte_range+0x1b1f/0x20b0
[ 1555.357561][T25249]  ? __kunmap_atomic+0x80/0x80
[ 1555.362152][T25249]  ? __kasan_slab_alloc+0xc4/0xe0
03:35:24 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x60000000000000, 0x4000013, r2, 0x0)

[ 1555.367013][T25249]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1555.371910][T25249]  ? kmem_cache_alloc+0x189/0x2f0
[ 1555.376730][T25249]  ? vm_area_dup+0x26/0x1d0
[ 1555.381088][T25249]  ? dup_mmap+0x6b8/0xea0
[ 1555.385235][T25249]  ? dup_mm+0x91/0x330
[ 1555.389143][T25249]  ? copy_mm+0x108/0x1b0
[ 1555.393222][T25249]  ? copy_process+0x1295/0x3250
[ 1555.397919][T25249]  ? kernel_clone+0x22d/0x990
[ 1555.402422][T25249]  ? __x64_sys_clone+0x289/0x310
[ 1555.407195][T25249]  ? do_syscall_64+0x44/0xd0
[ 1555.411709][T25249]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
03:35:24 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x80ffff00000000, 0x4000013, r2, 0x0)

[ 1555.417614][T25249]  copy_page_range+0xc1e/0x1090
[ 1555.422389][T25249]  ? pfn_valid+0x1e0/0x1e0
[ 1555.426646][T25249]  dup_mmap+0x99f/0xea0
[ 1555.430633][T25249]  ? __delayed_free_task+0x20/0x20
[ 1555.435585][T25249]  ? mm_init+0x807/0x960
[ 1555.439680][T25249]  dup_mm+0x91/0x330
[ 1555.443392][T25249]  copy_mm+0x108/0x1b0
[ 1555.447298][T25249]  copy_process+0x1295/0x3250
[ 1555.451810][T25249]  ? proc_fail_nth_write+0x213/0x290
[ 1555.456926][T25249]  ? proc_fail_nth_read+0x220/0x220
[ 1555.461976][T25249]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1555.466917][T25249]  ? vfs_write+0x9af/0x1050
[ 1555.471268][T25249]  kernel_clone+0x22d/0x990
[ 1555.475590][T25249]  ? file_end_write+0x1b0/0x1b0
[ 1555.480275][T25249]  ? __kasan_check_write+0x14/0x20
[ 1555.485225][T25249]  ? create_io_thread+0x1e0/0x1e0
[ 1555.490087][T25249]  ? __mutex_lock_slowpath+0x10/0x10
[ 1555.495202][T25249]  __x64_sys_clone+0x289/0x310
[ 1555.499803][T25249]  ? __do_sys_vfork+0x130/0x130
[ 1555.504580][T25249]  ? debug_smp_processor_id+0x17/0x20
[ 1555.509787][T25249]  do_syscall_64+0x44/0xd0
[ 1555.514040][T25249]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1555.519768][T25249] RIP: 0033:0x7fed39e510c9
[ 1555.524017][T25249] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1555.543459][T25249] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1555.551704][T25249] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1555.559539][T25249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:24 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x90a7293a550000, 0x4000013, r2, 0x0)

03:35:24 executing program 2:
open$dir(&(0x7f0000000080)='./file0\x00', 0x200, 0x40) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x280000a, 0x80010, 0xffffffffffffffff, 0x80000000)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r1, 0x0)

03:35:24 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:24 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x2d6}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async, rerun: 64)
io_uring_setup(0x9, &(0x7f0000000000)={0x0, 0x2a2, 0x2, 0x3, 0x3b0, 0x0, r1}) (rerun: 64)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:24 executing program 1:
ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, &(0x7f0000000000)=0xd7)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0x5, 0x9e2, 0x2, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x0, 0xb}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0x7fff, 0x4, 0xff, 0x40, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3, 0xd}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_tracing={0x1a, 0x6, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x42}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xb}, @ldst={0x1, 0x0, 0x2, 0x8, 0x4, 0xfffffffffffffff4, 0xfffffffffffffff0}, @exit, @ldst={0x0, 0x0, 0x0, 0x0, 0xa, 0xdc, 0xffffffffffffffec}], &(0x7f00000000c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000100)=""/129, 0x41100, 0x0, '\x00', 0x0, 0x1a, r0, 0x8, &(0x7f00000001c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0x8, 0x562, 0x10000}, 0x10, 0x29b66, r1, 0x0, &(0x7f00000003c0)=[r2, 0x1, r3, 0x1, 0x1, r4, 0x1, 0xffffffffffffffff]}, 0x80)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040)=0x301080, 0x4)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:24 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45)

[ 1555.567326][T25249] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1555.575149][T25249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1555.582949][T25249] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1555.590763][T25249]  </TASK>
03:35:24 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000080))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:24 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:24 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000080))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000080)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:24 executing program 1:
ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, &(0x7f0000000000)=0xd7) (async, rerun: 32)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 32)
getsockname$packet(r0, 0x0, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0x5, 0x9e2, 0x2, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x0, 0xb}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0x7fff, 0x4, 0xff, 0x40, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3, 0xd}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_tracing={0x1a, 0x6, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x42}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xb}, @ldst={0x1, 0x0, 0x2, 0x8, 0x4, 0xfffffffffffffff4, 0xfffffffffffffff0}, @exit, @ldst={0x0, 0x0, 0x0, 0x0, 0xa, 0xdc, 0xffffffffffffffec}], &(0x7f00000000c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000100)=""/129, 0x41100, 0x0, '\x00', 0x0, 0x1a, r0, 0x8, &(0x7f00000001c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0x8, 0x562, 0x10000}, 0x10, 0x29b66, r1, 0x0, &(0x7f00000003c0)=[r2, 0x1, r3, 0x1, 0x1, r4, 0x1, 0xffffffffffffffff]}, 0x80)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040)=0x301080, 0x4)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:24 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:24 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x20002, 0x294}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

[ 1555.644412][T25307] cgroup: fork rejected by pids controller in /syz3
[ 1555.664081][T25356] FAULT_INJECTION: forcing a failure.
[ 1555.664081][T25356] name failslab, interval 1, probability 0, space 0, times 0
[ 1555.711046][T25356] CPU: 0 PID: 25356 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1555.721128][T25356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1555.731023][T25356] Call Trace:
[ 1555.734141][T25356]  <TASK>
[ 1555.736920][T25356]  dump_stack_lvl+0x151/0x1b7
[ 1555.741435][T25356]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1555.746728][T25356]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 1555.752978][T25356]  dump_stack+0x15/0x17
[ 1555.756966][T25356]  should_fail+0x3c0/0x510
[ 1555.761227][T25356]  __should_failslab+0x9f/0xe0
[ 1555.765820][T25356]  should_failslab+0x9/0x20
[ 1555.770161][T25356]  kmem_cache_alloc+0x4f/0x2f0
[ 1555.774769][T25356]  ? anon_vma_fork+0xf7/0x4f0
[ 1555.779283][T25356]  anon_vma_fork+0xf7/0x4f0
[ 1555.783623][T25356]  ? anon_vma_name+0x4c/0x70
[ 1555.788042][T25356]  dup_mmap+0x750/0xea0
[ 1555.792120][T25356]  ? __delayed_free_task+0x20/0x20
[ 1555.797155][T25356]  ? mm_init+0x807/0x960
[ 1555.801231][T25356]  dup_mm+0x91/0x330
[ 1555.804964][T25356]  copy_mm+0x108/0x1b0
[ 1555.808872][T25356]  copy_process+0x1295/0x3250
[ 1555.813384][T25356]  ? proc_fail_nth_write+0x213/0x290
[ 1555.818504][T25356]  ? proc_fail_nth_read+0x220/0x220
[ 1555.823540][T25356]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1555.828483][T25356]  ? vfs_write+0x9af/0x1050
[ 1555.832826][T25356]  kernel_clone+0x22d/0x990
[ 1555.837162][T25356]  ? file_end_write+0x1b0/0x1b0
[ 1555.841850][T25356]  ? __kasan_check_write+0x14/0x20
[ 1555.846799][T25356]  ? create_io_thread+0x1e0/0x1e0
[ 1555.851659][T25356]  ? __mutex_lock_slowpath+0x10/0x10
[ 1555.857747][T25356]  __x64_sys_clone+0x289/0x310
[ 1555.862335][T25356]  ? __do_sys_vfork+0x130/0x130
[ 1555.867023][T25356]  ? debug_smp_processor_id+0x17/0x20
[ 1555.872251][T25356]  do_syscall_64+0x44/0xd0
[ 1555.876481][T25356]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1555.882205][T25356] RIP: 0033:0x7fed39e510c9
[ 1555.886473][T25356] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
03:35:24 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xb0ff2000000000, 0x4000013, r2, 0x0)

03:35:24 executing program 1:
ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, &(0x7f0000000000)=0xd7)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0x5, 0x9e2, 0x2, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x0, 0xb}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0x7fff, 0x4, 0xff, 0x40, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3, 0xd}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_tracing={0x1a, 0x6, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x42}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xb}, @ldst={0x1, 0x0, 0x2, 0x8, 0x4, 0xfffffffffffffff4, 0xfffffffffffffff0}, @exit, @ldst={0x0, 0x0, 0x0, 0x0, 0xa, 0xdc, 0xffffffffffffffec}], &(0x7f00000000c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000100)=""/129, 0x41100, 0x0, '\x00', 0x0, 0x1a, r0, 0x8, &(0x7f00000001c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0x8, 0x562, 0x10000}, 0x10, 0x29b66, r1, 0x0, &(0x7f00000003c0)=[r2, 0x1, r3, 0x1, 0x1, r4, 0x1, 0xffffffffffffffff]}, 0x80)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040)=0x301080, 0x4)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, &(0x7f0000000000)=0xd7) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0x5, 0x9e2, 0x2, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x0, 0xb}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0x7fff, 0x4, 0xff, 0x40, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3, 0xd}, 0x48) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_tracing={0x1a, 0x6, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x42}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xb}, @ldst={0x1, 0x0, 0x2, 0x8, 0x4, 0xfffffffffffffff4, 0xfffffffffffffff0}, @exit, @ldst={0x0, 0x0, 0x0, 0x0, 0xa, 0xdc, 0xffffffffffffffec}], &(0x7f00000000c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000100)=""/129, 0x41100, 0x0, '\x00', 0x0, 0x1a, r0, 0x8, &(0x7f00000001c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0x8, 0x562, 0x10000}, 0x10, 0x29b66, r1, 0x0, &(0x7f00000003c0)=[r2, 0x1, r3, 0x1, 0x1, r4, 0x1, 0xffffffffffffffff]}, 0x80) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040)=0x301080, 0x4) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)

03:35:24 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x20002, 0x294}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:24 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000080)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:24 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
socketpair(0x28, 0x4, 0x80000000, &(0x7f0000000000))

03:35:24 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46)

03:35:24 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x20002, 0x294}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:24 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x2000ff23, 0x0, 0xfffffffd, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:24 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
socketpair(0x28, 0x4, 0x80000000, &(0x7f0000000000))

03:35:24 executing program 1:
r0 = io_uring_setup(0x54c, &(0x7f0000000240)={0x0, 0x271d, 0x20, 0x0, 0x297})
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xe, 0x50, r0, 0x10000000)

[ 1555.905901][T25356] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1555.914151][T25356] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1555.922048][T25356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1555.929858][T25356] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1555.937778][T25356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1555.945587][T25356] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1555.953400][T25356]  </TASK>
03:35:24 executing program 3:
r0 = syz_io_uring_setup(0x72e9, &(0x7f0000000100)={0x0, 0x2, 0x1a0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x4800, 0x0)
write$selinux_attr(r1, &(0x7f00000000c0)='/usr/sbin/ntpd\x00', 0xf)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f0000000180)={@id={0x2, 0x0, @a}})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0xb8cef679df93e881)

03:35:24 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
socketpair(0x28, 0x4, 0x80000000, &(0x7f0000000000))

[ 1556.014886][T25431] FAULT_INJECTION: forcing a failure.
[ 1556.014886][T25431] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1556.044463][T25431] CPU: 1 PID: 25431 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1556.054634][T25431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1556.064529][T25431] Call Trace:
[ 1556.067733][T25431]  <TASK>
[ 1556.070516][T25431]  dump_stack_lvl+0x151/0x1b7
[ 1556.075027][T25431]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1556.080319][T25431]  ? stack_trace_save+0x1f0/0x1f0
[ 1556.085180][T25431]  ? __kernel_text_address+0x9a/0x110
[ 1556.090389][T25431]  dump_stack+0x15/0x17
[ 1556.094383][T25431]  should_fail+0x3c0/0x510
[ 1556.098658][T25431]  should_fail_alloc_page+0x58/0x70
[ 1556.103761][T25431]  __alloc_pages+0x1de/0x7c0
[ 1556.108193][T25431]  ? stack_trace_save+0x12d/0x1f0
[ 1556.113057][T25431]  ? stack_trace_snprint+0x100/0x100
[ 1556.118605][T25431]  ? __count_vm_events+0x30/0x30
[ 1556.123553][T25431]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1556.128760][T25431]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1556.133623][T25431]  ? kmem_cache_alloc+0x189/0x2f0
[ 1556.138477][T25431]  ? anon_vma_fork+0x1b9/0x4f0
[ 1556.143093][T25431]  get_zeroed_page+0x19/0x40
[ 1556.147505][T25431]  __pud_alloc+0x8b/0x260
[ 1556.151677][T25431]  ? do_handle_mm_fault+0x2370/0x2370
[ 1556.156881][T25431]  copy_page_range+0xd9e/0x1090
[ 1556.161571][T25431]  ? pfn_valid+0x1e0/0x1e0
[ 1556.165822][T25431]  dup_mmap+0x99f/0xea0
[ 1556.169909][T25431]  ? __delayed_free_task+0x20/0x20
[ 1556.174844][T25431]  ? mm_init+0x807/0x960
[ 1556.179015][T25431]  dup_mm+0x91/0x330
[ 1556.182948][T25431]  copy_mm+0x108/0x1b0
[ 1556.186942][T25431]  copy_process+0x1295/0x3250
[ 1556.191452][T25431]  ? proc_fail_nth_write+0x213/0x290
[ 1556.196573][T25431]  ? proc_fail_nth_read+0x220/0x220
[ 1556.201805][T25431]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1556.206729][T25431]  ? vfs_write+0x9af/0x1050
[ 1556.211073][T25431]  kernel_clone+0x22d/0x990
[ 1556.215404][T25431]  ? file_end_write+0x1b0/0x1b0
[ 1556.220091][T25431]  ? __kasan_check_write+0x14/0x20
[ 1556.225044][T25431]  ? create_io_thread+0x1e0/0x1e0
[ 1556.229905][T25431]  ? __mutex_lock_slowpath+0x10/0x10
[ 1556.235029][T25431]  __x64_sys_clone+0x289/0x310
[ 1556.239625][T25431]  ? __do_sys_vfork+0x130/0x130
[ 1556.244312][T25431]  ? debug_smp_processor_id+0x17/0x20
[ 1556.249522][T25431]  do_syscall_64+0x44/0xd0
[ 1556.253857][T25431]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1556.259675][T25431] RIP: 0033:0x7fed39e510c9
[ 1556.263925][T25431] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1556.283454][T25431] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1556.291705][T25431] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1556.299509][T25431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1556.307321][T25431] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
03:35:25 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xc0ffff00000000, 0x4000013, r2, 0x0)

03:35:25 executing program 1:
r0 = io_uring_setup(0x54c, &(0x7f0000000240)={0x0, 0x271d, 0x20, 0x0, 0x297})
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xe, 0x50, r0, 0x10000000)
io_uring_setup(0x54c, &(0x7f0000000240)={0x0, 0x271d, 0x20, 0x0, 0x297}) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xe, 0x50, r0, 0x10000000) (async)

03:35:25 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x2000ff23, 0x0, 0xfffffffd, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:25 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x80, 0xa62}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))

03:35:25 executing program 3:
r0 = syz_io_uring_setup(0x72e9, &(0x7f0000000100)={0x0, 0x2, 0x1a0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x4800, 0x0)
write$selinux_attr(r1, &(0x7f00000000c0)='/usr/sbin/ntpd\x00', 0xf)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f0000000180)={@id={0x2, 0x0, @a}})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0xb8cef679df93e881)
syz_io_uring_setup(0x72e9, &(0x7f0000000100)={0x0, 0x2, 0x1a0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x4800, 0x0) (async)
write$selinux_attr(r1, &(0x7f00000000c0)='/usr/sbin/ntpd\x00', 0xf) (async)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f0000000180)={@id={0x2, 0x0, @a}}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0xb8cef679df93e881) (async)

[ 1556.315133][T25431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1556.322941][T25431] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1556.330758][T25431]  </TASK>
03:35:25 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47)

03:35:25 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x80, 0xa62}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))

03:35:25 executing program 1:
r0 = io_uring_setup(0x54c, &(0x7f0000000240)={0x0, 0x271d, 0x20, 0x0, 0x297})
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xe, 0x50, r0, 0x10000000)

03:35:25 executing program 3:
r0 = syz_io_uring_setup(0x72e9, &(0x7f0000000100)={0x0, 0x2, 0x1a0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x4800, 0x0)
write$selinux_attr(r1, &(0x7f00000000c0)='/usr/sbin/ntpd\x00', 0xf) (async)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f0000000180)={@id={0x2, 0x0, @a}}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0xb8cef679df93e881)

03:35:25 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0x2000ff23, 0x0, 0xfffffffd, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:25 executing program 3:
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}, [@ldst={0x1, 0x1, 0x2, 0x3, 0x5, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x1}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xc}, @generic={0x4, 0x4, 0x3, 0x7, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x10001, 0xdc, &(0x7f0000000240)=""/220, 0x41100, 0xd, '\x00', r0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x5, 0x10, 0x0, 0xc185}, 0x10, 0x10d18, r1}, 0x80)
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r2, 0x0)

03:35:25 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x80, 0xa62}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))

03:35:25 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf0ff1f00000000, 0x4000013, r2, 0x0)

03:35:25 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x1000000, 0x2, 0x0, 0xfffffffc})
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x200}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc805}, 0x4015)

03:35:25 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000200)=""/15, 0x2b4b5552eaab4a00, 0x1000, 0x4, 0x3}, 0x20)
r1 = syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x110, r1, 0x10000000)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x2c00c3, 0x0)
setsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000100)=0x7da88d8d, 0x4)
r3 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r3, 0x0)

03:35:25 executing program 3:
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}, [@ldst={0x1, 0x1, 0x2, 0x3, 0x5, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x1}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xc}, @generic={0x4, 0x4, 0x3, 0x7, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x10001, 0xdc, &(0x7f0000000240)=""/220, 0x41100, 0xd, '\x00', r0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x5, 0x10, 0x0, 0xc185}, 0x10, 0x10d18, r1}, 0x80)
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r2, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}, [@ldst={0x1, 0x1, 0x2, 0x3, 0x5, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x1}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xc}, @generic={0x4, 0x4, 0x3, 0x7, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x10001, 0xdc, &(0x7f0000000240)=""/220, 0x41100, 0xd, '\x00', r0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x5, 0x10, 0x0, 0xc185}, 0x10, 0x10d18, r1}, 0x80) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r2, 0x0) (async)

03:35:25 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x1, 0x3}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_AIE_ON(r0, 0x7001)
r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x1, 0x410200)
syz_io_uring_setup(0x3947, &(0x7f0000000180)={0x0, 0xc00d, 0x8, 0x0, 0x3ab, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000200))

[ 1556.444979][T25473] FAULT_INJECTION: forcing a failure.
[ 1556.444979][T25473] name failslab, interval 1, probability 0, space 0, times 0
[ 1556.489201][T25473] CPU: 0 PID: 25473 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1556.499285][T25473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1556.509272][T25473] Call Trace:
[ 1556.512394][T25473]  <TASK>
[ 1556.515170][T25473]  dump_stack_lvl+0x151/0x1b7
[ 1556.519686][T25473]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1556.524978][T25473]  dump_stack+0x15/0x17
[ 1556.529122][T25473]  should_fail+0x3c0/0x510
[ 1556.533344][T25473]  __should_failslab+0x9f/0xe0
[ 1556.537947][T25473]  should_failslab+0x9/0x20
[ 1556.542306][T25473]  kmem_cache_alloc+0x4f/0x2f0
[ 1556.546887][T25473]  ? vm_area_dup+0x26/0x1d0
[ 1556.551225][T25473]  vm_area_dup+0x26/0x1d0
[ 1556.555943][T25473]  dup_mmap+0x6b8/0xea0
[ 1556.559932][T25473]  ? __delayed_free_task+0x20/0x20
[ 1556.564879][T25473]  ? mm_init+0x807/0x960
[ 1556.568980][T25473]  dup_mm+0x91/0x330
[ 1556.572693][T25473]  copy_mm+0x108/0x1b0
[ 1556.576685][T25473]  copy_process+0x1295/0x3250
[ 1556.581285][T25473]  ? proc_fail_nth_write+0x213/0x290
[ 1556.586404][T25473]  ? proc_fail_nth_read+0x220/0x220
[ 1556.591442][T25473]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1556.596384][T25473]  ? vfs_write+0x9af/0x1050
[ 1556.600811][T25473]  kernel_clone+0x22d/0x990
[ 1556.605156][T25473]  ? file_end_write+0x1b0/0x1b0
[ 1556.609838][T25473]  ? __kasan_check_write+0x14/0x20
[ 1556.614834][T25473]  ? create_io_thread+0x1e0/0x1e0
[ 1556.619665][T25473]  ? __mutex_lock_slowpath+0x10/0x10
[ 1556.624857][T25473]  __x64_sys_clone+0x289/0x310
[ 1556.629454][T25473]  ? __do_sys_vfork+0x130/0x130
[ 1556.634594][T25473]  ? debug_smp_processor_id+0x17/0x20
[ 1556.639801][T25473]  do_syscall_64+0x44/0xd0
[ 1556.644049][T25473]  ? irqentry_exit+0x12/0x40
[ 1556.648488][T25473]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1556.654204][T25473] RIP: 0033:0x7fed39e510c9
[ 1556.658458][T25473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1556.677989][T25473] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:25 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48)

03:35:25 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x1000000, 0x2, 0x0, 0xfffffffc})
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x200}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc805}, 0x4015)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x1000000, 0x2, 0x0, 0xfffffffc}) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x200}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc805}, 0x4015) (async)

03:35:25 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000200)=""/15, 0x2b4b5552eaab4a00, 0x1000, 0x4, 0x3}, 0x20)
r1 = syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x110, r1, 0x10000000)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x2c00c3, 0x0)
setsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000100)=0x7da88d8d, 0x4)
r3 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r3, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) (async)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000200)=""/15, 0x2b4b5552eaab4a00, 0x1000, 0x4, 0x3}, 0x20) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x110, r1, 0x10000000) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x2c00c3, 0x0) (async)
setsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000100)=0x7da88d8d, 0x4) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r3, 0x0) (async)

03:35:25 executing program 3:
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14) (async, rerun: 64)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 64)
getsockname$packet(r1, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}, [@ldst={0x1, 0x1, 0x2, 0x3, 0x5, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x1}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xc}, @generic={0x4, 0x4, 0x3, 0x7, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x10001, 0xdc, &(0x7f0000000240)=""/220, 0x41100, 0xd, '\x00', r0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x5, 0x10, 0x0, 0xc185}, 0x10, 0x10d18, r1}, 0x80) (async, rerun: 64)
r2 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r2, 0x0)

03:35:25 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x100000000000000, 0x4000013, r2, 0x0)

03:35:25 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x1, 0x3}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$RTC_AIE_ON(r0, 0x7001) (async)
r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x1, 0x410200)
syz_io_uring_setup(0x3947, &(0x7f0000000180)={0x0, 0xc00d, 0x8, 0x0, 0x3ab, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000200))

[ 1556.686318][T25473] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1556.694268][T25473] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1556.702110][T25473] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1556.709890][T25473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1556.717699][T25473] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1556.725517][T25473]  </TASK>
03:35:25 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000280)=0x200)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0x66f1, 0x4)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x441c1, 0x0)
syz_io_uring_setup(0x5339, &(0x7f0000000180)={0x0, 0x4ae1, 0x0, 0x0, 0xcc, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000240))
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f00000002c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:25 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x1, 0x3}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$RTC_AIE_ON(r0, 0x7001)
r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x1, 0x410200)
syz_io_uring_setup(0x3947, &(0x7f0000000180)={0x0, 0xc00d, 0x8, 0x0, 0x3ab, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000200))

03:35:25 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x1000000, 0x2, 0x0, 0xfffffffc}) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x200}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc805}, 0x4015)

03:35:25 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000200)=""/15, 0x2b4b5552eaab4a00, 0x1000, 0x4, 0x3}, 0x20) (async, rerun: 32)
r1 = syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (rerun: 32)
mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x110, r1, 0x10000000)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x2c00c3, 0x0)
setsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000100)=0x7da88d8d, 0x4) (async, rerun: 32)
r3 = io_uring_setup(0x120c, &(0x7f0000000240)) (rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r3, 0x0)

03:35:25 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xb31d8d40cff8da9, 0x0)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002dbd7000fedbdf0300030000000000000008000700", @ANYRES32, @ANYBLOB="06f30500030003010000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:25 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/battery', 0x800, 0x8)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_ext={0x1c, 0x9, &(0x7f0000000180)=@raw=[@exit, @call={0x85, 0x0, 0x0, 0xa}, @generic={0x1, 0xb, 0x0, 0x1, 0xd74}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7f}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}], &(0x7f0000000000)='GPL\x00', 0x4f000000, 0xb5, &(0x7f0000000200)=""/181, 0x41100, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000002c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x6, 0x80000000, 0x5}, 0x10, 0x428d, r1, 0x0, &(0x7f0000000340)=[r2]}, 0x80)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1556.772751][T25508] FAULT_INJECTION: forcing a failure.
[ 1556.772751][T25508] name failslab, interval 1, probability 0, space 0, times 0
[ 1556.850787][T25508] CPU: 1 PID: 25508 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1556.861043][T25508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1556.870934][T25508] Call Trace:
[ 1556.874057][T25508]  <TASK>
[ 1556.876923][T25508]  dump_stack_lvl+0x151/0x1b7
[ 1556.881433][T25508]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1556.886731][T25508]  dump_stack+0x15/0x17
[ 1556.890723][T25508]  should_fail+0x3c0/0x510
[ 1556.894975][T25508]  __should_failslab+0x9f/0xe0
[ 1556.899572][T25508]  should_failslab+0x9/0x20
[ 1556.903911][T25508]  kmem_cache_alloc+0x4f/0x2f0
[ 1556.908516][T25508]  ? vm_area_dup+0x26/0x1d0
[ 1556.912852][T25508]  vm_area_dup+0x26/0x1d0
[ 1556.917018][T25508]  dup_mmap+0x6b8/0xea0
[ 1556.921012][T25508]  ? __delayed_free_task+0x20/0x20
[ 1556.925959][T25508]  ? mm_init+0x807/0x960
[ 1556.930044][T25508]  dup_mm+0x91/0x330
[ 1556.933794][T25508]  copy_mm+0x108/0x1b0
[ 1556.937686][T25508]  copy_process+0x1295/0x3250
[ 1556.942192][T25508]  ? proc_fail_nth_write+0x213/0x290
[ 1556.947309][T25508]  ? proc_fail_nth_read+0x220/0x220
[ 1556.952348][T25508]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1556.957290][T25508]  ? vfs_write+0x9af/0x1050
[ 1556.961630][T25508]  kernel_clone+0x22d/0x990
[ 1556.966580][T25508]  ? file_end_write+0x1b0/0x1b0
[ 1556.971268][T25508]  ? __kasan_check_write+0x14/0x20
[ 1556.976213][T25508]  ? create_io_thread+0x1e0/0x1e0
[ 1556.981508][T25508]  ? __mutex_lock_slowpath+0x10/0x10
[ 1556.986633][T25508]  __x64_sys_clone+0x289/0x310
[ 1556.991227][T25508]  ? __do_sys_vfork+0x130/0x130
[ 1556.995914][T25508]  ? debug_smp_processor_id+0x17/0x20
[ 1557.001129][T25508]  do_syscall_64+0x44/0xd0
[ 1557.005377][T25508]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1557.011101][T25508] RIP: 0033:0x7fed39e510c9
[ 1557.015876][T25508] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1557.035408][T25508] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1557.043911][T25508] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
03:35:25 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49)

03:35:25 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000280)=0x200)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0x66f1, 0x4)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x441c1, 0x0)
syz_io_uring_setup(0x5339, &(0x7f0000000180)={0x0, 0x4ae1, 0x0, 0x0, 0xcc, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000240)) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f00000002c0)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:25 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xb31d8d40cff8da9, 0x0)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002dbd7000fedbdf0300030000000000000008000700", @ANYRES32, @ANYBLOB="06f30500030003010000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xb31d8d40cff8da9, 0x0) (async)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002dbd7000fedbdf0300030000000000000008000700", @ANYRES32, @ANYBLOB="06f30500030003010000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)

03:35:25 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/battery', 0x800, 0x8)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_ext={0x1c, 0x9, &(0x7f0000000180)=@raw=[@exit, @call={0x85, 0x0, 0x0, 0xa}, @generic={0x1, 0xb, 0x0, 0x1, 0xd74}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7f}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}], &(0x7f0000000000)='GPL\x00', 0x4f000000, 0xb5, &(0x7f0000000200)=""/181, 0x41100, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000002c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x6, 0x80000000, 0x5}, 0x10, 0x428d, r1, 0x0, &(0x7f0000000340)=[r2]}, 0x80)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:25 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x200000000000000, 0x4000013, r2, 0x0)

03:35:25 executing program 2:
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000000)={&(0x7f0000000340)=""/4096, 0x38000, 0x1800, 0xfffffeff, 0x1}, 0x20)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000200)=0x1018900, 0x4)
mknodat$null(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x103)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000001340), &(0x7f0000001380)=0x30)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = syz_io_uring_setup(0x67d, &(0x7f00000002c0)={0x0, 0xef23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000140)=""/4)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000010, 0x1010, r0, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001400), 0x68800, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f00000013c0), r3)
ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
getsockname$packet(r2, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x1, 'veth0_to_bridge\x00', {}, 0x9})
syz_open_dev$loop(&(0x7f0000000040), 0xfffffffffffff93d, 0x80080)

03:35:25 executing program 2:
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000000)={&(0x7f0000000340)=""/4096, 0x38000, 0x1800, 0xfffffeff, 0x1}, 0x20) (async, rerun: 64)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000200)=0x1018900, 0x4) (rerun: 64)
mknodat$null(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x103)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000001340), &(0x7f0000001380)=0x30) (async)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = syz_io_uring_setup(0x67d, &(0x7f00000002c0)={0x0, 0xef23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000140)=""/4) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000010, 0x1010, r0, 0x10000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001400), 0x68800, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f00000013c0), r3) (async)
ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) (async, rerun: 64)
getsockname$packet(r2, 0x0, 0x0) (async, rerun: 64)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x1, 'veth0_to_bridge\x00', {}, 0x9}) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000040), 0xfffffffffffff93d, 0x80080) (rerun: 64)

[ 1557.051809][T25508] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1557.059621][T25508] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1557.067515][T25508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1557.075329][T25508] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1557.083143][T25508]  </TASK>
03:35:25 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/battery', 0x800, 0x8) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_ext={0x1c, 0x9, &(0x7f0000000180)=@raw=[@exit, @call={0x85, 0x0, 0x0, 0xa}, @generic={0x1, 0xb, 0x0, 0x1, 0xd74}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7f}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}], &(0x7f0000000000)='GPL\x00', 0x4f000000, 0xb5, &(0x7f0000000200)=""/181, 0x41100, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000002c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x6, 0x80000000, 0x5}, 0x10, 0x428d, r1, 0x0, &(0x7f0000000340)=[r2]}, 0x80) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:25 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000280)=0x200)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0x66f1, 0x4) (async)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x441c1, 0x0)
syz_io_uring_setup(0x5339, &(0x7f0000000180)={0x0, 0x4ae1, 0x0, 0x0, 0xcc, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000240))
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f00000002c0)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:25 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xb31d8d40cff8da9, 0x0)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002dbd7000fedbdf0300030000000000000008000700", @ANYRES32, @ANYBLOB="06f30500030003010000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:25 executing program 5:
syz_open_dev$mouse(&(0x7f0000000000), 0x1f, 0x20080)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0)

03:35:25 executing program 1:
io_uring_setup(0x4d30, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x200})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

[ 1557.161661][T25577] FAULT_INJECTION: forcing a failure.
[ 1557.161661][T25577] name failslab, interval 1, probability 0, space 0, times 0
[ 1557.183516][T25577] CPU: 0 PID: 25577 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1557.193598][T25577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1557.203489][T25577] Call Trace:
[ 1557.206616][T25577]  <TASK>
[ 1557.209394][T25577]  dump_stack_lvl+0x151/0x1b7
[ 1557.213905][T25577]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1557.219202][T25577]  dump_stack+0x15/0x17
[ 1557.223191][T25577]  should_fail+0x3c0/0x510
[ 1557.227449][T25577]  __should_failslab+0x9f/0xe0
[ 1557.232043][T25577]  should_failslab+0x9/0x20
[ 1557.236384][T25577]  kmem_cache_alloc+0x4f/0x2f0
[ 1557.240983][T25577]  ? vm_area_dup+0x26/0x1d0
[ 1557.245328][T25577]  vm_area_dup+0x26/0x1d0
[ 1557.249575][T25577]  dup_mmap+0x6b8/0xea0
[ 1557.253593][T25577]  ? __delayed_free_task+0x20/0x20
[ 1557.258515][T25577]  ? mm_init+0x807/0x960
[ 1557.262596][T25577]  dup_mm+0x91/0x330
[ 1557.266329][T25577]  copy_mm+0x108/0x1b0
[ 1557.270234][T25577]  copy_process+0x1295/0x3250
[ 1557.274943][T25577]  ? proc_fail_nth_write+0x213/0x290
[ 1557.280039][T25577]  ? proc_fail_nth_read+0x220/0x220
[ 1557.285077][T25577]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1557.290027][T25577]  ? vfs_write+0x9af/0x1050
[ 1557.294365][T25577]  kernel_clone+0x22d/0x990
[ 1557.298717][T25577]  ? file_end_write+0x1b0/0x1b0
[ 1557.303385][T25577]  ? __kasan_check_write+0x14/0x20
[ 1557.308334][T25577]  ? create_io_thread+0x1e0/0x1e0
[ 1557.313197][T25577]  ? __mutex_lock_slowpath+0x10/0x10
[ 1557.318402][T25577]  __x64_sys_clone+0x289/0x310
[ 1557.323019][T25577]  ? __do_sys_vfork+0x130/0x130
[ 1557.327691][T25577]  ? debug_smp_processor_id+0x17/0x20
[ 1557.332903][T25577]  do_syscall_64+0x44/0xd0
[ 1557.337276][T25577]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1557.342997][T25577] RIP: 0033:0x7fed39e510c9
[ 1557.347367][T25577] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1557.366805][T25577] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1557.375078][T25577] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1557.382858][T25577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1557.390672][T25577] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1557.398702][T25577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1557.406514][T25577] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1557.414329][T25577]  </TASK>
03:35:26 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50)

03:35:26 executing program 5:
syz_open_dev$mouse(&(0x7f0000000000), 0x1f, 0x20080)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0)
syz_open_dev$mouse(&(0x7f0000000000), 0x1f, 0x20080) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) (async)

03:35:26 executing program 2:
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000000)={&(0x7f0000000340)=""/4096, 0x38000, 0x1800, 0xfffffeff, 0x1}, 0x20) (async)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000200)=0x1018900, 0x4) (async)
mknodat$null(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x103)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000001340), &(0x7f0000001380)=0x30)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
r0 = syz_io_uring_setup(0x67d, &(0x7f00000002c0)={0x0, 0xef23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000140)=""/4) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000010, 0x1010, r0, 0x10000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001400), 0x68800, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f00000013c0), r3) (async)
ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x1, 'veth0_to_bridge\x00', {}, 0x9})
syz_open_dev$loop(&(0x7f0000000040), 0xfffffffffffff93d, 0x80080)

03:35:26 executing program 1:
io_uring_setup(0x4d30, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x200}) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

03:35:26 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x400000000000000, 0x4000013, r2, 0x0)

03:35:26 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bind$802154_raw(r1, &(0x7f0000000000)={0x24, @none={0x0, 0x1}}, 0x14)

03:35:26 executing program 5:
syz_open_dev$mouse(&(0x7f0000000000), 0x1f, 0x20080) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0)

03:35:26 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
bind$802154_raw(r1, &(0x7f0000000000)={0x24, @none={0x0, 0x1}}, 0x14)

03:35:26 executing program 1:
io_uring_setup(0x4d30, &(0x7f0000000240)={0x0, 0x0, 0x10, 0x200}) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

03:35:26 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8010, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]})

03:35:26 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x1b18, &(0x7f0000000180)={0x0, 0x637b, 0x2, 0x3, 0x176, 0x0, r0}, &(0x7f0000800000/0x800000)=nil, &(0x7f0000ded000/0x2000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000200))

03:35:26 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bind$802154_raw(r1, &(0x7f0000000000)={0x24, @none={0x0, 0x1}}, 0x14)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
bind$802154_raw(r1, &(0x7f0000000000)={0x24, @none={0x0, 0x1}}, 0x14) (async)

[ 1557.488784][T25612] FAULT_INJECTION: forcing a failure.
[ 1557.488784][T25612] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1557.529757][T25612] CPU: 0 PID: 25612 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1557.539834][T25612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1557.549731][T25612] Call Trace:
[ 1557.552854][T25612]  <TASK>
[ 1557.555631][T25612]  dump_stack_lvl+0x151/0x1b7
[ 1557.560145][T25612]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1557.565440][T25612]  dump_stack+0x15/0x17
[ 1557.569430][T25612]  should_fail+0x3c0/0x510
[ 1557.573683][T25612]  should_fail_alloc_page+0x58/0x70
[ 1557.578716][T25612]  __alloc_pages+0x1de/0x7c0
[ 1557.583149][T25612]  ? __count_vm_events+0x30/0x30
[ 1557.587920][T25612]  ? __this_cpu_preempt_check+0x13/0x20
[ 1557.593298][T25612]  ? __mod_node_page_state+0xac/0xf0
[ 1557.598414][T25612]  pte_alloc_one+0x73/0x1b0
[ 1557.602753][T25612]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1557.607787][T25612]  __pte_alloc+0x86/0x350
[ 1557.611955][T25612]  ? free_pgtables+0x210/0x210
[ 1557.616551][T25612]  ? _raw_spin_lock+0xa3/0x1b0
[ 1557.621151][T25612]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1557.626360][T25612]  ? __kernel_text_address+0x9a/0x110
[ 1557.631570][T25612]  copy_pte_range+0x1b1f/0x20b0
[ 1557.636256][T25612]  ? __kunmap_atomic+0x80/0x80
[ 1557.640854][T25612]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1557.645714][T25612]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1557.650581][T25612]  ? kmem_cache_alloc+0x189/0x2f0
[ 1557.655435][T25612]  ? vm_area_dup+0x26/0x1d0
[ 1557.659773][T25612]  ? dup_mmap+0x6b8/0xea0
[ 1557.663943][T25612]  ? dup_mm+0x91/0x330
[ 1557.667846][T25612]  ? copy_mm+0x108/0x1b0
[ 1557.671925][T25612]  ? copy_process+0x1295/0x3250
[ 1557.676614][T25612]  ? kernel_clone+0x22d/0x990
[ 1557.681126][T25612]  ? __x64_sys_clone+0x289/0x310
[ 1557.685896][T25612]  ? do_syscall_64+0x44/0xd0
[ 1557.690324][T25612]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1557.696231][T25612]  copy_page_range+0xc1e/0x1090
[ 1557.700916][T25612]  ? pfn_valid+0x1e0/0x1e0
[ 1557.705189][T25612]  dup_mmap+0x99f/0xea0
[ 1557.709159][T25612]  ? __delayed_free_task+0x20/0x20
[ 1557.714107][T25612]  ? mm_init+0x807/0x960
[ 1557.718188][T25612]  dup_mm+0x91/0x330
[ 1557.721918][T25612]  copy_mm+0x108/0x1b0
[ 1557.725824][T25612]  copy_process+0x1295/0x3250
[ 1557.730346][T25612]  ? proc_fail_nth_write+0x213/0x290
[ 1557.735553][T25612]  ? proc_fail_nth_read+0x220/0x220
[ 1557.740584][T25612]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1557.745562][T25612]  ? vfs_write+0x9af/0x1050
[ 1557.749883][T25612]  kernel_clone+0x22d/0x990
[ 1557.754213][T25612]  ? file_end_write+0x1b0/0x1b0
[ 1557.758898][T25612]  ? __kasan_check_write+0x14/0x20
[ 1557.763844][T25612]  ? create_io_thread+0x1e0/0x1e0
[ 1557.768705][T25612]  ? __mutex_lock_slowpath+0x10/0x10
[ 1557.773829][T25612]  __x64_sys_clone+0x289/0x310
[ 1557.778429][T25612]  ? __do_sys_vfork+0x130/0x130
[ 1557.783114][T25612]  ? debug_smp_processor_id+0x17/0x20
[ 1557.788325][T25612]  do_syscall_64+0x44/0xd0
[ 1557.792573][T25612]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1557.798302][T25612] RIP: 0033:0x7fed39e510c9
[ 1557.802556][T25612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1557.821997][T25612] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:26 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51)

03:35:26 executing program 3:
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000240)=""/224)
r0 = syz_io_uring_setup(0x472e5, &(0x7f0000000100)={0x0, 0x1, 0x11c, 0x1, 0x4}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000000)=""/75)

03:35:26 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x1b18, &(0x7f0000000180)={0x0, 0x637b, 0x2, 0x3, 0x176, 0x0, r0}, &(0x7f0000800000/0x800000)=nil, &(0x7f0000ded000/0x2000)=nil, &(0x7f0000000000), &(0x7f00000000c0)) (async, rerun: 64)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 64)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000200))

03:35:26 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x800000000000000, 0x4000013, r2, 0x0)

03:35:26 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8010, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8010, r1, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}) (async)

03:35:26 executing program 1:
io_uring_setup(0x2cb2, &(0x7f0000000000)={0x0, 0xa36c, 0x2, 0x2, 0xfffffffc})
syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x400)
r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x8, 0x525100)
ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000100)=""/158)

[ 1557.830240][T25612] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1557.838058][T25612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1557.845954][T25612] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1557.853766][T25612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1557.861578][T25612] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1557.869414][T25612]  </TASK>
03:35:26 executing program 1:
io_uring_setup(0x2cb2, &(0x7f0000000000)={0x0, 0xa36c, 0x2, 0x2, 0xfffffffc}) (async)
syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x400)
r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x8, 0x525100)
ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000100)=""/158)

03:35:26 executing program 3:
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000240)=""/224)
r0 = syz_io_uring_setup(0x472e5, &(0x7f0000000100)={0x0, 0x1, 0x11c, 0x1, 0x4}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000000)=""/75)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000240)=""/224) (async)
syz_io_uring_setup(0x472e5, &(0x7f0000000100)={0x0, 0x1, 0x11c, 0x1, 0x4}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000000)=""/75) (async)

03:35:26 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8010, r1, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]})

03:35:26 executing program 1:
io_uring_setup(0x2cb2, &(0x7f0000000000)={0x0, 0xa36c, 0x2, 0x2, 0xfffffffc}) (async)
syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x400) (async)
r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x8, 0x525100)
ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000100)=""/158)

03:35:26 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
clock_getres(0x2, &(0x7f0000000080))
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:26 executing program 3:
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000240)=""/224)
r0 = syz_io_uring_setup(0x472e5, &(0x7f0000000100)={0x0, 0x1, 0x11c, 0x1, 0x4}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000000)=""/75)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000240)=""/224) (async)
syz_io_uring_setup(0x472e5, &(0x7f0000000100)={0x0, 0x1, 0x11c, 0x1, 0x4}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000000)=""/75) (async)

[ 1558.115225][T25731] FAULT_INJECTION: forcing a failure.
[ 1558.115225][T25731] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1558.133304][T25731] CPU: 0 PID: 25731 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1558.143381][T25731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1558.153272][T25731] Call Trace:
[ 1558.156393][T25731]  <TASK>
[ 1558.159167][T25731]  dump_stack_lvl+0x151/0x1b7
[ 1558.163685][T25731]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1558.169009][T25731]  dump_stack+0x15/0x17
[ 1558.172980][T25731]  should_fail+0x3c0/0x510
[ 1558.177225][T25731]  should_fail_alloc_page+0x58/0x70
[ 1558.182258][T25731]  __alloc_pages+0x1de/0x7c0
[ 1558.186688][T25731]  ? __count_vm_events+0x30/0x30
[ 1558.191460][T25731]  ? __this_cpu_preempt_check+0x13/0x20
[ 1558.196839][T25731]  ? __mod_node_page_state+0xac/0xf0
[ 1558.201959][T25731]  pte_alloc_one+0x73/0x1b0
[ 1558.206299][T25731]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1558.211337][T25731]  __pte_alloc+0x86/0x350
[ 1558.215500][T25731]  ? free_pgtables+0x210/0x210
[ 1558.220096][T25731]  ? _raw_spin_lock+0xa3/0x1b0
[ 1558.224697][T25731]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1558.229917][T25731]  ? __kernel_text_address+0x9a/0x110
[ 1558.235113][T25731]  copy_pte_range+0x1b1f/0x20b0
[ 1558.239805][T25731]  ? __kunmap_atomic+0x80/0x80
[ 1558.244398][T25731]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1558.249260][T25731]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1558.254204][T25731]  ? kmem_cache_alloc+0x189/0x2f0
[ 1558.259067][T25731]  ? vm_area_dup+0x26/0x1d0
[ 1558.263406][T25731]  ? dup_mmap+0x6b8/0xea0
[ 1558.267574][T25731]  ? dup_mm+0x91/0x330
[ 1558.271536][T25731]  ? copy_mm+0x108/0x1b0
[ 1558.275560][T25731]  ? copy_process+0x1295/0x3250
[ 1558.280255][T25731]  ? kernel_clone+0x22d/0x990
[ 1558.284843][T25731]  ? __x64_sys_clone+0x289/0x310
[ 1558.289615][T25731]  ? do_syscall_64+0x44/0xd0
[ 1558.294046][T25731]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1558.299948][T25731]  copy_page_range+0xc1e/0x1090
[ 1558.304642][T25731]  ? pfn_valid+0x1e0/0x1e0
[ 1558.308890][T25731]  dup_mmap+0x99f/0xea0
[ 1558.312884][T25731]  ? __delayed_free_task+0x20/0x20
[ 1558.317919][T25731]  ? mm_init+0x807/0x960
[ 1558.321998][T25731]  dup_mm+0x91/0x330
[ 1558.325741][T25731]  copy_mm+0x108/0x1b0
[ 1558.329635][T25731]  copy_process+0x1295/0x3250
[ 1558.334155][T25731]  ? proc_fail_nth_write+0x213/0x290
[ 1558.339297][T25731]  ? proc_fail_nth_read+0x220/0x220
[ 1558.344304][T25731]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1558.349250][T25731]  ? vfs_write+0x9af/0x1050
[ 1558.353588][T25731]  ? vmacache_update+0xb7/0x120
[ 1558.358595][T25731]  kernel_clone+0x22d/0x990
[ 1558.362892][T25731]  ? file_end_write+0x1b0/0x1b0
[ 1558.367566][T25731]  ? __kasan_check_write+0x14/0x20
[ 1558.372513][T25731]  ? create_io_thread+0x1e0/0x1e0
[ 1558.377372][T25731]  ? __mutex_lock_slowpath+0x10/0x10
[ 1558.382492][T25731]  __x64_sys_clone+0x289/0x310
[ 1558.387092][T25731]  ? __do_sys_vfork+0x130/0x130
[ 1558.391789][T25731]  ? debug_smp_processor_id+0x17/0x20
[ 1558.396989][T25731]  do_syscall_64+0x44/0xd0
[ 1558.401238][T25731]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1558.406976][T25731] RIP: 0033:0x7fed39e510c9
[ 1558.411220][T25731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1558.430747][T25731] RSP: 002b:00007fed38ba3118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1558.438989][T25731] RAX: ffffffffffffffda RBX: 00007fed39f71050 RCX: 00007fed39e510c9
[ 1558.446835][T25731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1558.454611][T25731] RBP: 00007fed38ba31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1558.462594][T25731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1558.470409][T25731] R13: 00007ffef667485f R14: 00007fed38ba3300 R15: 0000000000022000
[ 1558.478221][T25731]  </TASK>
03:35:27 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52)

03:35:27 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
clock_getres(0x2, &(0x7f0000000080)) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:27 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x800, 0x0, 0xfffffffc})

03:35:27 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000003, 0x10010, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:27 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x1b18, &(0x7f0000000180)={0x0, 0x637b, 0x2, 0x3, 0x176, 0x0, r0}, &(0x7f0000800000/0x800000)=nil, &(0x7f0000ded000/0x2000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000200))
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
syz_io_uring_setup(0x1b18, &(0x7f0000000180)={0x0, 0x637b, 0x2, 0x3, 0x176, 0x0, r0}, &(0x7f0000800000/0x800000)=nil, &(0x7f0000ded000/0x2000)=nil, &(0x7f0000000000), &(0x7f00000000c0)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000200)) (async)

03:35:27 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf00000000000000, 0x4000013, r2, 0x0)

03:35:27 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000003, 0x10010, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000003, 0x10010, r1, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:27 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
clock_getres(0x2, &(0x7f0000000080))
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
clock_getres(0x2, &(0x7f0000000080)) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:27 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x800, 0x0, 0xfffffffc})

[ 1558.721166][T25772] FAULT_INJECTION: forcing a failure.
[ 1558.721166][T25772] name failslab, interval 1, probability 0, space 0, times 0
[ 1558.751264][T25772] CPU: 1 PID: 25772 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1558.761868][T25772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1558.771764][T25772] Call Trace:
[ 1558.774891][T25772]  <TASK>
[ 1558.777666][T25772]  dump_stack_lvl+0x151/0x1b7
[ 1558.782178][T25772]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1558.787472][T25772]  dump_stack+0x15/0x17
[ 1558.791464][T25772]  should_fail+0x3c0/0x510
[ 1558.795720][T25772]  __should_failslab+0x9f/0xe0
[ 1558.800318][T25772]  should_failslab+0x9/0x20
[ 1558.804658][T25772]  kmem_cache_alloc+0x4f/0x2f0
[ 1558.809280][T25772]  ? anon_vma_fork+0x1b9/0x4f0
[ 1558.813858][T25772]  anon_vma_fork+0x1b9/0x4f0
[ 1558.818283][T25772]  dup_mmap+0x750/0xea0
[ 1558.822289][T25772]  ? __delayed_free_task+0x20/0x20
[ 1558.827220][T25772]  ? mm_init+0x807/0x960
[ 1558.831392][T25772]  dup_mm+0x91/0x330
[ 1558.835119][T25772]  copy_mm+0x108/0x1b0
[ 1558.839035][T25772]  copy_process+0x1295/0x3250
[ 1558.843643][T25772]  ? proc_fail_nth_write+0x213/0x290
[ 1558.848750][T25772]  ? proc_fail_nth_read+0x220/0x220
[ 1558.853780][T25772]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1558.858816][T25772]  ? vfs_write+0x9af/0x1050
[ 1558.863155][T25772]  kernel_clone+0x22d/0x990
[ 1558.867492][T25772]  ? file_end_write+0x1b0/0x1b0
[ 1558.872182][T25772]  ? __kasan_check_write+0x14/0x20
[ 1558.877141][T25772]  ? create_io_thread+0x1e0/0x1e0
[ 1558.881987][T25772]  ? __mutex_lock_slowpath+0x10/0x10
[ 1558.887109][T25772]  __x64_sys_clone+0x289/0x310
[ 1558.891712][T25772]  ? __do_sys_vfork+0x130/0x130
[ 1558.896398][T25772]  ? debug_smp_processor_id+0x17/0x20
[ 1558.901603][T25772]  do_syscall_64+0x44/0xd0
[ 1558.905863][T25772]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1558.911584][T25772] RIP: 0033:0x7fed39e510c9
[ 1558.915847][T25772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1558.935888][T25772] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1558.944129][T25772] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1558.951944][T25772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1558.959928][T25772] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
03:35:27 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x7effffffffff0f00, 0x4000013, r2, 0x0)

03:35:27 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2, 0x810, r1, 0x0)

03:35:27 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
io_uring_setup(0x6981, &(0x7f0000000180)={0x0, 0x75c5, 0x80, 0x0, 0x3d7, 0x0, r0})

03:35:27 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53)

03:35:27 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x800, 0x0, 0xfffffffc})

03:35:27 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000003, 0x10010, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:27 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4, 0x2, 0x2, 0x1a9, 0x0, r0})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x6)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000040))

[ 1558.967738][T25772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1558.975549][T25772] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1558.983362][T25772]  </TASK>
03:35:27 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:27 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2, 0x810, r1, 0x0)

03:35:27 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4, 0x2, 0x2, 0x1a9, 0x0, r0})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x6) (async)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000040))

03:35:27 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async, rerun: 64)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 64)
getsockname$packet(r0, 0x0, 0x0)
io_uring_setup(0x6981, &(0x7f0000000180)={0x0, 0x75c5, 0x80, 0x0, 0x3d7, 0x0, r0})

03:35:27 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2, 0x810, r1, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r2) (async)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2, 0x810, r1, 0x0) (async)

[ 1559.033884][T25807] FAULT_INJECTION: forcing a failure.
[ 1559.033884][T25807] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.076119][T25807] CPU: 0 PID: 25807 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1559.086200][T25807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1559.096094][T25807] Call Trace:
[ 1559.099219][T25807]  <TASK>
[ 1559.101993][T25807]  dump_stack_lvl+0x151/0x1b7
[ 1559.106511][T25807]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1559.111806][T25807]  dump_stack+0x15/0x17
[ 1559.115796][T25807]  should_fail+0x3c0/0x510
[ 1559.120136][T25807]  __should_failslab+0x9f/0xe0
[ 1559.124975][T25807]  should_failslab+0x9/0x20
[ 1559.129494][T25807]  kmem_cache_alloc+0x4f/0x2f0
[ 1559.134031][T25807]  ? vm_area_dup+0x26/0x1d0
[ 1559.138535][T25807]  vm_area_dup+0x26/0x1d0
[ 1559.142698][T25807]  dup_mmap+0x6b8/0xea0
[ 1559.146701][T25807]  ? __delayed_free_task+0x20/0x20
[ 1559.151637][T25807]  ? mm_init+0x807/0x960
[ 1559.156240][T25807]  dup_mm+0x91/0x330
[ 1559.160076][T25807]  copy_mm+0x108/0x1b0
[ 1559.163961][T25807]  copy_process+0x1295/0x3250
[ 1559.168478][T25807]  ? proc_fail_nth_write+0x213/0x290
[ 1559.173598][T25807]  ? proc_fail_nth_read+0x220/0x220
[ 1559.178640][T25807]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1559.183575][T25807]  ? vfs_write+0x9af/0x1050
[ 1559.187920][T25807]  kernel_clone+0x22d/0x990
[ 1559.192472][T25807]  ? file_end_write+0x1b0/0x1b0
[ 1559.197309][T25807]  ? __kasan_check_write+0x14/0x20
[ 1559.202242][T25807]  ? create_io_thread+0x1e0/0x1e0
[ 1559.207103][T25807]  ? __mutex_lock_slowpath+0x10/0x10
[ 1559.212221][T25807]  __x64_sys_clone+0x289/0x310
[ 1559.216821][T25807]  ? __do_sys_vfork+0x130/0x130
[ 1559.221597][T25807]  ? debug_smp_processor_id+0x17/0x20
03:35:27 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0xf000000000000000, 0x4000013, r2, 0x0)

03:35:27 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:27 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x4, 0x2, 0x2, 0x1a9, 0x0, r0}) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x6) (async)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000040))

[ 1559.226890][T25807]  do_syscall_64+0x44/0xd0
[ 1559.231156][T25807]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1559.236880][T25807] RIP: 0033:0x7fed39e510c9
[ 1559.241232][T25807] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1559.260832][T25807] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1559.269078][T25807] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
03:35:28 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54)

[ 1559.276880][T25807] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1559.284691][T25807] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1559.292509][T25807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1559.300317][T25807] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1559.308127][T25807]  </TASK>
03:35:28 executing program 1:
io_uring_setup(0x20054b, &(0x7f0000000000)={0x0, 0x62c8, 0x2, 0x0, 0xfffffffc})

03:35:28 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240))
r0 = io_uring_setup(0x3e9a, &(0x7f0000000100)={0x0, 0x80283, 0x80, 0x0, 0x2ff})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x12, r0, 0x0)

03:35:28 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:28 executing program 1:
io_uring_setup(0x20054b, &(0x7f0000000000)={0x0, 0x62c8, 0x2, 0x0, 0xfffffffc})

03:35:28 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
io_uring_setup(0x6981, &(0x7f0000000180)={0x0, 0x75c5, 0x80, 0x0, 0x3d7, 0x0, r0})

03:35:28 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240)) (async, rerun: 32)
r0 = io_uring_setup(0x3e9a, &(0x7f0000000100)={0x0, 0x80283, 0x80, 0x0, 0x2ff}) (rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x12, r0, 0x0)

03:35:28 executing program 1:
io_uring_setup(0x20054b, &(0x7f0000000000)={0x0, 0x62c8, 0x2, 0x0, 0xfffffffc})

03:35:28 executing program 1:
r0 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0)
io_uring_setup(0x5271, &(0x7f0000000240)={0x0, 0x913b, 0x8, 0x0, 0xfffffffc})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010100}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_FLOW={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1000}, 0x24000080)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10)

[ 1559.382894][T25850] FAULT_INJECTION: forcing a failure.
[ 1559.382894][T25850] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1559.436038][T25850] CPU: 1 PID: 25850 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1559.446122][T25850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1559.456275][T25850] Call Trace:
[ 1559.459409][T25850]  <TASK>
[ 1559.462172][T25850]  dump_stack_lvl+0x151/0x1b7
[ 1559.466704][T25850]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1559.471982][T25850]  dump_stack+0x15/0x17
[ 1559.475985][T25850]  should_fail+0x3c0/0x510
[ 1559.480227][T25850]  should_fail_alloc_page+0x58/0x70
[ 1559.485260][T25850]  __alloc_pages+0x1de/0x7c0
[ 1559.489691][T25850]  ? __count_vm_events+0x30/0x30
[ 1559.494457][T25850]  ? __this_cpu_preempt_check+0x13/0x20
[ 1559.499840][T25850]  ? __mod_node_page_state+0xac/0xf0
[ 1559.504969][T25850]  pte_alloc_one+0x73/0x1b0
[ 1559.509298][T25850]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1559.514350][T25850]  __pte_alloc+0x86/0x350
[ 1559.518503][T25850]  ? free_pgtables+0x210/0x210
[ 1559.523100][T25850]  ? _raw_spin_lock+0xa3/0x1b0
[ 1559.527700][T25850]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1559.532908][T25850]  ? __kernel_text_address+0x9a/0x110
[ 1559.538115][T25850]  copy_pte_range+0x1b1f/0x20b0
[ 1559.542810][T25850]  ? __kunmap_atomic+0x80/0x80
[ 1559.547401][T25850]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1559.552447][T25850]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1559.557306][T25850]  ? kmem_cache_alloc+0x189/0x2f0
[ 1559.562257][T25850]  ? vm_area_dup+0x26/0x1d0
[ 1559.566592][T25850]  ? dup_mmap+0x6b8/0xea0
[ 1559.570758][T25850]  ? dup_mm+0x91/0x330
[ 1559.574665][T25850]  ? copy_mm+0x108/0x1b0
[ 1559.578754][T25850]  ? copy_process+0x1295/0x3250
[ 1559.583431][T25850]  ? kernel_clone+0x22d/0x990
[ 1559.587947][T25850]  ? __x64_sys_clone+0x289/0x310
[ 1559.592722][T25850]  ? do_syscall_64+0x44/0xd0
[ 1559.597144][T25850]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1559.603054][T25850]  copy_page_range+0xc1e/0x1090
[ 1559.607741][T25850]  ? pfn_valid+0x1e0/0x1e0
[ 1559.611988][T25850]  dup_mmap+0x99f/0xea0
[ 1559.615981][T25850]  ? __delayed_free_task+0x20/0x20
[ 1559.620926][T25850]  ? mm_init+0x807/0x960
[ 1559.625264][T25850]  dup_mm+0x91/0x330
[ 1559.628999][T25850]  copy_mm+0x108/0x1b0
[ 1559.632916][T25850]  copy_process+0x1295/0x3250
[ 1559.637420][T25850]  ? proc_fail_nth_write+0x213/0x290
[ 1559.642539][T25850]  ? proc_fail_nth_read+0x220/0x220
[ 1559.647571][T25850]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1559.652517][T25850]  ? vfs_write+0x9af/0x1050
[ 1559.656862][T25850]  kernel_clone+0x22d/0x990
[ 1559.661195][T25850]  ? file_end_write+0x1b0/0x1b0
[ 1559.665882][T25850]  ? __kasan_check_write+0x14/0x20
[ 1559.670836][T25850]  ? create_io_thread+0x1e0/0x1e0
[ 1559.675691][T25850]  ? __mutex_lock_slowpath+0x10/0x10
[ 1559.680814][T25850]  __x64_sys_clone+0x289/0x310
[ 1559.685412][T25850]  ? __do_sys_vfork+0x130/0x130
[ 1559.690102][T25850]  ? debug_smp_processor_id+0x17/0x20
[ 1559.695311][T25850]  do_syscall_64+0x44/0xd0
[ 1559.699559][T25850]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1559.705285][T25850] RIP: 0033:0x7fed39e510c9
[ 1559.709542][T25850] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1559.729072][T25850] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1559.737315][T25850] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1559.745128][T25850] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1559.752937][T25850] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1559.760834][T25850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1559.768647][T25850] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1559.776462][T25850]  </TASK>
03:35:28 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x2)

03:35:28 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x50, r0, 0x0)

03:35:28 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
r0 = io_uring_setup(0x3e9a, &(0x7f0000000100)={0x0, 0x80283, 0x80, 0x0, 0x2ff})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x12, r0, 0x0)

03:35:28 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xa6010, r0, 0x0)

03:35:28 executing program 1:
r0 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) (async)
io_uring_setup(0x5271, &(0x7f0000000240)={0x0, 0x913b, 0x8, 0x0, 0xfffffffc}) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0) (async)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010100}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_FLOW={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1000}, 0x24000080) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10)

03:35:28 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55)

03:35:28 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x50, r0, 0x0)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x50, r0, 0x0) (async)

03:35:28 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x1fd7, &(0x7f0000000100)={0x0, 0x958a, 0x200, 0x1, 0xdb, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000200))
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3800004, 0x50, r2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x2010, r1, 0x10000000)

03:35:28 executing program 1:
r0 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0)
io_uring_setup(0x5271, &(0x7f0000000240)={0x0, 0x913b, 0x8, 0x0, 0xfffffffc})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010100}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_FLOW={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1000}, 0x24000080)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) (async)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) (async)
io_uring_setup(0x5271, &(0x7f0000000240)={0x0, 0x913b, 0x8, 0x0, 0xfffffffc}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r3, 0x0, 0x0) (async)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010100}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_FLOW={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1000}, 0x24000080) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10) (async)

03:35:28 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:28 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x1fd7, &(0x7f0000000100)={0x0, 0x958a, 0x200, 0x1, 0xdb, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000200))
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)) (async)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3800004, 0x50, r2, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x2010, r1, 0x10000000)

[ 1559.900902][T25893] FAULT_INJECTION: forcing a failure.
[ 1559.900902][T25893] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.931670][T25893] CPU: 0 PID: 25893 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
03:35:28 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xa6010, r0, 0x0)

[ 1559.941751][T25893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1559.951642][T25893] Call Trace:
[ 1559.954770][T25893]  <TASK>
[ 1559.957562][T25893]  dump_stack_lvl+0x151/0x1b7
[ 1559.962060][T25893]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1559.967358][T25893]  dump_stack+0x15/0x17
[ 1559.971347][T25893]  should_fail+0x3c0/0x510
[ 1559.975598][T25893]  __should_failslab+0x9f/0xe0
[ 1559.980199][T25893]  should_failslab+0x9/0x20
[ 1559.984534][T25893]  kmem_cache_alloc+0x4f/0x2f0
[ 1559.989137][T25893]  ? vm_area_dup+0x26/0x1d0
[ 1559.993478][T25893]  vm_area_dup+0x26/0x1d0
03:35:28 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x4)

03:35:28 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup=r1, r2, 0x12}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:28 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x1fd7, &(0x7f0000000100)={0x0, 0x958a, 0x200, 0x1, 0xdb, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000200)) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3800004, 0x50, r2, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x2010, r1, 0x10000000)

[ 1559.997650][T25893]  dup_mmap+0x6b8/0xea0
[ 1560.001642][T25893]  ? __delayed_free_task+0x20/0x20
[ 1560.006583][T25893]  ? mm_init+0x807/0x960
[ 1560.010664][T25893]  dup_mm+0x91/0x330
[ 1560.014393][T25893]  copy_mm+0x108/0x1b0
[ 1560.018302][T25893]  copy_process+0x1295/0x3250
[ 1560.022814][T25893]  ? proc_fail_nth_write+0x213/0x290
[ 1560.028374][T25893]  ? proc_fail_nth_read+0x220/0x220
[ 1560.033402][T25893]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1560.038347][T25893]  ? vfs_write+0x9af/0x1050
[ 1560.042690][T25893]  kernel_clone+0x22d/0x990
[ 1560.047171][T25893]  ? file_end_write+0x1b0/0x1b0
[ 1560.051974][T25893]  ? __kasan_check_write+0x14/0x20
[ 1560.056935][T25893]  ? create_io_thread+0x1e0/0x1e0
[ 1560.061783][T25893]  ? __mutex_lock_slowpath+0x10/0x10
[ 1560.066904][T25893]  __x64_sys_clone+0x289/0x310
[ 1560.071506][T25893]  ? __do_sys_vfork+0x130/0x130
[ 1560.076206][T25893]  ? debug_smp_processor_id+0x17/0x20
[ 1560.081397][T25893]  do_syscall_64+0x44/0xd0
[ 1560.085647][T25893]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1560.091377][T25893] RIP: 0033:0x7fed39e510c9
03:35:28 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000008, 0x30, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
setrlimit(0xf, &(0x7f0000000080)={0xd4d, 0x3})

[ 1560.095629][T25893] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1560.115083][T25893] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1560.123319][T25893] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1560.131130][T25893] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1560.138940][T25893] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
03:35:28 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000008, 0x30, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
setrlimit(0xf, &(0x7f0000000080)={0xd4d, 0x3})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000008, 0x30, r1, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
setrlimit(0xf, &(0x7f0000000080)={0xd4d, 0x3}) (async)

03:35:28 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56)

03:35:28 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x50, r0, 0x0)

03:35:28 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x400, 0x0, 0xfffdfffb})

03:35:28 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x8)

03:35:28 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup=r1, r2, 0x12}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup=r1, r2, 0x12}, 0x10) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

[ 1560.146752][T25893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1560.154571][T25893] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1560.162377][T25893]  </TASK>
03:35:28 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x400, 0x0, 0xfffdfffb})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x400, 0x0, 0xfffdfffb}) (async)

03:35:28 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
timerfd_settime(r0, 0x4, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x77359400}}, &(0x7f0000000180))
syz_io_uring_setup(0x3f99, &(0x7f0000000040)={0x0, 0x0, 0xc45}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:28 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000008, 0x30, r1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
setrlimit(0xf, &(0x7f0000000080)={0xd4d, 0x3})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000008, 0x30, r1, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
setrlimit(0xf, &(0x7f0000000080)={0xd4d, 0x3}) (async)

03:35:28 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async, rerun: 32)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 32)
getsockname$packet(r1, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup=r1, r2, 0x12}, 0x10) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:28 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
timerfd_settime(r0, 0x4, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x77359400}}, &(0x7f0000000180))
syz_io_uring_setup(0x3f99, &(0x7f0000000040)={0x0, 0x0, 0xc45}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:28 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x400, 0x0, 0xfffdfffb})

03:35:28 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
timerfd_settime(r0, 0x4, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x77359400}}, &(0x7f0000000180))
syz_io_uring_setup(0x3f99, &(0x7f0000000040)={0x0, 0x0, 0xc45}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1560.206383][T25952] FAULT_INJECTION: forcing a failure.
[ 1560.206383][T25952] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1560.253295][T25952] CPU: 0 PID: 25952 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1560.263387][T25952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1560.273282][T25952] Call Trace:
[ 1560.276406][T25952]  <TASK>
[ 1560.279184][T25952]  dump_stack_lvl+0x151/0x1b7
[ 1560.283723][T25952]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1560.288995][T25952]  dump_stack+0x15/0x17
[ 1560.292986][T25952]  should_fail+0x3c0/0x510
[ 1560.297234][T25952]  should_fail_alloc_page+0x58/0x70
[ 1560.302266][T25952]  __alloc_pages+0x1de/0x7c0
[ 1560.306698][T25952]  ? __count_vm_events+0x30/0x30
[ 1560.311468][T25952]  ? __this_cpu_preempt_check+0x13/0x20
[ 1560.316849][T25952]  ? __mod_node_page_state+0xac/0xf0
[ 1560.321969][T25952]  pte_alloc_one+0x73/0x1b0
[ 1560.326307][T25952]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1560.331357][T25952]  __pte_alloc+0x86/0x350
[ 1560.335521][T25952]  ? free_pgtables+0x210/0x210
[ 1560.340277][T25952]  ? _raw_spin_lock+0xa3/0x1b0
[ 1560.344890][T25952]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1560.350087][T25952]  ? __kernel_text_address+0x9a/0x110
[ 1560.355299][T25952]  copy_pte_range+0x1b1f/0x20b0
[ 1560.359988][T25952]  ? __kunmap_atomic+0x80/0x80
[ 1560.364698][T25952]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1560.369565][T25952]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1560.374417][T25952]  ? kmem_cache_alloc+0x189/0x2f0
[ 1560.379278][T25952]  ? vm_area_dup+0x26/0x1d0
[ 1560.383618][T25952]  ? dup_mmap+0x6b8/0xea0
[ 1560.387787][T25952]  ? dup_mm+0x91/0x330
[ 1560.391692][T25952]  ? copy_mm+0x108/0x1b0
[ 1560.395768][T25952]  ? copy_process+0x1295/0x3250
[ 1560.400473][T25952]  ? kernel_clone+0x22d/0x990
[ 1560.404977][T25952]  ? __x64_sys_clone+0x289/0x310
[ 1560.409743][T25952]  ? do_syscall_64+0x44/0xd0
[ 1560.414196][T25952]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1560.420071][T25952]  copy_page_range+0xc1e/0x1090
[ 1560.424760][T25952]  ? pfn_valid+0x1e0/0x1e0
[ 1560.429013][T25952]  dup_mmap+0x99f/0xea0
[ 1560.433016][T25952]  ? __delayed_free_task+0x20/0x20
[ 1560.437963][T25952]  ? mm_init+0x807/0x960
[ 1560.442032][T25952]  dup_mm+0x91/0x330
[ 1560.445763][T25952]  copy_mm+0x108/0x1b0
[ 1560.449713][T25952]  copy_process+0x1295/0x3250
[ 1560.454201][T25952]  ? proc_fail_nth_write+0x213/0x290
[ 1560.459299][T25952]  ? proc_fail_nth_read+0x220/0x220
[ 1560.464334][T25952]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1560.469283][T25952]  ? vfs_write+0x9af/0x1050
[ 1560.473621][T25952]  kernel_clone+0x22d/0x990
[ 1560.477960][T25952]  ? file_end_write+0x1b0/0x1b0
[ 1560.482647][T25952]  ? __kasan_check_write+0x14/0x20
[ 1560.487593][T25952]  ? create_io_thread+0x1e0/0x1e0
[ 1560.492455][T25952]  ? __mutex_lock_slowpath+0x10/0x10
[ 1560.497580][T25952]  __x64_sys_clone+0x289/0x310
[ 1560.502177][T25952]  ? __do_sys_vfork+0x130/0x130
[ 1560.506865][T25952]  ? debug_smp_processor_id+0x17/0x20
[ 1560.512071][T25952]  do_syscall_64+0x44/0xd0
[ 1560.516322][T25952]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1560.522060][T25952] RIP: 0033:0x7fed39e510c9
[ 1560.526319][T25952] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1560.545837][T25952] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:29 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57)

03:35:29 executing program 2:
syz_io_uring_setup(0x13e3, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x4000000, 0x2, 0x1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
tgkill(0x0, 0xffffffffffffffff, 0x9)

03:35:29 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0xf)

[ 1560.554075][T25952] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1560.561889][T25952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1560.569699][T25952] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1560.577511][T25952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1560.585320][T25952] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1560.593138][T25952]  </TASK>
03:35:29 executing program 2:
syz_io_uring_setup(0x13e3, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, 0xffffffffffffffff, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x4000000, 0x2, 0x1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
tgkill(0x0, 0xffffffffffffffff, 0x9)

03:35:29 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000f, 0x8010, r0, 0x0)

03:35:29 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
io_uring_setup(0x3a2b, &(0x7f0000000000)={0x0, 0x6b4d, 0x400, 0x2, 0x155, 0x0, r0})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x7, 0x0, 0x9, 0x8, 0xf, 0x8, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x400}], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1000, &(0x7f00000002c0)=""/4096, 0x40f00, 0x10, '\x00', 0x0, 0x1b, r1, 0x8, &(0x7f0000000100)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x0, 0x0, 0xffff5ede}, 0x10}, 0x80)

03:35:29 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async, rerun: 64)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 64)
getsockname$packet(r0, 0x0, 0x0) (async)
io_uring_setup(0x3a2b, &(0x7f0000000000)={0x0, 0x6b4d, 0x400, 0x2, 0x155, 0x0, r0})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x7, 0x0, 0x9, 0x8, 0xf, 0x8, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x400}], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1000, &(0x7f00000002c0)=""/4096, 0x40f00, 0x10, '\x00', 0x0, 0x1b, r1, 0x8, &(0x7f0000000100)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x0, 0x0, 0xffff5ede}, 0x10}, 0x80)

03:35:29 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000f, 0x8010, r0, 0x0)

03:35:29 executing program 2:
syz_io_uring_setup(0x13e3, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x4000000, 0x2, 0x1})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
tgkill(0x0, 0xffffffffffffffff, 0x9)
syz_io_uring_setup(0x13e3, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, 0xffffffffffffffff, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x4000000, 0x2, 0x1}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
tgkill(0x0, 0xffffffffffffffff, 0x9) (async)

03:35:29 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x4, 0x8}, 0xc)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x4, 0x7], 0x8}, 0x10)

03:35:29 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x4, 0x8}, 0xc)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x4, 0x7], 0x8}, 0x10)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x4, 0x8}, 0xc) (async)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x4, 0x7], 0x8}, 0x10) (async)

[ 1560.714945][T26002] FAULT_INJECTION: forcing a failure.
[ 1560.714945][T26002] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1560.743648][T26002] CPU: 1 PID: 26002 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1560.753811][T26002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1560.763703][T26002] Call Trace:
[ 1560.766825][T26002]  <TASK>
[ 1560.769605][T26002]  dump_stack_lvl+0x151/0x1b7
[ 1560.774120][T26002]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1560.779414][T26002]  dump_stack+0x15/0x17
[ 1560.783409][T26002]  should_fail+0x3c0/0x510
[ 1560.787665][T26002]  should_fail_alloc_page+0x58/0x70
[ 1560.792691][T26002]  __alloc_pages+0x1de/0x7c0
[ 1560.797120][T26002]  ? __count_vm_events+0x30/0x30
[ 1560.801892][T26002]  ? __this_cpu_preempt_check+0x13/0x20
[ 1560.807272][T26002]  ? __mod_node_page_state+0xac/0xf0
[ 1560.812398][T26002]  pte_alloc_one+0x73/0x1b0
[ 1560.816733][T26002]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1560.821859][T26002]  __pte_alloc+0x86/0x350
[ 1560.826019][T26002]  ? free_pgtables+0x210/0x210
[ 1560.830621][T26002]  ? _raw_spin_lock+0xa3/0x1b0
[ 1560.835495][T26002]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1560.840689][T26002]  ? __kernel_text_address+0x9a/0x110
[ 1560.845894][T26002]  copy_pte_range+0x1b1f/0x20b0
[ 1560.850598][T26002]  ? __kunmap_atomic+0x80/0x80
[ 1560.855178][T26002]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1560.860128][T26002]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1560.864992][T26002]  ? kmem_cache_alloc+0x189/0x2f0
[ 1560.869847][T26002]  ? vm_area_dup+0x26/0x1d0
[ 1560.874191][T26002]  ? dup_mmap+0x6b8/0xea0
[ 1560.878350][T26002]  ? dup_mm+0x91/0x330
[ 1560.882260][T26002]  ? copy_mm+0x108/0x1b0
[ 1560.886336][T26002]  ? copy_process+0x1295/0x3250
[ 1560.891023][T26002]  ? kernel_clone+0x22d/0x990
[ 1560.895537][T26002]  ? __x64_sys_clone+0x289/0x310
[ 1560.900313][T26002]  ? do_syscall_64+0x44/0xd0
[ 1560.904737][T26002]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1560.910645][T26002]  copy_page_range+0xc1e/0x1090
[ 1560.915331][T26002]  ? pfn_valid+0x1e0/0x1e0
[ 1560.919584][T26002]  dup_mmap+0x99f/0xea0
[ 1560.923589][T26002]  ? __delayed_free_task+0x20/0x20
[ 1560.928522][T26002]  ? mm_init+0x807/0x960
[ 1560.932770][T26002]  dup_mm+0x91/0x330
[ 1560.936506][T26002]  copy_mm+0x108/0x1b0
[ 1560.940412][T26002]  copy_process+0x1295/0x3250
[ 1560.944924][T26002]  ? proc_fail_nth_write+0x213/0x290
[ 1560.950044][T26002]  ? proc_fail_nth_read+0x220/0x220
[ 1560.955078][T26002]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1560.960020][T26002]  ? vfs_write+0x9af/0x1050
[ 1560.964365][T26002]  kernel_clone+0x22d/0x990
[ 1560.968791][T26002]  ? file_end_write+0x1b0/0x1b0
[ 1560.973480][T26002]  ? __kasan_check_write+0x14/0x20
[ 1560.978427][T26002]  ? create_io_thread+0x1e0/0x1e0
[ 1560.983285][T26002]  ? __mutex_lock_slowpath+0x10/0x10
[ 1560.988420][T26002]  __x64_sys_clone+0x289/0x310
[ 1560.993012][T26002]  ? __do_sys_vfork+0x130/0x130
[ 1560.997692][T26002]  ? debug_smp_processor_id+0x17/0x20
[ 1561.002912][T26002]  do_syscall_64+0x44/0xd0
[ 1561.007156][T26002]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1561.012880][T26002] RIP: 0033:0x7fed39e510c9
[ 1561.017134][T26002] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1561.036678][T26002] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1561.045203][T26002] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1561.052988][T26002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:29 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000f, 0x8010, r0, 0x0)

03:35:29 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58)

03:35:29 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x400, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000080), 0x10)
prctl$PR_GET_THP_DISABLE(0x2a)
prctl$PR_GET_THP_DISABLE(0x2a)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x100010, r0, 0x0)

[ 1561.060793][T26002] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1561.068600][T26002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1561.076415][T26002] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1561.084921][T26002]  </TASK>
[ 1561.125923][T26096] FAULT_INJECTION: forcing a failure.
[ 1561.125923][T26096] name failslab, interval 1, probability 0, space 0, times 0
[ 1561.143374][T26096] CPU: 1 PID: 26096 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1561.153801][T26096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1561.163697][T26096] Call Trace:
[ 1561.166819][T26096]  <TASK>
[ 1561.169614][T26096]  dump_stack_lvl+0x151/0x1b7
[ 1561.174108][T26096]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1561.179406][T26096]  dump_stack+0x15/0x17
[ 1561.183414][T26096]  should_fail+0x3c0/0x510
[ 1561.187650][T26096]  __should_failslab+0x9f/0xe0
[ 1561.192248][T26096]  should_failslab+0x9/0x20
[ 1561.196676][T26096]  kmem_cache_alloc+0x4f/0x2f0
[ 1561.201279][T26096]  ? vm_area_dup+0x26/0x1d0
[ 1561.205701][T26096]  vm_area_dup+0x26/0x1d0
[ 1561.209864][T26096]  dup_mmap+0x6b8/0xea0
[ 1561.213859][T26096]  ? __delayed_free_task+0x20/0x20
[ 1561.218891][T26096]  ? mm_init+0x807/0x960
[ 1561.223148][T26096]  dup_mm+0x91/0x330
[ 1561.226971][T26096]  copy_mm+0x108/0x1b0
[ 1561.230869][T26096]  copy_process+0x1295/0x3250
[ 1561.235978][T26096]  ? proc_fail_nth_write+0x213/0x290
[ 1561.241155][T26096]  ? proc_fail_nth_read+0x220/0x220
[ 1561.246203][T26096]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1561.251137][T26096]  ? vfs_write+0x9af/0x1050
[ 1561.255475][T26096]  kernel_clone+0x22d/0x990
[ 1561.259816][T26096]  ? file_end_write+0x1b0/0x1b0
[ 1561.264499][T26096]  ? __kasan_check_write+0x14/0x20
[ 1561.269451][T26096]  ? create_io_thread+0x1e0/0x1e0
[ 1561.274314][T26096]  ? __mutex_lock_slowpath+0x10/0x10
[ 1561.279432][T26096]  __x64_sys_clone+0x289/0x310
[ 1561.284029][T26096]  ? __do_sys_vfork+0x130/0x130
[ 1561.288719][T26096]  ? debug_smp_processor_id+0x17/0x20
[ 1561.293926][T26096]  do_syscall_64+0x44/0xd0
[ 1561.298176][T26096]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1561.304018][T26096] RIP: 0033:0x7fed39e510c9
[ 1561.308261][T26096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1561.328497][T26096] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1561.336728][T26096] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1561.344555][T26096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1561.352358][T26096] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1561.360259][T26096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1561.368071][T26096] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
03:35:29 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x10)

03:35:29 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40810)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r0)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x60, r2, 0x1, 0x70bd27, 0x25dfdbff, {}, [@GTPA_TID={0xc, 0x3, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x1)

03:35:29 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x4, 0x8}, 0xc)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x4, 0x7], 0x8}, 0x10)

03:35:29 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
io_uring_setup(0x3a2b, &(0x7f0000000000)={0x0, 0x6b4d, 0x400, 0x2, 0x155, 0x0, r0})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000080)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x7, 0x0, 0x9, 0x8, 0xf, 0x8, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x400}], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1000, &(0x7f00000002c0)=""/4096, 0x40f00, 0x10, '\x00', 0x0, 0x1b, r1, 0x8, &(0x7f0000000100)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x0, 0x0, 0xffff5ede}, 0x10}, 0x80)

03:35:29 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x400, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000100), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000080), 0x10) (async)
prctl$PR_GET_THP_DISABLE(0x2a)
prctl$PR_GET_THP_DISABLE(0x2a) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x100010, r0, 0x0)

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x400, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000080), 0x10)
prctl$PR_GET_THP_DISABLE(0x2a)
prctl$PR_GET_THP_DISABLE(0x2a)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x100010, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180)={0x0, 0x0, 0x400, 0x80}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000100), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000080), 0x10) (async)
prctl$PR_GET_THP_DISABLE(0x2a) (async)
prctl$PR_GET_THP_DISABLE(0x2a) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x100010, r0, 0x0) (async)

03:35:30 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000007, 0x810, r0, 0x10000000)

03:35:30 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000007, 0x810, r0, 0x10000000) (rerun: 64)

03:35:30 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x1e26, &(0x7f0000000240)={0x0, 0x40000, 0x40, 0x0, 0x0, 0x0, r0})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x4000013, r1, 0x0)

03:35:30 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000007, 0x810, r0, 0x10000000)

03:35:30 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59)

03:35:30 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x1e26, &(0x7f0000000240)={0x0, 0x40000, 0x40, 0x0, 0x0, 0x0, r0})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x4000013, r1, 0x0)

[ 1561.375874][T26096]  </TASK>
[ 1561.422932][T26141] FAULT_INJECTION: forcing a failure.
[ 1561.422932][T26141] name failslab, interval 1, probability 0, space 0, times 0
[ 1561.443281][T26141] CPU: 1 PID: 26141 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1561.453383][T26141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1561.463257][T26141] Call Trace:
[ 1561.466376][T26141]  <TASK>
[ 1561.469153][T26141]  dump_stack_lvl+0x151/0x1b7
[ 1561.473669][T26141]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1561.478964][T26141]  dump_stack+0x15/0x17
[ 1561.482954][T26141]  should_fail+0x3c0/0x510
[ 1561.487207][T26141]  __should_failslab+0x9f/0xe0
[ 1561.491813][T26141]  should_failslab+0x9/0x20
[ 1561.496145][T26141]  kmem_cache_alloc+0x4f/0x2f0
[ 1561.500744][T26141]  ? vm_area_dup+0x26/0x1d0
[ 1561.505084][T26141]  vm_area_dup+0x26/0x1d0
[ 1561.509252][T26141]  dup_mmap+0x6b8/0xea0
[ 1561.513246][T26141]  ? __delayed_free_task+0x20/0x20
[ 1561.518190][T26141]  ? mm_init+0x807/0x960
[ 1561.522273][T26141]  dup_mm+0x91/0x330
[ 1561.526007][T26141]  copy_mm+0x108/0x1b0
[ 1561.529907][T26141]  copy_process+0x1295/0x3250
[ 1561.534433][T26141]  ? proc_fail_nth_write+0x213/0x290
[ 1561.539542][T26141]  ? proc_fail_nth_read+0x220/0x220
[ 1561.544592][T26141]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1561.549523][T26141]  ? vfs_write+0x9af/0x1050
[ 1561.553868][T26141]  kernel_clone+0x22d/0x990
[ 1561.558217][T26141]  ? file_end_write+0x1b0/0x1b0
[ 1561.562891][T26141]  ? __kasan_check_write+0x14/0x20
[ 1561.567839][T26141]  ? create_io_thread+0x1e0/0x1e0
[ 1561.572696][T26141]  ? __mutex_lock_slowpath+0x10/0x10
[ 1561.577819][T26141]  __x64_sys_clone+0x289/0x310
[ 1561.582417][T26141]  ? __do_sys_vfork+0x130/0x130
[ 1561.587106][T26141]  ? debug_smp_processor_id+0x17/0x20
[ 1561.592311][T26141]  do_syscall_64+0x44/0xd0
[ 1561.596567][T26141]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1561.602291][T26141] RIP: 0033:0x7fed39e510c9
[ 1561.606547][T26141] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1561.625986][T26141] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1561.634320][T26141] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1561.642128][T26141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1561.649939][T26141] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1561.657756][T26141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1561.665563][T26141] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
03:35:30 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x60)

03:35:30 executing program 3:
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10)
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
timerfd_gettime(r1, &(0x7f0000000040))

03:35:30 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40810)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r0)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x60, r2, 0x1, 0x70bd27, 0x25dfdbff, {}, [@GTPA_TID={0xc, 0x3, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x1)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) (async)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40810) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r0) (async)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x60, r2, 0x1, 0x70bd27, 0x25dfdbff, {}, [@GTPA_TID={0xc, 0x3, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x1) (async)

03:35:30 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x1e26, &(0x7f0000000240)={0x0, 0x40000, 0x40, 0x0, 0x0, 0x0, r0})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x4000013, r1, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x1e26, &(0x7f0000000240)={0x0, 0x40000, 0x40, 0x0, 0x0, 0x0, r0}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x4000013, r1, 0x0) (async)

03:35:30 executing program 1:
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000000)=0x100208, 0x4)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:30 executing program 3:
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10)
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
timerfd_gettime(r1, &(0x7f0000000040))

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = syz_open_dev$mouse(&(0x7f00000002c0), 0x4, 0x82)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x486d, &(0x7f0000000100)={0x0, 0x4a7, 0x800, 0x2, 0xee}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xfffffffc, 0x0, 0x2})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:30 executing program 3:
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10)
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
timerfd_gettime(r1, &(0x7f0000000040))
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
timerfd_gettime(r1, &(0x7f0000000040)) (async)

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = syz_open_dev$mouse(&(0x7f00000002c0), 0x4, 0x82)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x486d, &(0x7f0000000100)={0x0, 0x4a7, 0x800, 0x2, 0xee}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xfffffffc, 0x0, 0x2})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
r0 = syz_open_dev$mouse(&(0x7f00000002c0), 0x4, 0x82)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
syz_io_uring_setup(0x486d, &(0x7f0000000100)={0x0, 0x4a7, 0x800, 0x2, 0xee}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xfffffffc, 0x0, 0x2})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

[ 1561.673376][T26141]  </TASK>
03:35:30 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60)

03:35:30 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x7853, &(0x7f0000000000)={0x0, 0x36f9, 0x2, 0x1, 0xc4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f000077b000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000100)={0x0, 0x0, 0x200})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x10, 0xffffffffffffffff, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x4000011, r0, 0x0)

03:35:30 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0xf0)

03:35:30 executing program 1:
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000000)=0x100208, 0x4) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:30 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40810)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r0)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x60, r2, 0x1, 0x70bd27, 0x25dfdbff, {}, [@GTPA_TID={0xc, 0x3, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x1)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) (async)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40810) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r0) (async)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x60, r2, 0x1, 0x70bd27, 0x25dfdbff, {}, [@GTPA_TID={0xc, 0x3, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x1) (async)

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000100)={0x0, 0x0, 0x200})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x10, 0xffffffffffffffff, 0x10000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x4000011, r0, 0x0)

03:35:30 executing program 1:
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000000)=0x100208, 0x4)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:30 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400020}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x30a, 0x70bd28, 0x25dfdbfc, {}, [@GTPA_O_TEI={0x8, 0x9, 0x1}]}, 0x1c}}, 0x40004)

03:35:30 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0) (async)
syz_io_uring_setup(0x7853, &(0x7f0000000000)={0x0, 0x36f9, 0x2, 0x1, 0xc4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f000077b000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

03:35:30 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x3, 0x287})
io_uring_setup(0x17f9, &(0x7f0000000080)={0x0, 0x252f, 0xc02, 0x0, 0x2f9})

[ 1561.771069][T26202] FAULT_INJECTION: forcing a failure.
[ 1561.771069][T26202] name failslab, interval 1, probability 0, space 0, times 0
[ 1561.802903][T26202] CPU: 1 PID: 26202 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1561.812982][T26202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1561.822876][T26202] Call Trace:
[ 1561.825998][T26202]  <TASK>
[ 1561.828774][T26202]  dump_stack_lvl+0x151/0x1b7
[ 1561.833291][T26202]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1561.838590][T26202]  dump_stack+0x15/0x17
[ 1561.842577][T26202]  should_fail+0x3c0/0x510
[ 1561.846849][T26202]  __should_failslab+0x9f/0xe0
[ 1561.851454][T26202]  should_failslab+0x9/0x20
[ 1561.855868][T26202]  kmem_cache_alloc+0x4f/0x2f0
[ 1561.860453][T26202]  ? vm_area_dup+0x26/0x1d0
[ 1561.864796][T26202]  vm_area_dup+0x26/0x1d0
[ 1561.868966][T26202]  dup_mmap+0x6b8/0xea0
[ 1561.872963][T26202]  ? __delayed_free_task+0x20/0x20
[ 1561.877902][T26202]  ? mm_init+0x807/0x960
[ 1561.881978][T26202]  dup_mm+0x91/0x330
[ 1561.885713][T26202]  copy_mm+0x108/0x1b0
[ 1561.889617][T26202]  copy_process+0x1295/0x3250
[ 1561.894132][T26202]  ? proc_fail_nth_write+0x213/0x290
[ 1561.899252][T26202]  ? proc_fail_nth_read+0x220/0x220
[ 1561.904308][T26202]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1561.909235][T26202]  ? vfs_write+0x9af/0x1050
[ 1561.913574][T26202]  kernel_clone+0x22d/0x990
[ 1561.917912][T26202]  ? file_end_write+0x1b0/0x1b0
[ 1561.922598][T26202]  ? __kasan_check_write+0x14/0x20
[ 1561.927547][T26202]  ? create_io_thread+0x1e0/0x1e0
[ 1561.932420][T26202]  ? __mutex_lock_slowpath+0x10/0x10
[ 1561.937524][T26202]  __x64_sys_clone+0x289/0x310
[ 1561.942126][T26202]  ? __do_sys_vfork+0x130/0x130
[ 1561.946814][T26202]  ? debug_smp_processor_id+0x17/0x20
[ 1561.952020][T26202]  do_syscall_64+0x44/0xd0
[ 1561.956359][T26202]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1561.962098][T26202] RIP: 0033:0x7fed39e510c9
[ 1561.966341][T26202] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1561.985784][T26202] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1561.994025][T26202] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1562.001837][T26202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1562.009649][T26202] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000100)={0x0, 0x0, 0x200})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x10, 0xffffffffffffffff, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x4000011, r0, 0x0)

[ 1562.017460][T26202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1562.025272][T26202] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1562.033171][T26202]  </TASK>
03:35:30 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61)

03:35:30 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400020}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x30a, 0x70bd28, 0x25dfdbfc, {}, [@GTPA_O_TEI={0x8, 0x9, 0x1}]}, 0x1c}}, 0x40004)

03:35:30 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0) (async)
syz_io_uring_setup(0x7853, &(0x7f0000000000)={0x0, 0x36f9, 0x2, 0x1, 0xc4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f000077b000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x20000)
ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000100)={0x5, 0xe5, &(0x7f00000002c0)="08e549758ce1e9fcff2e429ff60cecff17ee577a7daaf0d378912b1d3c5139cf787d0173d5769ddaacd9046c885c7d444a95cae02b5b6b9fce3486046a2a4acd6322af67adf5f30fd104a2d7a4c435a7df945763e81020147cc8c0d4e272e8fd6bee031e2ef8dcb8d099440f5b0a519c744a83ab1d8fdd2edb4d0e7113170eb913c1ec65c6b8e08aa89d6ddb708f09d8156145f553470e1f7f634ee0f347c3f6d240a6f8c78a14aa402b8da4a0d359aabe84ea2bf64b3377381732ba483837798dc599ff1a2c7b25fca959a3a8e0080178d7453a9cab248190f7bf99ac6e9ee4b6d2bede2a"})

03:35:30 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0xf00)

03:35:30 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x3, 0x287})
io_uring_setup(0x17f9, &(0x7f0000000080)={0x0, 0x252f, 0xc02, 0x0, 0x2f9})

03:35:30 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400020}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x30a, 0x70bd28, 0x25dfdbfc, {}, [@GTPA_O_TEI={0x8, 0x9, 0x1}]}, 0x1c}}, 0x40004)

03:35:30 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x20000)
ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000100)={0x5, 0xe5, &(0x7f00000002c0)="08e549758ce1e9fcff2e429ff60cecff17ee577a7daaf0d378912b1d3c5139cf787d0173d5769ddaacd9046c885c7d444a95cae02b5b6b9fce3486046a2a4acd6322af67adf5f30fd104a2d7a4c435a7df945763e81020147cc8c0d4e272e8fd6bee031e2ef8dcb8d099440f5b0a519c744a83ab1d8fdd2edb4d0e7113170eb913c1ec65c6b8e08aa89d6ddb708f09d8156145f553470e1f7f634ee0f347c3f6d240a6f8c78a14aa402b8da4a0d359aabe84ea2bf64b3377381732ba483837798dc599ff1a2c7b25fca959a3a8e0080178d7453a9cab248190f7bf99ac6e9ee4b6d2bede2a"})

03:35:30 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x3, 0x287}) (async)
io_uring_setup(0x17f9, &(0x7f0000000080)={0x0, 0x252f, 0xc02, 0x0, 0x2f9})

03:35:30 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
syz_io_uring_setup(0x26a7, &(0x7f0000000180)={0x0, 0xa200, 0x1, 0x2, 0x3b3, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))

03:35:30 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:30 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x0, 0x1a, &(0x7f0000000000)="69c96f3a9e81b56d313f831c75badbdcac63a4c37537af9fb16a"})

[ 1562.178616][T26252] FAULT_INJECTION: forcing a failure.
[ 1562.178616][T26252] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1562.210400][T26252] CPU: 1 PID: 26252 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1562.220485][T26252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1562.230463][T26252] Call Trace:
[ 1562.233586][T26252]  <TASK>
[ 1562.236364][T26252]  dump_stack_lvl+0x151/0x1b7
[ 1562.240876][T26252]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1562.246262][T26252]  dump_stack+0x15/0x17
[ 1562.250249][T26252]  should_fail+0x3c0/0x510
[ 1562.254508][T26252]  should_fail_alloc_page+0x58/0x70
[ 1562.259545][T26252]  __alloc_pages+0x1de/0x7c0
[ 1562.263969][T26252]  ? __count_vm_events+0x30/0x30
[ 1562.268736][T26252]  ? __this_cpu_preempt_check+0x13/0x20
[ 1562.274129][T26252]  ? __mod_node_page_state+0xac/0xf0
[ 1562.279240][T26252]  pte_alloc_one+0x73/0x1b0
[ 1562.283578][T26252]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1562.288612][T26252]  __pte_alloc+0x86/0x350
[ 1562.292779][T26252]  ? free_pgtables+0x210/0x210
[ 1562.297377][T26252]  ? _raw_spin_lock+0xa3/0x1b0
[ 1562.301975][T26252]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1562.307185][T26252]  ? __kernel_text_address+0x9a/0x110
[ 1562.312394][T26252]  copy_pte_range+0x1b1f/0x20b0
[ 1562.317085][T26252]  ? __kunmap_atomic+0x80/0x80
[ 1562.321677][T26252]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1562.326540][T26252]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1562.331398][T26252]  ? kmem_cache_alloc+0x189/0x2f0
[ 1562.336261][T26252]  ? vm_area_dup+0x26/0x1d0
[ 1562.340599][T26252]  ? dup_mmap+0x6b8/0xea0
[ 1562.344766][T26252]  ? dup_mm+0x91/0x330
[ 1562.348678][T26252]  ? copy_mm+0x108/0x1b0
[ 1562.352838][T26252]  ? copy_process+0x1295/0x3250
[ 1562.357523][T26252]  ? kernel_clone+0x22d/0x990
[ 1562.362045][T26252]  ? __x64_sys_clone+0x289/0x310
[ 1562.366813][T26252]  ? do_syscall_64+0x44/0xd0
[ 1562.371234][T26252]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1562.377144][T26252]  copy_page_range+0xc1e/0x1090
[ 1562.381829][T26252]  ? pfn_valid+0x1e0/0x1e0
[ 1562.386080][T26252]  dup_mmap+0x99f/0xea0
[ 1562.390091][T26252]  ? __delayed_free_task+0x20/0x20
[ 1562.395018][T26252]  ? mm_init+0x807/0x960
[ 1562.399097][T26252]  dup_mm+0x91/0x330
[ 1562.402828][T26252]  copy_mm+0x108/0x1b0
[ 1562.406735][T26252]  copy_process+0x1295/0x3250
[ 1562.411251][T26252]  ? proc_fail_nth_write+0x213/0x290
[ 1562.416370][T26252]  ? proc_fail_nth_read+0x220/0x220
[ 1562.421402][T26252]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1562.426362][T26252]  ? vfs_write+0x9af/0x1050
[ 1562.430702][T26252]  kernel_clone+0x22d/0x990
[ 1562.435029][T26252]  ? file_end_write+0x1b0/0x1b0
[ 1562.440075][T26252]  ? __kasan_check_write+0x14/0x20
[ 1562.445096][T26252]  ? create_io_thread+0x1e0/0x1e0
[ 1562.449958][T26252]  ? __mutex_lock_slowpath+0x10/0x10
[ 1562.455081][T26252]  __x64_sys_clone+0x289/0x310
[ 1562.459676][T26252]  ? __do_sys_vfork+0x130/0x130
[ 1562.464405][T26252]  ? debug_smp_processor_id+0x17/0x20
[ 1562.469577][T26252]  do_syscall_64+0x44/0xd0
[ 1562.473831][T26252]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1562.479558][T26252] RIP: 0033:0x7fed39e510c9
[ 1562.483808][T26252] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1562.503254][T26252] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1562.511600][T26252] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1562.519415][T26252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1562.527306][T26252] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1562.535116][T26252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1562.542927][T26252] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1562.550746][T26252]  </TASK>
03:35:31 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62)

03:35:31 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async, rerun: 32)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async, rerun: 32)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x20000)
ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000100)={0x5, 0xe5, &(0x7f00000002c0)="08e549758ce1e9fcff2e429ff60cecff17ee577a7daaf0d378912b1d3c5139cf787d0173d5769ddaacd9046c885c7d444a95cae02b5b6b9fce3486046a2a4acd6322af67adf5f30fd104a2d7a4c435a7df945763e81020147cc8c0d4e272e8fd6bee031e2ef8dcb8d099440f5b0a519c744a83ab1d8fdd2edb4d0e7113170eb913c1ec65c6b8e08aa89d6ddb708f09d8156145f553470e1f7f634ee0f347c3f6d240a6f8c78a14aa402b8da4a0d359aabe84ea2bf64b3377381732ba483837798dc599ff1a2c7b25fca959a3a8e0080178d7453a9cab248190f7bf99ac6e9ee4b6d2bede2a"})

03:35:31 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)

03:35:31 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_io_uring_setup(0x26a7, &(0x7f0000000180)={0x0, 0xa200, 0x1, 0x2, 0x3b3, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))

03:35:31 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x0, 0x1a, &(0x7f0000000000)="69c96f3a9e81b56d313f831c75badbdcac63a4c37537af9fb16a"})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x0, 0x1a, &(0x7f0000000000)="69c96f3a9e81b56d313f831c75badbdcac63a4c37537af9fb16a"}) (async)

03:35:31 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x6000)

03:35:31 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x0, 0x1a, &(0x7f0000000000)="69c96f3a9e81b56d313f831c75badbdcac63a4c37537af9fb16a"})

03:35:31 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
syz_io_uring_setup(0x26a7, &(0x7f0000000180)={0x0, 0xa200, 0x1, 0x2, 0x3b3, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
syz_io_uring_setup(0x26a7, &(0x7f0000000180)={0x0, 0xa200, 0x1, 0x2, 0x3b3, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000000c0)) (async)

03:35:31 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)

03:35:31 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0xa6010, r0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x53, 0x1, 0x9, {0x41c, 0x7}, {0x9, 0x3ff}, @period={0x59, 0x9, 0xf63a, 0x39, 0xff, {0x81, 0x353, 0x4, 0xd3}, 0x3, &(0x7f0000000040)=[0x3, 0x2, 0x0]}})

03:35:31 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
io_uring_setup(0x40c0, &(0x7f0000000000)={0x0, 0xffc5, 0x40, 0x2, 0x396, 0x0, r0})

03:35:31 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x200)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000000c0)=0xa5)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000800000/0x800000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/ehci_hcd', 0x2, 0x80)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000240)=0x9)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000180)=""/100)

[ 1562.665273][T26285] FAULT_INJECTION: forcing a failure.
[ 1562.665273][T26285] name failslab, interval 1, probability 0, space 0, times 0
[ 1562.714366][T26285] CPU: 1 PID: 26285 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1562.724555][T26285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1562.734449][T26285] Call Trace:
[ 1562.737572][T26285]  <TASK>
[ 1562.740348][T26285]  dump_stack_lvl+0x151/0x1b7
[ 1562.744865][T26285]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1562.750157][T26285]  dump_stack+0x15/0x17
[ 1562.754154][T26285]  should_fail+0x3c0/0x510
[ 1562.758405][T26285]  __should_failslab+0x9f/0xe0
[ 1562.763002][T26285]  should_failslab+0x9/0x20
[ 1562.767341][T26285]  kmem_cache_alloc+0x4f/0x2f0
[ 1562.771940][T26285]  ? vm_area_dup+0x26/0x1d0
[ 1562.776282][T26285]  vm_area_dup+0x26/0x1d0
[ 1562.780447][T26285]  dup_mmap+0x6b8/0xea0
[ 1562.784443][T26285]  ? __delayed_free_task+0x20/0x20
[ 1562.789387][T26285]  ? mm_init+0x807/0x960
[ 1562.793465][T26285]  dup_mm+0x91/0x330
[ 1562.797200][T26285]  copy_mm+0x108/0x1b0
[ 1562.801104][T26285]  copy_process+0x1295/0x3250
[ 1562.805619][T26285]  ? proc_fail_nth_write+0x213/0x290
[ 1562.810740][T26285]  ? proc_fail_nth_read+0x220/0x220
[ 1562.815770][T26285]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1562.820723][T26285]  ? vfs_write+0x9af/0x1050
[ 1562.825061][T26285]  kernel_clone+0x22d/0x990
[ 1562.829396][T26285]  ? file_end_write+0x1b0/0x1b0
[ 1562.834086][T26285]  ? __kasan_check_write+0x14/0x20
[ 1562.839034][T26285]  ? create_io_thread+0x1e0/0x1e0
[ 1562.843984][T26285]  ? __mutex_lock_slowpath+0x10/0x10
[ 1562.849132][T26285]  __x64_sys_clone+0x289/0x310
[ 1562.853702][T26285]  ? __do_sys_vfork+0x130/0x130
[ 1562.858415][T26285]  ? debug_smp_processor_id+0x17/0x20
[ 1562.863598][T26285]  do_syscall_64+0x44/0xd0
[ 1562.867859][T26285]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1562.873575][T26285] RIP: 0033:0x7fed39e510c9
[ 1562.877831][T26285] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1562.897270][T26285] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1562.905514][T26285] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1562.913325][T26285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1562.921137][T26285] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1562.929648][T26285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1562.937451][T26285] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1562.945279][T26285]  </TASK>
03:35:31 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63)

03:35:31 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x200)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000000c0)=0xa5)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000800000/0x800000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/ehci_hcd', 0x2, 0x80)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000240)=0x9)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000180)=""/100)
syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x200) (async)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000000c0)=0xa5) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000800000/0x800000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/ehci_hcd', 0x2, 0x80) (async)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000240)=0x9) (async)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000180)=""/100) (async)

03:35:31 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
io_uring_setup(0x40c0, &(0x7f0000000000)={0x0, 0xffc5, 0x40, 0x2, 0x396, 0x0, r0})

03:35:31 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0xa6010, r0, 0x0) (async)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) (async)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x53, 0x1, 0x9, {0x41c, 0x7}, {0x9, 0x3ff}, @period={0x59, 0x9, 0xf63a, 0x39, 0xff, {0x81, 0x353, 0x4, 0xd3}, 0x3, &(0x7f0000000040)=[0x3, 0x2, 0x0]}})

[ 1563.022026][T26304] FAULT_INJECTION: forcing a failure.
[ 1563.022026][T26304] name failslab, interval 1, probability 0, space 0, times 0
[ 1563.059011][T26304] CPU: 1 PID: 26304 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1563.069093][T26304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1563.078990][T26304] Call Trace:
[ 1563.082113][T26304]  <TASK>
[ 1563.084889][T26304]  dump_stack_lvl+0x151/0x1b7
[ 1563.089424][T26304]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1563.094701][T26304]  dump_stack+0x15/0x17
[ 1563.098690][T26304]  should_fail+0x3c0/0x510
[ 1563.102942][T26304]  __should_failslab+0x9f/0xe0
[ 1563.107543][T26304]  should_failslab+0x9/0x20
[ 1563.111885][T26304]  kmem_cache_alloc+0x4f/0x2f0
[ 1563.116485][T26304]  ? anon_vma_clone+0xa1/0x4f0
[ 1563.121084][T26304]  anon_vma_clone+0xa1/0x4f0
[ 1563.125512][T26304]  anon_vma_fork+0x91/0x4f0
[ 1563.129850][T26304]  ? anon_vma_name+0x43/0x70
[ 1563.134277][T26304]  dup_mmap+0x750/0xea0
[ 1563.138272][T26304]  ? __delayed_free_task+0x20/0x20
[ 1563.143489][T26304]  ? mm_init+0x807/0x960
[ 1563.147556][T26304]  dup_mm+0x91/0x330
[ 1563.151473][T26304]  copy_mm+0x108/0x1b0
[ 1563.155364][T26304]  copy_process+0x1295/0x3250
[ 1563.159968][T26304]  ? proc_fail_nth_write+0x213/0x290
[ 1563.165099][T26304]  ? proc_fail_nth_read+0x220/0x220
[ 1563.170120][T26304]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1563.175070][T26304]  ? vfs_write+0x9af/0x1050
[ 1563.179407][T26304]  kernel_clone+0x22d/0x990
[ 1563.183745][T26304]  ? file_end_write+0x1b0/0x1b0
[ 1563.188440][T26304]  ? __kasan_check_write+0x14/0x20
[ 1563.193377][T26304]  ? create_io_thread+0x1e0/0x1e0
[ 1563.198241][T26304]  ? __mutex_lock_slowpath+0x10/0x10
[ 1563.203360][T26304]  __x64_sys_clone+0x289/0x310
[ 1563.207964][T26304]  ? __do_sys_vfork+0x130/0x130
[ 1563.212648][T26304]  ? debug_smp_processor_id+0x17/0x20
[ 1563.217854][T26304]  do_syscall_64+0x44/0xd0
[ 1563.222126][T26304]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1563.227853][T26304] RIP: 0033:0x7fed39e510c9
[ 1563.232097][T26304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1563.251703][T26304] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1563.259949][T26304] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
03:35:31 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
io_uring_setup(0x40c0, &(0x7f0000000000)={0x0, 0xffc5, 0x40, 0x2, 0x396, 0x0, r0})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
io_uring_setup(0x40c0, &(0x7f0000000000)={0x0, 0xffc5, 0x40, 0x2, 0x396, 0x0, r0}) (async)

[ 1563.267933][T26304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1563.275742][T26304] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1563.283554][T26304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1563.291478][T26304] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1563.299291][T26304]  </TASK>
03:35:32 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_extract_tcp_res(&(0x7f0000000080)={<r0=>0x41424344}, 0xd04, 0x80000000)
write$tun(0xffffffffffffffff, &(0x7f00000002c0)={@void, @val={0x2, 0x1, 0xf801, 0x401, 0x20, 0xf0db}, @eth={@remote, @broadcast, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x2, 0x158, 0x67, 0x0, 0x6f, 0x6, 0x0, @remote, @loopback, {[@timestamp={0x44, 0x8, 0x7b, 0x0, 0x0, [0x1]}]}}, {{0x4e20, 0x4e23, r0, 0x41424344, 0x0, 0x0, 0x3c, 0x0, 0x9, 0x0, 0x6, {[@sack={0x5, 0xe, [0x1f, 0x7fff, 0x8]}, @generic={0x8, 0x2}, @mptcp=@remove_addr={0x1e, 0xb0, 0x9, 0x0, "4a6ca677348636886c0790688784acc57e6778cad1fda343cd7984548999c9c20c9b7bd772adca7dc1ebb60a37ada4e976f908a1ba9688df93972b6a0053ea80d9c7a2f3b97114fb7162b1d5bf33fb813290c2cd5cfe525689c33f0cb3be4a6b0fb4e64fcc417d933c755fa4d24320097fd19f94d210ba3bbab09c913cef37c25efa4d3979c6ed2ced0cdc3aa2b9a0963985f54f7c8df7942dc41e8575f7ca926115eb79ef6f686e6d2de19179"}, @mptcp=@syn={0x1e, 0xc, 0x4, 0x1, 0x9, 0x8, 0x400}, @sack_perm={0x4, 0x2}, @window={0x3, 0x3, 0x1f}, @nop, @exp_fastopen={0xfe, 0xa, 0xf989, "4e00e1e6f7a1"}]}}, {"3035876caa56c219577034a6fc9ed90a510bcf342fc5c2594c998ad66e4601ce29c62f6f2d141e3f0c479e77d5b822bf020fb3e543416c045a334e625ea44fc3ac77fa406cdfe61d0fe724bd"}}}}}}}, 0x170)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:32 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64)

03:35:32 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x200)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000000c0)=0xa5) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000800000/0x800000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/ehci_hcd', 0x2, 0x80)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000240)=0x9) (async)
ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000180)=""/100)

03:35:32 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0xa6010, r0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) (async)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x53, 0x1, 0x9, {0x41c, 0x7}, {0x9, 0x3ff}, @period={0x59, 0x9, 0xf63a, 0x39, 0xff, {0x81, 0x353, 0x4, 0xd3}, 0x3, &(0x7f0000000040)=[0x3, 0x2, 0x0]}})

03:35:32 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x600000)

03:35:32 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0x11b})

03:35:32 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x331b, &(0x7f0000000180)={0x0, 0x2bcf, 0x2, 0x1, 0x49, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000fee000/0x12000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000200)={0x6, [0x5bc, 0x4], 0x3f}, 0x10)

03:35:32 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_extract_tcp_res(&(0x7f0000000080)={<r0=>0x41424344}, 0xd04, 0x80000000)
write$tun(0xffffffffffffffff, &(0x7f00000002c0)={@void, @val={0x2, 0x1, 0xf801, 0x401, 0x20, 0xf0db}, @eth={@remote, @broadcast, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x2, 0x158, 0x67, 0x0, 0x6f, 0x6, 0x0, @remote, @loopback, {[@timestamp={0x44, 0x8, 0x7b, 0x0, 0x0, [0x1]}]}}, {{0x4e20, 0x4e23, r0, 0x41424344, 0x0, 0x0, 0x3c, 0x0, 0x9, 0x0, 0x6, {[@sack={0x5, 0xe, [0x1f, 0x7fff, 0x8]}, @generic={0x8, 0x2}, @mptcp=@remove_addr={0x1e, 0xb0, 0x9, 0x0, "4a6ca677348636886c0790688784acc57e6778cad1fda343cd7984548999c9c20c9b7bd772adca7dc1ebb60a37ada4e976f908a1ba9688df93972b6a0053ea80d9c7a2f3b97114fb7162b1d5bf33fb813290c2cd5cfe525689c33f0cb3be4a6b0fb4e64fcc417d933c755fa4d24320097fd19f94d210ba3bbab09c913cef37c25efa4d3979c6ed2ced0cdc3aa2b9a0963985f54f7c8df7942dc41e8575f7ca926115eb79ef6f686e6d2de19179"}, @mptcp=@syn={0x1e, 0xc, 0x4, 0x1, 0x9, 0x8, 0x400}, @sack_perm={0x4, 0x2}, @window={0x3, 0x3, 0x1f}, @nop, @exp_fastopen={0xfe, 0xa, 0xf989, "4e00e1e6f7a1"}]}}, {"3035876caa56c219577034a6fc9ed90a510bcf342fc5c2594c998ad66e4601ce29c62f6f2d141e3f0c479e77d5b822bf020fb3e543416c045a334e625ea44fc3ac77fa406cdfe61d0fe724bd"}}}}}}}, 0x170)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:32 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
syz_io_uring_setup(0x4e6b, &(0x7f0000000000)={0x0, 0xf450, 0x200, 0x1, 0x1ab, 0x0, r2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000180))
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x8010, r1, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x10010, r3, 0x0)

03:35:32 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0x11b})

[ 1563.395104][T26344] FAULT_INJECTION: forcing a failure.
[ 1563.395104][T26344] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1563.423778][T26344] CPU: 1 PID: 26344 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1563.433877][T26344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1563.443751][T26344] Call Trace:
[ 1563.446875][T26344]  <TASK>
[ 1563.449652][T26344]  dump_stack_lvl+0x151/0x1b7
[ 1563.454162][T26344]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1563.459551][T26344]  dump_stack+0x15/0x17
[ 1563.463540][T26344]  should_fail+0x3c0/0x510
[ 1563.467985][T26344]  should_fail_alloc_page+0x58/0x70
[ 1563.473014][T26344]  __alloc_pages+0x1de/0x7c0
[ 1563.477444][T26344]  ? __count_vm_events+0x30/0x30
[ 1563.482214][T26344]  ? __this_cpu_preempt_check+0x13/0x20
[ 1563.487594][T26344]  ? __mod_node_page_state+0xac/0xf0
[ 1563.492713][T26344]  pte_alloc_one+0x73/0x1b0
[ 1563.497055][T26344]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1563.502088][T26344]  __pte_alloc+0x86/0x350
[ 1563.506251][T26344]  ? free_pgtables+0x210/0x210
[ 1563.510853][T26344]  ? _raw_spin_lock+0xa3/0x1b0
[ 1563.515467][T26344]  ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 1563.520748][T26344]  ? __kernel_text_address+0x9a/0x110
[ 1563.525958][T26344]  copy_pte_range+0x1b1f/0x20b0
[ 1563.530651][T26344]  ? __kunmap_atomic+0x80/0x80
[ 1563.535259][T26344]  ? __kasan_slab_alloc+0xc4/0xe0
[ 1563.540368][T26344]  ? __kasan_slab_alloc+0xb2/0xe0
[ 1563.545506][T26344]  ? kmem_cache_alloc+0x189/0x2f0
[ 1563.550366][T26344]  ? vm_area_dup+0x26/0x1d0
[ 1563.554700][T26344]  ? dup_mmap+0x6b8/0xea0
[ 1563.558868][T26344]  ? dup_mm+0x91/0x330
[ 1563.562775][T26344]  ? copy_mm+0x108/0x1b0
[ 1563.566851][T26344]  ? copy_process+0x1295/0x3250
[ 1563.571538][T26344]  ? kernel_clone+0x22d/0x990
[ 1563.576052][T26344]  ? __x64_sys_clone+0x289/0x310
[ 1563.580824][T26344]  ? do_syscall_64+0x44/0xd0
[ 1563.585254][T26344]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1563.591158][T26344]  copy_page_range+0xc1e/0x1090
[ 1563.595847][T26344]  ? pfn_valid+0x1e0/0x1e0
[ 1563.600095][T26344]  dup_mmap+0x99f/0xea0
[ 1563.604127][T26344]  ? __delayed_free_task+0x20/0x20
[ 1563.609121][T26344]  ? mm_init+0x807/0x960
[ 1563.613201][T26344]  dup_mm+0x91/0x330
[ 1563.616944][T26344]  copy_mm+0x108/0x1b0
[ 1563.620837][T26344]  copy_process+0x1295/0x3250
[ 1563.625352][T26344]  ? proc_fail_nth_write+0x213/0x290
[ 1563.630473][T26344]  ? proc_fail_nth_read+0x220/0x220
[ 1563.635506][T26344]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1563.640452][T26344]  ? vfs_write+0x9af/0x1050
[ 1563.644792][T26344]  kernel_clone+0x22d/0x990
[ 1563.649154][T26344]  ? file_end_write+0x1b0/0x1b0
[ 1563.653819][T26344]  ? __kasan_check_write+0x14/0x20
[ 1563.658766][T26344]  ? create_io_thread+0x1e0/0x1e0
[ 1563.663626][T26344]  ? __mutex_lock_slowpath+0x10/0x10
[ 1563.668747][T26344]  __x64_sys_clone+0x289/0x310
[ 1563.673356][T26344]  ? __do_sys_vfork+0x130/0x130
[ 1563.678119][T26344]  ? debug_smp_processor_id+0x17/0x20
[ 1563.683327][T26344]  do_syscall_64+0x44/0xd0
[ 1563.687587][T26344]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1563.693306][T26344] RIP: 0033:0x7fed39e510c9
[ 1563.697571][T26344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1563.717005][T26344] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1563.725246][T26344] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1563.733057][T26344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
03:35:32 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0x11b})

03:35:32 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_TID={0xc, 0x3, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004801}, 0x8000)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x2980, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:32 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_TID={0xc, 0x3, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004801}, 0x8000) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x2980, 0x0) (async)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:32 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x80ffff)

03:35:32 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async, rerun: 64)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_TID={0xc, 0x3, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004801}, 0x8000) (async, rerun: 64)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x2980, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:32 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65)

03:35:32 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x1, 0x24, &(0x7f0000000000)="f3fd4af5b09fcbd3f873783c6581a63acae85f5861d64e832ca511ea7d00129344c45bbf"})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})

03:35:32 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0xb0ff20)

03:35:32 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
syz_io_uring_setup(0x4e6b, &(0x7f0000000000)={0x0, 0xf450, 0x200, 0x1, 0x1ab, 0x0, r2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000180))
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x8010, r1, 0x0) (async)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x10010, r3, 0x0)

03:35:32 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x331b, &(0x7f0000000180)={0x0, 0x2bcf, 0x2, 0x1, 0x49, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000fee000/0x12000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000200)={0x6, [0x5bc, 0x4], 0x3f}, 0x10)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
syz_io_uring_setup(0x331b, &(0x7f0000000180)={0x0, 0x2bcf, 0x2, 0x1, 0x49, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000fee000/0x12000)=nil, &(0x7f0000000000), &(0x7f00000000c0)) (async)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000200)={0x6, [0x5bc, 0x4], 0x3f}, 0x10) (async)

[ 1563.740868][T26344] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1563.748682][T26344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1563.756494][T26344] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1563.764305][T26344]  </TASK>
03:35:32 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_extract_tcp_res(&(0x7f0000000080)={<r0=>0x41424344}, 0xd04, 0x80000000)
write$tun(0xffffffffffffffff, &(0x7f00000002c0)={@void, @val={0x2, 0x1, 0xf801, 0x401, 0x20, 0xf0db}, @eth={@remote, @broadcast, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x2, 0x158, 0x67, 0x0, 0x6f, 0x6, 0x0, @remote, @loopback, {[@timestamp={0x44, 0x8, 0x7b, 0x0, 0x0, [0x1]}]}}, {{0x4e20, 0x4e23, r0, 0x41424344, 0x0, 0x0, 0x3c, 0x0, 0x9, 0x0, 0x6, {[@sack={0x5, 0xe, [0x1f, 0x7fff, 0x8]}, @generic={0x8, 0x2}, @mptcp=@remove_addr={0x1e, 0xb0, 0x9, 0x0, "4a6ca677348636886c0790688784acc57e6778cad1fda343cd7984548999c9c20c9b7bd772adca7dc1ebb60a37ada4e976f908a1ba9688df93972b6a0053ea80d9c7a2f3b97114fb7162b1d5bf33fb813290c2cd5cfe525689c33f0cb3be4a6b0fb4e64fcc417d933c755fa4d24320097fd19f94d210ba3bbab09c913cef37c25efa4d3979c6ed2ced0cdc3aa2b9a0963985f54f7c8df7942dc41e8575f7ca926115eb79ef6f686e6d2de19179"}, @mptcp=@syn={0x1e, 0xc, 0x4, 0x1, 0x9, 0x8, 0x400}, @sack_perm={0x4, 0x2}, @window={0x3, 0x3, 0x1f}, @nop, @exp_fastopen={0xfe, 0xa, 0xf989, "4e00e1e6f7a1"}]}}, {"3035876caa56c219577034a6fc9ed90a510bcf342fc5c2594c998ad66e4601ce29c62f6f2d141e3f0c479e77d5b822bf020fb3e543416c045a334e625ea44fc3ac77fa406cdfe61d0fe724bd"}}}}}}}, 0x170)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)

03:35:32 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x5ea1, &(0x7f0000000240)={0x0, 0x8, 0x8, 0x0, 0x26})
r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x1f, 0xa001)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x30494044}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x1c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_I_TEI={0x8, 0x8, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x100}, 0x4040004)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r2, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
socket$packet(0x11, 0x3, 0x300)

03:35:32 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
syz_io_uring_setup(0x4e6b, &(0x7f0000000000)={0x0, 0xf450, 0x200, 0x1, 0x1ab, 0x0, r2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000180))
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x8010, r1, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r3, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x10010, r3, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
syz_io_uring_setup(0x4e6b, &(0x7f0000000000)={0x0, 0xf450, 0x200, 0x1, 0x1ab, 0x0, r2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000180)) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x8010, r1, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r3, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x10010, r3, 0x0) (async)

03:35:32 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x1, 0x24, &(0x7f0000000000)="f3fd4af5b09fcbd3f873783c6581a63acae85f5861d64e832ca511ea7d00129344c45bbf"})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x1, 0x24, &(0x7f0000000000)="f3fd4af5b09fcbd3f873783c6581a63acae85f5861d64e832ca511ea7d00129344c45bbf"}) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)

03:35:32 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x5ea1, &(0x7f0000000240)={0x0, 0x8, 0x8, 0x0, 0x26})
r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x1f, 0xa001)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x30494044}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x1c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_I_TEI={0x8, 0x8, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x100}, 0x4040004)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r2, 0x10000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x5ea1, &(0x7f0000000240)={0x0, 0x8, 0x8, 0x0, 0x26}) (async)
syz_open_dev$mouse(&(0x7f0000000080), 0x1f, 0xa001) (async)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x30494044}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x1c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_I_TEI={0x8, 0x8, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x100}, 0x4040004) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r2, 0x10000000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
socket$packet(0x11, 0x3, 0x300) (async)

03:35:32 executing program 5:
r0 = syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x331b, &(0x7f0000000180)={0x0, 0x2bcf, 0x2, 0x1, 0x49, 0x0, r0}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000fee000/0x12000)=nil, &(0x7f0000000000), &(0x7f00000000c0))
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000200)={0x6, [0x5bc, 0x4], 0x3f}, 0x10)

03:35:32 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x1, 0x24, &(0x7f0000000000)="f3fd4af5b09fcbd3f873783c6581a63acae85f5861d64e832ca511ea7d00129344c45bbf"})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x1, 0x24, &(0x7f0000000000)="f3fd4af5b09fcbd3f873783c6581a63acae85f5861d64e832ca511ea7d00129344c45bbf"}) (async)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)

[ 1563.850204][T26400] FAULT_INJECTION: forcing a failure.
[ 1563.850204][T26400] name failslab, interval 1, probability 0, space 0, times 0
[ 1563.913302][T26400] CPU: 1 PID: 26400 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1563.923377][T26400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1563.933273][T26400] Call Trace:
[ 1563.936417][T26400]  <TASK>
[ 1563.939177][T26400]  dump_stack_lvl+0x151/0x1b7
[ 1563.943687][T26400]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1563.948996][T26400]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 1563.955234][T26400]  dump_stack+0x15/0x17
[ 1563.959223][T26400]  should_fail+0x3c0/0x510
[ 1563.963478][T26400]  __should_failslab+0x9f/0xe0
[ 1563.968076][T26400]  should_failslab+0x9/0x20
[ 1563.972426][T26400]  kmem_cache_alloc+0x4f/0x2f0
[ 1563.977017][T26400]  ? anon_vma_fork+0xf7/0x4f0
[ 1563.981531][T26400]  anon_vma_fork+0xf7/0x4f0
[ 1563.985869][T26400]  ? anon_vma_name+0x43/0x70
[ 1563.990292][T26400]  dup_mmap+0x750/0xea0
[ 1563.994286][T26400]  ? __delayed_free_task+0x20/0x20
[ 1563.999239][T26400]  ? mm_init+0x807/0x960
[ 1564.003316][T26400]  dup_mm+0x91/0x330
[ 1564.007057][T26400]  copy_mm+0x108/0x1b0
[ 1564.011052][T26400]  copy_process+0x1295/0x3250
[ 1564.015551][T26400]  ? proc_fail_nth_write+0x213/0x290
[ 1564.020675][T26400]  ? proc_fail_nth_read+0x220/0x220
[ 1564.025706][T26400]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1564.030651][T26400]  ? vfs_write+0x9af/0x1050
[ 1564.034991][T26400]  kernel_clone+0x22d/0x990
[ 1564.039336][T26400]  ? file_end_write+0x1b0/0x1b0
[ 1564.044018][T26400]  ? __kasan_check_write+0x14/0x20
[ 1564.048964][T26400]  ? create_io_thread+0x1e0/0x1e0
[ 1564.053829][T26400]  ? __mutex_lock_slowpath+0x10/0x10
[ 1564.058947][T26400]  __x64_sys_clone+0x289/0x310
[ 1564.063554][T26400]  ? __do_sys_vfork+0x130/0x130
[ 1564.068240][T26400]  ? debug_smp_processor_id+0x17/0x20
[ 1564.073443][T26400]  do_syscall_64+0x44/0xd0
[ 1564.077783][T26400]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1564.083506][T26400] RIP: 0033:0x7fed39e510c9
[ 1564.087761][T26400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1564.107994][T26400] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1564.116229][T26400] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1564.124041][T26400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1564.131940][T26400] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1564.139752][T26400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1564.147560][T26400] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1564.155374][T26400]  </TASK>
03:35:32 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66)

03:35:32 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1)

[ 1564.250462][T26450] FAULT_INJECTION: forcing a failure.
[ 1564.250462][T26450] name failslab, interval 1, probability 0, space 0, times 0
[ 1564.273439][T26450] CPU: 1 PID: 26450 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1564.283545][T26450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1564.293442][T26450] Call Trace:
[ 1564.296567][T26450]  <TASK>
[ 1564.299341][T26450]  dump_stack_lvl+0x151/0x1b7
[ 1564.303857][T26450]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1564.309156][T26450]  dump_stack+0x15/0x17
[ 1564.313142][T26450]  should_fail+0x3c0/0x510
[ 1564.317396][T26450]  __should_failslab+0x9f/0xe0
[ 1564.321994][T26450]  should_failslab+0x9/0x20
[ 1564.326333][T26450]  kmem_cache_alloc+0x4f/0x2f0
[ 1564.330935][T26450]  ? anon_vma_fork+0x1b9/0x4f0
[ 1564.335540][T26450]  anon_vma_fork+0x1b9/0x4f0
[ 1564.339960][T26450]  dup_mmap+0x750/0xea0
[ 1564.343956][T26450]  ? __delayed_free_task+0x20/0x20
[ 1564.348902][T26450]  ? mm_init+0x807/0x960
[ 1564.352978][T26450]  dup_mm+0x91/0x330
[ 1564.356719][T26450]  copy_mm+0x108/0x1b0
[ 1564.360616][T26450]  copy_process+0x1295/0x3250
[ 1564.365133][T26450]  ? proc_fail_nth_write+0x213/0x290
[ 1564.370249][T26450]  ? proc_fail_nth_read+0x220/0x220
[ 1564.375288][T26450]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1564.380231][T26450]  ? vfs_write+0x9af/0x1050
[ 1564.384572][T26450]  kernel_clone+0x22d/0x990
[ 1564.388910][T26450]  ? file_end_write+0x1b0/0x1b0
[ 1564.393600][T26450]  ? __kasan_check_write+0x14/0x20
[ 1564.398544][T26450]  ? create_io_thread+0x1e0/0x1e0
[ 1564.403416][T26450]  ? __mutex_lock_slowpath+0x10/0x10
[ 1564.408527][T26450]  __x64_sys_clone+0x289/0x310
[ 1564.413214][T26450]  ? __do_sys_vfork+0x130/0x130
[ 1564.417901][T26450]  ? debug_smp_processor_id+0x17/0x20
[ 1564.423107][T26450]  do_syscall_64+0x44/0xd0
[ 1564.427361][T26450]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1564.433088][T26450] RIP: 0033:0x7fed39e510c9
[ 1564.437341][T26450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1564.456782][T26450] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1564.465025][T26450] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1564.472838][T26450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1564.480735][T26450] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1564.488572][T26450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:33 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0xc0ffff)

03:35:33 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x5ea1, &(0x7f0000000240)={0x0, 0x8, 0x8, 0x0, 0x26}) (async)
r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x1f, 0xa001)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x30494044}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x1c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_I_TEI={0x8, 0x8, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x100}, 0x4040004)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, r2, 0x10000000) (async, rerun: 32)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async, rerun: 32)
socket$packet(0x11, 0x3, 0x300)

03:35:33 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:33 executing program 1:
io_uring_setup(0x54a, &(0x7f0000000240)={0x0, 0x0, 0x4, 0x1, 0x2ad})
socket$can_raw(0x1d, 0x3, 0x1)

03:35:33 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1)

03:35:33 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:33 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:33 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1c8}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:33 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1c8}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1c8}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)

03:35:33 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1c8}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1564.496359][T26450] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1564.504182][T26450]  </TASK>
[ 1564.515136][T26450] ==================================================================
[ 1564.523027][T26450] BUG: KASAN: use-after-free in vm_area_free+0x7e/0x230
[ 1564.529805][T26450] Write of size 4 at addr ffff888117cc1e38 by task syz-executor.0/26450
[ 1564.538043][T26450] 
[ 1564.540211][T26450] CPU: 0 PID: 26450 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1564.550286][T26450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1564.560175][T26450] Call Trace:
[ 1564.564080][T26450]  <TASK>
[ 1564.566864][T26450]  dump_stack_lvl+0x151/0x1b7
[ 1564.571375][T26450]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1564.576666][T26450]  ? panic+0x727/0x727
[ 1564.580569][T26450]  ? slab_free_freelist_hook+0xc9/0x1a0
[ 1564.585954][T26450]  print_address_description+0x87/0x3d0
[ 1564.591336][T26450]  kasan_report+0x1a6/0x1f0
[ 1564.595686][T26450]  ? vm_area_free+0x7e/0x230
[ 1564.600096][T26450]  ? vm_area_free+0x7e/0x230
[ 1564.604525][T26450]  kasan_check_range+0x2aa/0x2e0
[ 1564.609387][T26450]  __kasan_check_write+0x14/0x20
[ 1564.614159][T26450]  vm_area_free+0x7e/0x230
[ 1564.618412][T26450]  dup_mmap+0xbcd/0xea0
[ 1564.622406][T26450]  ? __delayed_free_task+0x20/0x20
[ 1564.627351][T26450]  ? mm_init+0x807/0x960
[ 1564.631439][T26450]  dup_mm+0x91/0x330
[ 1564.635164][T26450]  copy_mm+0x108/0x1b0
[ 1564.639070][T26450]  copy_process+0x1295/0x3250
[ 1564.643584][T26450]  ? proc_fail_nth_write+0x213/0x290
[ 1564.648701][T26450]  ? proc_fail_nth_read+0x220/0x220
[ 1564.653735][T26450]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1564.658686][T26450]  ? vfs_write+0x9af/0x1050
[ 1564.663039][T26450]  kernel_clone+0x22d/0x990
[ 1564.667375][T26450]  ? file_end_write+0x1b0/0x1b0
[ 1564.672311][T26450]  ? __kasan_check_write+0x14/0x20
[ 1564.677255][T26450]  ? create_io_thread+0x1e0/0x1e0
[ 1564.682116][T26450]  ? __mutex_lock_slowpath+0x10/0x10
[ 1564.687253][T26450]  __x64_sys_clone+0x289/0x310
[ 1564.691843][T26450]  ? __do_sys_vfork+0x130/0x130
[ 1564.696529][T26450]  ? debug_smp_processor_id+0x17/0x20
[ 1564.701732][T26450]  do_syscall_64+0x44/0xd0
[ 1564.705988][T26450]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1564.711715][T26450] RIP: 0033:0x7fed39e510c9
[ 1564.715972][T26450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1564.735412][T26450] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1564.743649][T26450] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1564.751462][T26450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1564.759307][T26450] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1564.767084][T26450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1564.774900][T26450] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1564.782713][T26450]  </TASK>
[ 1564.785571][T26450] 
[ 1564.787743][T26450] Allocated by task 8846:
[ 1564.791909][T26450]  __kasan_slab_alloc+0xb2/0xe0
[ 1564.796593][T26450]  kmem_cache_alloc+0x189/0x2f0
[ 1564.801279][T26450]  vm_area_dup+0x26/0x1d0
[ 1564.805445][T26450]  dup_mmap+0x6b8/0xea0
[ 1564.809449][T26450]  dup_mm+0x91/0x330
[ 1564.813299][T26450]  copy_mm+0x108/0x1b0
[ 1564.817165][T26450]  copy_process+0x1295/0x3250
[ 1564.821676][T26450]  kernel_clone+0x22d/0x990
[ 1564.826014][T26450]  __x64_sys_clone+0x289/0x310
[ 1564.830617][T26450]  do_syscall_64+0x44/0xd0
[ 1564.834873][T26450]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1564.840596][T26450] 
[ 1564.842853][T26450] Freed by task 26439:
[ 1564.846763][T26450]  kasan_set_track+0x4c/0x70
[ 1564.851187][T26450]  kasan_set_free_info+0x23/0x40
[ 1564.855958][T26450]  ____kasan_slab_free+0x126/0x160
[ 1564.860904][T26450]  __kasan_slab_free+0x11/0x20
[ 1564.865507][T26450]  slab_free_freelist_hook+0xc9/0x1a0
[ 1564.870716][T26450]  kmem_cache_free+0x11a/0x2e0
[ 1564.875310][T26450]  vm_area_free+0x1ae/0x230
[ 1564.879651][T26450]  exit_mmap+0x5dd/0x7a0
[ 1564.883730][T26450]  __mmput+0x95/0x300
[ 1564.887552][T26450]  mmput+0x50/0x60
[ 1564.891109][T26450]  exit_mm+0x50d/0x760
[ 1564.895015][T26450]  do_exit+0x63c/0x24d0
[ 1564.899008][T26450]  do_group_exit+0x13a/0x300
[ 1564.903434][T26450]  get_signal+0x77e/0x1600
[ 1564.907686][T26450]  arch_do_signal_or_restart+0x9f/0x670
[ 1564.913153][T26450]  exit_to_user_mode_loop+0xd4/0x110
[ 1564.918276][T26450]  syscall_exit_to_user_mode+0x79/0xc0
[ 1564.923583][T26450]  do_syscall_64+0x50/0xd0
[ 1564.927821][T26450]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1564.933550][T26450] 
[ 1564.935719][T26450] The buggy address belongs to the object at ffff888117cc1de0
[ 1564.935719][T26450]  which belongs to the cache vm_area_struct of size 232
[ 1564.949871][T26450] The buggy address is located 88 bytes inside of
[ 1564.949871][T26450]  232-byte region [ffff888117cc1de0, ffff888117cc1ec8)
[ 1564.962896][T26450] The buggy address belongs to the page:
[ 1564.968359][T26450] page:ffffea00045f3040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117cc1
[ 1564.978429][T26450] flags: 0x4000000000000200(slab|zone=1)
[ 1564.983905][T26450] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100274a80
[ 1564.992320][T26450] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
[ 1565.001509][T26450] page dumped because: kasan: bad access detected
[ 1565.007763][T26450] page_owner tracks the page as allocated
[ 1565.013313][T26450] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 8979, ts 1367778537115, free_ts 1367773656619
[ 1565.029452][T26450]  post_alloc_hook+0x1ab/0x1b0
[ 1565.034051][T26450]  get_page_from_freelist+0x38b/0x400
[ 1565.039259][T26450]  __alloc_pages+0x3a8/0x7c0
[ 1565.043681][T26450]  allocate_slab+0x62/0x580
[ 1565.048023][T26450]  ___slab_alloc+0x2e2/0x6f0
[ 1565.052448][T26450]  __slab_alloc+0x4a/0x90
[ 1565.056623][T26450]  kmem_cache_alloc+0x205/0x2f0
[ 1565.061303][T26450]  vm_area_dup+0x26/0x1d0
[ 1565.065467][T26450]  dup_mmap+0x6b8/0xea0
[ 1565.069459][T26450]  dup_mm+0x91/0x330
[ 1565.073195][T26450]  copy_mm+0x108/0x1b0
[ 1565.077100][T26450]  copy_process+0x1295/0x3250
[ 1565.081618][T26450]  kernel_clone+0x22d/0x990
[ 1565.085952][T26450]  __x64_sys_clone+0x289/0x310
[ 1565.090640][T26450]  do_syscall_64+0x44/0xd0
[ 1565.094893][T26450]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1565.100621][T26450] page last free stack trace:
[ 1565.105219][T26450]  free_pcp_prepare+0x448/0x450
[ 1565.109907][T26450]  free_unref_page+0x9c/0x370
[ 1565.114420][T26450]  __free_pages+0xd8/0x100
[ 1565.118671][T26450]  __vunmap+0x846/0x980
[ 1565.122663][T26450]  free_work+0x66/0x90
[ 1565.126571][T26450]  process_one_work+0x6db/0xc00
[ 1565.131258][T26450]  worker_thread+0xb3e/0x1340
[ 1565.135770][T26450]  kthread+0x41c/0x500
[ 1565.139674][T26450]  ret_from_fork+0x1f/0x30
[ 1565.143932][T26450] 
[ 1565.146096][T26450] Memory state around the buggy address:
[ 1565.151569][T26450]  ffff888117cc1d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1565.159469][T26450]  ffff888117cc1d80: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[ 1565.167366][T26450] >ffff888117cc1e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1565.175440][T26450]                                         ^
[ 1565.181174][T26450]  ffff888117cc1e80: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[ 1565.189073][T26450]  ffff888117cc1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1565.196962][T26450] ==================================================================
[ 1565.204863][T26450] Disabling lock debugging due to kernel taint
03:35:34 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67)

03:35:34 executing program 5:
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r0=>0x0})
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_LINK={0x8, 0x1, r0}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}]}, 0x2c}}, 0x80881)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:34 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0xf0ff1f)

03:35:34 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1)

03:35:34 executing program 1:
io_uring_setup(0x54a, &(0x7f0000000240)={0x0, 0x0, 0x4, 0x1, 0x2ad}) (async)
socket$can_raw(0x1d, 0x3, 0x1)

03:35:34 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x50, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_FILTER(r2, 0x0, 0x2, &(0x7f0000000080)={0x400, [0x401, 0x7ff], 0x20}, 0x10)

03:35:34 executing program 5:
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r0=>0x0})
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_LINK={0x8, 0x1, r0}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}]}, 0x2c}}, 0x80881) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:34 executing program 1:
io_uring_setup(0x54a, &(0x7f0000000240)={0x0, 0x0, 0x4, 0x1, 0x2ad})
socket$can_raw(0x1d, 0x3, 0x1)
io_uring_setup(0x54a, &(0x7f0000000240)={0x0, 0x0, 0x4, 0x1, 0x2ad}) (async)
socket$can_raw(0x1d, 0x3, 0x1) (async)

03:35:34 executing program 5:
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r0=>0x0})
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_LINK={0x8, 0x1, r0}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}]}, 0x2c}}, 0x80881)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:34 executing program 3:
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x6)
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x1, 'bond_slave_0\x00', {}, 0x8})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
getdents(0xffffffffffffffff, &(0x7f0000000240)=""/4096, 0x1000)

03:35:34 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x50, r1, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async, rerun: 32)
setsockopt$bt_hci_HCI_FILTER(r2, 0x0, 0x2, &(0x7f0000000080)={0x400, [0x401, 0x7ff], 0x20}, 0x10) (rerun: 32)

03:35:34 executing program 5:
getsockopt$IP_SET_OP_GET_BYNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000000c0)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000180)=0x28)
syz_io_uring_setup(0x792c, &(0x7f0000000040)={0x0, 0x0, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x18a00, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000004, 0x10, r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x100010, r0, 0x10000000)

[ 1565.504713][T26490] FAULT_INJECTION: forcing a failure.
[ 1565.504713][T26490] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1565.544824][T26490] CPU: 1 PID: 26490 Comm: syz-executor.0 Tainted: G    B             5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1565.556725][T26490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1565.566615][T26490] Call Trace:
[ 1565.569741][T26490]  <TASK>
[ 1565.572521][T26490]  dump_stack_lvl+0x151/0x1b7
[ 1565.577033][T26490]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1565.582328][T26490]  dump_stack+0x15/0x17
[ 1565.586317][T26490]  should_fail+0x3c0/0x510
[ 1565.590665][T26490]  should_fail_alloc_page+0x58/0x70
[ 1565.595692][T26490]  __alloc_pages+0x1de/0x7c0
[ 1565.600122][T26490]  ? __count_vm_events+0x30/0x30
[ 1565.604896][T26490]  pte_alloc_one+0x73/0x1b0
[ 1565.609230][T26490]  ? pfn_modify_allowed+0x2e0/0x2e0
[ 1565.614269][T26490]  __pte_alloc+0x86/0x350
[ 1565.618522][T26490]  ? is_module_text_address+0xe1/0x140
[ 1565.623815][T26490]  ? free_pgtables+0x210/0x210
[ 1565.628412][T26490]  ? __kernel_text_address+0x9a/0x110
[ 1565.633708][T26490]  ? unwind_get_return_address+0x4c/0x90
[ 1565.639356][T26490]  copy_pte_range+0x1b1f/0x20b0
[ 1565.644040][T26490]  ? stack_trace_save+0x12d/0x1f0
[ 1565.648895][T26490]  ? anon_vma_clone+0xa1/0x4f0
[ 1565.653493][T26490]  ? __kunmap_atomic+0x80/0x80
[ 1565.658190][T26490]  ? dup_mmap+0x750/0xea0
[ 1565.662347][T26490]  ? dup_mm+0x91/0x330
[ 1565.666254][T26490]  ? copy_mm+0x108/0x1b0
[ 1565.670334][T26490]  ? copy_process+0x1295/0x3250
[ 1565.675019][T26490]  ? kernel_clone+0x22d/0x990
[ 1565.679531][T26490]  ? __x64_sys_clone+0x289/0x310
[ 1565.684303][T26490]  ? do_syscall_64+0x44/0xd0
[ 1565.688730][T26490]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1565.694636][T26490]  copy_page_range+0xc1e/0x1090
[ 1565.699323][T26490]  ? pfn_valid+0x1e0/0x1e0
[ 1565.703577][T26490]  dup_mmap+0x99f/0xea0
[ 1565.707569][T26490]  ? __delayed_free_task+0x20/0x20
[ 1565.712513][T26490]  ? mm_init+0x807/0x960
[ 1565.716595][T26490]  dup_mm+0x91/0x330
[ 1565.720325][T26490]  copy_mm+0x108/0x1b0
[ 1565.724229][T26490]  copy_process+0x1295/0x3250
[ 1565.728745][T26490]  ? proc_fail_nth_write+0x213/0x290
[ 1565.733863][T26490]  ? proc_fail_nth_read+0x220/0x220
[ 1565.738994][T26490]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1565.743939][T26490]  ? vfs_write+0x9af/0x1050
[ 1565.748283][T26490]  kernel_clone+0x22d/0x990
[ 1565.752621][T26490]  ? file_end_write+0x1b0/0x1b0
[ 1565.757305][T26490]  ? __kasan_check_write+0x14/0x20
[ 1565.762257][T26490]  ? create_io_thread+0x1e0/0x1e0
[ 1565.767111][T26490]  ? __mutex_lock_slowpath+0x10/0x10
[ 1565.772235][T26490]  __x64_sys_clone+0x289/0x310
[ 1565.776840][T26490]  ? __do_sys_vfork+0x130/0x130
[ 1565.781780][T26490]  ? debug_smp_processor_id+0x17/0x20
[ 1565.786993][T26490]  do_syscall_64+0x44/0xd0
[ 1565.791241][T26490]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1565.796974][T26490] RIP: 0033:0x7fed39e510c9
[ 1565.801238][T26490] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1565.820663][T26490] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1565.829787][T26490] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1565.837760][T26490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1565.845679][T26490] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1565.853470][T26490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1565.861281][T26490] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1565.869096][T26490]  </TASK>
03:35:34 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68)

03:35:34 executing program 1:
io_uring_setup(0x404c, &(0x7f0000000000)={0x0, 0x0, 0x40, 0xfffffffc, 0x1c9})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3, &(0x7f0000000080)=0x6, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x81, 0x4)

03:35:34 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x50, r1, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
setsockopt$bt_hci_HCI_FILTER(r2, 0x0, 0x2, &(0x7f0000000080)={0x400, [0x401, 0x7ff], 0x20}, 0x10)

03:35:34 executing program 3:
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x6)
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x1, 'bond_slave_0\x00', {}, 0x8})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
getdents(0xffffffffffffffff, &(0x7f0000000240)=""/4096, 0x1000)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x6) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x1, 'bond_slave_0\x00', {}, 0x8}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
getdents(0xffffffffffffffff, &(0x7f0000000240)=""/4096, 0x1000) (async)

03:35:34 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x1000000)

03:35:34 executing program 1:
io_uring_setup(0x404c, &(0x7f0000000000)={0x0, 0x0, 0x40, 0xfffffffc, 0x1c9}) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0) (async)
setsockopt$sock_int(r0, 0x1, 0x3, &(0x7f0000000080)=0x6, 0x4) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x81, 0x4)

03:35:34 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x800})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_uring_setup(0x25f9, &(0x7f0000000100)={0x0, 0x7cd4, 0x80, 0x1, 0x2b1, 0x0, r1})

03:35:34 executing program 5:
getsockopt$IP_SET_OP_GET_BYNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000000c0)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000180)=0x28) (async)
syz_io_uring_setup(0x792c, &(0x7f0000000040)={0x0, 0x0, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x18a00, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
socket$can_bcm(0x1d, 0x2, 0x2)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000004, 0x10, r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x100010, r0, 0x10000000)

03:35:34 executing program 3:
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x6)
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x1, 'bond_slave_0\x00', {}, 0x8})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
getdents(0xffffffffffffffff, &(0x7f0000000240)=""/4096, 0x1000)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x6) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x1, 'bond_slave_0\x00', {}, 0x8}) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
getdents(0xffffffffffffffff, &(0x7f0000000240)=""/4096, 0x1000) (async)

03:35:34 executing program 5:
getsockopt$IP_SET_OP_GET_BYNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000000c0)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000180)=0x28) (async)
syz_io_uring_setup(0x792c, &(0x7f0000000040)={0x0, 0x0, 0x40}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x18a00, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000004, 0x10, r1, 0x0) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x100010, r0, 0x10000000)

[ 1565.945688][T26516] FAULT_INJECTION: forcing a failure.
[ 1565.945688][T26516] name failslab, interval 1, probability 0, space 0, times 0
03:35:34 executing program 1:
io_uring_setup(0x404c, &(0x7f0000000000)={0x0, 0x0, 0x40, 0xfffffffc, 0x1c9}) (async, rerun: 64)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (rerun: 64)
getsockname$packet(r0, 0x0, 0x0) (async)
setsockopt$sock_int(r0, 0x1, 0x3, &(0x7f0000000080)=0x6, 0x4) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x81, 0x4)

03:35:34 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x800})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_uring_setup(0x25f9, &(0x7f0000000100)={0x0, 0x7cd4, 0x80, 0x1, 0x2b1, 0x0, r1})

[ 1565.986839][T26516] CPU: 0 PID: 26516 Comm: syz-executor.0 Tainted: G    B             5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1565.998311][T26516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1566.008209][T26516] Call Trace:
[ 1566.011339][T26516]  <TASK>
[ 1566.014192][T26516]  dump_stack_lvl+0x151/0x1b7
[ 1566.018718][T26516]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1566.024178][T26516]  dump_stack+0x15/0x17
[ 1566.028164][T26516]  should_fail+0x3c0/0x510
[ 1566.032449][T26516]  __should_failslab+0x9f/0xe0
[ 1566.037032][T26516]  should_failslab+0x9/0x20
[ 1566.041360][T26516]  kmem_cache_alloc+0x4f/0x2f0
[ 1566.045964][T26516]  ? vm_area_dup+0x26/0x1d0
[ 1566.050735][T26516]  ? __kasan_check_read+0x11/0x20
[ 1566.055593][T26516]  vm_area_dup+0x26/0x1d0
[ 1566.059761][T26516]  dup_mmap+0x6b8/0xea0
[ 1566.063850][T26516]  ? __delayed_free_task+0x20/0x20
[ 1566.068784][T26516]  ? mm_init+0x807/0x960
[ 1566.072863][T26516]  dup_mm+0x91/0x330
[ 1566.076596][T26516]  copy_mm+0x108/0x1b0
[ 1566.080510][T26516]  copy_process+0x1295/0x3250
[ 1566.085015][T26516]  ? proc_fail_nth_write+0x213/0x290
[ 1566.090142][T26516]  ? proc_fail_nth_read+0x220/0x220
[ 1566.095205][T26516]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1566.100125][T26516]  ? vfs_write+0x9af/0x1050
[ 1566.104455][T26516]  kernel_clone+0x22d/0x990
[ 1566.108794][T26516]  ? file_end_write+0x1b0/0x1b0
[ 1566.113491][T26516]  ? __kasan_check_write+0x14/0x20
[ 1566.118431][T26516]  ? create_io_thread+0x1e0/0x1e0
[ 1566.123297][T26516]  ? __mutex_lock_slowpath+0x10/0x10
[ 1566.128513][T26516]  __x64_sys_clone+0x289/0x310
[ 1566.133096][T26516]  ? __do_sys_vfork+0x130/0x130
[ 1566.137798][T26516]  ? debug_smp_processor_id+0x17/0x20
[ 1566.142990][T26516]  do_syscall_64+0x44/0xd0
[ 1566.147245][T26516]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1566.152972][T26516] RIP: 0033:0x7fed39e510c9
[ 1566.157225][T26516] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1566.176881][T26516] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
03:35:35 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69)

03:35:35 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
r0 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x800})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
io_uring_setup(0x25f9, &(0x7f0000000100)={0x0, 0x7cd4, 0x80, 0x1, 0x2b1, 0x0, r1})

03:35:35 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x2000000)

03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x400, 0xfffffffc}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x50, r0, 0x0)

03:35:35 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f0000000140))

03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x400002, 0x2, 0x0, 0x2d7})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x2}, 0x8)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x9}, 0x8)

[ 1566.185125][T26516] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1566.192943][T26516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1566.200744][T26516] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1566.208559][T26516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1566.216366][T26516] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1566.224196][T26516]  </TASK>
03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x400, 0xfffffffc}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x50, r0, 0x0)

03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x400002, 0x2, 0x0, 0x2d7}) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x2}, 0x8) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x9}, 0x8)

03:35:35 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x4ed8, &(0x7f0000000000)={0x0, 0xff23, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:35 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f0000000140))

03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x400, 0xfffffffc}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x50, r0, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x400, 0xfffffffc}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r1, 0x0, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x50, r0, 0x0) (async)

03:35:35 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000000), &(0x7f0000000140))

[ 1566.286155][T26577] FAULT_INJECTION: forcing a failure.
[ 1566.286155][T26577] name failslab, interval 1, probability 0, space 0, times 0
[ 1566.323328][T26577] CPU: 0 PID: 26577 Comm: syz-executor.0 Tainted: G    B             5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1566.334897][T26577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1566.344961][T26577] Call Trace:
[ 1566.348086][T26577]  <TASK>
[ 1566.350853][T26577]  dump_stack_lvl+0x151/0x1b7
[ 1566.355370][T26577]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1566.360771][T26577]  ? do_syscall_64+0x44/0xd0
[ 1566.365267][T26577]  dump_stack+0x15/0x17
[ 1566.369270][T26577]  should_fail+0x3c0/0x510
[ 1566.373509][T26577]  __should_failslab+0x9f/0xe0
[ 1566.378117][T26577]  should_failslab+0x9/0x20
[ 1566.382454][T26577]  kmem_cache_alloc+0x4f/0x2f0
[ 1566.387055][T26577]  ? anon_vma_clone+0xa1/0x4f0
[ 1566.391653][T26577]  anon_vma_clone+0xa1/0x4f0
[ 1566.396076][T26577]  anon_vma_fork+0x91/0x4f0
[ 1566.400434][T26577]  ? anon_vma_name+0x43/0x70
[ 1566.404836][T26577]  dup_mmap+0x750/0xea0
[ 1566.408827][T26577]  ? __delayed_free_task+0x20/0x20
[ 1566.413777][T26577]  ? mm_init+0x807/0x960
[ 1566.417942][T26577]  dup_mm+0x91/0x330
[ 1566.421670][T26577]  copy_mm+0x108/0x1b0
[ 1566.425580][T26577]  copy_process+0x1295/0x3250
[ 1566.430275][T26577]  ? proc_fail_nth_write+0x213/0x290
[ 1566.435394][T26577]  ? proc_fail_nth_read+0x220/0x220
[ 1566.440426][T26577]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1566.446768][T26577]  ? vfs_write+0x9af/0x1050
[ 1566.451194][T26577]  kernel_clone+0x22d/0x990
[ 1566.455530][T26577]  ? file_end_write+0x1b0/0x1b0
[ 1566.460217][T26577]  ? __kasan_check_write+0x14/0x20
[ 1566.465276][T26577]  ? create_io_thread+0x1e0/0x1e0
[ 1566.470112][T26577]  ? __mutex_lock_slowpath+0x10/0x10
[ 1566.475407][T26577]  __x64_sys_clone+0x289/0x310
[ 1566.480007][T26577]  ? __do_sys_vfork+0x130/0x130
[ 1566.484693][T26577]  ? debug_smp_processor_id+0x17/0x20
[ 1566.489898][T26577]  do_syscall_64+0x44/0xd0
[ 1566.494153][T26577]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1566.499879][T26577] RIP: 0033:0x7fed39e510c9
[ 1566.504138][T26577] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1566.523663][T26577] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1566.532005][T26577] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1566.539813][T26577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1566.547626][T26577] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1566.555522][T26577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1566.563336][T26577] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1566.571152][T26577]  </TASK>
03:35:35 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70)

03:35:35 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x4ed8, &(0x7f0000000000)={0x0, 0xff23, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)

03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x400002, 0x2, 0x0, 0x2d7})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x2}, 0x8)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x9}, 0x8)
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x400002, 0x2, 0x0, 0x2d7}) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x2}, 0x8) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x9}, 0x8) (async)

03:35:35 executing program 5:
syz_io_uring_setup(0x6f3d, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000140))
prctl$PR_GET_THP_DISABLE(0x2a)

03:35:35 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x4000000)

03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000000), 0x10)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0xc000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x2810, r1, 0x0)

03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x6d, 0x2, 0x3, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_ext={0x1c, 0x8, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0xb, 0xb, 0x3, 0x4, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x8c}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x19, &(0x7f0000000100)=""/25, 0x1f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xb, 0x1, 0x8001}, 0x10, 0x1554e}, 0x80)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r0, 0xffffffffffffffff, 0x4, r1}, 0x10)

03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000000), 0x10)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0xc000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x2810, r1, 0x0)
syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000000), 0x10) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0xc000, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x2810, r1, 0x0) (async)

03:35:35 executing program 2:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x4ed8, &(0x7f0000000000)={0x0, 0xff23, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r0 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x4ed8, &(0x7f0000000000)={0x0, 0xff23, 0x4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r0, 0x0) (async)

03:35:35 executing program 5:
syz_io_uring_setup(0x6f3d, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000140))
prctl$PR_GET_THP_DISABLE(0x2a)
syz_io_uring_setup(0x6f3d, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
prctl$PR_GET_THP_DISABLE(0x2a) (async)

03:35:35 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x8000000)

03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x6d, 0x2, 0x3, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_ext={0x1c, 0x8, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0xb, 0xb, 0x3, 0x4, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x8c}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x19, &(0x7f0000000100)=""/25, 0x1f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xb, 0x1, 0x8001}, 0x10, 0x1554e}, 0x80)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r0, 0xffffffffffffffff, 0x4, r1}, 0x10)
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x6d, 0x2, 0x3, 0xfffffffc}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_ext={0x1c, 0x8, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0xb, 0xb, 0x3, 0x4, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x8c}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x19, &(0x7f0000000100)=""/25, 0x1f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xb, 0x1, 0x8001}, 0x10, 0x1554e}, 0x80) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r0, 0xffffffffffffffff, 0x4, r1}, 0x10) (async)

[ 1566.689768][T26636] FAULT_INJECTION: forcing a failure.
[ 1566.689768][T26636] name failslab, interval 1, probability 0, space 0, times 0
[ 1566.723295][T26636] CPU: 0 PID: 26636 Comm: syz-executor.0 Tainted: G    B             5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1566.734780][T26636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1566.744656][T26636] Call Trace:
[ 1566.747780][T26636]  <TASK>
[ 1566.750566][T26636]  dump_stack_lvl+0x151/0x1b7
[ 1566.755081][T26636]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1566.760367][T26636]  dump_stack+0x15/0x17
[ 1566.764360][T26636]  should_fail+0x3c0/0x510
[ 1566.768614][T26636]  __should_failslab+0x9f/0xe0
[ 1566.773227][T26636]  should_failslab+0x9/0x20
[ 1566.777553][T26636]  kmem_cache_alloc+0x4f/0x2f0
[ 1566.782154][T26636]  ? anon_vma_clone+0xa1/0x4f0
[ 1566.786750][T26636]  anon_vma_clone+0xa1/0x4f0
[ 1566.791177][T26636]  anon_vma_fork+0x91/0x4f0
[ 1566.795513][T26636]  ? anon_vma_name+0x43/0x70
[ 1566.799943][T26636]  dup_mmap+0x750/0xea0
[ 1566.803934][T26636]  ? __delayed_free_task+0x20/0x20
[ 1566.808882][T26636]  ? mm_init+0x807/0x960
[ 1566.812957][T26636]  dup_mm+0x91/0x330
[ 1566.816693][T26636]  copy_mm+0x108/0x1b0
[ 1566.820599][T26636]  copy_process+0x1295/0x3250
[ 1566.825116][T26636]  ? proc_fail_nth_write+0x213/0x290
[ 1566.830244][T26636]  ? proc_fail_nth_read+0x220/0x220
[ 1566.835270][T26636]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1566.840213][T26636]  ? vfs_write+0x9af/0x1050
[ 1566.844653][T26636]  kernel_clone+0x22d/0x990
[ 1566.848981][T26636]  ? file_end_write+0x1b0/0x1b0
[ 1566.853660][T26636]  ? __kasan_check_write+0x14/0x20
[ 1566.858606][T26636]  ? create_io_thread+0x1e0/0x1e0
[ 1566.863732][T26636]  ? __mutex_lock_slowpath+0x10/0x10
[ 1566.868873][T26636]  __x64_sys_clone+0x289/0x310
[ 1566.873447][T26636]  ? __do_sys_vfork+0x130/0x130
[ 1566.878138][T26636]  ? debug_smp_processor_id+0x17/0x20
[ 1566.883342][T26636]  do_syscall_64+0x44/0xd0
[ 1566.887597][T26636]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1566.893325][T26636] RIP: 0033:0x7fed39e510c9
[ 1566.897606][T26636] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1566.921530][T26636] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1566.929804][T26636] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
03:35:35 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71)

03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x72e5, &(0x7f0000000100), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000000), 0x10) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0xc000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x2810, r1, 0x0)

03:35:35 executing program 5:
syz_io_uring_setup(0x6f3d, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
prctl$PR_GET_THP_DISABLE(0x2a)

03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x6d, 0x2, 0x3, 0xfffffffc})
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_ext={0x1c, 0x8, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0xb, 0xb, 0x3, 0x4, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x8c}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x19, &(0x7f0000000100)=""/25, 0x1f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xb, 0x1, 0x8001}, 0x10, 0x1554e}, 0x80)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r0, 0xffffffffffffffff, 0x4, r1}, 0x10)
io_uring_setup(0x54b, &(0x7f0000000000)={0x0, 0x6d, 0x2, 0x3, 0xfffffffc}) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r0, 0x0, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_ext={0x1c, 0x8, &(0x7f0000000080)=@raw=[@alu={0x4, 0x1, 0xb, 0xb, 0x3, 0x4, 0xfffffffffffffffd}, @call={0x85, 0x0, 0x0, 0x8c}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x19, &(0x7f0000000100)=""/25, 0x1f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xb, 0x1, 0x8001}, 0x10, 0x1554e}, 0x80) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r0, 0xffffffffffffffff, 0x4, r1}, 0x10) (async)

03:35:35 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
prctl$PR_SET_UNALIGN(0x6, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
syz_io_uring_setup(0xe0f, &(0x7f0000000100)={0x0, 0x186f, 0x400, 0x0, 0x11a, 0x0, r2}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r3 = io_uring_setup(0x6e04, &(0x7f00000002c0)={0x0, 0xc06b, 0x0, 0x3, 0x2de, 0x0, r0})
io_uring_setup(0x3fe, &(0x7f0000000340)={0x0, 0xc11, 0x40, 0x3, 0x52, 0x0, r3})

03:35:35 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0xf000000)

03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
io_uring_setup(0x5c90, &(0x7f0000000000)={0x0, 0xeb51, 0x800, 0x2, 0x2f5})

03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x20072a5, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
bind$802154_raw(0xffffffffffffffff, &(0x7f00000000c0)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
r1 = io_uring_setup(0x42fd, &(0x7f0000000000)={0x0, 0x84e5, 0x8, 0x3, 0x65, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x10000000)

03:35:35 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x10080, 0x0)
ioctl$RTC_PIE_OFF(r0, 0x7006)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newrule={0x4c, 0x20, 0x300, 0x70bd2b, 0x25dfdbfe, {0xa, 0x20, 0x14, 0x10, 0xfe, 0x0, 0x0, 0x5, 0x2}, [@FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}, @FRA_DST={0x14, 0x1, @empty}, @FIB_RULE_POLICY=@FRA_TABLE={0x8, 0xf, 0x5}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x14, {0x0, 0xffffffffffffffff}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10004000}, 0x20040805)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

[ 1566.937588][T26636] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1566.945399][T26636] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1566.953211][T26636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1566.961109][T26636] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1566.968924][T26636]  </TASK>
03:35:35 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
io_uring_setup(0x5c90, &(0x7f0000000000)={0x0, 0xeb51, 0x800, 0x2, 0x2f5})
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
io_uring_setup(0x5c90, &(0x7f0000000000)={0x0, 0xeb51, 0x800, 0x2, 0x2f5}) (async)

03:35:35 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async, rerun: 64)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async, rerun: 64)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
prctl$PR_SET_UNALIGN(0x6, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0) (async)
syz_io_uring_setup(0xe0f, &(0x7f0000000100)={0x0, 0x186f, 0x400, 0x0, 0x11a, 0x0, r2}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
r3 = io_uring_setup(0x6e04, &(0x7f00000002c0)={0x0, 0xc06b, 0x0, 0x3, 0x2de, 0x0, r0})
io_uring_setup(0x3fe, &(0x7f0000000340)={0x0, 0xc11, 0x40, 0x3, 0x52, 0x0, r3})

03:35:35 executing program 3:
r0 = syz_io_uring_setup(0x20072a5, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
bind$802154_raw(0xffffffffffffffff, &(0x7f00000000c0)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
r1 = io_uring_setup(0x42fd, &(0x7f0000000000)={0x0, 0x84e5, 0x8, 0x3, 0x65, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x10000000)
syz_io_uring_setup(0x20072a5, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
bind$802154_raw(0xffffffffffffffff, &(0x7f00000000c0)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0) (async)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) (async)
io_uring_setup(0x42fd, &(0x7f0000000000)={0x0, 0x84e5, 0x8, 0x3, 0x65, 0x0, r0}) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x10000000) (async)

[ 1567.041310][T26677] FAULT_INJECTION: forcing a failure.
[ 1567.041310][T26677] name failslab, interval 1, probability 0, space 0, times 0
[ 1567.078534][T26677] CPU: 1 PID: 26677 Comm: syz-executor.0 Tainted: G    B             5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1567.090008][T26677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1567.099984][T26677] Call Trace:
[ 1567.103108][T26677]  <TASK>
[ 1567.105886][T26677]  dump_stack_lvl+0x151/0x1b7
[ 1567.110402][T26677]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1567.115693][T26677]  dump_stack+0x15/0x17
[ 1567.119692][T26677]  should_fail+0x3c0/0x510
[ 1567.123949][T26677]  __should_failslab+0x9f/0xe0
[ 1567.128543][T26677]  should_failslab+0x9/0x20
[ 1567.132881][T26677]  kmem_cache_alloc+0x4f/0x2f0
[ 1567.137487][T26677]  ? anon_vma_clone+0xa1/0x4f0
[ 1567.142080][T26677]  anon_vma_clone+0xa1/0x4f0
[ 1567.146504][T26677]  anon_vma_fork+0x91/0x4f0
[ 1567.150844][T26677]  ? anon_vma_name+0x43/0x70
[ 1567.155358][T26677]  dup_mmap+0x750/0xea0
[ 1567.159517][T26677]  ? __delayed_free_task+0x20/0x20
[ 1567.164406][T26677]  ? mm_init+0x807/0x960
[ 1567.168500][T26677]  dup_mm+0x91/0x330
[ 1567.172217][T26677]  copy_mm+0x108/0x1b0
[ 1567.176125][T26677]  copy_process+0x1295/0x3250
[ 1567.180645][T26677]  ? proc_fail_nth_write+0x213/0x290
[ 1567.185757][T26677]  ? proc_fail_nth_read+0x220/0x220
[ 1567.190790][T26677]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1567.195738][T26677]  ? vfs_write+0x9af/0x1050
[ 1567.200076][T26677]  kernel_clone+0x22d/0x990
[ 1567.204414][T26677]  ? file_end_write+0x1b0/0x1b0
[ 1567.209104][T26677]  ? __kasan_check_write+0x14/0x20
[ 1567.214050][T26677]  ? create_io_thread+0x1e0/0x1e0
[ 1567.218910][T26677]  ? __mutex_lock_slowpath+0x10/0x10
[ 1567.224032][T26677]  __x64_sys_clone+0x289/0x310
[ 1567.228633][T26677]  ? __do_sys_vfork+0x130/0x130
[ 1567.233320][T26677]  ? debug_smp_processor_id+0x17/0x20
[ 1567.238531][T26677]  do_syscall_64+0x44/0xd0
[ 1567.242883][T26677]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1567.248599][T26677] RIP: 0033:0x7fed39e510c9
[ 1567.252857][T26677] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1567.272301][T26677] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1567.280533][T26677] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1567.288346][T26677] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1567.296158][T26677] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1567.303966][T26677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1567.311777][T26677] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1567.319592][T26677]  </TASK>
03:35:36 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72)

03:35:36 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x10080, 0x0)
ioctl$RTC_PIE_OFF(r0, 0x7006)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newrule={0x4c, 0x20, 0x300, 0x70bd2b, 0x25dfdbfe, {0xa, 0x20, 0x14, 0x10, 0xfe, 0x0, 0x0, 0x5, 0x2}, [@FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}, @FRA_DST={0x14, 0x1, @empty}, @FIB_RULE_POLICY=@FRA_TABLE={0x8, 0xf, 0x5}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x14, {0x0, 0xffffffffffffffff}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10004000}, 0x20040805)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x10080, 0x0) (async)
ioctl$RTC_PIE_OFF(r0, 0x7006) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newrule={0x4c, 0x20, 0x300, 0x70bd2b, 0x25dfdbfe, {0xa, 0x20, 0x14, 0x10, 0xfe, 0x0, 0x0, 0x5, 0x2}, [@FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}, @FRA_DST={0x14, 0x1, @empty}, @FIB_RULE_POLICY=@FRA_TABLE={0x8, 0xf, 0x5}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x14, {0x0, 0xffffffffffffffff}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10004000}, 0x20040805) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)

03:35:36 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
io_uring_setup(0x5c90, &(0x7f0000000000)={0x0, 0xeb51, 0x800, 0x2, 0x2f5})

03:35:36 executing program 3:
r0 = syz_io_uring_setup(0x20072a5, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
bind$802154_raw(0xffffffffffffffff, &(0x7f00000000c0)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r0, 0x0)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) (async)
r1 = io_uring_setup(0x42fd, &(0x7f0000000000)={0x0, 0x84e5, 0x8, 0x3, 0x65, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x10000000)

03:35:36 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
prctl$PR_SET_UNALIGN(0x6, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r2, 0x0, 0x0)
syz_io_uring_setup(0xe0f, &(0x7f0000000100)={0x0, 0x186f, 0x400, 0x0, 0x11a, 0x0, r2}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
r3 = io_uring_setup(0x6e04, &(0x7f00000002c0)={0x0, 0xc06b, 0x0, 0x3, 0x2de, 0x0, r0})
io_uring_setup(0x3fe, &(0x7f0000000340)={0x0, 0xc11, 0x40, 0x3, 0x52, 0x0, r3})
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
prctl$PR_SET_UNALIGN(0x6, 0x1) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0) (async)
getsockname$packet(r2, 0x0, 0x0) (async)
syz_io_uring_setup(0xe0f, &(0x7f0000000100)={0x0, 0x186f, 0x400, 0x0, 0x11a, 0x0, r2}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
io_uring_setup(0x6e04, &(0x7f00000002c0)={0x0, 0xc06b, 0x0, 0x3, 0x2de, 0x0, r0}) (async)
io_uring_setup(0x3fe, &(0x7f0000000340)={0x0, 0xc11, 0x40, 0x3, 0x52, 0x0, r3}) (async)

03:35:36 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x10000000)

03:35:36 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000040)={{r0, r1+60000000}, {0x77359400}}, &(0x7f0000000080))

03:35:36 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x10080, 0x0)
ioctl$RTC_PIE_OFF(r0, 0x7006)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newrule={0x4c, 0x20, 0x300, 0x70bd2b, 0x25dfdbfe, {0xa, 0x20, 0x14, 0x10, 0xfe, 0x0, 0x0, 0x5, 0x2}, [@FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}, @FRA_DST={0x14, 0x1, @empty}, @FIB_RULE_POLICY=@FRA_TABLE={0x8, 0xf, 0x5}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x14, {0x0, 0xffffffffffffffff}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10004000}, 0x20040805) (async)
syz_io_uring_setup(0x769b, &(0x7f0000000040)={0x0, 0x0, 0x22}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))

03:35:36 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/page_alloc', 0x80000, 0x100)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)

03:35:36 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000180)={0x0, 0x0, 0x22, 0x0, 0x4000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000000))
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{0x40, 0x3, 0xd8, 0xbd09}, {0x7, 0x0, 0x0, 0x5ac7e118}, {0x3, 0x5, 0x8}, {0x9, 0x52, 0x81, 0x7fff}, {0x3, 0x6, 0x6f, 0xfffffb62}, {0x1ff, 0x2, 0x7, 0x40}, {0x101, 0x1, 0x85, 0xfff}, {0x800, 0x1, 0x0, 0x100}]})

03:35:36 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc})
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000040)={{r0, r1+60000000}, {0x77359400}}, &(0x7f0000000080))

03:35:36 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/page_alloc', 0x80000, 0x100)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/page_alloc', 0x80000, 0x100) (async)
syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0) (async)

[ 1567.492032][T26716] FAULT_INJECTION: forcing a failure.
[ 1567.492032][T26716] name failslab, interval 1, probability 0, space 0, times 0
[ 1567.551810][T26716] CPU: 1 PID: 26716 Comm: syz-executor.0 Tainted: G    B             5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1567.563454][T26716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1567.573350][T26716] Call Trace:
[ 1567.576481][T26716]  <TASK>
[ 1567.579250][T26716]  dump_stack_lvl+0x151/0x1b7
[ 1567.583763][T26716]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1567.589058][T26716]  ? vma_interval_tree_augment_rotate+0x210/0x210
[ 1567.595308][T26716]  dump_stack+0x15/0x17
[ 1567.599301][T26716]  should_fail+0x3c0/0x510
[ 1567.603549][T26716]  __should_failslab+0x9f/0xe0
[ 1567.608151][T26716]  should_failslab+0x9/0x20
[ 1567.612487][T26716]  kmem_cache_alloc+0x4f/0x2f0
[ 1567.617092][T26716]  ? anon_vma_fork+0xf7/0x4f0
[ 1567.621616][T26716]  anon_vma_fork+0xf7/0x4f0
[ 1567.625940][T26716]  ? anon_vma_name+0x43/0x70
[ 1567.630369][T26716]  dup_mmap+0x750/0xea0
[ 1567.634361][T26716]  ? __delayed_free_task+0x20/0x20
[ 1567.639317][T26716]  ? mm_init+0x807/0x960
[ 1567.643390][T26716]  dup_mm+0x91/0x330
[ 1567.647120][T26716]  copy_mm+0x108/0x1b0
[ 1567.651121][T26716]  copy_process+0x1295/0x3250
[ 1567.655639][T26716]  ? proc_fail_nth_write+0x213/0x290
[ 1567.660760][T26716]  ? proc_fail_nth_read+0x220/0x220
[ 1567.666061][T26716]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1567.671001][T26716]  ? vfs_write+0x9af/0x1050
[ 1567.675340][T26716]  kernel_clone+0x22d/0x990
[ 1567.679677][T26716]  ? file_end_write+0x1b0/0x1b0
[ 1567.684369][T26716]  ? __kasan_check_write+0x14/0x20
[ 1567.689314][T26716]  ? create_io_thread+0x1e0/0x1e0
[ 1567.694172][T26716]  ? __mutex_lock_slowpath+0x10/0x10
[ 1567.699293][T26716]  __x64_sys_clone+0x289/0x310
[ 1567.703894][T26716]  ? __do_sys_vfork+0x130/0x130
[ 1567.708582][T26716]  ? debug_smp_processor_id+0x17/0x20
[ 1567.713787][T26716]  do_syscall_64+0x44/0xd0
[ 1567.718075][T26716]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1567.723766][T26716] RIP: 0033:0x7fed39e510c9
[ 1567.728051][T26716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1567.747908][T26716] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1567.756421][T26716] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1567.764484][T26716] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1567.772504][T26716] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1567.780365][T26716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1567.788177][T26716] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1567.795993][T26716]  </TASK>
[ 1567.803523][T26716] ------------[ cut here ]------------
[ 1567.809015][T26716] refcount_t: underflow; use-after-free.
[ 1567.814825][T26716] WARNING: CPU: 1 PID: 26716 at lib/refcount.c:28 refcount_warn_saturate+0x165/0x1b0
[ 1567.825149][T26716] Modules linked in:
[ 1567.829018][T26716] CPU: 1 PID: 26716 Comm: syz-executor.0 Tainted: G    B             5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1567.841264][T26716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1567.851653][T26716] RIP: 0010:refcount_warn_saturate+0x165/0x1b0
[ 1567.859542][T26716] Code: c7 40 60 87 85 31 c0 e8 39 2f e0 fe 0f 0b eb 83 e8 d0 bc 0e ff c6 05 1f 3b 9f 04 01 48 c7 c7 a0 60 87 85 31 c0 e8 1b 2f e0 fe <0f> 0b e9 62 ff ff ff e8 af bc 0e ff c6 05 ff 3a 9f 04 01 48 c7 c7
[ 1567.879532][T26716] RSP: 0018:ffffc90002ce7900 EFLAGS: 00010246
[ 1567.885772][T26716] RAX: 4da2232eaf9bc800 RBX: 0000000000000003 RCX: 0000000000040000
[ 1567.893944][T26716] RDX: ffffc900050d9000 RSI: 00000000000174d6 RDI: 00000000000174d7
[ 1567.901742][T26716] RBP: ffffc90002ce7910 R08: ffffffff81584ba9 R09: ffffed103ee265e8
[ 1567.909822][T26716] R10: ffffed103ee265e8 R11: 1ffff1103ee265e7 R12: ffff88811084fc30
[ 1567.921193][T26716] R13: 1ffff11022109f86 R14: 0000000000000003 R15: ffff88812ae7d749
[ 1567.929227][T26716] FS:  00007fed38bc4700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1567.943278][T26716] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1567.949729][T26716] CR2: 00007f0abd11dd70 CR3: 000000014acc7000 CR4: 00000000003506a0
[ 1567.957803][T26716] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1567.966200][T26716] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1567.974187][T26716] Call Trace:
[ 1567.977280][T26716]  <TASK>
[ 1567.980068][T26716]  vm_area_free+0x208/0x230
[ 1567.984692][T26716]  dup_mmap+0xbcd/0xea0
[ 1567.988672][T26716]  ? __delayed_free_task+0x20/0x20
[ 1567.993837][T26716]  ? mm_init+0x807/0x960
[ 1567.997901][T26716]  dup_mm+0x91/0x330
[ 1568.001631][T26716]  copy_mm+0x108/0x1b0
[ 1568.005864][T26716]  copy_process+0x1295/0x3250
[ 1568.010396][T26716]  ? proc_fail_nth_write+0x213/0x290
[ 1568.015830][T26716]  ? proc_fail_nth_read+0x220/0x220
[ 1568.020860][T26716]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1568.027095][T26716]  ? vfs_write+0x9af/0x1050
[ 1568.031457][T26716]  kernel_clone+0x22d/0x990
[ 1568.038543][T26716]  ? file_end_write+0x1b0/0x1b0
[ 1568.043438][T26716]  ? __kasan_check_write+0x14/0x20
[ 1568.048383][T26716]  ? create_io_thread+0x1e0/0x1e0
[ 1568.053474][T26716]  ? __mutex_lock_slowpath+0x10/0x10
[ 1568.058596][T26716]  __x64_sys_clone+0x289/0x310
[ 1568.063206][T26716]  ? __do_sys_vfork+0x130/0x130
[ 1568.068214][T26716]  ? debug_smp_processor_id+0x17/0x20
[ 1568.073722][T26716]  do_syscall_64+0x44/0xd0
[ 1568.077969][T26716]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1568.083948][T26716] RIP: 0033:0x7fed39e510c9
[ 1568.088186][T26716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1568.107921][T26716] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1568.116402][T26716] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1568.124421][T26716] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1568.132220][T26716] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1568.140272][T26716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
03:35:36 executing program 0:
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 73)

03:35:36 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = io_uring_setup(0xda8, &(0x7f0000000100)={0x0, 0x70ec, 0x8, 0x1, 0x195, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000006, 0x1010, r2, 0x10000000)

03:35:36 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000180)={0x0, 0x0, 0x22, 0x0, 0x4000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000000)) (async)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{0x40, 0x3, 0xd8, 0xbd09}, {0x7, 0x0, 0x0, 0x5ac7e118}, {0x3, 0x5, 0x8}, {0x9, 0x52, 0x81, 0x7fff}, {0x3, 0x6, 0x6f, 0xfffffb62}, {0x1ff, 0x2, 0x7, 0x40}, {0x101, 0x1, 0x85, 0xfff}, {0x800, 0x1, 0x0, 0x100}]})

03:35:36 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/page_alloc', 0x80000, 0x100)
r1 = syz_io_uring_setup(0x72e5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa6010, r1, 0x0)

03:35:36 executing program 1:
io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}) (async)
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000040)={{r0, r1+60000000}, {0x77359400}}, &(0x7f0000000080))

03:35:36 executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000)=r0, 0x12)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, &(0x7f00000002c0))
r2 = io_uring_setup(0x120c, &(0x7f0000000240)={0x0, 0xa7ca})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x80004, 0x0, 0x4000013, r2, 0x1ffff000)

03:35:36 executing program 5:
syz_io_uring_setup(0x769b, &(0x7f0000000180)={0x0, 0x0, 0x22, 0x0, 0x4000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000000))
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{0x40, 0x3, 0xd8, 0xbd09}, {0x7, 0x0, 0x0, 0x5ac7e118}, {0x3, 0x5, 0x8}, {0x9, 0x52, 0x81, 0x7fff}, {0x3, 0x6, 0x6f, 0xfffffb62}, {0x1ff, 0x2, 0x7, 0x40}, {0x101, 0x1, 0x85, 0xfff}, {0x800, 0x1, 0x0, 0x100}]})
syz_io_uring_setup(0x769b, &(0x7f0000000180)={0x0, 0x0, 0x22, 0x0, 0x4000}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)) (async)
ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000000)) (async)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{0x40, 0x3, 0xd8, 0xbd09}, {0x7, 0x0, 0x0, 0x5ac7e118}, {0x3, 0x5, 0x8}, {0x9, 0x52, 0x81, 0x7fff}, {0x3, 0x6, 0x6f, 0xfffffb62}, {0x1ff, 0x2, 0x7, 0x40}, {0x101, 0x1, 0x85, 0xfff}, {0x800, 0x1, 0x0, 0x100}]}) (async)

03:35:36 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
r2 = io_uring_setup(0xda8, &(0x7f0000000100)={0x0, 0x70ec, 0x8, 0x1, 0x195, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000006, 0x1010, r2, 0x10000000)

03:35:36 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x110, 0xffffffffffffffff, 0x0)

03:35:36 executing program 1:
r0 = io_uring_setup(0x54b, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x3, 0xfffffffd})
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r1, 0x0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f00000004c0), 0x2000, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
r2 = io_uring_setup(0x4777, &(0x7f00000000c0)={0x0, 0xbc41, 0x10, 0x1, 0x3e8, 0x0, r0})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x42a100, 0x0)
ioctl$RTC_PIE_OFF(r3, 0x7006)
ioctl$RTC_PIE_OFF(r3, 0x7006)
r4 = syz_io_uring_setup(0x3bdb, &(0x7f0000000140)={0x0, 0xa62b, 0x1, 0x2, 0x1cb, 0x0, r2}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000200))
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000025c0), 0x0, 0x0)
getsockname$packet(r5, 0x0, 0x0)
io_uring_setup(0x348c, &(0x7f0000000500)={0x0, 0x4224, 0x200, 0x0, 0x1ce, 0x0, r5})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2, 0x20010, r4, 0x0)
r6 = io_uring_setup(0x61fd, &(0x7f00000002c0)={0x0, 0x7be0, 0x40, 0x80, 0x170, 0x0, r4})
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
syz_io_uring_setup(0x3a37, &(0x7f0000000340)={0x0, 0x3a4e, 0x20, 0x2, 0x189, 0x0, r6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000400))
ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f0000000080))
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
utimensat(r7, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={{0x0, 0xea60}, {0x0, 0x2710}}, 0x0)

[ 1568.148381][T26716] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1568.156397][T26716]  </TASK>
[ 1568.159239][T26716] ---[ end trace 5c9d272821c61d38 ]---
03:35:36 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x110, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x110, 0xffffffffffffffff, 0x0) (async)

03:35:36 executing program 2:
r0 = syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0)
r1 = io_uring_setup(0x120c, &(0x7f0000000240))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0)
r2 = io_uring_setup(0xda8, &(0x7f0000000100)={0x0, 0x70ec, 0x8, 0x1, 0x195, 0x0, r0})
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000006, 0x1010, r2, 0x10000000)
syz_io_uring_setup(0x2413, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), 0x0) (async)
syz_io_uring_setup(0x67d, &(0x7f0000000000)={0x0, 0xff23}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) (async)
io_uring_setup(0x120c, &(0x7f0000000240)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x1ffff000, 0x0, 0x4000013, r1, 0x0) (async)
io_uring_setup(0xda8, &(0x7f0000000100)={0x0, 0x70ec, 0x8, 0x1, 0x195, 0x0, r0}) (async)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000006, 0x1010, r2, 0x10000000) (async)

[ 1568.227004][T26760] FAULT_INJECTION: forcing a failure.
[ 1568.227004][T26760] name failslab, interval 1, probability 0, space 0, times 0
[ 1568.261250][T26760] CPU: 0 PID: 26760 Comm: syz-executor.0 Tainted: G    B   W         5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1568.272723][T26760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1568.282623][T26760] Call Trace:
[ 1568.285745][T26760]  <TASK>
[ 1568.288519][T26760]  dump_stack_lvl+0x151/0x1b7
[ 1568.293035][T26760]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1568.298329][T26760]  dump_stack+0x15/0x17
[ 1568.302321][T26760]  should_fail+0x3c0/0x510
[ 1568.306579][T26760]  __should_failslab+0x9f/0xe0
[ 1568.311175][T26760]  should_failslab+0x9/0x20
[ 1568.314320][T26783] BUG: unable to handle page fault for address: ffffed1800000010
[ 1568.315508][T26760]  kmem_cache_alloc+0x4f/0x2f0
[ 1568.323059][T26783] #PF: supervisor read access in kernel mode
[ 1568.327662][T26760]  ? vm_area_dup+0x26/0x1d0
[ 1568.333559][T26783] #PF: error_code(0x0000) - not-present page
[ 1568.337899][T26760]  vm_area_dup+0x26/0x1d0
[ 1568.344145][T26783] PGD 23fff2067 P4D 23fff2067 PUD 0 
[ 1568.348298][T26760]  dup_mmap+0x6b8/0xea0
[ 1568.348325][T26760]  ? __delayed_free_task+0x20/0x20
[ 1568.353415][T26783] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 1568.357419][T26760]  ? mm_init+0x807/0x960
[ 1568.362354][T26783] CPU: 1 PID: 26783 Comm: syz-executor.4 Tainted: G    B   W         5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 1568.367389][T26760]  dup_mm+0x91/0x330
[ 1568.371549][T26783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1568.383009][T26760]  copy_mm+0x108/0x1b0
[ 1568.386743][T26783] RIP: 0010:__rb_insert_augmented+0x5d9/0x670
[ 1568.396635][T26760]  copy_process+0x1295/0x3250
[ 1568.400539][T26783] Code: 49 89 1f 48 83 e3 fc 43 80 3c 2e 00 74 08 4c 89 e7 e8 1b c3 2c ff 4d 89 3c 24 48 85 db 74 44 4c 8d 73 10 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 58 c2 2c ff 48 8d 43 08 4c 39 63
[ 1568.406445][T26760]  ? proc_fail_nth_write+0x213/0x290
[ 1568.411042][T26783] RSP: 0018:ffffc900035b78a0 EFLAGS: 00010a02
[ 1568.430833][T26760]  ? proc_fail_nth_read+0x220/0x220
[ 1568.435952][T26783] 
[ 1568.441851][T26760]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1568.446895][T26783] RAX: 1ffff11800000010 RBX: ffff88c000000070 RCX: 0000000000000002
[ 1568.449069][T26760]  ? vfs_write+0x9af/0x1050
[ 1568.454177][T26783] RDX: ffff8881339d2780 RSI: 0000000000000189 RDI: 0000000000000189
[ 1568.461989][T26760]  kernel_clone+0x22d/0x990
[ 1568.466500][T26783] RBP: ffffc900035b7908 R08: ffffffff81a721ec R09: ffff88810bf9d878
[ 1568.474314][T26760]  ? file_end_write+0x1b0/0x1b0
[ 1568.478651][T26783] R10: ffffed10217f3b11 R11: 1ffff110217f3b0f R12: ffff88812ae7d748
[ 1568.486463][T26760]  ? __kasan_check_write+0x14/0x20
[ 1568.491150][T26783] R13: dffffc0000000000 R14: ffff88c000000080 R15: ffff88811a9b8be8
[ 1568.498961][T26760]  ? create_io_thread+0x1e0/0x1e0
[ 1568.503909][T26783] FS:  00007f0abbe6c700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1568.511979][T26760]  ? __mutex_lock_slowpath+0x10/0x10
[ 1568.516840][T26783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1568.525610][T26760]  __x64_sys_clone+0x289/0x310
[ 1568.530900][T26783] CR2: ffffed1800000010 CR3: 000000015060f000 CR4: 00000000003506a0
[ 1568.537412][T26760]  ? __do_sys_vfork+0x130/0x130
[ 1568.542052][T26783] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1568.549825][T26760]  ? debug_smp_processor_id+0x17/0x20
[ 1568.554508][T26783] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1568.562321][T26760]  do_syscall_64+0x44/0xd0
[ 1568.567703][T26783] Call Trace:
[ 1568.567713][T26783]  <TASK>
[ 1568.575951][T26760]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1568.580200][T26783]  ? anon_vma_interval_tree_iter_next+0x3b0/0x3b0
[ 1568.583322][T26760] RIP: 0033:0x7fed39e510c9
[ 1568.586099][T26783]  vma_interval_tree_insert_after+0x2cd/0x2e0
[ 1568.591830][T26760] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1568.598080][T26783]  dup_mmap+0x8bd/0xea0
[ 1568.602326][T26760] RSP: 002b:00007fed38bc4118 EFLAGS: 00000246
[ 1568.608233][T26783]  ? __delayed_free_task+0x20/0x20
[ 1568.627858][T26760]  ORIG_RAX: 0000000000000038
[ 1568.631838][T26783]  ? mm_init+0x807/0x960
[ 1568.637745][T26760] RAX: ffffffffffffffda RBX: 00007fed39f70f80 RCX: 00007fed39e510c9
[ 1568.642689][T26783]  dup_mm+0x91/0x330
[ 1568.647200][T26760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1568.651280][T26783]  copy_mm+0x108/0x1b0
[ 1568.659090][T26760] RBP: 00007fed38bc41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1568.662825][T26783]  copy_process+0x1295/0x3250
[ 1568.670634][T26760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1568.674544][T26783]  ? __fdget+0x1cc/0x240
[ 1568.682361][T26760] R13: 00007ffef667485f R14: 00007fed38bc4300 R15: 0000000000022000
[ 1568.686868][T26783]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 1568.694676][T26760]  </TASK>
[ 1568.698754][T26783]  ? vfs_write+0xdd/0x1050
[ 1568.718636][T26783]  kernel_clone+0x22d/0x990
[ 1568.722974][T26783]  ? file_end_write+0x1b0/0x1b0
[ 1568.727661][T26783]  ? create_io_thread+0x1e0/0x1e0
[ 1568.732525][T26783]  __x64_sys_clone+0x289/0x310
[ 1568.737124][T26783]  ? __do_sys_vfork+0x130/0x130
[ 1568.741807][T26783]  ? fpregs_restore_userregs+0x1f0/0x3a0
[ 1568.747281][T26783]  ? switch_fpu_return+0xe/0x10
[ 1568.751966][T26783]  do_syscall_64+0x44/0xd0
[ 1568.756304][T26783]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1568.762212][T26783] RIP: 0033:0x7f0abd0f90c9
[ 1568.766458][T26783] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1568.785900][T26783] RSP: 002b:00007f0abbe6c118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1568.794145][T26783] RAX: ffffffffffffffda RBX: 00007f0abd218f80 RCX: 00007f0abd0f90c9
[ 1568.801957][T26783] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000
[ 1568.809765][T26783] RBP: 00007f0abd154ae9 R08: 00000000200002c0 R09: 00000000200002c0
[ 1568.817576][T26783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1568.825740][T26783] R13: 00007ffea28c73cf R14: 00007f0abbe6c300 R15: 0000000000022000
[ 1568.833549][T26783]  </TASK>
[ 1568.836409][T26783] Modules linked in:
[ 1568.840145][T26783] CR2: ffffed1800000010
[ 1568.844142][T26783] ---[ end trace 5c9d272821c61d39 ]---
[ 1568.849430][T26783] RIP: 0010:__rb_insert_augmented+0x5d9/0x670
[ 1568.855347][T26783] Code: 49 89 1f 48 83 e3 fc 43 80 3c 2e 00 74 08 4c 89 e7 e8 1b c3 2c ff 4d 89 3c 24 48 85 db 74 44 4c 8d 73 10 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 58 c2 2c ff 48 8d 43 08 4c 39 63
[ 1568.874772][T26783] RSP: 0018:ffffc900035b78a0 EFLAGS: 00010a02
[ 1568.880677][T26783] RAX: 1ffff11800000010 RBX: ffff88c000000070 RCX: 0000000000000002
[ 1568.888484][T26783] RDX: ffff8881339d2780 RSI: 0000000000000189 RDI: 0000000000000189
[ 1568.896297][T26783] RBP: ffffc900035b7908 R08: ffffffff81a721ec R09: ffff88810bf9d878
[ 1568.904113][T26783] R10: ffffed10217f3b11 R11: 1ffff110217f3b0f R12: ffff88812ae7d748
[ 1568.911923][T26783] R13: dffffc0000000000 R14: ffff88c000000080 R15: ffff88811a9b8be8
[ 1568.919818][T26783] FS:  00007f0abbe6c700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1568.928584][T26783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1568.935006][T26783] CR2: ffffed1800000010 CR3: 000000015060f000 CR4: 00000000003506a0
[ 1568.942819][T26783] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1568.950629][T26783] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1568.958443][T26783] Kernel panic - not syncing: Fatal exception
[ 1568.964572][T26783] Kernel Offset: disabled
[ 1568.968710][T26783] Rebooting in 86400 seconds..