INK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2835.824712][ T3239] ieee802154 phy0 wpan0: encryption failed: -22
[ 2835.831105][ T3239] ieee802154 phy1 wpan1: encryption failed: -22
01:47:28 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:28 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:28 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:29 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa7", 0xf}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

01:47:29 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0xa61e, 0x1, 0x1, 0x4}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:29 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:29 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:29 executing program 2:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0xa61e, 0x1, 0x1, 0x4}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:29 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:29 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:31 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:31 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:32 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa7", 0xf}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:47:32 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:32 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:32 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:32 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa7", 0xf}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:47:35 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:35 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:35 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:35 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:38 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:38 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:38 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa7", 0xf}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:47:38 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:38 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:38 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:38 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:38 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:38 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:41 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:41 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x4ffe6, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r6, 0xc010f508, &(0x7f0000000000)={0x7, 0x40})
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:41 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:41 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:41 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x4ffe6, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r6, 0xc010f508, &(0x7f0000000000)={0x7, 0x40})
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:41 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x4ffe6, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r6, 0xc010f508, &(0x7f0000000000)={0x7, 0x40})
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:41 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:41 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:44 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:44 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x4ffe6, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:44 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
pipe(&(0x7f0000000080))
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
pipe(&(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:47 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:47 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:47 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:47 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:47 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:47 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:47 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:47 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:47 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:47:47 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:47 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:47:47 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:47:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:50 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:50 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:50 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:50 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:50 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000300)='ip6erspan0\x00', 0x10)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:50 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:50 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:50 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:50 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r5, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:53 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:53 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2862.960033][T24614] ptrace attach of "/root/syz-executor.1"[24612] was attempted by "/root/syz-executor.1"[24614]
01:47:53 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:53 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:53 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2863.081161][T24628] ptrace attach of "/root/syz-executor.1"[24625] was attempted by "/root/syz-executor.1"[24628]
01:47:53 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:53 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2863.173466][T24637] ptrace attach of "/root/syz-executor.1"[24636] was attempted by "/root/syz-executor.1"[24637]
01:47:56 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:56 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080))
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
splice(r0, &(0x7f0000000340)=0x20, 0xffffffffffffffff, &(0x7f0000000380), 0x7fffffff, 0x2)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:56 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080))
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080))
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 2:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:56 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:59 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080))
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 2:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:59 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:59 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 2:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080))
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 2:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
pipe(&(0x7f0000000080))
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 2:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:47:59 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:47:59 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:02 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 2:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@v2={0x2000000, [{0xf8, 0x401}, {0x7, 0x401}]}, 0x14, 0x1)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:02 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r1, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:08 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r1, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:08 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r1, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x0, 0x1}, &(0x7f000064e000/0x3000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4}, 0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:08 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:11 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:11 executing program 1:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:48:11 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:14 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:14 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:14 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:14 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:14 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:14 executing program 0:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:15 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:15 executing program 1:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:48:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:17 executing program 0:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:17 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:17 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:17 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:17 executing program 0:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:18 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:18 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:18 executing program 1:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:48:18 executing program 0:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:20 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:20 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:20 executing program 0:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:20 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:20 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:20 executing program 0:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:21 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:21 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:21 executing program 1:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:23 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:23 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:23 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:23 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:24 executing program 4:
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:24 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:24 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:24 executing program 4:
pipe(0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:24 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:24 executing program 1:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:27 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 4:
pipe(0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:27 executing program 4:
pipe(0x0)
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 1:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2897.259612][ T3239] ieee802154 phy0 wpan0: encryption failed: -22
[ 2897.265940][ T3239] ieee802154 phy1 wpan1: encryption failed: -22
01:48:30 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:30 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:30 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:30 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:33 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:33 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:33 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2904.448093][T22995] Bluetooth: hci4: command 0x0406 tx timeout
01:48:36 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:36 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:36 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:36 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:36 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:39 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:39 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:39 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:42 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:42 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:45 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, 0x0, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:45 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)

01:48:48 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)

01:48:48 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:48 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:48 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)

01:48:51 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, 0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)

01:48:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index, 0x41e}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:51 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:51 executing program 4:
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)

01:48:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0)

01:48:54 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 4:
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:54 executing program 4:
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:54 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:48:57 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:48:57 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:48:57 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 4:
pipe(&(0x7f0000000040))
r0 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:48:57 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:49:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x176}, &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:49:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index, 0x41e}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b1", 0xa}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:49:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:49:03 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:03 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:03 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:49:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:06 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:49:06 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:06 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:49:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:06 executing program 5 (fault-call:13 fault-nth:0):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2936.116869][T25513] FAULT_INJECTION: forcing a failure.
[ 2936.116869][T25513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2936.131556][T25513] CPU: 1 PID: 25513 Comm: syz-executor.5 Not tainted 5.14.0-syzkaller #0
[ 2936.140032][T25513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2936.150106][T25513] Call Trace:
[ 2936.153393][T25513]  dump_stack_lvl+0x1d3/0x29f
[ 2936.158075][T25513]  ? show_regs_print_info+0x12/0x12
[ 2936.163289][T25513]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2936.169027][T25513]  ? lock_release+0x81/0x7b0
[ 2936.173795][T25513]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2936.179434][T25513]  ? snprintf+0xc0/0x110
[ 2936.183681][T25513]  should_fail+0x384/0x4b0
[ 2936.188107][T25513]  _copy_to_user+0x2d/0x130
[ 2936.192610][T25513]  simple_read_from_buffer+0xd9/0x160
[ 2936.197989][T25513]  proc_fail_nth_read+0x195/0x210
[ 2936.203022][T25513]  ? proc_fault_inject_write+0x370/0x370
[ 2936.208661][T25513]  ? rcu_read_lock_sched_held+0x5d/0x110
01:49:06 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2936.214301][T25513]  ? security_file_permission+0x46b/0x5d0
[ 2936.220028][T25513]  ? proc_fault_inject_write+0x370/0x370
[ 2936.225666][T25513]  vfs_read+0x324/0xe30
[ 2936.229834][T25513]  ? kernel_read+0x200/0x200
[ 2936.234424][T25513]  ? trace_lock_release+0x4f/0x150
[ 2936.239540][T25513]  ? read_lock_is_recursive+0x10/0x10
[ 2936.244915][T25513]  ? read_lock_is_recursive+0x10/0x10
[ 2936.250289][T25513]  ? __lock_acquire+0x6100/0x6100
[ 2936.255321][T25513]  ? __lock_acquire+0x6100/0x6100
[ 2936.260360][T25513]  ? __fdget_pos+0x25e/0x2f0
01:49:06 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2936.264957][T25513]  ksys_read+0x171/0x2a0
[ 2936.269204][T25513]  ? vfs_write+0xe60/0xe60
[ 2936.273624][T25513]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2936.279611][T25513]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2936.285623][T25513]  do_syscall_64+0x3d/0xb0
[ 2936.290072][T25513]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2936.295970][T25513] RIP: 0033:0x41937c
01:49:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:06 executing program 2 (fault-call:7 fault-nth:0):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2936.299966][T25513] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2936.319575][T25513] RSP: 002b:00007f592f3dc170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2936.328001][T25513] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041937c
[ 2936.335985][T25513] RDX: 000000000000000f RSI: 00007f592f3dc1e0 RDI: 0000000000000004
[ 2936.343960][T25513] RBP: 00007f592f3dc1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2936.351937][T25513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2936.359913][T25513] R13: 00007ffe89d2b09f R14: 00007f592f3dc300 R15: 0000000000022000
01:49:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2936.400126][T25531] FAULT_INJECTION: forcing a failure.
[ 2936.400126][T25531] name failslab, interval 1, probability 0, space 0, times 0
[ 2936.413017][T25531] CPU: 1 PID: 25531 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2936.421794][T25531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2936.431857][T25531] Call Trace:
[ 2936.435139][T25531]  dump_stack_lvl+0x1d3/0x29f
[ 2936.439832][T25531]  ? show_regs_print_info+0x12/0x12
01:49:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2936.445044][T25531]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2936.450776][T25531]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 2936.456695][T25531]  ? __might_sleep+0x100/0x100
[ 2936.461470][T25531]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2936.467377][T25531]  should_fail+0x384/0x4b0
[ 2936.471818][T25531]  should_failslab+0x5/0x20
[ 2936.476328][T25531]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2936.481536][T25531]  ? percpu_counter_add_batch+0x14a/0x170
[ 2936.487271][T25531]  io_submit_sqes+0x601f/0x9e00
[ 2936.492129][T25531]  ? __might_sleep+0x100/0x100
[ 2936.496923][T25531]  ? io_uring_add_tctx_node+0x330/0x330
[ 2936.502467][T25531]  ? io_uring_add_tctx_node+0x74/0x330
[ 2936.507916][T25531]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2936.513446][T25531]  ? trace_lock_release+0x4f/0x150
[ 2936.518539][T25531]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2936.524064][T25531]  ? __fget_files+0x35a/0x390
[ 2936.528723][T25531]  ? __lock_acquire+0x6100/0x6100
[ 2936.533738][T25531]  ? account_other_time+0x63/0x280
[ 2936.538848][T25531]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2936.544462][T25531]  ? print_irqtrace_events+0x220/0x220
[ 2936.549923][T25531]  ? vtime_user_exit+0x2b2/0x3e0
[ 2936.554847][T25531]  ? __context_tracking_exit+0x7a/0xd0
[ 2936.560305][T25531]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2936.566351][T25531]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2936.571882][T25531]  do_syscall_64+0x3d/0xb0
[ 2936.576284][T25531]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2936.582168][T25531] RIP: 0033:0x4665f9
[ 2936.586041][T25531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2936.605627][T25531] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2936.614027][T25531] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2936.621979][T25531] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2936.629931][T25531] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2936.637914][T25531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2936.645887][T25531] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:09 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:09 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:09 executing program 2 (fault-call:7 fault-nth:1):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2939.034031][T25543] FAULT_INJECTION: forcing a failure.
[ 2939.034031][T25543] name failslab, interval 1, probability 0, space 0, times 0
[ 2939.054108][T25543] CPU: 1 PID: 25543 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2939.062555][T25543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2939.072616][T25543] Call Trace:
[ 2939.075907][T25543]  dump_stack_lvl+0x1d3/0x29f
01:49:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, 0x0, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2939.080594][T25543]  ? show_regs_print_info+0x12/0x12
[ 2939.085811][T25543]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2939.091538][T25543]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 2939.097615][T25543]  ? __might_sleep+0x100/0x100
[ 2939.102390][T25543]  ? __rcu_read_lock+0xb0/0xb0
[ 2939.107199][T25543]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2939.113102][T25543]  should_fail+0x384/0x4b0
[ 2939.117530][T25543]  should_failslab+0x5/0x20
[ 2939.122036][T25543]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2939.127230][T25543]  io_submit_sqes+0x601f/0x9e00
[ 2939.132115][T25543]  ? __might_sleep+0x100/0x100
[ 2939.136883][T25543]  ? io_uring_add_tctx_node+0x330/0x330
[ 2939.142437][T25543]  ? io_uring_add_tctx_node+0x74/0x330
[ 2939.147913][T25543]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2939.153469][T25543]  ? trace_lock_release+0x4f/0x150
[ 2939.158584][T25543]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2939.164158][T25543]  ? __fget_files+0x35a/0x390
[ 2939.168824][T25543]  ? __lock_acquire+0x6100/0x6100
[ 2939.173860][T25543]  ? account_other_time+0x63/0x280
[ 2939.179005][T25543]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2939.184644][T25543]  ? print_irqtrace_events+0x220/0x220
[ 2939.190131][T25543]  ? vtime_user_exit+0x2b2/0x3e0
[ 2939.195067][T25543]  ? __context_tracking_exit+0x7a/0xd0
[ 2939.200524][T25543]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2939.206498][T25543]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2939.212078][T25543]  do_syscall_64+0x3d/0xb0
[ 2939.216502][T25543]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2939.222411][T25543] RIP: 0033:0x4665f9
01:49:09 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2939.226292][T25543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2939.245914][T25543] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2939.254332][T25543] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2939.262292][T25543] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2939.270258][T25543] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
01:49:09 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2939.278242][T25543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2939.286224][T25543] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:09 executing program 2 (fault-call:7 fault-nth:2):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2939.402755][T25564] FAULT_INJECTION: forcing a failure.
[ 2939.402755][T25564] name failslab, interval 1, probability 0, space 0, times 0
[ 2939.427084][T25564] CPU: 1 PID: 25564 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2939.435540][T25564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2939.445602][T25564] Call Trace:
[ 2939.448888][T25564]  dump_stack_lvl+0x1d3/0x29f
[ 2939.453572][T25564]  ? show_regs_print_info+0x12/0x12
[ 2939.458756][T25564]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2939.464459][T25564]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 2939.470337][T25564]  ? __might_sleep+0x100/0x100
[ 2939.475099][T25564]  ? __rcu_read_lock+0xb0/0xb0
[ 2939.479872][T25564]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2939.485755][T25564]  should_fail+0x384/0x4b0
[ 2939.490158][T25564]  should_failslab+0x5/0x20
[ 2939.494638][T25564]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2939.499818][T25564]  io_submit_sqes+0x601f/0x9e00
[ 2939.504651][T25564]  ? __might_sleep+0x100/0x100
[ 2939.509403][T25564]  ? io_uring_add_tctx_node+0x330/0x330
[ 2939.514938][T25564]  ? io_uring_add_tctx_node+0x74/0x330
[ 2939.520383][T25564]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2939.525913][T25564]  ? trace_lock_release+0x4f/0x150
[ 2939.531010][T25564]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2939.536535][T25564]  ? __fget_files+0x35a/0x390
[ 2939.541194][T25564]  ? __lock_acquire+0x6100/0x6100
[ 2939.546216][T25564]  ? account_other_time+0x63/0x280
[ 2939.551306][T25564]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2939.556944][T25564]  ? print_irqtrace_events+0x220/0x220
[ 2939.562400][T25564]  ? vtime_user_exit+0x2b2/0x3e0
[ 2939.567335][T25564]  ? __context_tracking_exit+0x7a/0xd0
[ 2939.572778][T25564]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2939.578741][T25564]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2939.584282][T25564]  do_syscall_64+0x3d/0xb0
[ 2939.588718][T25564]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2939.594621][T25564] RIP: 0033:0x4665f9
[ 2939.598497][T25564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2939.618086][T25564] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2939.626485][T25564] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2939.634440][T25564] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2939.642409][T25564] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
01:49:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2004, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:10 executing program 2 (fault-call:7 fault-nth:3):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2939.650380][T25564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2939.658332][T25564] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 2939.723964][T25571] FAULT_INJECTION: forcing a failure.
[ 2939.723964][T25571] name failslab, interval 1, probability 0, space 0, times 0
[ 2939.740554][T25571] CPU: 1 PID: 25571 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2939.748997][T25571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2939.759144][T25571] Call Trace:
[ 2939.762436][T25571]  dump_stack_lvl+0x1d3/0x29f
[ 2939.767131][T25571]  ? show_regs_print_info+0x12/0x12
[ 2939.772338][T25571]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2939.778090][T25571]  ? __might_sleep+0x100/0x100
[ 2939.782853][T25571]  ? __rcu_read_lock+0xb0/0xb0
[ 2939.787610][T25571]  ? allocate_slab+0x373/0x540
[ 2939.792376][T25571]  should_fail+0x384/0x4b0
[ 2939.796802][T25571]  should_failslab+0x5/0x20
[ 2939.801287][T25571]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2939.806470][T25571]  io_submit_sqes+0x601f/0x9e00
[ 2939.811317][T25571]  ? __might_sleep+0x100/0x100
[ 2939.816076][T25571]  ? io_uring_add_tctx_node+0x330/0x330
[ 2939.821624][T25571]  ? io_uring_add_tctx_node+0x74/0x330
[ 2939.827069][T25571]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2939.832599][T25571]  ? trace_lock_release+0x4f/0x150
[ 2939.837694][T25571]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2939.843237][T25571]  ? __fget_files+0x35a/0x390
[ 2939.847903][T25571]  ? __lock_acquire+0x6100/0x6100
[ 2939.852912][T25571]  ? account_other_time+0x63/0x280
[ 2939.858015][T25571]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2939.863648][T25571]  ? print_irqtrace_events+0x220/0x220
[ 2939.869094][T25571]  ? vtime_user_exit+0x2b2/0x3e0
[ 2939.874028][T25571]  ? __context_tracking_exit+0x7a/0xd0
[ 2939.879492][T25571]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2939.885483][T25571]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2939.891036][T25571]  do_syscall_64+0x3d/0xb0
[ 2939.895439][T25571]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2939.901312][T25571] RIP: 0033:0x4665f9
[ 2939.905190][T25571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2939.924807][T25571] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2939.933228][T25571] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2939.941200][T25571] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2939.949153][T25571] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2939.957106][T25571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2939.965082][T25571] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:12 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:12 executing program 2 (fault-call:7 fault-nth:4):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:12 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0xa, r1, 0x0, 0x0)

[ 2942.072315][T25581] FAULT_INJECTION: forcing a failure.
[ 2942.072315][T25581] name failslab, interval 1, probability 0, space 0, times 0
[ 2942.090963][T25581] CPU: 0 PID: 25581 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2942.099418][T25581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2942.109481][T25581] Call Trace:
[ 2942.112773][T25581]  dump_stack_lvl+0x1d3/0x29f
[ 2942.117473][T25581]  ? show_regs_print_info+0x12/0x12
[ 2942.122678][T25581]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2942.128389][T25581]  ? __might_sleep+0x100/0x100
[ 2942.133140][T25581]  ? __rcu_read_lock+0xb0/0xb0
[ 2942.137987][T25581]  ? allocate_slab+0x373/0x540
[ 2942.142736][T25581]  should_fail+0x384/0x4b0
[ 2942.147142][T25581]  should_failslab+0x5/0x20
[ 2942.151630][T25581]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2942.156818][T25581]  io_submit_sqes+0x601f/0x9e00
[ 2942.161651][T25581]  ? __might_sleep+0x100/0x100
[ 2942.166409][T25581]  ? io_uring_add_tctx_node+0x330/0x330
[ 2942.171939][T25581]  ? io_uring_add_tctx_node+0x74/0x330
[ 2942.177389][T25581]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2942.182922][T25581]  ? trace_lock_release+0x4f/0x150
[ 2942.188024][T25581]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2942.193553][T25581]  ? __fget_files+0x35a/0x390
[ 2942.198270][T25581]  ? __lock_acquire+0x6100/0x6100
[ 2942.203321][T25581]  ? account_other_time+0x63/0x280
[ 2942.208420][T25581]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2942.214034][T25581]  ? print_irqtrace_events+0x220/0x220
[ 2942.219469][T25581]  ? vtime_user_exit+0x2b2/0x3e0
[ 2942.224391][T25581]  ? __context_tracking_exit+0x7a/0xd0
[ 2942.229833][T25581]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2942.235795][T25581]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2942.241346][T25581]  do_syscall_64+0x3d/0xb0
[ 2942.245773][T25581]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2942.251649][T25581] RIP: 0033:0x4665f9
01:49:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2942.255530][T25581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2942.275117][T25581] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2942.283607][T25581] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2942.291565][T25581] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2942.299542][T25581] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2942.307499][T25581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2942.315460][T25581] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:12 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:12 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:12 executing program 2 (fault-call:7 fault-nth:5):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x6, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2942.449560][T25601] FAULT_INJECTION: forcing a failure.
[ 2942.449560][T25601] name failslab, interval 1, probability 0, space 0, times 0
[ 2942.483611][T25601] CPU: 0 PID: 25601 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2942.492070][T25601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2942.502135][T25601] Call Trace:
[ 2942.505418][T25601]  dump_stack_lvl+0x1d3/0x29f
[ 2942.510104][T25601]  ? show_regs_print_info+0x12/0x12
[ 2942.515313][T25601]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2942.521044][T25601]  ? __might_sleep+0x100/0x100
[ 2942.525818][T25601]  ? __rcu_read_lock+0xb0/0xb0
[ 2942.530589][T25601]  ? allocate_slab+0x373/0x540
[ 2942.535365][T25601]  should_fail+0x384/0x4b0
[ 2942.539794][T25601]  should_failslab+0x5/0x20
[ 2942.544307][T25601]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2942.549511][T25601]  io_submit_sqes+0x601f/0x9e00
[ 2942.554351][T25601]  ? __might_sleep+0x100/0x100
[ 2942.559122][T25601]  ? io_uring_add_tctx_node+0x330/0x330
[ 2942.564660][T25601]  ? io_uring_add_tctx_node+0x74/0x330
[ 2942.570108][T25601]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2942.575645][T25601]  ? trace_lock_release+0x4f/0x150
[ 2942.580767][T25601]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2942.586298][T25601]  ? __fget_files+0x35a/0x390
[ 2942.590979][T25601]  ? __lock_acquire+0x6100/0x6100
[ 2942.596012][T25601]  ? account_other_time+0x63/0x280
[ 2942.601126][T25601]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2942.606745][T25601]  ? print_irqtrace_events+0x220/0x220
[ 2942.612191][T25601]  ? vtime_user_exit+0x2b2/0x3e0
[ 2942.617119][T25601]  ? __context_tracking_exit+0x7a/0xd0
[ 2942.622565][T25601]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2942.628530][T25601]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2942.634064][T25601]  do_syscall_64+0x3d/0xb0
[ 2942.638467][T25601]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2942.644344][T25601] RIP: 0033:0x4665f9
[ 2942.648226][T25601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2942.667825][T25601] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2942.676225][T25601] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2942.684179][T25601] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2942.692233][T25601] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
01:49:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, &(0x7f0000000280)=""/95, 0x5f, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2942.700201][T25601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2942.708157][T25601] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:15 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:15 executing program 2 (fault-call:7 fault-nth:6):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:15 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x4, 0x0)

[ 2945.101674][T25617] FAULT_INJECTION: forcing a failure.
[ 2945.101674][T25617] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2945.118207][T25617] CPU: 0 PID: 25617 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2945.126657][T25617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2945.136718][T25617] Call Trace:
[ 2945.139992][T25617]  dump_stack_lvl+0x1d3/0x29f
[ 2945.144662][T25617]  ? show_regs_print_info+0x12/0x12
[ 2945.149870][T25617]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2945.155577][T25617]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2945.161112][T25617]  should_fail+0x384/0x4b0
[ 2945.165516][T25617]  prepare_alloc_pages+0x1d1/0x5a0
[ 2945.170623][T25617]  __alloc_pages+0x14d/0x5f0
[ 2945.175203][T25617]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2945.180473][T25617]  ? trace_lock_release+0x4f/0x150
[ 2945.185573][T25617]  ? alloc_pages+0x3f3/0x500
[ 2945.190149][T25617]  allocate_slab+0xf1/0x540
[ 2945.194637][T25617]  ___slab_alloc+0x1cf/0x350
[ 2945.199209][T25617]  ? io_submit_sqes+0x601f/0x9e00
[ 2945.204218][T25617]  kmem_cache_alloc_bulk+0x180/0x410
[ 2945.209488][T25617]  io_submit_sqes+0x601f/0x9e00
[ 2945.214323][T25617]  ? __might_sleep+0x100/0x100
[ 2945.219086][T25617]  ? io_uring_add_tctx_node+0x330/0x330
[ 2945.224615][T25617]  ? io_uring_add_tctx_node+0x74/0x330
[ 2945.230060][T25617]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2945.235595][T25617]  ? trace_lock_release+0x4f/0x150
[ 2945.240693][T25617]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2945.246222][T25617]  ? __fget_files+0x35a/0x390
[ 2945.250884][T25617]  ? __lock_acquire+0x6100/0x6100
[ 2945.255895][T25617]  ? account_other_time+0x63/0x280
[ 2945.260986][T25617]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2945.266596][T25617]  ? print_irqtrace_events+0x220/0x220
[ 2945.272041][T25617]  ? vtime_user_exit+0x2b2/0x3e0
[ 2945.276982][T25617]  ? __context_tracking_exit+0x7a/0xd0
[ 2945.282452][T25617]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2945.288437][T25617]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2945.293980][T25617]  do_syscall_64+0x3d/0xb0
[ 2945.298398][T25617]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2945.304281][T25617] RIP: 0033:0x4665f9
[ 2945.308178][T25617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2945.327778][T25617] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2945.336174][T25617] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2945.344141][T25617] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2945.352128][T25617] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2945.360091][T25617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2945.368043][T25617] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:15 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:15 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x2000, 0x0)

01:49:15 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:15 executing program 2 (fault-call:7 fault-nth:7):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2945.501304][T25636] FAULT_INJECTION: forcing a failure.
[ 2945.501304][T25636] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2945.518457][T25636] CPU: 1 PID: 25636 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2945.526900][T25636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2945.536963][T25636] Call Trace:
[ 2945.540253][T25636]  dump_stack_lvl+0x1d3/0x29f
[ 2945.544945][T25636]  ? show_regs_print_info+0x12/0x12
[ 2945.550157][T25636]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2945.555895][T25636]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2945.561459][T25636]  should_fail+0x384/0x4b0
[ 2945.565930][T25636]  prepare_alloc_pages+0x1d1/0x5a0
[ 2945.571061][T25636]  __alloc_pages+0x14d/0x5f0
[ 2945.575664][T25636]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2945.580962][T25636]  ? trace_lock_release+0x4f/0x150
[ 2945.586082][T25636]  ? alloc_pages+0x3f3/0x500
[ 2945.590658][T25636]  allocate_slab+0xf1/0x540
[ 2945.595143][T25636]  ___slab_alloc+0x1cf/0x350
[ 2945.599781][T25636]  ? io_submit_sqes+0x601f/0x9e00
[ 2945.604785][T25636]  kmem_cache_alloc_bulk+0x180/0x410
[ 2945.610065][T25636]  io_submit_sqes+0x601f/0x9e00
[ 2945.614898][T25636]  ? __might_sleep+0x100/0x100
[ 2945.619687][T25636]  ? io_uring_add_tctx_node+0x330/0x330
[ 2945.625243][T25636]  ? io_uring_add_tctx_node+0x74/0x330
[ 2945.630686][T25636]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2945.636215][T25636]  ? trace_lock_release+0x4f/0x150
[ 2945.641316][T25636]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2945.646857][T25636]  ? __fget_files+0x35a/0x390
[ 2945.651519][T25636]  ? __lock_acquire+0x6100/0x6100
[ 2945.656525][T25636]  ? account_other_time+0x63/0x280
[ 2945.661620][T25636]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2945.668022][T25636]  ? print_irqtrace_events+0x220/0x220
[ 2945.673475][T25636]  ? vtime_user_exit+0x2b2/0x3e0
[ 2945.678407][T25636]  ? __context_tracking_exit+0x7a/0xd0
[ 2945.683846][T25636]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2945.689900][T25636]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2945.695437][T25636]  do_syscall_64+0x3d/0xb0
[ 2945.699843][T25636]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2945.705716][T25636] RIP: 0033:0x4665f9
[ 2945.709606][T25636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2945.729210][T25636] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2945.737717][T25636] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
01:49:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0}, 0x0)
pipe(&(0x7f0000000080))
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2945.745675][T25636] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2945.753656][T25636] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2945.761613][T25636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2945.769592][T25636] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:16 executing program 2 (fault-call:7 fault-nth:8):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2945.853729][T25652] FAULT_INJECTION: forcing a failure.
[ 2945.853729][T25652] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2945.870217][T25652] CPU: 1 PID: 25652 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2945.878666][T25652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2945.888731][T25652] Call Trace:
[ 2945.892016][T25652]  dump_stack_lvl+0x1d3/0x29f
[ 2945.896698][T25652]  ? show_regs_print_info+0x12/0x12
[ 2945.901903][T25652]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2945.907629][T25652]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2945.913168][T25652]  should_fail+0x384/0x4b0
[ 2945.917697][T25652]  prepare_alloc_pages+0x1d1/0x5a0
[ 2945.922798][T25652]  __alloc_pages+0x14d/0x5f0
[ 2945.927380][T25652]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2945.932652][T25652]  ? trace_lock_release+0x4f/0x150
[ 2945.937750][T25652]  ? alloc_pages+0x3f3/0x500
[ 2945.942340][T25652]  allocate_slab+0xf1/0x540
[ 2945.946828][T25652]  ___slab_alloc+0x1cf/0x350
[ 2945.951418][T25652]  ? io_submit_sqes+0x601f/0x9e00
[ 2945.956441][T25652]  kmem_cache_alloc_bulk+0x180/0x410
[ 2945.961718][T25652]  io_submit_sqes+0x601f/0x9e00
[ 2945.966568][T25652]  ? __might_sleep+0x100/0x100
[ 2945.971341][T25652]  ? io_uring_add_tctx_node+0x330/0x330
[ 2945.976873][T25652]  ? io_uring_add_tctx_node+0x74/0x330
[ 2945.982314][T25652]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2945.987856][T25652]  ? trace_lock_release+0x4f/0x150
[ 2945.992960][T25652]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2945.998502][T25652]  ? __fget_files+0x35a/0x390
[ 2946.003157][T25652]  ? __lock_acquire+0x6100/0x6100
[ 2946.008257][T25652]  ? account_other_time+0x63/0x280
[ 2946.013354][T25652]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2946.018978][T25652]  ? print_irqtrace_events+0x220/0x220
[ 2946.024445][T25652]  ? vtime_user_exit+0x2b2/0x3e0
[ 2946.029362][T25652]  ? __context_tracking_exit+0x7a/0xd0
[ 2946.034803][T25652]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2946.040770][T25652]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2946.046382][T25652]  do_syscall_64+0x3d/0xb0
[ 2946.050784][T25652]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2946.056669][T25652] RIP: 0033:0x4665f9
[ 2946.060544][T25652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2946.080143][T25652] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2946.088542][T25652] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2946.096494][T25652] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2946.104459][T25652] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2946.112685][T25652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2946.120636][T25652] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:18 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:18 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:18 executing program 2 (fault-call:7 fault-nth:9):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:18 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2948.145672][T25665] FAULT_INJECTION: forcing a failure.
[ 2948.145672][T25665] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2948.165715][T25665] CPU: 1 PID: 25665 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2948.174209][T25665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2948.184274][T25665] Call Trace:
[ 2948.187559][T25665]  dump_stack_lvl+0x1d3/0x29f
01:49:18 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2948.192252][T25665]  ? show_regs_print_info+0x12/0x12
[ 2948.197462][T25665]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2948.203205][T25665]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2948.208764][T25665]  should_fail+0x384/0x4b0
[ 2948.213228][T25665]  prepare_alloc_pages+0x1d1/0x5a0
[ 2948.218361][T25665]  __alloc_pages+0x14d/0x5f0
[ 2948.222978][T25665]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2948.228278][T25665]  ? trace_lock_release+0x4f/0x150
[ 2948.233402][T25665]  ? alloc_pages+0x3f3/0x500
[ 2948.238005][T25665]  allocate_slab+0xf1/0x540
[ 2948.242515][T25665]  ___slab_alloc+0x1cf/0x350
[ 2948.247135][T25665]  ? io_submit_sqes+0x601f/0x9e00
[ 2948.252168][T25665]  kmem_cache_alloc_bulk+0x180/0x410
[ 2948.257440][T25665]  io_submit_sqes+0x601f/0x9e00
[ 2948.262277][T25665]  ? __might_sleep+0x100/0x100
[ 2948.267065][T25665]  ? io_uring_add_tctx_node+0x330/0x330
[ 2948.272591][T25665]  ? io_uring_add_tctx_node+0x74/0x330
[ 2948.278034][T25665]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2948.283568][T25665]  ? trace_lock_release+0x4f/0x150
[ 2948.288663][T25665]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2948.294195][T25665]  ? __fget_files+0x35a/0x390
[ 2948.298872][T25665]  ? __lock_acquire+0x6100/0x6100
[ 2948.303881][T25665]  ? account_other_time+0x63/0x280
[ 2948.308974][T25665]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2948.314589][T25665]  ? print_irqtrace_events+0x220/0x220
[ 2948.320046][T25665]  ? vtime_user_exit+0x2b2/0x3e0
[ 2948.324968][T25665]  ? __context_tracking_exit+0x7a/0xd0
[ 2948.330408][T25665]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2948.336480][T25665]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2948.342023][T25665]  do_syscall_64+0x3d/0xb0
[ 2948.346434][T25665]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2948.352415][T25665] RIP: 0033:0x4665f9
[ 2948.356287][T25665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2948.375973][T25665] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2948.384369][T25665] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2948.392336][T25665] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2948.400303][T25665] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2948.408259][T25665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2948.416214][T25665] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:19 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:19 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:49:19 executing program 2 (fault-call:7 fault-nth:10):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:19 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x7f00, 0x0)

01:49:19 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:19 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2948.548035][T25679] FAULT_INJECTION: forcing a failure.
[ 2948.548035][T25679] name failslab, interval 1, probability 0, space 0, times 0
[ 2948.570887][T25679] CPU: 1 PID: 25679 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2948.579348][T25679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2948.589497][T25679] Call Trace:
[ 2948.592784][T25679]  dump_stack_lvl+0x1d3/0x29f
01:49:19 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2948.597474][T25679]  ? show_regs_print_info+0x12/0x12
[ 2948.602701][T25679]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2948.608432][T25679]  ? _raw_spin_unlock+0x24/0x40
[ 2948.613317][T25679]  ? __might_sleep+0x100/0x100
[ 2948.618084][T25679]  ? __rcu_read_lock+0xb0/0xb0
[ 2948.622862][T25679]  should_fail+0x384/0x4b0
[ 2948.627292][T25679]  should_failslab+0x5/0x20
[ 2948.631891][T25679]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2948.637104][T25679]  io_submit_sqes+0x601f/0x9e00
[ 2948.641994][T25679]  ? __might_sleep+0x100/0x100
[ 2948.646790][T25679]  ? io_uring_add_tctx_node+0x330/0x330
[ 2948.652350][T25679]  ? io_uring_add_tctx_node+0x74/0x330
[ 2948.658083][T25679]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2948.663644][T25679]  ? trace_lock_release+0x4f/0x150
[ 2948.668766][T25679]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2948.674314][T25679]  ? __fget_files+0x35a/0x390
[ 2948.677120][T25694] ptrace attach of "/root/syz-executor.1"[25683] was attempted by "/root/syz-executor.1"[25694]
[ 2948.678998][T25679]  ? __lock_acquire+0x6100/0x6100
[ 2948.679024][T25679]  ? account_other_time+0x63/0x280
[ 2948.679042][T25679]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2948.705157][T25679]  ? print_irqtrace_events+0x220/0x220
[ 2948.710601][T25679]  ? vtime_user_exit+0x2b2/0x3e0
[ 2948.715527][T25679]  ? __context_tracking_exit+0x7a/0xd0
[ 2948.720973][T25679]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2948.726987][T25679]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2948.732624][T25679]  do_syscall_64+0x3d/0xb0
[ 2948.737038][T25679]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2948.742922][T25679] RIP: 0033:0x4665f9
[ 2948.746807][T25679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2948.766397][T25679] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2948.774799][T25679] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2948.782759][T25679] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2948.790727][T25679] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2948.798692][T25679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2948.806649][T25679] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:21 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:21 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:21 executing program 0 (fault-call:8 fault-nth:0):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:21 executing program 2 (fault-call:7 fault-nth:11):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2951.160167][T25704] FAULT_INJECTION: forcing a failure.
[ 2951.160167][T25704] name failslab, interval 1, probability 0, space 0, times 0
[ 2951.164208][T25703] FAULT_INJECTION: forcing a failure.
[ 2951.164208][T25703] name failslab, interval 1, probability 0, space 0, times 0
[ 2951.174774][T25704] CPU: 1 PID: 25704 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2951.193933][T25704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2951.203992][T25704] Call Trace:
[ 2951.207294][T25704]  dump_stack_lvl+0x1d3/0x29f
[ 2951.211972][T25704]  ? show_regs_print_info+0x12/0x12
[ 2951.217159][T25704]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2951.222872][T25704]  ? _raw_spin_unlock+0x24/0x40
[ 2951.227712][T25704]  ? __might_sleep+0x100/0x100
[ 2951.232486][T25704]  ? __rcu_read_lock+0xb0/0xb0
[ 2951.237246][T25704]  should_fail+0x384/0x4b0
[ 2951.241663][T25704]  should_failslab+0x5/0x20
[ 2951.246176][T25704]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2951.251374][T25704]  io_submit_sqes+0x601f/0x9e00
[ 2951.256225][T25704]  ? __might_sleep+0x100/0x100
[ 2951.261000][T25704]  ? io_uring_add_tctx_node+0x330/0x330
[ 2951.266551][T25704]  ? io_uring_add_tctx_node+0x74/0x330
[ 2951.272005][T25704]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2951.277560][T25704]  ? trace_lock_release+0x4f/0x150
[ 2951.282670][T25704]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2951.288210][T25704]  ? __fget_files+0x35a/0x390
[ 2951.292910][T25704]  ? __lock_acquire+0x6100/0x6100
[ 2951.297943][T25704]  ? account_other_time+0x63/0x280
[ 2951.303059][T25704]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2951.308692][T25704]  ? print_irqtrace_events+0x220/0x220
[ 2951.314158][T25704]  ? vtime_user_exit+0x2b2/0x3e0
[ 2951.319357][T25704]  ? __context_tracking_exit+0x7a/0xd0
[ 2951.324810][T25704]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2951.330787][T25704]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2951.336331][T25704]  do_syscall_64+0x3d/0xb0
[ 2951.340743][T25704]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2951.346627][T25704] RIP: 0033:0x4665f9
[ 2951.350515][T25704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2951.370130][T25704] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2951.378538][T25704] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2951.386504][T25704] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2951.394465][T25704] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2951.402447][T25704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2951.410428][T25704] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 2951.418405][T25703] CPU: 0 PID: 25703 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2951.426834][T25703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2951.436929][T25703] Call Trace:
[ 2951.440221][T25703]  dump_stack_lvl+0x1d3/0x29f
[ 2951.444912][T25703]  ? show_regs_print_info+0x12/0x12
[ 2951.450127][T25703]  ? log_buf_vmcoreinfo_setup+0x498/0x498
01:49:21 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2951.455855][T25703]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 2951.461762][T25703]  ? __might_sleep+0x100/0x100
[ 2951.466537][T25703]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2951.472442][T25703]  should_fail+0x384/0x4b0
[ 2951.476872][T25703]  should_failslab+0x5/0x20
[ 2951.481380][T25703]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2951.486599][T25703]  ? percpu_counter_add_batch+0x14a/0x170
[ 2951.492421][T25703]  io_submit_sqes+0x601f/0x9e00
[ 2951.497264][T25703]  ? __might_sleep+0x100/0x100
[ 2951.502030][T25703]  ? io_uring_add_tctx_node+0x330/0x330
[ 2951.507575][T25703]  ? io_uring_add_tctx_node+0x74/0x330
[ 2951.513015][T25703]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2951.518547][T25703]  ? trace_lock_release+0x4f/0x150
[ 2951.523640][T25703]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2951.529166][T25703]  ? __fget_files+0x35a/0x390
[ 2951.533827][T25703]  ? __lock_acquire+0x6100/0x6100
[ 2951.538867][T25703]  ? account_other_time+0x63/0x280
[ 2951.543977][T25703]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2951.549594][T25703]  ? print_irqtrace_events+0x220/0x220
[ 2951.555034][T25703]  ? vtime_user_exit+0x2b2/0x3e0
[ 2951.559971][T25703]  ? __context_tracking_exit+0x7a/0xd0
[ 2951.565417][T25703]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2951.571399][T25703]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2951.576928][T25703]  do_syscall_64+0x3d/0xb0
[ 2951.581331][T25703]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2951.587219][T25703] RIP: 0033:0x4665f9
[ 2951.591095][T25703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:49:22 executing program 2 (fault-call:7 fault-nth:12):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:22 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x200000, 0x0)

[ 2951.610690][T25703] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2951.619108][T25703] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2951.627064][T25703] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2951.635040][T25703] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2951.643003][T25703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2951.650967][T25703] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:22 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:22 executing program 0 (fault-call:8 fault-nth:1):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2951.735905][T25721] FAULT_INJECTION: forcing a failure.
[ 2951.735905][T25721] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2951.767953][T25727] FAULT_INJECTION: forcing a failure.
[ 2951.767953][T25727] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2951.769473][T25721] CPU: 1 PID: 25721 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2951.789603][T25721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2951.799746][T25721] Call Trace:
[ 2951.803047][T25721]  dump_stack_lvl+0x1d3/0x29f
[ 2951.807723][T25721]  ? show_regs_print_info+0x12/0x12
[ 2951.812927][T25721]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2951.818650][T25721]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2951.824194][T25721]  should_fail+0x384/0x4b0
[ 2951.828613][T25721]  prepare_alloc_pages+0x1d1/0x5a0
[ 2951.833725][T25721]  __alloc_pages+0x14d/0x5f0
[ 2951.838315][T25721]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2951.843595][T25721]  ? trace_lock_release+0x4f/0x150
[ 2951.848713][T25721]  ? alloc_pages+0x3f3/0x500
[ 2951.853298][T25721]  allocate_slab+0xf1/0x540
[ 2951.857794][T25721]  ___slab_alloc+0x1cf/0x350
[ 2951.862373][T25721]  ? io_submit_sqes+0x601f/0x9e00
[ 2951.867395][T25721]  kmem_cache_alloc_bulk+0x180/0x410
[ 2951.872676][T25721]  io_submit_sqes+0x601f/0x9e00
[ 2951.877518][T25721]  ? __might_sleep+0x100/0x100
[ 2951.882294][T25721]  ? io_uring_add_tctx_node+0x330/0x330
[ 2951.887844][T25721]  ? io_uring_add_tctx_node+0x74/0x330
[ 2951.893311][T25721]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2951.898864][T25721]  ? trace_lock_release+0x4f/0x150
[ 2951.904000][T25721]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2951.909542][T25721]  ? __fget_files+0x35a/0x390
[ 2951.914214][T25721]  ? __lock_acquire+0x6100/0x6100
[ 2951.919232][T25721]  ? account_other_time+0x63/0x280
[ 2951.924336][T25721]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2951.929961][T25721]  ? print_irqtrace_events+0x220/0x220
[ 2951.935420][T25721]  ? vtime_user_exit+0x2b2/0x3e0
[ 2951.940360][T25721]  ? __context_tracking_exit+0x7a/0xd0
[ 2951.945813][T25721]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2951.951786][T25721]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2951.957325][T25721]  do_syscall_64+0x3d/0xb0
[ 2951.961737][T25721]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2951.967620][T25721] RIP: 0033:0x4665f9
[ 2951.971503][T25721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2951.991193][T25721] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2951.999608][T25721] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2952.007574][T25721] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2952.015540][T25721] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2952.023512][T25721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2952.031499][T25721] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 2952.039479][T25727] CPU: 0 PID: 25727 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2952.047903][T25727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2952.057951][T25727] Call Trace:
[ 2952.061222][T25727]  dump_stack_lvl+0x1d3/0x29f
[ 2952.065909][T25727]  ? show_regs_print_info+0x12/0x12
[ 2952.071099][T25727]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2952.076815][T25727]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2952.082363][T25727]  should_fail+0x384/0x4b0
[ 2952.086771][T25727]  prepare_alloc_pages+0x1d1/0x5a0
[ 2952.091889][T25727]  __alloc_pages+0x14d/0x5f0
[ 2952.096471][T25727]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2952.101744][T25727]  ? trace_lock_release+0x4f/0x150
[ 2952.106844][T25727]  ? alloc_pages+0x3f3/0x500
[ 2952.111418][T25727]  allocate_slab+0xf1/0x540
[ 2952.115910][T25727]  ___slab_alloc+0x1cf/0x350
[ 2952.120585][T25727]  ? io_submit_sqes+0x601f/0x9e00
[ 2952.125591][T25727]  kmem_cache_alloc_bulk+0x180/0x410
[ 2952.130863][T25727]  io_submit_sqes+0x601f/0x9e00
[ 2952.135695][T25727]  ? __might_sleep+0x100/0x100
[ 2952.140460][T25727]  ? io_uring_add_tctx_node+0x330/0x330
[ 2952.146001][T25727]  ? io_uring_add_tctx_node+0x74/0x330
[ 2952.151445][T25727]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2952.156981][T25727]  ? trace_lock_release+0x4f/0x150
[ 2952.162093][T25727]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2952.167624][T25727]  ? __lock_acquire+0x6100/0x6100
[ 2952.172631][T25727]  ? account_other_time+0x63/0x280
[ 2952.177729][T25727]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2952.183347][T25727]  ? print_irqtrace_events+0x220/0x220
[ 2952.188788][T25727]  ? vtime_user_exit+0x2b2/0x3e0
[ 2952.193722][T25727]  ? __context_tracking_exit+0x7a/0xd0
[ 2952.199167][T25727]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2952.205148][T25727]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2952.210701][T25727]  do_syscall_64+0x3d/0xb0
[ 2952.215108][T25727]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2952.220986][T25727] RIP: 0033:0x4665f9
[ 2952.224949][T25727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2952.244538][T25727] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2952.252940][T25727] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2952.260912][T25727] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2952.268872][T25727] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2952.276837][T25727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
01:49:22 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2952.284789][T25727] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:22 executing program 2 (fault-call:7 fault-nth:13):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:22 executing program 0 (fault-call:8 fault-nth:2):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2952.392006][T25735] FAULT_INJECTION: forcing a failure.
[ 2952.392006][T25735] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2952.396691][T25737] FAULT_INJECTION: forcing a failure.
[ 2952.396691][T25737] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2952.421606][T25735] CPU: 1 PID: 25735 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2952.430046][T25735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2952.440110][T25735] Call Trace:
[ 2952.443384][T25735]  dump_stack_lvl+0x1d3/0x29f
[ 2952.448067][T25735]  ? show_regs_print_info+0x12/0x12
[ 2952.453257][T25735]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2952.458970][T25735]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2952.464515][T25735]  should_fail+0x384/0x4b0
[ 2952.469105][T25735]  prepare_alloc_pages+0x1d1/0x5a0
[ 2952.474211][T25735]  __alloc_pages+0x14d/0x5f0
[ 2952.478818][T25735]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2952.484110][T25735]  ? trace_lock_release+0x4f/0x150
[ 2952.489215][T25735]  ? alloc_pages+0x3f3/0x500
[ 2952.493804][T25735]  allocate_slab+0xf1/0x540
[ 2952.498303][T25735]  ___slab_alloc+0x1cf/0x350
[ 2952.502882][T25735]  ? io_submit_sqes+0x601f/0x9e00
[ 2952.507909][T25735]  kmem_cache_alloc_bulk+0x180/0x410
[ 2952.513222][T25735]  io_submit_sqes+0x601f/0x9e00
[ 2952.518082][T25735]  ? __might_sleep+0x100/0x100
[ 2952.522867][T25735]  ? io_uring_add_tctx_node+0x330/0x330
[ 2952.528433][T25735]  ? io_uring_add_tctx_node+0x74/0x330
[ 2952.533912][T25735]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2952.539474][T25735]  ? trace_lock_release+0x4f/0x150
[ 2952.544577][T25735]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2952.550116][T25735]  ? __fget_files+0x35a/0x390
[ 2952.554786][T25735]  ? __lock_acquire+0x6100/0x6100
[ 2952.559805][T25735]  ? account_other_time+0x63/0x280
[ 2952.564904][T25735]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2952.570555][T25735]  ? print_irqtrace_events+0x220/0x220
[ 2952.576003][T25735]  ? vtime_user_exit+0x2b2/0x3e0
[ 2952.580930][T25735]  ? __context_tracking_exit+0x7a/0xd0
[ 2952.586392][T25735]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2952.592369][T25735]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2952.597908][T25735]  do_syscall_64+0x3d/0xb0
[ 2952.602315][T25735]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2952.608202][T25735] RIP: 0033:0x4665f9
[ 2952.612088][T25735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2952.631775][T25735] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2952.640181][T25735] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2952.648140][T25735] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2952.656101][T25735] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2952.664076][T25735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2952.672036][T25735] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 2952.680009][T25737] CPU: 0 PID: 25737 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2952.688435][T25737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2952.698495][T25737] Call Trace:
[ 2952.701782][T25737]  dump_stack_lvl+0x1d3/0x29f
[ 2952.706469][T25737]  ? show_regs_print_info+0x12/0x12
[ 2952.711674][T25737]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2952.717405][T25737]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2952.723019][T25737]  should_fail+0x384/0x4b0
[ 2952.727434][T25737]  prepare_alloc_pages+0x1d1/0x5a0
[ 2952.732557][T25737]  __alloc_pages+0x14d/0x5f0
[ 2952.737164][T25737]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2952.742433][T25737]  ? trace_lock_release+0x4f/0x150
[ 2952.747532][T25737]  ? alloc_pages+0x3f3/0x500
[ 2952.752122][T25737]  allocate_slab+0xf1/0x540
[ 2952.756614][T25737]  ___slab_alloc+0x1cf/0x350
[ 2952.761186][T25737]  ? io_submit_sqes+0x601f/0x9e00
[ 2952.766211][T25737]  kmem_cache_alloc_bulk+0x180/0x410
[ 2952.771495][T25737]  io_submit_sqes+0x601f/0x9e00
[ 2952.776334][T25737]  ? __might_sleep+0x100/0x100
[ 2952.781091][T25737]  ? io_uring_add_tctx_node+0x330/0x330
[ 2952.786639][T25737]  ? io_uring_add_tctx_node+0x74/0x330
[ 2952.792081][T25737]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2952.797616][T25737]  ? trace_lock_release+0x4f/0x150
[ 2952.802716][T25737]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2952.808276][T25737]  ? __fget_files+0x35a/0x390
[ 2952.812939][T25737]  ? __lock_acquire+0x6100/0x6100
[ 2952.817955][T25737]  ? account_other_time+0x63/0x280
[ 2952.823060][T25737]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2952.828692][T25737]  ? print_irqtrace_events+0x220/0x220
[ 2952.834137][T25737]  ? vtime_user_exit+0x2b2/0x3e0
[ 2952.839059][T25737]  ? __context_tracking_exit+0x7a/0xd0
[ 2952.844501][T25737]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2952.850467][T25737]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2952.856000][T25737]  do_syscall_64+0x3d/0xb0
[ 2952.860404][T25737]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2952.866287][T25737] RIP: 0033:0x4665f9
[ 2952.870167][T25737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:49:23 executing program 0 (fault-call:8 fault-nth:3):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2952.889756][T25737] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2952.898155][T25737] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2952.906129][T25737] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2952.914112][T25737] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2952.922090][T25737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2952.930062][T25737] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 2952.991008][T25740] FAULT_INJECTION: forcing a failure.
[ 2952.991008][T25740] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2953.004712][T25740] CPU: 0 PID: 25740 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2953.013138][T25740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2953.023223][T25740] Call Trace:
[ 2953.026509][T25740]  dump_stack_lvl+0x1d3/0x29f
[ 2953.031202][T25740]  ? show_regs_print_info+0x12/0x12
[ 2953.036410][T25740]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2953.042135][T25740]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2953.047676][T25740]  should_fail+0x384/0x4b0
[ 2953.052101][T25740]  prepare_alloc_pages+0x1d1/0x5a0
[ 2953.057231][T25740]  __alloc_pages+0x14d/0x5f0
[ 2953.061817][T25740]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2953.067091][T25740]  ? trace_lock_release+0x4f/0x150
[ 2953.072193][T25740]  ? alloc_pages+0x3f3/0x500
[ 2953.076765][T25740]  allocate_slab+0xf1/0x540
[ 2953.081260][T25740]  ___slab_alloc+0x1cf/0x350
[ 2953.085833][T25740]  ? io_submit_sqes+0x601f/0x9e00
[ 2953.090855][T25740]  kmem_cache_alloc_bulk+0x180/0x410
[ 2953.096127][T25740]  io_submit_sqes+0x601f/0x9e00
[ 2953.100974][T25740]  ? __might_sleep+0x100/0x100
[ 2953.105738][T25740]  ? io_uring_add_tctx_node+0x330/0x330
[ 2953.111268][T25740]  ? io_uring_add_tctx_node+0x74/0x330
[ 2953.116716][T25740]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2953.122253][T25740]  ? trace_lock_release+0x4f/0x150
[ 2953.127365][T25740]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2953.132901][T25740]  ? __fget_files+0x35a/0x390
[ 2953.137561][T25740]  ? __lock_acquire+0x6100/0x6100
[ 2953.142587][T25740]  ? account_other_time+0x63/0x280
[ 2953.147683][T25740]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2953.153300][T25740]  ? print_irqtrace_events+0x220/0x220
[ 2953.158740][T25740]  ? vtime_user_exit+0x2b2/0x3e0
[ 2953.163658][T25740]  ? __context_tracking_exit+0x7a/0xd0
[ 2953.169097][T25740]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2953.175081][T25740]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2953.180628][T25740]  do_syscall_64+0x3d/0xb0
[ 2953.185032][T25740]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2953.190911][T25740] RIP: 0033:0x4665f9
[ 2953.194791][T25740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2953.214385][T25740] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2953.222785][T25740] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2953.230742][T25740] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2953.238697][T25740] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2953.246664][T25740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2953.254617][T25740] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:24 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:24 executing program 2 (fault-call:7 fault-nth:14):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:24 executing program 0 (fault-call:8 fault-nth:4):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2954.149851][T25745] FAULT_INJECTION: forcing a failure.
[ 2954.149851][T25745] name failslab, interval 1, probability 0, space 0, times 0
[ 2954.166692][T25745] CPU: 0 PID: 25745 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2954.175144][T25745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2954.185237][T25745] Call Trace:
[ 2954.188525][T25745]  dump_stack_lvl+0x1d3/0x29f
[ 2954.193215][T25745]  ? show_regs_print_info+0x12/0x12
[ 2954.198421][T25745]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2954.200791][T25746] FAULT_INJECTION: forcing a failure.
[ 2954.200791][T25746] name failslab, interval 1, probability 0, space 0, times 0
[ 2954.204144][T25745]  ? __might_sleep+0x100/0x100
[ 2954.204168][T25745]  ? __rcu_read_lock+0xb0/0xb0
[ 2954.204188][T25745]  ? allocate_slab+0x373/0x540
[ 2954.204206][T25745]  should_fail+0x384/0x4b0
[ 2954.204228][T25745]  should_failslab+0x5/0x20
[ 2954.204243][T25745]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2954.204263][T25745]  io_submit_sqes+0x601f/0x9e00
[ 2954.204280][T25745]  ? __might_sleep+0x100/0x100
[ 2954.254978][T25745]  ? io_uring_add_tctx_node+0x330/0x330
[ 2954.260536][T25745]  ? io_uring_add_tctx_node+0x74/0x330
[ 2954.266008][T25745]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2954.271559][T25745]  ? trace_lock_release+0x4f/0x150
[ 2954.276686][T25745]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2954.282268][T25745]  ? __fget_files+0x35a/0x390
[ 2954.286977][T25745]  ? __lock_acquire+0x6100/0x6100
[ 2954.292009][T25745]  ? account_other_time+0x63/0x280
[ 2954.297160][T25745]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2954.302809][T25745]  ? print_irqtrace_events+0x220/0x220
[ 2954.308262][T25745]  ? vtime_user_exit+0x2b2/0x3e0
[ 2954.313203][T25745]  ? __context_tracking_exit+0x7a/0xd0
[ 2954.318685][T25745]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2954.324665][T25745]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2954.330218][T25745]  do_syscall_64+0x3d/0xb0
[ 2954.334633][T25745]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2954.340525][T25745] RIP: 0033:0x4665f9
[ 2954.344423][T25745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2954.364026][T25745] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2954.372436][T25745] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2954.380399][T25745] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2954.388362][T25745] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2954.396325][T25745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2954.404371][T25745] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 2954.412355][T25746] CPU: 1 PID: 25746 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2954.420772][T25746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2954.430827][T25746] Call Trace:
[ 2954.434095][T25746]  dump_stack_lvl+0x1d3/0x29f
[ 2954.438761][T25746]  ? show_regs_print_info+0x12/0x12
[ 2954.443945][T25746]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2954.449648][T25746]  ? __might_sleep+0x100/0x100
[ 2954.454395][T25746]  ? __rcu_read_lock+0xb0/0xb0
[ 2954.459142][T25746]  ? allocate_slab+0x373/0x540
[ 2954.463923][T25746]  should_fail+0x384/0x4b0
[ 2954.468326][T25746]  should_failslab+0x5/0x20
[ 2954.472813][T25746]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2954.478001][T25746]  io_submit_sqes+0x601f/0x9e00
[ 2954.482833][T25746]  ? __might_sleep+0x100/0x100
[ 2954.487594][T25746]  ? io_uring_add_tctx_node+0x330/0x330
[ 2954.493133][T25746]  ? io_uring_add_tctx_node+0x74/0x330
[ 2954.498586][T25746]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2954.504125][T25746]  ? trace_lock_release+0x4f/0x150
[ 2954.509229][T25746]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2954.514779][T25746]  ? __fget_files+0x35a/0x390
[ 2954.519444][T25746]  ? __lock_acquire+0x6100/0x6100
[ 2954.524455][T25746]  ? account_other_time+0x63/0x280
[ 2954.529548][T25746]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2954.535163][T25746]  ? print_irqtrace_events+0x220/0x220
[ 2954.540602][T25746]  ? vtime_user_exit+0x2b2/0x3e0
[ 2954.545536][T25746]  ? __context_tracking_exit+0x7a/0xd0
[ 2954.550978][T25746]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2954.556939][T25746]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2954.562482][T25746]  do_syscall_64+0x3d/0xb0
[ 2954.566885][T25746]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2954.572759][T25746] RIP: 0033:0x4665f9
[ 2954.576635][T25746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2954.596245][T25746] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2954.604643][T25746] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2954.612612][T25746] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2954.621004][T25746] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2954.628956][T25746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2954.636917][T25746] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:25 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:25 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:25 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x800000, 0x0)

01:49:25 executing program 0 (fault-call:8 fault-nth:5):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:25 executing program 2 (fault-call:7 fault-nth:15):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2954.789700][T25762] FAULT_INJECTION: forcing a failure.
[ 2954.789700][T25762] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2954.822883][T25762] CPU: 1 PID: 25762 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2954.831357][T25762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2954.841427][T25762] Call Trace:
[ 2954.844708][T25762]  dump_stack_lvl+0x1d3/0x29f
[ 2954.849399][T25762]  ? show_regs_print_info+0x12/0x12
[ 2954.850624][T25773] FAULT_INJECTION: forcing a failure.
[ 2954.850624][T25773] name failslab, interval 1, probability 0, space 0, times 0
[ 2954.854603][T25762]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2954.854631][T25762]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2954.854654][T25762]  should_fail+0x384/0x4b0
[ 2954.854673][T25762]  prepare_alloc_pages+0x1d1/0x5a0
[ 2954.854695][T25762]  __alloc_pages+0x14d/0x5f0
[ 2954.854714][T25762]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2954.854731][T25762]  ? trace_lock_release+0x4f/0x150
[ 2954.854749][T25762]  ? alloc_pages+0x3f3/0x500
[ 2954.907598][T25762]  allocate_slab+0xf1/0x540
[ 2954.912104][T25762]  ___slab_alloc+0x1cf/0x350
[ 2954.916684][T25762]  ? io_submit_sqes+0x601f/0x9e00
[ 2954.921697][T25762]  kmem_cache_alloc_bulk+0x180/0x410
[ 2954.926977][T25762]  io_submit_sqes+0x601f/0x9e00
[ 2954.931821][T25762]  ? __might_sleep+0x100/0x100
[ 2954.936617][T25762]  ? io_uring_add_tctx_node+0x330/0x330
[ 2954.942157][T25762]  ? io_uring_add_tctx_node+0x74/0x330
[ 2954.947695][T25762]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2954.953235][T25762]  ? trace_lock_release+0x4f/0x150
[ 2954.958340][T25762]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2954.963883][T25762]  ? __fget_files+0x35a/0x390
[ 2954.968557][T25762]  ? __lock_acquire+0x6100/0x6100
[ 2954.973573][T25762]  ? account_other_time+0x63/0x280
[ 2954.978674][T25762]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2954.984304][T25762]  ? print_irqtrace_events+0x220/0x220
[ 2954.989758][T25762]  ? vtime_user_exit+0x2b2/0x3e0
[ 2954.994704][T25762]  ? __context_tracking_exit+0x7a/0xd0
[ 2955.000155][T25762]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2955.006127][T25762]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2955.011692][T25762]  do_syscall_64+0x3d/0xb0
[ 2955.016109][T25762]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2955.022015][T25762] RIP: 0033:0x4665f9
[ 2955.025903][T25762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2955.045514][T25762] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2955.053922][T25762] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2955.061895][T25762] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2955.069869][T25762] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2955.077926][T25762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2955.085884][T25762] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 2955.093857][T25773] CPU: 0 PID: 25773 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2955.102280][T25773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2955.112333][T25773] Call Trace:
[ 2955.115608][T25773]  dump_stack_lvl+0x1d3/0x29f
[ 2955.120278][T25773]  ? show_regs_print_info+0x12/0x12
[ 2955.125463][T25773]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2955.131161][T25773]  ? __might_sleep+0x100/0x100
[ 2955.135908][T25773]  ? __rcu_read_lock+0xb0/0xb0
[ 2955.140653][T25773]  ? allocate_slab+0x373/0x540
[ 2955.145415][T25773]  should_fail+0x384/0x4b0
[ 2955.149818][T25773]  should_failslab+0x5/0x20
[ 2955.154304][T25773]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2955.159487][T25773]  io_submit_sqes+0x601f/0x9e00
[ 2955.164320][T25773]  ? __might_sleep+0x100/0x100
[ 2955.169097][T25773]  ? io_uring_add_tctx_node+0x330/0x330
[ 2955.174625][T25773]  ? io_uring_add_tctx_node+0x74/0x330
[ 2955.180081][T25773]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2955.185616][T25773]  ? trace_lock_release+0x4f/0x150
[ 2955.190715][T25773]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2955.196242][T25773]  ? __fget_files+0x35a/0x390
[ 2955.200902][T25773]  ? __lock_acquire+0x6100/0x6100
[ 2955.205909][T25773]  ? account_other_time+0x63/0x280
[ 2955.211004][T25773]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2955.216618][T25773]  ? print_irqtrace_events+0x220/0x220
[ 2955.222070][T25773]  ? vtime_user_exit+0x2b2/0x3e0
[ 2955.227082][T25773]  ? __context_tracking_exit+0x7a/0xd0
[ 2955.232523][T25773]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2955.238485][T25773]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2955.244102][T25773]  do_syscall_64+0x3d/0xb0
[ 2955.248502][T25773]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2955.254378][T25773] RIP: 0033:0x4665f9
[ 2955.258255][T25773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2955.277845][T25773] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
01:49:25 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:25 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2955.286242][T25773] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2955.294203][T25773] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2955.302156][T25773] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2955.310109][T25773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2955.318063][T25773] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:25 executing program 2 (fault-call:7 fault-nth:16):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:25 executing program 0 (fault-call:8 fault-nth:6):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:26 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2955.456191][T25784] FAULT_INJECTION: forcing a failure.
[ 2955.456191][T25784] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2955.511341][T25784] CPU: 1 PID: 25784 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2955.519802][T25784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2955.529870][T25784] Call Trace:
[ 2955.533169][T25784]  dump_stack_lvl+0x1d3/0x29f
[ 2955.537863][T25784]  ? show_regs_print_info+0x12/0x12
[ 2955.543076][T25784]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2955.548815][T25784]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2955.550622][T25786] FAULT_INJECTION: forcing a failure.
[ 2955.550622][T25786] name failslab, interval 1, probability 0, space 0, times 0
[ 2955.554369][T25784]  should_fail+0x384/0x4b0
[ 2955.554398][T25784]  prepare_alloc_pages+0x1d1/0x5a0
[ 2955.554421][T25784]  __alloc_pages+0x14d/0x5f0
[ 2955.554437][T25784]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2955.554455][T25784]  ? trace_lock_release+0x4f/0x150
[ 2955.591409][T25784]  ? alloc_pages+0x3f3/0x500
[ 2955.595997][T25784]  allocate_slab+0xf1/0x540
[ 2955.600497][T25784]  ___slab_alloc+0x1cf/0x350
[ 2955.605081][T25784]  ? io_submit_sqes+0x601f/0x9e00
[ 2955.610102][T25784]  kmem_cache_alloc_bulk+0x180/0x410
[ 2955.615464][T25784]  io_submit_sqes+0x601f/0x9e00
[ 2955.620304][T25784]  ? __might_sleep+0x100/0x100
[ 2955.625074][T25784]  ? io_uring_add_tctx_node+0x330/0x330
[ 2955.630609][T25784]  ? io_uring_add_tctx_node+0x74/0x330
[ 2955.636055][T25784]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2955.641594][T25784]  ? trace_lock_release+0x4f/0x150
[ 2955.646698][T25784]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2955.652254][T25784]  ? __fget_files+0x35a/0x390
[ 2955.656918][T25784]  ? __lock_acquire+0x6100/0x6100
[ 2955.661944][T25784]  ? account_other_time+0x63/0x280
[ 2955.667046][T25784]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2955.672663][T25784]  ? print_irqtrace_events+0x220/0x220
[ 2955.678107][T25784]  ? vtime_user_exit+0x2b2/0x3e0
[ 2955.683035][T25784]  ? __context_tracking_exit+0x7a/0xd0
[ 2955.688482][T25784]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2955.694451][T25784]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2955.699990][T25784]  do_syscall_64+0x3d/0xb0
[ 2955.704398][T25784]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2955.710280][T25784] RIP: 0033:0x4665f9
[ 2955.714161][T25784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2955.733766][T25784] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2955.742171][T25784] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2955.750156][T25784] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
01:49:26 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2955.758115][T25784] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2955.766074][T25784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2955.774030][T25784] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 2955.782001][T25786] CPU: 0 PID: 25786 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2955.790421][T25786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2955.800481][T25786] Call Trace:
[ 2955.803760][T25786]  dump_stack_lvl+0x1d3/0x29f
[ 2955.808439][T25786]  ? show_regs_print_info+0x12/0x12
[ 2955.813644][T25786]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2955.819369][T25786]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 2955.825271][T25786]  ? __might_sleep+0x100/0x100
[ 2955.830039][T25786]  ? __rcu_read_lock+0xb0/0xb0
[ 2955.834809][T25786]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2955.840712][T25786]  should_fail+0x384/0x4b0
[ 2955.845142][T25786]  should_failslab+0x5/0x20
[ 2955.849651][T25786]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2955.854859][T25786]  io_submit_sqes+0x601f/0x9e00
[ 2955.859720][T25786]  ? __might_sleep+0x100/0x100
[ 2955.864508][T25786]  ? io_uring_add_tctx_node+0x330/0x330
[ 2955.870060][T25786]  ? io_uring_add_tctx_node+0x74/0x330
[ 2955.875529][T25786]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2955.881091][T25786]  ? trace_lock_release+0x4f/0x150
[ 2955.886210][T25786]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2955.891761][T25786]  ? __fget_files+0x35a/0x390
[ 2955.896445][T25786]  ? __lock_acquire+0x6100/0x6100
[ 2955.901476][T25786]  ? account_other_time+0x63/0x280
[ 2955.906594][T25786]  ? rcu_read_lock_sched_held+0x5d/0x110
01:49:26 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2955.912233][T25786]  ? print_irqtrace_events+0x220/0x220
[ 2955.917695][T25786]  ? vtime_user_exit+0x2b2/0x3e0
[ 2955.922643][T25786]  ? __context_tracking_exit+0x7a/0xd0
[ 2955.928105][T25786]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2955.934091][T25786]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2955.939642][T25786]  do_syscall_64+0x3d/0xb0
[ 2955.944068][T25786]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2955.949966][T25786] RIP: 0033:0x4665f9
[ 2955.953856][T25786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2955.973467][T25786] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2955.981883][T25786] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2955.989867][T25786] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2955.997846][T25786] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2956.005824][T25786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2956.013800][T25786] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:28 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:28 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:28 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x1000000, 0x0)

01:49:28 executing program 2 (fault-call:7 fault-nth:17):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:28 executing program 0 (fault-call:8 fault-nth:7):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2957.798190][T25821] FAULT_INJECTION: forcing a failure.
[ 2957.798190][T25821] name failslab, interval 1, probability 0, space 0, times 0
[ 2957.807210][T25820] FAULT_INJECTION: forcing a failure.
[ 2957.807210][T25820] name failslab, interval 1, probability 0, space 0, times 0
[ 2957.812899][T25821] CPU: 1 PID: 25821 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2957.831871][T25821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2957.841919][T25821] Call Trace:
[ 2957.845197][T25821]  dump_stack_lvl+0x1d3/0x29f
[ 2957.849868][T25821]  ? show_regs_print_info+0x12/0x12
[ 2957.855057][T25821]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2957.860766][T25821]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 2957.866647][T25821]  ? __might_sleep+0x100/0x100
[ 2957.871406][T25821]  ? __rcu_read_lock+0xb0/0xb0
[ 2957.876159][T25821]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2957.882049][T25821]  should_fail+0x384/0x4b0
[ 2957.886556][T25821]  should_failslab+0x5/0x20
[ 2957.891045][T25821]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2957.896234][T25821]  io_submit_sqes+0x601f/0x9e00
[ 2957.901076][T25821]  ? __might_sleep+0x100/0x100
[ 2957.905846][T25821]  ? io_uring_add_tctx_node+0x330/0x330
[ 2957.911378][T25821]  ? io_uring_add_tctx_node+0x74/0x330
[ 2957.916824][T25821]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2957.922386][T25821]  ? trace_lock_release+0x4f/0x150
[ 2957.927484][T25821]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2957.933017][T25821]  ? __fget_files+0x35a/0x390
[ 2957.937683][T25821]  ? __lock_acquire+0x6100/0x6100
[ 2957.942706][T25821]  ? account_other_time+0x63/0x280
[ 2957.947805][T25821]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2957.953422][T25821]  ? print_irqtrace_events+0x220/0x220
[ 2957.958892][T25821]  ? vtime_user_exit+0x2b2/0x3e0
[ 2957.963821][T25821]  ? __context_tracking_exit+0x7a/0xd0
[ 2957.969267][T25821]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2957.975234][T25821]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2957.980772][T25821]  do_syscall_64+0x3d/0xb0
[ 2957.985178][T25821]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2957.991058][T25821] RIP: 0033:0x4665f9
[ 2957.994957][T25821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2958.014546][T25821] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2958.022948][T25821] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2958.030996][T25821] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2958.038957][T25821] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2958.046929][T25821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2958.054903][T25821] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 2958.062876][T25820] CPU: 0 PID: 25820 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2958.071297][T25820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2958.081351][T25820] Call Trace:
[ 2958.084633][T25820]  dump_stack_lvl+0x1d3/0x29f
[ 2958.089317][T25820]  ? show_regs_print_info+0x12/0x12
[ 2958.094519][T25820]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2958.100245][T25820]  ? __might_sleep+0x100/0x100
[ 2958.105013][T25820]  ? __rcu_read_lock+0xb0/0xb0
[ 2958.109780][T25820]  ? allocate_slab+0x373/0x540
[ 2958.114550][T25820]  should_fail+0x384/0x4b0
[ 2958.118949][T25820]  should_failslab+0x5/0x20
[ 2958.123430][T25820]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2958.128631][T25820]  io_submit_sqes+0x601f/0x9e00
[ 2958.133464][T25820]  ? __might_sleep+0x100/0x100
[ 2958.138219][T25820]  ? io_uring_add_tctx_node+0x330/0x330
[ 2958.143745][T25820]  ? io_uring_add_tctx_node+0x74/0x330
[ 2958.149189][T25820]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2958.154744][T25820]  ? trace_lock_release+0x4f/0x150
[ 2958.159849][T25820]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2958.165379][T25820]  ? __fget_files+0x35a/0x390
[ 2958.170039][T25820]  ? __lock_acquire+0x6100/0x6100
[ 2958.175045][T25820]  ? account_other_time+0x63/0x280
[ 2958.180258][T25820]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2958.185878][T25820]  ? print_irqtrace_events+0x220/0x220
[ 2958.191319][T25820]  ? vtime_user_exit+0x2b2/0x3e0
[ 2958.196238][T25820]  ? __context_tracking_exit+0x7a/0xd0
[ 2958.201687][T25820]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2958.207656][T25820]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2958.213330][T25820]  do_syscall_64+0x3d/0xb0
[ 2958.217815][T25820]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2958.223693][T25820] RIP: 0033:0x4665f9
[ 2958.227573][T25820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2958.247168][T25820] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2958.255599][T25820] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2958.263559][T25820] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2958.271519][T25820] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2958.279483][T25820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2958.287463][T25820] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
01:49:28 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:28 executing program 0 (fault-call:8 fault-nth:8):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:28 executing program 2 (fault-call:7 fault-nth:18):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2958.409095][T25830] FAULT_INJECTION: forcing a failure.
[ 2958.409095][T25830] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2958.418181][T25832] FAULT_INJECTION: forcing a failure.
[ 2958.418181][T25832] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2958.425909][T25830] CPU: 1 PID: 25830 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 2958.443945][T25830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2958.454000][T25830] Call Trace:
[ 2958.457275][T25830]  dump_stack_lvl+0x1d3/0x29f
[ 2958.461949][T25830]  ? show_regs_print_info+0x12/0x12
[ 2958.467143][T25830]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2958.472860][T25830]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2958.478402][T25830]  should_fail+0x384/0x4b0
[ 2958.482811][T25830]  prepare_alloc_pages+0x1d1/0x5a0
[ 2958.487927][T25830]  __alloc_pages+0x14d/0x5f0
[ 2958.492508][T25830]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2958.497782][T25830]  ? trace_lock_release+0x4f/0x150
[ 2958.502884][T25830]  ? alloc_pages+0x3f3/0x500
[ 2958.507465][T25830]  allocate_slab+0xf1/0x540
[ 2958.511958][T25830]  ___slab_alloc+0x1cf/0x350
[ 2958.516533][T25830]  ? io_submit_sqes+0x601f/0x9e00
[ 2958.521543][T25830]  kmem_cache_alloc_bulk+0x180/0x410
[ 2958.526830][T25830]  io_submit_sqes+0x601f/0x9e00
[ 2958.531684][T25830]  ? __might_sleep+0x100/0x100
[ 2958.536457][T25830]  ? io_uring_add_tctx_node+0x330/0x330
[ 2958.541997][T25830]  ? io_uring_add_tctx_node+0x74/0x330
[ 2958.547449][T25830]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2958.552993][T25830]  ? trace_lock_release+0x4f/0x150
[ 2958.558126][T25830]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2958.563663][T25830]  ? __fget_files+0x35a/0x390
[ 2958.568326][T25830]  ? __lock_acquire+0x6100/0x6100
[ 2958.573340][T25830]  ? account_other_time+0x63/0x280
[ 2958.578440][T25830]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2958.584061][T25830]  ? print_irqtrace_events+0x220/0x220
[ 2958.589648][T25830]  ? vtime_user_exit+0x2b2/0x3e0
[ 2958.594591][T25830]  ? __context_tracking_exit+0x7a/0xd0
[ 2958.600071][T25830]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2958.606045][T25830]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2958.611585][T25830]  do_syscall_64+0x3d/0xb0
[ 2958.615997][T25830]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2958.621881][T25830] RIP: 0033:0x4665f9
[ 2958.625762][T25830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2958.645354][T25830] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2958.653766][T25830] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2958.661726][T25830] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000006
[ 2958.669684][T25830] RBP: 00007fba1afd81d0 R08: 0000000000000000 R09: 0000000000000000
[ 2958.677639][T25830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2958.685613][T25830] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 2958.693584][T25832] CPU: 0 PID: 25832 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2958.702002][T25832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2958.712049][T25832] Call Trace:
[ 2958.715314][T25832]  dump_stack_lvl+0x1d3/0x29f
[ 2958.720003][T25832]  ? show_regs_print_info+0x12/0x12
[ 2958.725186][T25832]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2958.730893][T25832]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2958.736442][T25832]  should_fail+0x384/0x4b0
[ 2958.740858][T25832]  prepare_alloc_pages+0x1d1/0x5a0
[ 2958.745971][T25832]  __alloc_pages+0x14d/0x5f0
[ 2958.750553][T25832]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2958.755820][T25832]  ? trace_lock_release+0x4f/0x150
[ 2958.760920][T25832]  ? alloc_pages+0x3f3/0x500
[ 2958.765498][T25832]  allocate_slab+0xf1/0x540
[ 2958.769984][T25832]  ___slab_alloc+0x1cf/0x350
[ 2958.774552][T25832]  ? io_submit_sqes+0x601f/0x9e00
[ 2958.779580][T25832]  kmem_cache_alloc_bulk+0x180/0x410
[ 2958.784850][T25832]  io_submit_sqes+0x601f/0x9e00
[ 2958.789685][T25832]  ? __might_sleep+0x100/0x100
[ 2958.794447][T25832]  ? io_uring_add_tctx_node+0x330/0x330
[ 2958.799974][T25832]  ? io_uring_add_tctx_node+0x74/0x330
[ 2958.805415][T25832]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2958.810947][T25832]  ? trace_lock_release+0x4f/0x150
[ 2958.816085][T25832]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2958.821613][T25832]  ? __fget_files+0x35a/0x390
[ 2958.826274][T25832]  ? __lock_acquire+0x6100/0x6100
[ 2958.831281][T25832]  ? account_other_time+0x63/0x280
[ 2958.836373][T25832]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2958.841986][T25832]  ? print_irqtrace_events+0x220/0x220
[ 2958.847426][T25832]  ? vtime_user_exit+0x2b2/0x3e0
[ 2958.852348][T25832]  ? __context_tracking_exit+0x7a/0xd0
[ 2958.857803][T25832]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2958.863764][T25832]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2958.869307][T25832]  do_syscall_64+0x3d/0xb0
[ 2958.873711][T25832]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2958.879601][T25832] RIP: 0033:0x4665f9
[ 2958.883489][T25832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2958.903074][T25832] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2958.911472][T25832] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2958.919439][T25832] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2958.927393][T25832] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2958.935345][T25832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2958.943312][T25832] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 2958.955184][ T3239] ieee802154 phy0 wpan0: encryption failed: -22
01:49:29 executing program 0 (fault-call:8 fault-nth:9):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2958.961500][ T3239] ieee802154 phy1 wpan1: encryption failed: -22
[ 2959.015164][T25836] FAULT_INJECTION: forcing a failure.
[ 2959.015164][T25836] name failslab, interval 1, probability 0, space 0, times 0
[ 2959.029059][T25836] CPU: 1 PID: 25836 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2959.037493][T25836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2959.047550][T25836] Call Trace:
[ 2959.050830][T25836]  dump_stack_lvl+0x1d3/0x29f
[ 2959.055515][T25836]  ? show_regs_print_info+0x12/0x12
[ 2959.060720][T25836]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2959.066435][T25836]  ? __might_sleep+0x100/0x100
[ 2959.071185][T25836]  ? __rcu_read_lock+0xb0/0xb0
[ 2959.075938][T25836]  should_fail+0x384/0x4b0
[ 2959.080338][T25836]  should_failslab+0x5/0x20
[ 2959.084826][T25836]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2959.090012][T25836]  io_submit_sqes+0x601f/0x9e00
[ 2959.094846][T25836]  ? __might_sleep+0x100/0x100
[ 2959.099631][T25836]  ? io_uring_add_tctx_node+0x330/0x330
[ 2959.105162][T25836]  ? io_uring_add_tctx_node+0x74/0x330
[ 2959.110603][T25836]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2959.116136][T25836]  ? trace_lock_release+0x4f/0x150
[ 2959.121232][T25836]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2959.126761][T25836]  ? __fget_files+0x35a/0x390
[ 2959.131438][T25836]  ? __lock_acquire+0x6100/0x6100
[ 2959.136449][T25836]  ? account_other_time+0x63/0x280
[ 2959.141543][T25836]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2959.147157][T25836]  ? print_irqtrace_events+0x220/0x220
[ 2959.152615][T25836]  ? vtime_user_exit+0x2b2/0x3e0
[ 2959.157535][T25836]  ? __context_tracking_exit+0x7a/0xd0
[ 2959.162976][T25836]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2959.168938][T25836]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2959.174468][T25836]  do_syscall_64+0x3d/0xb0
[ 2959.178870][T25836]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2959.184748][T25836] RIP: 0033:0x4665f9
[ 2959.188625][T25836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:49:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2959.208215][T25836] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2959.216614][T25836] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2959.224568][T25836] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2959.232517][T25836] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2959.240469][T25836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2959.248422][T25836] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:29 executing program 0 (fault-call:8 fault-nth:10):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2959.349926][T25842] FAULT_INJECTION: forcing a failure.
[ 2959.349926][T25842] name failslab, interval 1, probability 0, space 0, times 0
[ 2959.363390][T25842] CPU: 0 PID: 25842 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2959.371827][T25842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2959.381883][T25842] Call Trace:
[ 2959.385163][T25842]  dump_stack_lvl+0x1d3/0x29f
[ 2959.389853][T25842]  ? show_regs_print_info+0x12/0x12
[ 2959.395046][T25842]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2959.400759][T25842]  ? __might_sleep+0x100/0x100
[ 2959.405517][T25842]  ? __rcu_read_lock+0xb0/0xb0
[ 2959.410287][T25842]  ? allocate_slab+0x373/0x540
[ 2959.415038][T25842]  should_fail+0x384/0x4b0
[ 2959.419439][T25842]  should_failslab+0x5/0x20
[ 2959.423925][T25842]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2959.429133][T25842]  io_submit_sqes+0x601f/0x9e00
[ 2959.433977][T25842]  ? __might_sleep+0x100/0x100
[ 2959.438747][T25842]  ? io_uring_add_tctx_node+0x330/0x330
[ 2959.444287][T25842]  ? io_uring_add_tctx_node+0x74/0x330
[ 2959.449746][T25842]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2959.455290][T25842]  ? trace_lock_release+0x4f/0x150
[ 2959.460391][T25842]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2959.465922][T25842]  ? __fget_files+0x35a/0x390
[ 2959.470645][T25842]  ? __lock_acquire+0x6100/0x6100
[ 2959.475668][T25842]  ? account_other_time+0x63/0x280
[ 2959.480760][T25842]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2959.486383][T25842]  ? print_irqtrace_events+0x220/0x220
[ 2959.491833][T25842]  ? vtime_user_exit+0x2b2/0x3e0
[ 2959.496764][T25842]  ? __context_tracking_exit+0x7a/0xd0
[ 2959.502224][T25842]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2959.508198][T25842]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2959.513738][T25842]  do_syscall_64+0x3d/0xb0
[ 2959.518159][T25842]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2959.524041][T25842] RIP: 0033:0x4665f9
[ 2959.527934][T25842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:49:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2959.547523][T25842] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2959.555920][T25842] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2959.563883][T25842] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2959.571860][T25842] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2959.579838][T25842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2959.587810][T25842] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:31 executing program 0 (fault-call:8 fault-nth:11):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x2, 0x0, 0x0, 0x0)

01:49:31 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x4000000, 0x0)

01:49:31 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:31 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2960.822379][T25855] FAULT_INJECTION: forcing a failure.
[ 2960.822379][T25855] name failslab, interval 1, probability 0, space 0, times 0
[ 2960.851809][T25855] CPU: 1 PID: 25855 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2960.860252][T25855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2960.870320][T25855] Call Trace:
[ 2960.873601][T25855]  dump_stack_lvl+0x1d3/0x29f
[ 2960.878292][T25855]  ? show_regs_print_info+0x12/0x12
[ 2960.883505][T25855]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2960.889235][T25855]  ? _raw_spin_unlock+0x24/0x40
[ 2960.894106][T25855]  ? __might_sleep+0x100/0x100
[ 2960.898881][T25855]  ? __rcu_read_lock+0xb0/0xb0
[ 2960.903659][T25855]  should_fail+0x384/0x4b0
[ 2960.908092][T25855]  should_failslab+0x5/0x20
[ 2960.912599][T25855]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2960.917811][T25855]  io_submit_sqes+0x601f/0x9e00
[ 2960.922667][T25855]  ? __might_sleep+0x100/0x100
[ 2960.927442][T25855]  ? io_uring_add_tctx_node+0x330/0x330
[ 2960.932983][T25855]  ? io_uring_add_tctx_node+0x74/0x330
[ 2960.938421][T25855]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2960.943949][T25855]  ? trace_lock_release+0x4f/0x150
[ 2960.949040][T25855]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2960.954594][T25855]  ? __fget_files+0x35a/0x390
[ 2960.959379][T25855]  ? __lock_acquire+0x6100/0x6100
[ 2960.964391][T25855]  ? account_other_time+0x63/0x280
[ 2960.969492][T25855]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2960.975102][T25855]  ? print_irqtrace_events+0x220/0x220
[ 2960.980540][T25855]  ? vtime_user_exit+0x2b2/0x3e0
[ 2960.985456][T25855]  ? __context_tracking_exit+0x7a/0xd0
[ 2960.990892][T25855]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2960.996867][T25855]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2961.002408][T25855]  do_syscall_64+0x3d/0xb0
[ 2961.006813][T25855]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2961.012701][T25855] RIP: 0033:0x4665f9
[ 2961.016573][T25855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2961.036202][T25855] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2961.044601][T25855] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2961.052555][T25855] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2961.060505][T25855] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2961.068555][T25855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2961.076505][T25855] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:31 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x4, 0x0, 0x0, 0x0)

01:49:31 executing program 0 (fault-call:8 fault-nth:12):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0xf, 0x0, 0x0, 0x0)

[ 2961.450630][T25877] FAULT_INJECTION: forcing a failure.
[ 2961.450630][T25877] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2961.467760][T25877] CPU: 1 PID: 25877 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2961.476247][T25877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2961.486312][T25877] Call Trace:
[ 2961.489598][T25877]  dump_stack_lvl+0x1d3/0x29f
[ 2961.494295][T25877]  ? show_regs_print_info+0x12/0x12
[ 2961.499510][T25877]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2961.505239][T25877]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2961.510801][T25877]  should_fail+0x384/0x4b0
[ 2961.515235][T25877]  prepare_alloc_pages+0x1d1/0x5a0
[ 2961.520360][T25877]  __alloc_pages+0x14d/0x5f0
[ 2961.524956][T25877]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2961.530251][T25877]  ? trace_lock_release+0x4f/0x150
[ 2961.535374][T25877]  ? alloc_pages+0x3f3/0x500
[ 2961.539977][T25877]  allocate_slab+0xf1/0x540
[ 2961.544490][T25877]  ___slab_alloc+0x1cf/0x350
[ 2961.549083][T25877]  ? io_submit_sqes+0x601f/0x9e00
[ 2961.554112][T25877]  kmem_cache_alloc_bulk+0x180/0x410
[ 2961.559406][T25877]  io_submit_sqes+0x601f/0x9e00
[ 2961.564261][T25877]  ? __might_sleep+0x100/0x100
[ 2961.569052][T25877]  ? io_uring_add_tctx_node+0x330/0x330
[ 2961.574606][T25877]  ? io_uring_add_tctx_node+0x74/0x330
[ 2961.580074][T25877]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2961.585633][T25877]  ? trace_lock_release+0x4f/0x150
[ 2961.590755][T25877]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2961.596315][T25877]  ? __fget_files+0x35a/0x390
[ 2961.601005][T25877]  ? __lock_acquire+0x6100/0x6100
[ 2961.606045][T25877]  ? account_other_time+0x63/0x280
[ 2961.611168][T25877]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2961.616893][T25877]  ? print_irqtrace_events+0x220/0x220
[ 2961.622367][T25877]  ? vtime_user_exit+0x2b2/0x3e0
[ 2961.627318][T25877]  ? __context_tracking_exit+0x7a/0xd0
[ 2961.632785][T25877]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2961.638777][T25877]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2961.644329][T25877]  do_syscall_64+0x3d/0xb0
[ 2961.648757][T25877]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2961.654656][T25877] RIP: 0033:0x4665f9
[ 2961.658556][T25877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2961.678169][T25877] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2961.686591][T25877] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
01:49:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x41, 0x0, 0x0, 0x0)

01:49:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0xf00, 0x0, 0x0, 0x0)

01:49:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x2000, 0x0, 0x0, 0x0)

01:49:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x4000, 0x0, 0x0, 0x0)

01:49:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x4100, 0x0, 0x0, 0x0)

[ 2961.694572][T25877] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2961.702549][T25877] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2961.710524][T25877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2961.718503][T25877] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:34 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x7f000000, 0x0)

01:49:34 executing program 0 (fault-call:8 fault-nth:13):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:34 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x20000, 0x0, 0x0, 0x0)

01:49:34 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:34 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2963.877340][T25915] FAULT_INJECTION: forcing a failure.
[ 2963.877340][T25915] name failslab, interval 1, probability 0, space 0, times 0
[ 2963.918602][T25915] CPU: 1 PID: 25915 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2963.927065][T25915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2963.937129][T25915] Call Trace:
[ 2963.940417][T25915]  dump_stack_lvl+0x1d3/0x29f
[ 2963.945109][T25915]  ? show_regs_print_info+0x12/0x12
[ 2963.950319][T25915]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2963.956047][T25915]  ? _raw_spin_unlock+0x24/0x40
[ 2963.960911][T25915]  ? __might_sleep+0x100/0x100
[ 2963.965683][T25915]  ? __rcu_read_lock+0xb0/0xb0
[ 2963.970458][T25915]  should_fail+0x384/0x4b0
[ 2963.974890][T25915]  should_failslab+0x5/0x20
[ 2963.979398][T25915]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2963.984611][T25915]  io_submit_sqes+0x601f/0x9e00
[ 2963.989466][T25915]  ? __might_sleep+0x100/0x100
[ 2963.994261][T25915]  ? io_uring_add_tctx_node+0x330/0x330
[ 2963.999821][T25915]  ? io_uring_add_tctx_node+0x74/0x330
[ 2964.005292][T25915]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2964.010851][T25915]  ? trace_lock_release+0x4f/0x150
[ 2964.015978][T25915]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2964.021546][T25915]  ? __fget_files+0x35a/0x390
[ 2964.026236][T25915]  ? __lock_acquire+0x6100/0x6100
[ 2964.031271][T25915]  ? account_other_time+0x63/0x280
[ 2964.036391][T25915]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2964.042028][T25915]  ? print_irqtrace_events+0x220/0x220
[ 2964.047494][T25915]  ? vtime_user_exit+0x2b2/0x3e0
[ 2964.052437][T25915]  ? __context_tracking_exit+0x7a/0xd0
[ 2964.057904][T25915]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2964.063892][T25915]  ? __x64_sys_io_uring_enter+0x1d/0xf0
01:49:34 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:34 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x40000, 0x0, 0x0, 0x0)

01:49:34 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:34 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2964.069446][T25915]  do_syscall_64+0x3d/0xb0
[ 2964.073875][T25915]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2964.079776][T25915] RIP: 0033:0x4665f9
[ 2964.083673][T25915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2964.103287][T25915] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2964.111713][T25915] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
01:49:34 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0xf000000, 0x0, 0x0, 0x0)

[ 2964.119694][T25915] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2964.127670][T25915] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2964.135647][T25915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2964.143621][T25915] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:34 executing program 0 (fault-call:8 fault-nth:14):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2964.231327][T25954] FAULT_INJECTION: forcing a failure.
[ 2964.231327][T25954] name failslab, interval 1, probability 0, space 0, times 0
[ 2964.244425][T25954] CPU: 0 PID: 25954 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2964.252874][T25954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2964.262918][T25954] Call Trace:
[ 2964.266200][T25954]  dump_stack_lvl+0x1d3/0x29f
[ 2964.270906][T25954]  ? show_regs_print_info+0x12/0x12
[ 2964.276094][T25954]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2964.281809][T25954]  ? __might_sleep+0x100/0x100
[ 2964.286563][T25954]  ? __rcu_read_lock+0xb0/0xb0
[ 2964.291313][T25954]  ? allocate_slab+0x373/0x540
[ 2964.296060][T25954]  should_fail+0x384/0x4b0
[ 2964.300475][T25954]  should_failslab+0x5/0x20
[ 2964.304960][T25954]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2964.310143][T25954]  io_submit_sqes+0x601f/0x9e00
[ 2964.314976][T25954]  ? __might_sleep+0x100/0x100
[ 2964.319736][T25954]  ? io_uring_add_tctx_node+0x330/0x330
[ 2964.325267][T25954]  ? io_uring_add_tctx_node+0x74/0x330
[ 2964.330707][T25954]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2964.336241][T25954]  ? trace_lock_release+0x4f/0x150
[ 2964.341334][T25954]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2964.346862][T25954]  ? __fget_files+0x35a/0x390
[ 2964.351522][T25954]  ? __lock_acquire+0x6100/0x6100
[ 2964.356531][T25954]  ? account_other_time+0x63/0x280
[ 2964.361624][T25954]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2964.367238][T25954]  ? print_irqtrace_events+0x220/0x220
[ 2964.372676][T25954]  ? vtime_user_exit+0x2b2/0x3e0
[ 2964.377605][T25954]  ? __context_tracking_exit+0x7a/0xd0
[ 2964.383044][T25954]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2964.389006][T25954]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2964.394537][T25954]  do_syscall_64+0x3d/0xb0
[ 2964.398945][T25954]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2964.404836][T25954] RIP: 0033:0x4665f9
[ 2964.408720][T25954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2964.428311][T25954] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2964.436708][T25954] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2964.444661][T25954] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2964.452701][T25954] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2964.460653][T25954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2964.468619][T25954] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:37 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x20000000, 0x0, 0x0, 0x0)

01:49:37 executing program 0 (fault-call:8 fault-nth:15):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:37 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0xfeffffff, 0x0)

01:49:37 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2966.947960][T25966] FAULT_INJECTION: forcing a failure.
[ 2966.947960][T25966] name failslab, interval 1, probability 0, space 0, times 0
[ 2966.978070][T25966] CPU: 0 PID: 25966 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2966.986537][T25966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2966.996596][T25966] Call Trace:
[ 2966.999875][T25966]  dump_stack_lvl+0x1d3/0x29f
[ 2967.004557][T25966]  ? show_regs_print_info+0x12/0x12
[ 2967.009765][T25966]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2967.015497][T25966]  ? __might_sleep+0x100/0x100
[ 2967.020268][T25966]  ? __rcu_read_lock+0xb0/0xb0
[ 2967.025040][T25966]  ? allocate_slab+0x373/0x540
[ 2967.029808][T25966]  should_fail+0x384/0x4b0
[ 2967.034224][T25966]  should_failslab+0x5/0x20
[ 2967.038766][T25966]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2967.043999][T25966]  io_submit_sqes+0x601f/0x9e00
[ 2967.048835][T25966]  ? __might_sleep+0x100/0x100
[ 2967.053601][T25966]  ? io_uring_add_tctx_node+0x330/0x330
[ 2967.059141][T25966]  ? io_uring_add_tctx_node+0x74/0x330
[ 2967.064588][T25966]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2967.070125][T25966]  ? trace_lock_release+0x4f/0x150
[ 2967.075224][T25966]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2967.080757][T25966]  ? __fget_files+0x35a/0x390
[ 2967.085415][T25966]  ? __lock_acquire+0x6100/0x6100
[ 2967.090438][T25966]  ? account_other_time+0x63/0x280
[ 2967.095532][T25966]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2967.101144][T25966]  ? print_irqtrace_events+0x220/0x220
[ 2967.106626][T25966]  ? vtime_user_exit+0x2b2/0x3e0
[ 2967.111549][T25966]  ? __context_tracking_exit+0x7a/0xd0
[ 2967.116996][T25966]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2967.122961][T25966]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2967.128493][T25966]  do_syscall_64+0x3d/0xb0
[ 2967.132897][T25966]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2967.138774][T25966] RIP: 0033:0x4665f9
[ 2967.142652][T25966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2967.162249][T25966] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2967.170660][T25966] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2967.178612][T25966] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2967.186568][T25966] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
01:49:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x40000000, 0x0, 0x0, 0x0)

01:49:37 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2967.194520][T25966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2967.202473][T25966] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:37 executing program 0 (fault-call:8 fault-nth:16):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2967.300538][T25982] FAULT_INJECTION: forcing a failure.
[ 2967.300538][T25982] name failslab, interval 1, probability 0, space 0, times 0
[ 2967.315554][T25982] CPU: 1 PID: 25982 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2967.323988][T25982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2967.334048][T25982] Call Trace:
[ 2967.337333][T25982]  dump_stack_lvl+0x1d3/0x29f
[ 2967.342024][T25982]  ? show_regs_print_info+0x12/0x12
[ 2967.347234][T25982]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2967.352962][T25982]  ? __might_sleep+0x100/0x100
[ 2967.357730][T25982]  ? __rcu_read_lock+0xb0/0xb0
[ 2967.362506][T25982]  should_fail+0x384/0x4b0
[ 2967.366939][T25982]  should_failslab+0x5/0x20
[ 2967.371449][T25982]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2967.376660][T25982]  io_submit_sqes+0x601f/0x9e00
[ 2967.381515][T25982]  ? __might_sleep+0x100/0x100
[ 2967.386306][T25982]  ? io_uring_add_tctx_node+0x330/0x330
[ 2967.391861][T25982]  ? io_uring_add_tctx_node+0x74/0x330
[ 2967.397326][T25982]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2967.402884][T25982]  ? trace_lock_release+0x4f/0x150
[ 2967.408006][T25982]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2967.413554][T25982]  ? __fget_files+0x35a/0x390
[ 2967.418235][T25982]  ? __lock_acquire+0x6100/0x6100
[ 2967.423262][T25982]  ? account_other_time+0x63/0x280
[ 2967.428376][T25982]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2967.434014][T25982]  ? print_irqtrace_events+0x220/0x220
[ 2967.439472][T25982]  ? vtime_user_exit+0x2b2/0x3e0
[ 2967.444418][T25982]  ? __context_tracking_exit+0x7a/0xd0
01:49:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x41000000, 0x0, 0x0, 0x0)

01:49:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x2, 0x0, 0x0)

01:49:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x4, 0x0, 0x0)

[ 2967.449885][T25982]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2967.455875][T25982]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2967.461431][T25982]  do_syscall_64+0x3d/0xb0
[ 2967.465858][T25982]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2967.471758][T25982] RIP: 0033:0x4665f9
[ 2967.475651][T25982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:49:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0xf, 0x0, 0x0)

[ 2967.495264][T25982] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2967.503690][T25982] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2967.511666][T25982] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2967.519645][T25982] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2967.527621][T25982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2967.535600][T25982] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:40 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:40 executing program 0 (fault-call:8 fault-nth:17):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x41, 0x0, 0x0)

01:49:40 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:40 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0xfffffffe, 0x0)

01:49:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0xf00, 0x0, 0x0)

[ 2969.977416][T26011] FAULT_INJECTION: forcing a failure.
[ 2969.977416][T26011] name failslab, interval 1, probability 0, space 0, times 0
[ 2970.004798][T26011] CPU: 1 PID: 26011 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2970.013252][T26011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2970.023318][T26011] Call Trace:
[ 2970.026859][T26011]  dump_stack_lvl+0x1d3/0x29f
[ 2970.031556][T26011]  ? show_regs_print_info+0x12/0x12
[ 2970.036766][T26011]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2970.042495][T26011]  ? _raw_spin_unlock+0x24/0x40
[ 2970.047352][T26011]  ? __might_sleep+0x100/0x100
[ 2970.052129][T26011]  ? __rcu_read_lock+0xb0/0xb0
[ 2970.056903][T26011]  should_fail+0x384/0x4b0
[ 2970.061327][T26011]  should_failslab+0x5/0x20
[ 2970.065839][T26011]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2970.071047][T26011]  io_submit_sqes+0x601f/0x9e00
[ 2970.075899][T26011]  ? __might_sleep+0x100/0x100
[ 2970.080689][T26011]  ? io_uring_add_tctx_node+0x330/0x330
[ 2970.086241][T26011]  ? io_uring_add_tctx_node+0x74/0x330
[ 2970.091708][T26011]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2970.097271][T26011]  ? trace_lock_release+0x4f/0x150
[ 2970.102394][T26011]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2970.107944][T26011]  ? __fget_files+0x35a/0x390
[ 2970.112638][T26011]  ? __lock_acquire+0x6100/0x6100
[ 2970.117668][T26011]  ? account_other_time+0x63/0x280
[ 2970.122786][T26011]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2970.128423][T26011]  ? print_irqtrace_events+0x220/0x220
[ 2970.133881][T26011]  ? vtime_user_exit+0x2b2/0x3e0
[ 2970.138818][T26011]  ? __context_tracking_exit+0x7a/0xd0
[ 2970.144280][T26011]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2970.150259][T26011]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2970.155784][T26011]  do_syscall_64+0x3d/0xb0
[ 2970.160186][T26011]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2970.166072][T26011] RIP: 0033:0x4665f9
[ 2970.169963][T26011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2970.189562][T26011] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2970.197960][T26011] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2970.205916][T26011] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2970.213879][T26011] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
01:49:40 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:40 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x200000000000, 0x0)

01:49:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x2000, 0x0, 0x0)

01:49:40 executing program 0 (fault-call:8 fault-nth:18):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2970.221843][T26011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2970.229799][T26011] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x4000, 0x0, 0x0)

[ 2970.318626][T26040] FAULT_INJECTION: forcing a failure.
[ 2970.318626][T26040] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2970.334990][T26040] CPU: 1 PID: 26040 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2970.343429][T26040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2970.353485][T26040] Call Trace:
[ 2970.356768][T26040]  dump_stack_lvl+0x1d3/0x29f
[ 2970.361456][T26040]  ? show_regs_print_info+0x12/0x12
[ 2970.366662][T26040]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2970.372393][T26040]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2970.377961][T26040]  should_fail+0x384/0x4b0
[ 2970.382388][T26040]  prepare_alloc_pages+0x1d1/0x5a0
[ 2970.387521][T26040]  __alloc_pages+0x14d/0x5f0
[ 2970.392118][T26040]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2970.397417][T26040]  ? trace_lock_release+0x4f/0x150
[ 2970.402533][T26040]  ? alloc_pages+0x3f3/0x500
[ 2970.407128][T26040]  allocate_slab+0xf1/0x540
[ 2970.411638][T26040]  ___slab_alloc+0x1cf/0x350
01:49:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x4100, 0x0, 0x0)

[ 2970.416230][T26040]  ? io_submit_sqes+0x601f/0x9e00
[ 2970.421259][T26040]  kmem_cache_alloc_bulk+0x180/0x410
[ 2970.426558][T26040]  io_submit_sqes+0x601f/0x9e00
[ 2970.431414][T26040]  ? __might_sleep+0x100/0x100
[ 2970.436208][T26040]  ? io_uring_add_tctx_node+0x330/0x330
[ 2970.442202][T26040]  ? io_uring_add_tctx_node+0x74/0x330
[ 2970.447668][T26040]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2970.453227][T26040]  ? trace_lock_release+0x4f/0x150
[ 2970.458342][T26040]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2970.463894][T26040]  ? __fget_files+0x35a/0x390
[ 2970.468557][T26040]  ? __lock_acquire+0x6100/0x6100
[ 2970.473572][T26040]  ? account_other_time+0x63/0x280
[ 2970.478685][T26040]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2970.484325][T26040]  ? print_irqtrace_events+0x220/0x220
[ 2970.490054][T26040]  ? vtime_user_exit+0x2b2/0x3e0
[ 2970.495093][T26040]  ? __context_tracking_exit+0x7a/0xd0
[ 2970.500562][T26040]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2970.506549][T26040]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2970.512088][T26040]  do_syscall_64+0x3d/0xb0
[ 2970.516514][T26040]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2970.522412][T26040] RIP: 0033:0x4665f9
[ 2970.526304][T26040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2970.545923][T26040] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2970.554347][T26040] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2970.562385][T26040] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2970.570343][T26040] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2970.578302][T26040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2970.586256][T26040] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:43 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:43 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x20000, 0x0, 0x0)

01:49:43 executing program 0 (fault-call:8 fault-nth:19):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:43 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2973.029600][T26061] FAULT_INJECTION: forcing a failure.
[ 2973.029600][T26061] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2973.060609][T26061] CPU: 0 PID: 26061 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2973.069059][T26061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2973.079124][T26061] Call Trace:
[ 2973.082407][T26061]  dump_stack_lvl+0x1d3/0x29f
[ 2973.087098][T26061]  ? show_regs_print_info+0x12/0x12
[ 2973.092303][T26061]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2973.098010][T26061]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2973.103601][T26061]  should_fail+0x384/0x4b0
[ 2973.108011][T26061]  prepare_alloc_pages+0x1d1/0x5a0
[ 2973.113130][T26061]  __alloc_pages+0x14d/0x5f0
[ 2973.117712][T26061]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2973.122978][T26061]  ? trace_lock_release+0x4f/0x150
[ 2973.128077][T26061]  ? alloc_pages+0x3f3/0x500
[ 2973.132675][T26061]  allocate_slab+0xf1/0x540
[ 2973.137180][T26061]  ___slab_alloc+0x1cf/0x350
[ 2973.141749][T26061]  ? io_submit_sqes+0x601f/0x9e00
[ 2973.146752][T26061]  kmem_cache_alloc_bulk+0x180/0x410
[ 2973.152027][T26061]  io_submit_sqes+0x601f/0x9e00
[ 2973.156874][T26061]  ? __might_sleep+0x100/0x100
[ 2973.161634][T26061]  ? io_uring_add_tctx_node+0x330/0x330
[ 2973.167171][T26061]  ? io_uring_add_tctx_node+0x74/0x330
[ 2973.172613][T26061]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2973.178145][T26061]  ? trace_lock_release+0x4f/0x150
[ 2973.183245][T26061]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2973.188775][T26061]  ? __fget_files+0x35a/0x390
[ 2973.193445][T26061]  ? __lock_acquire+0x6100/0x6100
[ 2973.198467][T26061]  ? account_other_time+0x63/0x280
[ 2973.203578][T26061]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2973.209192][T26061]  ? print_irqtrace_events+0x220/0x220
[ 2973.214633][T26061]  ? vtime_user_exit+0x2b2/0x3e0
[ 2973.219559][T26061]  ? __context_tracking_exit+0x7a/0xd0
[ 2973.225024][T26061]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2973.230996][T26061]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2973.236536][T26061]  do_syscall_64+0x3d/0xb0
[ 2973.240942][T26061]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2973.246820][T26061] RIP: 0033:0x4665f9
[ 2973.250696][T26061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2973.270719][T26061] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
01:49:43 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x1000000000000, 0x0)

01:49:43 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x40000, 0x0, 0x0)

01:49:43 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2973.279121][T26061] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2973.287085][T26061] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2973.295054][T26061] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2973.303028][T26061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2973.311000][T26061] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:43 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:43 executing program 0 (fault-call:8 fault-nth:20):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:43 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0xf000000, 0x0, 0x0)

01:49:43 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:43 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

[ 2973.437219][T26090] FAULT_INJECTION: forcing a failure.
[ 2973.437219][T26090] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2973.454860][T26090] CPU: 0 PID: 26090 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2973.463304][T26090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2973.473367][T26090] Call Trace:
[ 2973.476654][T26090]  dump_stack_lvl+0x1d3/0x29f
[ 2973.481354][T26090]  ? show_regs_print_info+0x12/0x12
[ 2973.486573][T26090]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2973.492304][T26090]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2973.497839][T26090]  should_fail+0x384/0x4b0
[ 2973.502248][T26090]  prepare_alloc_pages+0x1d1/0x5a0
[ 2973.507357][T26090]  __alloc_pages+0x14d/0x5f0
[ 2973.511941][T26090]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2973.517260][T26090]  ? trace_lock_release+0x4f/0x150
[ 2973.522476][T26090]  ? alloc_pages+0x3f3/0x500
[ 2973.527077][T26090]  allocate_slab+0xf1/0x540
[ 2973.531601][T26090]  ___slab_alloc+0x1cf/0x350
[ 2973.536189][T26090]  ? io_submit_sqes+0x601f/0x9e00
[ 2973.541194][T26090]  kmem_cache_alloc_bulk+0x180/0x410
[ 2973.546463][T26090]  io_submit_sqes+0x601f/0x9e00
[ 2973.551294][T26090]  ? __might_sleep+0x100/0x100
[ 2973.556066][T26090]  ? io_uring_add_tctx_node+0x330/0x330
[ 2973.561613][T26090]  ? io_uring_add_tctx_node+0x74/0x330
[ 2973.567067][T26090]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2973.572602][T26090]  ? trace_lock_release+0x4f/0x150
[ 2973.577698][T26090]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2973.583223][T26090]  ? __fget_files+0x35a/0x390
[ 2973.587961][T26090]  ? __lock_acquire+0x6100/0x6100
[ 2973.592988][T26090]  ? account_other_time+0x63/0x280
[ 2973.598112][T26090]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2973.603746][T26090]  ? print_irqtrace_events+0x220/0x220
[ 2973.609210][T26090]  ? vtime_user_exit+0x2b2/0x3e0
[ 2973.614150][T26090]  ? __context_tracking_exit+0x7a/0xd0
[ 2973.619611][T26090]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2973.625596][T26090]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2973.631133][T26090]  do_syscall_64+0x3d/0xb0
[ 2973.635550][T26090]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2973.641423][T26090] RIP: 0033:0x4665f9
[ 2973.645354][T26090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2973.664948][T26090] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2973.673348][T26090] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2973.681316][T26090] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2973.689296][T26090] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2973.697600][T26090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2973.705572][T26090] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:46 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:49:46 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x20000000, 0x0, 0x0)

01:49:46 executing program 0 (fault-call:8 fault-nth:21):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2976.068557][T26109] FAULT_INJECTION: forcing a failure.
[ 2976.068557][T26109] name failslab, interval 1, probability 0, space 0, times 0
[ 2976.093194][T26109] CPU: 0 PID: 26109 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2976.101641][T26109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2976.111698][T26109] Call Trace:
[ 2976.114986][T26109]  dump_stack_lvl+0x1d3/0x29f
[ 2976.119679][T26109]  ? show_regs_print_info+0x12/0x12
[ 2976.124886][T26109]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2976.130617][T26109]  ? __might_sleep+0x100/0x100
[ 2976.135422][T26109]  ? __rcu_read_lock+0xb0/0xb0
[ 2976.140168][T26109]  ? allocate_slab+0x373/0x540
[ 2976.144912][T26109]  should_fail+0x384/0x4b0
[ 2976.149314][T26109]  should_failslab+0x5/0x20
[ 2976.153801][T26109]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2976.158994][T26109]  io_submit_sqes+0x601f/0x9e00
[ 2976.163824][T26109]  ? __might_sleep+0x100/0x100
[ 2976.168579][T26109]  ? io_uring_add_tctx_node+0x330/0x330
[ 2976.174133][T26109]  ? io_uring_add_tctx_node+0x74/0x330
[ 2976.179575][T26109]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2976.185109][T26109]  ? trace_lock_release+0x4f/0x150
[ 2976.190207][T26109]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2976.195748][T26109]  ? __fget_files+0x35a/0x390
[ 2976.200421][T26109]  ? __lock_acquire+0x6100/0x6100
[ 2976.205429][T26109]  ? account_other_time+0x63/0x280
[ 2976.210522][T26109]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2976.216134][T26109]  ? print_irqtrace_events+0x220/0x220
[ 2976.221572][T26109]  ? vtime_user_exit+0x2b2/0x3e0
[ 2976.226488][T26109]  ? __context_tracking_exit+0x7a/0xd0
[ 2976.231928][T26109]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2976.237887][T26109]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2976.243413][T26109]  do_syscall_64+0x3d/0xb0
[ 2976.247813][T26109]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2976.253686][T26109] RIP: 0033:0x4665f9
[ 2976.257560][T26109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2976.277145][T26109] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2976.285547][T26109] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2976.293499][T26109] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2976.301452][T26109] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2976.309402][T26109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:49:46 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x80000000000000, 0x0)

01:49:46 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:49:46 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x40000000, 0x0, 0x0)

01:49:46 executing program 0 (fault-call:8 fault-nth:22):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2976.317379][T26109] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:46 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:46 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x41000000, 0x0, 0x0)

[ 2976.427656][T26129] FAULT_INJECTION: forcing a failure.
[ 2976.427656][T26129] name failslab, interval 1, probability 0, space 0, times 0
[ 2976.446464][T26129] CPU: 0 PID: 26129 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2976.454911][T26129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2976.464972][T26129] Call Trace:
[ 2976.468254][T26129]  dump_stack_lvl+0x1d3/0x29f
01:49:47 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2976.472955][T26129]  ? show_regs_print_info+0x12/0x12
[ 2976.478160][T26129]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2976.483890][T26129]  ? __might_sleep+0x100/0x100
[ 2976.488752][T26129]  ? __rcu_read_lock+0xb0/0xb0
[ 2976.493518][T26129]  ? allocate_slab+0x373/0x540
[ 2976.498291][T26129]  should_fail+0x384/0x4b0
[ 2976.502722][T26129]  should_failslab+0x5/0x20
[ 2976.507230][T26129]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2976.512525][T26129]  io_submit_sqes+0x601f/0x9e00
[ 2976.517386][T26129]  ? __might_sleep+0x100/0x100
[ 2976.522180][T26129]  ? io_uring_add_tctx_node+0x330/0x330
[ 2976.527732][T26129]  ? io_uring_add_tctx_node+0x74/0x330
[ 2976.533201][T26129]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2976.538758][T26129]  ? trace_lock_release+0x4f/0x150
[ 2976.543877][T26129]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2976.549431][T26129]  ? __fget_files+0x35a/0x390
[ 2976.554113][T26129]  ? __lock_acquire+0x6100/0x6100
[ 2976.559128][T26129]  ? account_other_time+0x63/0x280
[ 2976.564227][T26129]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2976.569852][T26129]  ? print_irqtrace_events+0x220/0x220
[ 2976.575397][T26129]  ? vtime_user_exit+0x2b2/0x3e0
[ 2976.580326][T26129]  ? __context_tracking_exit+0x7a/0xd0
[ 2976.585778][T26129]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2976.591749][T26129]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2976.597289][T26129]  do_syscall_64+0x3d/0xb0
[ 2976.601699][T26129]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2976.607579][T26129] RIP: 0033:0x4665f9
[ 2976.611461][T26129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2976.631047][T26129] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2976.639444][T26129] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2976.647397][T26129] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2976.655348][T26129] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2976.663314][T26129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2976.671276][T26129] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:49 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:49 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:49 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x2000000000000, 0x0, 0x0)

01:49:49 executing program 0 (fault-call:8 fault-nth:23):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2979.097855][T26151] FAULT_INJECTION: forcing a failure.
[ 2979.097855][T26151] name failslab, interval 1, probability 0, space 0, times 0
[ 2979.112576][T26151] CPU: 1 PID: 26151 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2979.121024][T26151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2979.131089][T26151] Call Trace:
[ 2979.134371][T26151]  dump_stack_lvl+0x1d3/0x29f
[ 2979.139061][T26151]  ? show_regs_print_info+0x12/0x12
[ 2979.144272][T26151]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2979.150002][T26151]  ? _raw_spin_unlock+0x24/0x40
[ 2979.154858][T26151]  ? __might_sleep+0x100/0x100
[ 2979.159621][T26151]  ? __rcu_read_lock+0xb0/0xb0
[ 2979.164368][T26151]  should_fail+0x384/0x4b0
[ 2979.168769][T26151]  should_failslab+0x5/0x20
[ 2979.173251][T26151]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2979.178453][T26151]  io_submit_sqes+0x601f/0x9e00
[ 2979.183296][T26151]  ? __might_sleep+0x100/0x100
[ 2979.188049][T26151]  ? io_uring_add_tctx_node+0x330/0x330
[ 2979.193581][T26151]  ? io_uring_add_tctx_node+0x74/0x330
[ 2979.199018][T26151]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2979.204659][T26151]  ? trace_lock_release+0x4f/0x150
[ 2979.209763][T26151]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2979.215320][T26151]  ? __fget_files+0x35a/0x390
[ 2979.219977][T26151]  ? __lock_acquire+0x6100/0x6100
[ 2979.224989][T26151]  ? account_other_time+0x63/0x280
[ 2979.230097][T26151]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2979.235713][T26151]  ? print_irqtrace_events+0x220/0x220
[ 2979.241150][T26151]  ? vtime_user_exit+0x2b2/0x3e0
[ 2979.246078][T26151]  ? __context_tracking_exit+0x7a/0xd0
[ 2979.251534][T26151]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2979.257550][T26151]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2979.263109][T26151]  do_syscall_64+0x3d/0xb0
[ 2979.267515][T26151]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2979.273394][T26151] RIP: 0033:0x4665f9
[ 2979.277268][T26151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2979.296880][T26151] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2979.305291][T26151] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2979.313353][T26151] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2979.321312][T26151] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2979.329278][T26151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2979.337248][T26151] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:49 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x100000000000000, 0x0)

01:49:49 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:49 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x4000000000000, 0x0, 0x0)

01:49:49 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:49 executing program 0 (fault-call:8 fault-nth:24):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:50 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:50 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2979.458855][T26173] ptrace attach of "/root/syz-executor.4"[26165] was attempted by "/root/syz-executor.4"[26173]
[ 2979.464573][T26171] FAULT_INJECTION: forcing a failure.
[ 2979.464573][T26171] name failslab, interval 1, probability 0, space 0, times 0
01:49:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0xf00000000000000, 0x0, 0x0)

[ 2979.553497][T26171] CPU: 0 PID: 26171 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2979.561955][T26171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2979.572013][T26171] Call Trace:
[ 2979.575297][T26171]  dump_stack_lvl+0x1d3/0x29f
[ 2979.580001][T26171]  ? show_regs_print_info+0x12/0x12
[ 2979.585213][T26171]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2979.590940][T26171]  ? __might_sleep+0x100/0x100
[ 2979.595704][T26171]  ? __rcu_read_lock+0xb0/0xb0
[ 2979.600473][T26171]  ? allocate_slab+0x373/0x540
[ 2979.605245][T26171]  should_fail+0x384/0x4b0
[ 2979.609673][T26171]  should_failslab+0x5/0x20
[ 2979.614174][T26171]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2979.619379][T26171]  io_submit_sqes+0x601f/0x9e00
[ 2979.624233][T26171]  ? __might_sleep+0x100/0x100
[ 2979.629022][T26171]  ? io_uring_add_tctx_node+0x330/0x330
[ 2979.634582][T26171]  ? io_uring_add_tctx_node+0x74/0x330
[ 2979.640048][T26171]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2979.645602][T26171]  ? trace_lock_release+0x4f/0x150
[ 2979.650723][T26171]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2979.656274][T26171]  ? __fget_files+0x35a/0x390
[ 2979.660950][T26171]  ? __lock_acquire+0x6100/0x6100
[ 2979.665976][T26171]  ? account_other_time+0x63/0x280
[ 2979.671082][T26171]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2979.676699][T26171]  ? print_irqtrace_events+0x220/0x220
[ 2979.682148][T26171]  ? vtime_user_exit+0x2b2/0x3e0
[ 2979.687102][T26171]  ? __context_tracking_exit+0x7a/0xd0
[ 2979.692554][T26171]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2979.698613][T26171]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2979.704152][T26171]  do_syscall_64+0x3d/0xb0
[ 2979.708562][T26171]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2979.714438][T26171] RIP: 0033:0x4665f9
[ 2979.718314][T26171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2979.738019][T26171] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2979.746428][T26171] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2979.754388][T26171] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2979.762350][T26171] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2979.770333][T26171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2979.778293][T26171] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:52 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:52 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:52 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x400000000000000, 0x0)

01:49:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x2000000000000000, 0x0, 0x0)

01:49:52 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:52 executing program 0 (fault-call:8 fault-nth:25):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:52 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:52 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 2982.141118][T26206] ptrace attach of "/root/syz-executor.4"[26203] was attempted by "/root/syz-executor.4"[26206]
[ 2982.156726][T26202] FAULT_INJECTION: forcing a failure.
[ 2982.156726][T26202] name failslab, interval 1, probability 0, space 0, times 0
[ 2982.219535][T26202] CPU: 1 PID: 26202 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2982.227989][T26202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2982.238042][T26202] Call Trace:
[ 2982.241321][T26202]  dump_stack_lvl+0x1d3/0x29f
[ 2982.246008][T26202]  ? show_regs_print_info+0x12/0x12
[ 2982.251216][T26202]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2982.256940][T26202]  ? __might_sleep+0x100/0x100
[ 2982.261711][T26202]  ? __rcu_read_lock+0xb0/0xb0
[ 2982.266477][T26202]  ? allocate_slab+0x373/0x540
[ 2982.271378][T26202]  should_fail+0x384/0x4b0
[ 2982.275784][T26202]  should_failslab+0x5/0x20
[ 2982.280287][T26202]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2982.285468][T26202]  io_submit_sqes+0x601f/0x9e00
[ 2982.290315][T26202]  ? __might_sleep+0x100/0x100
[ 2982.295072][T26202]  ? io_uring_add_tctx_node+0x330/0x330
[ 2982.300701][T26202]  ? io_uring_add_tctx_node+0x74/0x330
[ 2982.306144][T26202]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2982.311674][T26202]  ? trace_lock_release+0x4f/0x150
[ 2982.316777][T26202]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2982.322313][T26202]  ? __fget_files+0x35a/0x390
[ 2982.326967][T26202]  ? __lock_acquire+0x6100/0x6100
[ 2982.331972][T26202]  ? account_other_time+0x63/0x280
[ 2982.337062][T26202]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2982.342674][T26202]  ? print_irqtrace_events+0x220/0x220
[ 2982.348125][T26202]  ? vtime_user_exit+0x2b2/0x3e0
[ 2982.353044][T26202]  ? __context_tracking_exit+0x7a/0xd0
[ 2982.358482][T26202]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2982.364454][T26202]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2982.369979][T26202]  do_syscall_64+0x3d/0xb0
[ 2982.374382][T26202]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2982.380262][T26202] RIP: 0033:0x4665f9
[ 2982.384163][T26202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2982.403748][T26202] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2982.412143][T26202] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
01:49:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x4000000000000000, 0x0, 0x0)

[ 2982.420189][T26202] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2982.428188][T26202] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2982.436183][T26202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2982.444136][T26202] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x4100000000000000, 0x0, 0x0)

01:49:53 executing program 0 (fault-call:8 fault-nth:26):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0xffffffff00000000, 0x0, 0x0)

[ 2982.540051][T26235] FAULT_INJECTION: forcing a failure.
[ 2982.540051][T26235] name failslab, interval 1, probability 0, space 0, times 0
[ 2982.574182][T26235] CPU: 1 PID: 26235 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2982.582631][T26235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2982.592683][T26235] Call Trace:
[ 2982.595964][T26235]  dump_stack_lvl+0x1d3/0x29f
[ 2982.600652][T26235]  ? show_regs_print_info+0x12/0x12
[ 2982.605859][T26235]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2982.611585][T26235]  ? __might_sleep+0x100/0x100
[ 2982.616357][T26235]  ? __rcu_read_lock+0xb0/0xb0
[ 2982.621130][T26235]  ? allocate_slab+0x373/0x540
[ 2982.625901][T26235]  should_fail+0x384/0x4b0
[ 2982.630329][T26235]  should_failslab+0x5/0x20
[ 2982.634833][T26235]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2982.640035][T26235]  io_submit_sqes+0x601f/0x9e00
[ 2982.644892][T26235]  ? __might_sleep+0x100/0x100
[ 2982.649685][T26235]  ? io_uring_add_tctx_node+0x330/0x330
[ 2982.655235][T26235]  ? io_uring_add_tctx_node+0x74/0x330
[ 2982.660698][T26235]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2982.666247][T26235]  ? trace_lock_release+0x4f/0x150
[ 2982.671362][T26235]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2982.676914][T26235]  ? __fget_files+0x35a/0x390
[ 2982.681591][T26235]  ? __lock_acquire+0x6100/0x6100
[ 2982.686611][T26235]  ? account_other_time+0x63/0x280
[ 2982.691702][T26235]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2982.697312][T26235]  ? print_irqtrace_events+0x220/0x220
[ 2982.702763][T26235]  ? vtime_user_exit+0x2b2/0x3e0
[ 2982.707682][T26235]  ? __context_tracking_exit+0x7a/0xd0
[ 2982.713124][T26235]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2982.719150][T26235]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2982.724765][T26235]  do_syscall_64+0x3d/0xb0
[ 2982.729183][T26235]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2982.735072][T26235] RIP: 0033:0x4665f9
[ 2982.738941][T26235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2982.758529][T26235] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2982.766942][T26235] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2982.774900][T26235] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2982.782858][T26235] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2982.790808][T26235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2982.798759][T26235] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:55 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:55 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x2)

01:49:55 executing program 0 (fault-call:8 fault-nth:27):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:55 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x7f00000000000000, 0x0)

01:49:55 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:49:55 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2985.194116][T26254] FAULT_INJECTION: forcing a failure.
[ 2985.194116][T26254] name failslab, interval 1, probability 0, space 0, times 0
[ 2985.230795][T26254] CPU: 0 PID: 26254 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2985.239239][T26254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2985.249294][T26254] Call Trace:
[ 2985.252666][T26254]  dump_stack_lvl+0x1d3/0x29f
[ 2985.257357][T26254]  ? show_regs_print_info+0x12/0x12
[ 2985.262596][T26254]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2985.268323][T26254]  ? __might_sleep+0x100/0x100
[ 2985.273098][T26254]  ? __rcu_read_lock+0xb0/0xb0
[ 2985.277867][T26254]  ? allocate_slab+0x373/0x540
[ 2985.282640][T26254]  should_fail+0x384/0x4b0
[ 2985.287063][T26254]  should_failslab+0x5/0x20
[ 2985.291594][T26254]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2985.296803][T26254]  io_submit_sqes+0x601f/0x9e00
[ 2985.301656][T26254]  ? __might_sleep+0x100/0x100
[ 2985.306444][T26254]  ? io_uring_add_tctx_node+0x330/0x330
[ 2985.311995][T26254]  ? io_uring_add_tctx_node+0x74/0x330
[ 2985.317458][T26254]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2985.323010][T26254]  ? trace_lock_release+0x4f/0x150
[ 2985.328124][T26254]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2985.333681][T26254]  ? __fget_files+0x35a/0x390
[ 2985.338344][T26254]  ? __lock_acquire+0x6100/0x6100
[ 2985.343370][T26254]  ? account_other_time+0x63/0x280
[ 2985.348488][T26254]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2985.354120][T26254]  ? print_irqtrace_events+0x220/0x220
[ 2985.359562][T26254]  ? vtime_user_exit+0x2b2/0x3e0
[ 2985.364504][T26254]  ? __context_tracking_exit+0x7a/0xd0
[ 2985.369956][T26254]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2985.375919][T26254]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2985.381450][T26254]  do_syscall_64+0x3d/0xb0
[ 2985.385866][T26254]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2985.391739][T26254] RIP: 0033:0x4665f9
[ 2985.395614][T26254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2985.415202][T26254] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2985.423599][T26254] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2985.431572][T26254] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:49:55 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x4)

[ 2985.439532][T26254] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2985.447494][T26254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2985.455584][T26254] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:56 executing program 0 (fault-call:8 fault-nth:28):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0xf)

[ 2985.547855][T26277] FAULT_INJECTION: forcing a failure.
[ 2985.547855][T26277] name failslab, interval 1, probability 0, space 0, times 0
[ 2985.572457][T26277] CPU: 0 PID: 26277 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2985.580891][T26277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2985.590947][T26277] Call Trace:
[ 2985.594249][T26277]  dump_stack_lvl+0x1d3/0x29f
[ 2985.598937][T26277]  ? show_regs_print_info+0x12/0x12
[ 2985.604138][T26277]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2985.609867][T26277]  ? __might_sleep+0x100/0x100
[ 2985.614626][T26277]  ? __rcu_read_lock+0xb0/0xb0
[ 2985.619402][T26277]  ? allocate_slab+0x373/0x540
[ 2985.624172][T26277]  should_fail+0x384/0x4b0
[ 2985.628608][T26277]  should_failslab+0x5/0x20
[ 2985.633115][T26277]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2985.638357][T26277]  io_submit_sqes+0x601f/0x9e00
[ 2985.643211][T26277]  ? __might_sleep+0x100/0x100
[ 2985.648000][T26277]  ? io_uring_add_tctx_node+0x330/0x330
[ 2985.653554][T26277]  ? io_uring_add_tctx_node+0x74/0x330
[ 2985.659022][T26277]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2985.664588][T26277]  ? trace_lock_release+0x4f/0x150
[ 2985.669708][T26277]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2985.675256][T26277]  ? __fget_files+0x35a/0x390
[ 2985.679934][T26277]  ? __lock_acquire+0x6100/0x6100
[ 2985.684965][T26277]  ? account_other_time+0x63/0x280
[ 2985.690082][T26277]  ? rcu_read_lock_sched_held+0x5d/0x110
01:49:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x41)

01:49:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0xf00)

01:49:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x2000)

[ 2985.695717][T26277]  ? print_irqtrace_events+0x220/0x220
[ 2985.701177][T26277]  ? vtime_user_exit+0x2b2/0x3e0
[ 2985.706124][T26277]  ? __context_tracking_exit+0x7a/0xd0
[ 2985.711583][T26277]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2985.717574][T26277]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2985.723125][T26277]  do_syscall_64+0x3d/0xb0
[ 2985.727545][T26277]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2985.733439][T26277] RIP: 0033:0x4665f9
[ 2985.737336][T26277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2985.756939][T26277] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2985.765351][T26277] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2985.773322][T26277] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2985.781289][T26277] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2985.789259][T26277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2985.797227][T26277] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:58 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x4000)

01:49:58 executing program 0 (fault-call:8 fault-nth:29):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:58 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:58 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0xfeffffff00000000, 0x0)

[ 2988.200379][T26301] FAULT_INJECTION: forcing a failure.
[ 2988.200379][T26301] name failslab, interval 1, probability 0, space 0, times 0
[ 2988.214215][T26301] CPU: 0 PID: 26301 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2988.222655][T26301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2988.232712][T26301] Call Trace:
[ 2988.235988][T26301]  dump_stack_lvl+0x1d3/0x29f
[ 2988.240678][T26301]  ? show_regs_print_info+0x12/0x12
[ 2988.245866][T26301]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2988.251571][T26301]  ? _raw_spin_unlock+0x24/0x40
[ 2988.256412][T26301]  ? __might_sleep+0x100/0x100
[ 2988.261176][T26301]  ? __rcu_read_lock+0xb0/0xb0
[ 2988.265927][T26301]  should_fail+0x384/0x4b0
[ 2988.270339][T26301]  should_failslab+0x5/0x20
[ 2988.274829][T26301]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2988.280012][T26301]  io_submit_sqes+0x601f/0x9e00
[ 2988.284871][T26301]  ? __might_sleep+0x100/0x100
[ 2988.289633][T26301]  ? io_uring_add_tctx_node+0x330/0x330
[ 2988.295162][T26301]  ? io_uring_add_tctx_node+0x74/0x330
[ 2988.300602][T26301]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2988.306133][T26301]  ? trace_lock_release+0x4f/0x150
[ 2988.311229][T26301]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2988.316757][T26301]  ? __fget_files+0x35a/0x390
[ 2988.321427][T26301]  ? __lock_acquire+0x6100/0x6100
[ 2988.326436][T26301]  ? account_other_time+0x63/0x280
[ 2988.331527][T26301]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2988.337141][T26301]  ? print_irqtrace_events+0x220/0x220
[ 2988.342578][T26301]  ? vtime_user_exit+0x2b2/0x3e0
[ 2988.347513][T26301]  ? __context_tracking_exit+0x7a/0xd0
[ 2988.352964][T26301]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2988.358927][T26301]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2988.364456][T26301]  do_syscall_64+0x3d/0xb0
[ 2988.368870][T26301]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2988.374751][T26301] RIP: 0033:0x4665f9
[ 2988.378630][T26301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:49:58 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 2988.398218][T26301] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2988.406612][T26301] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2988.414567][T26301] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2988.422517][T26301] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2988.430468][T26301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2988.438421][T26301] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:59 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:49:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x4100)

01:49:59 executing program 0 (fault-call:8 fault-nth:30):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:59 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 2988.589540][T26323] FAULT_INJECTION: forcing a failure.
[ 2988.589540][T26323] name failslab, interval 1, probability 0, space 0, times 0
[ 2988.629622][T26323] CPU: 0 PID: 26323 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2988.638068][T26323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2988.648121][T26323] Call Trace:
[ 2988.651404][T26323]  dump_stack_lvl+0x1d3/0x29f
[ 2988.656085][T26323]  ? show_regs_print_info+0x12/0x12
[ 2988.661266][T26323]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2988.667037][T26323]  ? __might_sleep+0x100/0x100
[ 2988.671786][T26323]  ? __rcu_read_lock+0xb0/0xb0
[ 2988.676529][T26323]  ? allocate_slab+0x373/0x540
[ 2988.681280][T26323]  should_fail+0x384/0x4b0
[ 2988.685738][T26323]  should_failslab+0x5/0x20
[ 2988.690217][T26323]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2988.695403][T26323]  io_submit_sqes+0x601f/0x9e00
[ 2988.700239][T26323]  ? __might_sleep+0x100/0x100
[ 2988.705034][T26323]  ? io_uring_add_tctx_node+0x330/0x330
[ 2988.710605][T26323]  ? io_uring_add_tctx_node+0x74/0x330
[ 2988.716045][T26323]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2988.721574][T26323]  ? trace_lock_release+0x4f/0x150
[ 2988.726666][T26323]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2988.732232][T26323]  ? __fget_files+0x35a/0x390
[ 2988.736945][T26323]  ? __lock_acquire+0x6100/0x6100
[ 2988.741951][T26323]  ? account_other_time+0x63/0x280
[ 2988.747044][T26323]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2988.752673][T26323]  ? print_irqtrace_events+0x220/0x220
[ 2988.758112][T26323]  ? vtime_user_exit+0x2b2/0x3e0
[ 2988.763035][T26323]  ? __context_tracking_exit+0x7a/0xd0
[ 2988.768477][T26323]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2988.774440][T26323]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2988.779970][T26323]  do_syscall_64+0x3d/0xb0
[ 2988.784395][T26323]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2988.790273][T26323] RIP: 0033:0x4665f9
[ 2988.794147][T26323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2988.813728][T26323] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2988.822117][T26323] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2988.830070][T26323] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:49:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x20000)

01:49:59 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 2988.838047][T26323] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2988.845997][T26323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2988.853950][T26323] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:49:59 executing program 0 (fault-call:8 fault-nth:31):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:49:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x40000)

[ 2988.976532][T26338] FAULT_INJECTION: forcing a failure.
[ 2988.976532][T26338] name failslab, interval 1, probability 0, space 0, times 0
[ 2988.994094][T26338] CPU: 1 PID: 26338 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2989.002520][T26338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2989.012573][T26338] Call Trace:
[ 2989.015850][T26338]  dump_stack_lvl+0x1d3/0x29f
[ 2989.020537][T26338]  ? show_regs_print_info+0x12/0x12
01:49:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0xf000000)

[ 2989.025739][T26338]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2989.031468][T26338]  ? __might_sleep+0x100/0x100
[ 2989.036232][T26338]  ? __rcu_read_lock+0xb0/0xb0
[ 2989.040996][T26338]  ? allocate_slab+0x373/0x540
[ 2989.045766][T26338]  should_fail+0x384/0x4b0
[ 2989.050199][T26338]  should_failslab+0x5/0x20
[ 2989.054701][T26338]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2989.059914][T26338]  io_submit_sqes+0x601f/0x9e00
[ 2989.064769][T26338]  ? __might_sleep+0x100/0x100
[ 2989.069557][T26338]  ? io_uring_add_tctx_node+0x330/0x330
[ 2989.075107][T26338]  ? io_uring_add_tctx_node+0x74/0x330
[ 2989.080570][T26338]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2989.086122][T26338]  ? trace_lock_release+0x4f/0x150
[ 2989.091237][T26338]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2989.096788][T26338]  ? __fget_files+0x35a/0x390
[ 2989.101463][T26338]  ? __lock_acquire+0x6100/0x6100
[ 2989.106477][T26338]  ? account_other_time+0x63/0x280
[ 2989.111579][T26338]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2989.117189][T26338]  ? print_irqtrace_events+0x220/0x220
[ 2989.122624][T26338]  ? vtime_user_exit+0x2b2/0x3e0
[ 2989.127538][T26338]  ? __context_tracking_exit+0x7a/0xd0
[ 2989.132977][T26338]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2989.138933][T26338]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2989.144454][T26338]  do_syscall_64+0x3d/0xb0
[ 2989.148851][T26338]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2989.154726][T26338] RIP: 0033:0x4665f9
[ 2989.158601][T26338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2989.178185][T26338] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2989.186578][T26338] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2989.194526][T26338] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2989.202475][T26338] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2989.210424][T26338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2989.218557][T26338] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:01 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:01 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0xffffffff00000000, 0x0)

01:50:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x20000000)

01:50:02 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:02 executing program 0 (fault-call:8 fault-nth:32):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x40000000)

01:50:02 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x41000000)

[ 2991.594560][T26367] FAULT_INJECTION: forcing a failure.
[ 2991.594560][T26367] name failslab, interval 1, probability 0, space 0, times 0
[ 2991.622055][T26367] CPU: 1 PID: 26367 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2991.630538][T26367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2991.640598][T26367] Call Trace:
[ 2991.643885][T26367]  dump_stack_lvl+0x1d3/0x29f
[ 2991.648574][T26367]  ? show_regs_print_info+0x12/0x12
[ 2991.653787][T26367]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2991.659508][T26367]  ? __might_sleep+0x100/0x100
[ 2991.664286][T26367]  ? __rcu_read_lock+0xb0/0xb0
[ 2991.669053][T26367]  ? allocate_slab+0x373/0x540
[ 2991.673828][T26367]  should_fail+0x384/0x4b0
[ 2991.678256][T26367]  should_failslab+0x5/0x20
[ 2991.682759][T26367]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2991.687997][T26367]  io_submit_sqes+0x601f/0x9e00
[ 2991.692851][T26367]  ? __might_sleep+0x100/0x100
[ 2991.697640][T26367]  ? io_uring_add_tctx_node+0x330/0x330
[ 2991.703191][T26367]  ? io_uring_add_tctx_node+0x74/0x330
[ 2991.708655][T26367]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2991.714211][T26367]  ? trace_lock_release+0x4f/0x150
[ 2991.719334][T26367]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2991.724885][T26367]  ? __fget_files+0x35a/0x390
[ 2991.729562][T26367]  ? __lock_acquire+0x6100/0x6100
[ 2991.734595][T26367]  ? account_other_time+0x63/0x280
[ 2991.739709][T26367]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2991.745353][T26367]  ? print_irqtrace_events+0x220/0x220
[ 2991.750814][T26367]  ? vtime_user_exit+0x2b2/0x3e0
[ 2991.755756][T26367]  ? __context_tracking_exit+0x7a/0xd0
[ 2991.761217][T26367]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2991.767203][T26367]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2991.772754][T26367]  do_syscall_64+0x3d/0xb0
[ 2991.777181][T26367]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2991.783076][T26367] RIP: 0033:0x4665f9
[ 2991.786968][T26367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2991.806567][T26367] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2991.814958][T26367] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2991.822914][T26367] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2991.830865][T26367] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
01:50:02 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:02 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x2000000000000)

01:50:02 executing program 0 (fault-call:8 fault-nth:33):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2991.838817][T26367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2991.846770][T26367] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 2991.959378][T26395] FAULT_INJECTION: forcing a failure.
[ 2991.959378][T26395] name failslab, interval 1, probability 0, space 0, times 0
[ 2991.976535][T26395] CPU: 1 PID: 26395 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2991.984974][T26395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2991.995029][T26395] Call Trace:
[ 2991.998313][T26395]  dump_stack_lvl+0x1d3/0x29f
[ 2992.003001][T26395]  ? show_regs_print_info+0x12/0x12
[ 2992.008207][T26395]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2992.013935][T26395]  ? __might_sleep+0x100/0x100
[ 2992.018699][T26395]  ? __rcu_read_lock+0xb0/0xb0
[ 2992.023474][T26395]  should_fail+0x384/0x4b0
[ 2992.027900][T26395]  should_failslab+0x5/0x20
[ 2992.032406][T26395]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2992.037614][T26395]  io_submit_sqes+0x601f/0x9e00
[ 2992.042465][T26395]  ? __might_sleep+0x100/0x100
[ 2992.047235][T26395]  ? io_uring_add_tctx_node+0x330/0x330
[ 2992.052793][T26395]  ? io_uring_add_tctx_node+0x74/0x330
[ 2992.058234][T26395]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2992.063768][T26395]  ? trace_lock_release+0x4f/0x150
[ 2992.068865][T26395]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2992.074393][T26395]  ? __fget_files+0x35a/0x390
[ 2992.079049][T26395]  ? __lock_acquire+0x6100/0x6100
[ 2992.084060][T26395]  ? account_other_time+0x63/0x280
[ 2992.089156][T26395]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2992.094782][T26395]  ? print_irqtrace_events+0x220/0x220
[ 2992.100222][T26395]  ? vtime_user_exit+0x2b2/0x3e0
[ 2992.105143][T26395]  ? __context_tracking_exit+0x7a/0xd0
[ 2992.110587][T26395]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2992.116548][T26395]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2992.122087][T26395]  do_syscall_64+0x3d/0xb0
[ 2992.126489][T26395]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2992.132363][T26395] RIP: 0033:0x4665f9
[ 2992.136241][T26395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2992.155826][T26395] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2992.164233][T26395] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2992.172184][T26395] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2992.180136][T26395] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2992.188086][T26395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2992.196039][T26395] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:04 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097ea", 0xe}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:04 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x4)

01:50:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x4000000000000)

01:50:04 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:50:04 executing program 0 (fault-call:8 fault-nth:34):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:04 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

01:50:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0xf00000000000000)

[ 2994.289003][T26412] FAULT_INJECTION: forcing a failure.
[ 2994.289003][T26412] name fail_page_alloc, interval 1, probability 0, space 0, times 0
01:50:04 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x34)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

[ 2994.331206][T26412] CPU: 1 PID: 26412 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2994.339661][T26412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2994.349723][T26412] Call Trace:
[ 2994.353010][T26412]  dump_stack_lvl+0x1d3/0x29f
[ 2994.357700][T26412]  ? show_regs_print_info+0x12/0x12
[ 2994.362906][T26412]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2994.368640][T26412]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2994.374193][T26412]  should_fail+0x384/0x4b0
[ 2994.378622][T26412]  prepare_alloc_pages+0x1d1/0x5a0
[ 2994.383744][T26412]  __alloc_pages+0x14d/0x5f0
[ 2994.388343][T26412]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2994.393636][T26412]  ? trace_lock_release+0x4f/0x150
[ 2994.398755][T26412]  ? alloc_pages+0x3f3/0x500
[ 2994.403353][T26412]  allocate_slab+0xf1/0x540
[ 2994.407861][T26412]  ___slab_alloc+0x1cf/0x350
[ 2994.412457][T26412]  ? io_submit_sqes+0x601f/0x9e00
[ 2994.417484][T26412]  kmem_cache_alloc_bulk+0x180/0x410
[ 2994.422782][T26412]  io_submit_sqes+0x601f/0x9e00
01:50:04 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2994.427642][T26412]  ? __might_sleep+0x100/0x100
[ 2994.432432][T26412]  ? io_uring_add_tctx_node+0x330/0x330
[ 2994.437988][T26412]  ? io_uring_add_tctx_node+0x74/0x330
[ 2994.443456][T26412]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2994.449017][T26412]  ? trace_lock_release+0x4f/0x150
[ 2994.454138][T26412]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2994.459692][T26412]  ? __fget_files+0x35a/0x390
[ 2994.464372][T26412]  ? __lock_acquire+0x6100/0x6100
[ 2994.469404][T26412]  ? account_other_time+0x63/0x280
[ 2994.474523][T26412]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2994.480159][T26412]  ? print_irqtrace_events+0x220/0x220
[ 2994.485619][T26412]  ? vtime_user_exit+0x2b2/0x3e0
[ 2994.490565][T26412]  ? __context_tracking_exit+0x7a/0xd0
[ 2994.496032][T26412]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2994.502021][T26412]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2994.507578][T26412]  do_syscall_64+0x3d/0xb0
[ 2994.512002][T26412]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2994.517897][T26412] RIP: 0033:0x4665f9
[ 2994.521789][T26412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2994.541399][T26412] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2994.549820][T26412] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2994.557794][T26412] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2994.565753][T26412] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2994.573707][T26412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2994.581659][T26412] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:05 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:05 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x2000000000000000)

01:50:07 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:07 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x2000)

01:50:07 executing program 0 (fault-call:8 fault-nth:35):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:07 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x4000000000000000)

01:50:07 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097ea", 0xe}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:07 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:07 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2997.309421][T26463] ptrace attach of "/root/syz-executor.3"[26460] was attempted by "/root/syz-executor.3"[26463]
[ 2997.326336][T26464] FAULT_INJECTION: forcing a failure.
[ 2997.326336][T26464] name failslab, interval 1, probability 0, space 0, times 0
[ 2997.341068][T26464] CPU: 1 PID: 26464 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2997.349513][T26464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2997.359578][T26464] Call Trace:
[ 2997.362862][T26464]  dump_stack_lvl+0x1d3/0x29f
[ 2997.367561][T26464]  ? show_regs_print_info+0x12/0x12
[ 2997.372773][T26464]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2997.378511][T26464]  ? __might_sleep+0x100/0x100
[ 2997.383280][T26464]  ? __rcu_read_lock+0xb0/0xb0
[ 2997.388051][T26464]  ? allocate_slab+0x373/0x540
[ 2997.392828][T26464]  should_fail+0x384/0x4b0
[ 2997.397254][T26464]  should_failslab+0x5/0x20
[ 2997.401758][T26464]  kmem_cache_alloc_bulk+0x6b/0x410
[ 2997.406971][T26464]  io_submit_sqes+0x601f/0x9e00
[ 2997.411833][T26464]  ? __might_sleep+0x100/0x100
[ 2997.416621][T26464]  ? io_uring_add_tctx_node+0x330/0x330
[ 2997.422176][T26464]  ? io_uring_add_tctx_node+0x74/0x330
[ 2997.427643][T26464]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2997.433202][T26464]  ? trace_lock_release+0x4f/0x150
[ 2997.438322][T26464]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2997.443876][T26464]  ? __fget_files+0x35a/0x390
[ 2997.448560][T26464]  ? __lock_acquire+0x6100/0x6100
[ 2997.453694][T26464]  ? account_other_time+0x63/0x280
[ 2997.458815][T26464]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2997.464458][T26464]  ? print_irqtrace_events+0x220/0x220
[ 2997.469923][T26464]  ? vtime_user_exit+0x2b2/0x3e0
[ 2997.474876][T26464]  ? __context_tracking_exit+0x7a/0xd0
[ 2997.480343][T26464]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2997.486336][T26464]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2997.491896][T26464]  do_syscall_64+0x3d/0xb0
[ 2997.496474][T26464]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2997.502382][T26464] RIP: 0033:0x4665f9
01:50:08 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x7f00)

01:50:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x4100000000000000)

01:50:08 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097ea", 0xe}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2997.506287][T26464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2997.525901][T26464] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2997.534358][T26464] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2997.542334][T26464] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2997.550320][T26464] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
01:50:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0xffffffff00000000)

01:50:08 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:08 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 2997.558300][T26464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2997.566281][T26464] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:08 executing program 0 (fault-call:8 fault-nth:36):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 2997.675304][T26503] ptrace attach of "/root/syz-executor.3"[26499] was attempted by "/root/syz-executor.3"[26503]
[ 2997.689398][T26505] FAULT_INJECTION: forcing a failure.
[ 2997.689398][T26505] name failslab, interval 1, probability 0, space 0, times 0
[ 2997.706440][T26505] CPU: 0 PID: 26505 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2997.714897][T26505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2997.724960][T26505] Call Trace:
[ 2997.728249][T26505]  dump_stack_lvl+0x1d3/0x29f
[ 2997.732937][T26505]  ? show_regs_print_info+0x12/0x12
[ 2997.738152][T26505]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2997.743885][T26505]  ? __might_sleep+0x100/0x100
[ 2997.748663][T26505]  ? __rcu_read_lock+0xb0/0xb0
[ 2997.753440][T26505]  ? allocate_slab+0x373/0x540
[ 2997.758221][T26505]  should_fail+0x384/0x4b0
[ 2997.762649][T26505]  should_failslab+0x5/0x20
[ 2997.767158][T26505]  kmem_cache_alloc_bulk+0x6b/0x410
01:50:08 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 2997.772373][T26505]  io_submit_sqes+0x601f/0x9e00
[ 2997.777236][T26505]  ? __might_sleep+0x100/0x100
[ 2997.782032][T26505]  ? io_uring_add_tctx_node+0x330/0x330
[ 2997.787591][T26505]  ? io_uring_add_tctx_node+0x74/0x330
[ 2997.793064][T26505]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2997.798630][T26505]  ? trace_lock_release+0x4f/0x150
[ 2997.803759][T26505]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2997.809322][T26505]  ? __fget_files+0x35a/0x390
[ 2997.814008][T26505]  ? __lock_acquire+0x6100/0x6100
[ 2997.819043][T26505]  ? account_other_time+0x63/0x280
01:50:08 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 2997.819918][T26514] ptrace attach of "/root/syz-executor.3"[26513] was attempted by "/root/syz-executor.3"[26514]
[ 2997.824159][T26505]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2997.824182][T26505]  ? print_irqtrace_events+0x220/0x220
[ 2997.824198][T26505]  ? vtime_user_exit+0x2b2/0x3e0
[ 2997.824217][T26505]  ? __context_tracking_exit+0x7a/0xd0
[ 2997.824236][T26505]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2997.824256][T26505]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2997.867558][T26505]  do_syscall_64+0x3d/0xb0
[ 2997.871989][T26505]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2997.877888][T26505] RIP: 0033:0x4665f9
[ 2997.881788][T26505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2997.901431][T26505] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2997.909850][T26505] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2997.917807][T26505] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)

[ 2997.925851][T26505] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2997.933971][T26505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2997.942011][T26505] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:08 executing program 0 (fault-call:8 fault-nth:37):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:08 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 2998.044755][T26528] FAULT_INJECTION: forcing a failure.
[ 2998.044755][T26528] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2998.074891][T26528] CPU: 1 PID: 26528 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 2998.083357][T26528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2998.093421][T26528] Call Trace:
[ 2998.096710][T26528]  dump_stack_lvl+0x1d3/0x29f
[ 2998.101408][T26528]  ? show_regs_print_info+0x12/0x12
[ 2998.106618][T26528]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 2998.112355][T26528]  ? perf_trace_lock_acquire+0xe7/0x440
[ 2998.117920][T26528]  should_fail+0x384/0x4b0
[ 2998.122360][T26528]  prepare_alloc_pages+0x1d1/0x5a0
[ 2998.127474][T26528]  __alloc_pages+0x14d/0x5f0
[ 2998.132050][T26528]  ? __rmqueue_pcplist+0x2030/0x2030
[ 2998.137320][T26528]  ? trace_lock_release+0x4f/0x150
[ 2998.142420][T26528]  ? alloc_pages+0x3f3/0x500
[ 2998.146997][T26528]  allocate_slab+0xf1/0x540
[ 2998.151487][T26528]  ___slab_alloc+0x1cf/0x350
[ 2998.156059][T26528]  ? io_submit_sqes+0x601f/0x9e00
[ 2998.161068][T26528]  kmem_cache_alloc_bulk+0x180/0x410
[ 2998.166339][T26528]  io_submit_sqes+0x601f/0x9e00
[ 2998.171174][T26528]  ? __might_sleep+0x100/0x100
[ 2998.175939][T26528]  ? io_uring_add_tctx_node+0x330/0x330
[ 2998.181472][T26528]  ? io_uring_add_tctx_node+0x74/0x330
[ 2998.186912][T26528]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 2998.192472][T26528]  ? trace_lock_release+0x4f/0x150
[ 2998.197569][T26528]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 2998.203096][T26528]  ? __fget_files+0x35a/0x390
[ 2998.207756][T26528]  ? __lock_acquire+0x6100/0x6100
[ 2998.212763][T26528]  ? account_other_time+0x63/0x280
[ 2998.217856][T26528]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 2998.223470][T26528]  ? print_irqtrace_events+0x220/0x220
[ 2998.228910][T26528]  ? vtime_user_exit+0x2b2/0x3e0
[ 2998.233832][T26528]  ? __context_tracking_exit+0x7a/0xd0
[ 2998.239276][T26528]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 2998.245244][T26528]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 2998.250777][T26528]  do_syscall_64+0x3d/0xb0
[ 2998.255181][T26528]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2998.261079][T26528] RIP: 0033:0x4665f9
[ 2998.264963][T26528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2998.284547][T26528] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2998.292968][T26528] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 2998.300923][T26528] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 2998.308895][T26528] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2998.316848][T26528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2998.324800][T26528] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:11 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x200000)

01:50:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
clock_gettime(0x0, &(0x7f0000000300)={<r2=>0x0, <r3=>0x0})
recvmmsg(r1, &(0x7f0000000000), 0x0, 0x2, &(0x7f0000000340)={r2, r3+60000000})
pipe(&(0x7f0000000040))
r4 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
pipe(&(0x7f0000000080)={<r7=>0xffffffffffffffff})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
close(r8)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
close(r9)
splice(0xffffffffffffffff, 0x0, r9, 0x0, 0x4ffe6, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
splice(r7, 0x0, r8, 0x0, 0x4ffe6, 0x0)
sendto$unix(r7, &(0x7f0000000240)="fd10a37e4864cbcb2c656f7ae12accda8eaa367380866e14f02635c056c9897a0e45c8bec6dd4402d1411f9b38138022dde258cb38b20a99226214dac6f16e7d1d9365a1fa857745d8c73549451ae505b950d2af25e3a825f0294b81052f68885578d0ef518cfa55f981be0ee8311423af25e6c6197f22da46c9a3a26afb115c6eb0d1c33cd5bd03566c86337a04554e", 0x90, 0x20, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
io_uring_enter(r4, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:11 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41b", 0x15}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:11 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:11 executing program 0 (fault-call:8 fault-nth:38):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:11 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b", 0x1d}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000000))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x8, 0x40}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3000.613376][T26539] FAULT_INJECTION: forcing a failure.
[ 3000.613376][T26539] name failslab, interval 1, probability 0, space 0, times 0
01:50:11 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3000.662268][T26539] CPU: 1 PID: 26539 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3000.670729][T26539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3000.680793][T26539] Call Trace:
[ 3000.684078][T26539]  dump_stack_lvl+0x1d3/0x29f
[ 3000.688769][T26539]  ? show_regs_print_info+0x12/0x12
[ 3000.693977][T26539]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3000.699711][T26539]  ? __might_sleep+0x100/0x100
[ 3000.704486][T26539]  ? __rcu_read_lock+0xb0/0xb0
[ 3000.709259][T26539]  ? allocate_slab+0x373/0x540
[ 3000.714030][T26539]  should_fail+0x384/0x4b0
[ 3000.718465][T26539]  should_failslab+0x5/0x20
[ 3000.722975][T26539]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3000.728182][T26539]  io_submit_sqes+0x601f/0x9e00
[ 3000.733041][T26539]  ? __might_sleep+0x100/0x100
[ 3000.737831][T26539]  ? io_uring_add_tctx_node+0x330/0x330
[ 3000.743383][T26539]  ? io_uring_add_tctx_node+0x74/0x330
[ 3000.748830][T26539]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3000.754364][T26539]  ? trace_lock_release+0x4f/0x150
[ 3000.759458][T26539]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3000.764984][T26539]  ? __fget_files+0x35a/0x390
[ 3000.769640][T26539]  ? __lock_acquire+0x6100/0x6100
[ 3000.774647][T26539]  ? account_other_time+0x63/0x280
[ 3000.779743][T26539]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3000.785373][T26539]  ? print_irqtrace_events+0x220/0x220
[ 3000.790836][T26539]  ? vtime_user_exit+0x2b2/0x3e0
[ 3000.795769][T26539]  ? __context_tracking_exit+0x7a/0xd0
[ 3000.801210][T26539]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3000.807172][T26539]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3000.812766][T26539]  do_syscall_64+0x3d/0xb0
[ 3000.817190][T26539]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3000.823082][T26539] RIP: 0033:0x4665f9
[ 3000.826957][T26539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3000.846546][T26539] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3000.854997][T26539] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
01:50:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_misc(r4, &(0x7f0000000000)=ANY=[], 0xfffffecc)
r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x20400, 0x0)
getsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
ioctl$BTRFS_IOC_DEV_REPLACE(r4, 0xca289435, &(0x7f0000000b40)={0x1, 0x100, @status={[0x1, 0xffffffffffffffc0, 0x802, 0x6, 0x9, 0x80000001]}, [0x4, 0x20, 0x77, 0x9, 0x10001, 0x7fffffff, 0x1, 0x8, 0x307, 0x8, 0x1f, 0x100000000, 0x2f2, 0x7, 0x1, 0xdf7, 0x0, 0x4, 0x101, 0x5, 0x100000000, 0x4, 0x1, 0x80, 0x1, 0xfff, 0x4, 0xfffffffffffffffb, 0x28000000000000, 0xff, 0x80000000, 0x2, 0x7, 0x4, 0x9, 0xfffffffffffffffe, 0x6, 0x2, 0x4, 0xffffffffffffff81, 0x1, 0x7, 0x1000, 0x1, 0x5, 0xa29, 0x2, 0x5ccc298c, 0x8001, 0x0, 0x8001, 0x4, 0x101, 0xe79b, 0x0, 0x400000002a, 0x2, 0xffffffffffffff4c, 0x5, 0x10000, 0x0, 0x6, 0x5, 0x3]})
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:11 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3000.862971][T26539] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3000.870925][T26539] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3000.878877][T26539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3000.886835][T26539] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:11 executing program 0 (fault-call:8 fault-nth:39):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3000.994150][T26570] FAULT_INJECTION: forcing a failure.
[ 3000.994150][T26570] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3001.007928][T26570] CPU: 1 PID: 26570 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3001.016361][T26570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3001.026417][T26570] Call Trace:
[ 3001.029699][T26570]  dump_stack_lvl+0x1d3/0x29f
[ 3001.034391][T26570]  ? show_regs_print_info+0x12/0x12
[ 3001.039601][T26570]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3001.045327][T26570]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3001.050872][T26570]  should_fail+0x384/0x4b0
[ 3001.055281][T26570]  prepare_alloc_pages+0x1d1/0x5a0
[ 3001.060381][T26570]  __alloc_pages+0x14d/0x5f0
[ 3001.064964][T26570]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3001.070228][T26570]  ? trace_lock_release+0x4f/0x150
[ 3001.075321][T26570]  ? alloc_pages+0x3f3/0x500
[ 3001.079892][T26570]  allocate_slab+0xf1/0x540
[ 3001.084377][T26570]  ___slab_alloc+0x1cf/0x350
[ 3001.088944][T26570]  ? io_submit_sqes+0x601f/0x9e00
[ 3001.093948][T26570]  kmem_cache_alloc_bulk+0x180/0x410
[ 3001.099222][T26570]  io_submit_sqes+0x601f/0x9e00
[ 3001.104074][T26570]  ? __might_sleep+0x100/0x100
[ 3001.108830][T26570]  ? io_uring_add_tctx_node+0x330/0x330
[ 3001.114353][T26570]  ? io_uring_add_tctx_node+0x74/0x330
[ 3001.119788][T26570]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3001.125319][T26570]  ? trace_lock_release+0x4f/0x150
[ 3001.130407][T26570]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3001.136048][T26570]  ? __fget_files+0x35a/0x390
[ 3001.140717][T26570]  ? __lock_acquire+0x6100/0x6100
[ 3001.145742][T26570]  ? account_other_time+0x63/0x280
[ 3001.150855][T26570]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3001.156484][T26570]  ? print_irqtrace_events+0x220/0x220
[ 3001.161920][T26570]  ? vtime_user_exit+0x2b2/0x3e0
[ 3001.166840][T26570]  ? __context_tracking_exit+0x7a/0xd0
[ 3001.172296][T26570]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3001.178257][T26570]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3001.183785][T26570]  do_syscall_64+0x3d/0xb0
[ 3001.188185][T26570]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3001.194064][T26570] RIP: 0033:0x4665f9
[ 3001.197951][T26570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3001.217570][T26570] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3001.225964][T26570] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3001.233924][T26570] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:11 executing program 0 (fault-call:8 fault-nth:40):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3001.241878][T26570] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3001.249838][T26570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3001.257799][T26570] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3001.312166][T26576] FAULT_INJECTION: forcing a failure.
[ 3001.312166][T26576] name failslab, interval 1, probability 0, space 0, times 0
[ 3001.325148][T26576] CPU: 1 PID: 26576 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3001.333572][T26576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3001.343667][T26576] Call Trace:
[ 3001.346968][T26576]  dump_stack_lvl+0x1d3/0x29f
[ 3001.351639][T26576]  ? show_regs_print_info+0x12/0x12
[ 3001.356831][T26576]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3001.362536][T26576]  ? __might_sleep+0x100/0x100
[ 3001.367289][T26576]  ? __rcu_read_lock+0xb0/0xb0
[ 3001.372072][T26576]  ? allocate_slab+0x373/0x540
[ 3001.376824][T26576]  should_fail+0x384/0x4b0
[ 3001.381306][T26576]  should_failslab+0x5/0x20
[ 3001.385812][T26576]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3001.391009][T26576]  io_submit_sqes+0x601f/0x9e00
[ 3001.395845][T26576]  ? __might_sleep+0x100/0x100
[ 3001.400638][T26576]  ? io_uring_add_tctx_node+0x330/0x330
[ 3001.406181][T26576]  ? io_uring_add_tctx_node+0x74/0x330
[ 3001.411639][T26576]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3001.417192][T26576]  ? trace_lock_release+0x4f/0x150
[ 3001.422290][T26576]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3001.427874][T26576]  ? __fget_files+0x35a/0x390
[ 3001.432537][T26576]  ? __lock_acquire+0x6100/0x6100
[ 3001.437563][T26576]  ? account_other_time+0x63/0x280
[ 3001.442657][T26576]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3001.448278][T26576]  ? print_irqtrace_events+0x220/0x220
[ 3001.453724][T26576]  ? vtime_user_exit+0x2b2/0x3e0
[ 3001.458675][T26576]  ? __context_tracking_exit+0x7a/0xd0
[ 3001.464137][T26576]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3001.470106][T26576]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3001.475747][T26576]  do_syscall_64+0x3d/0xb0
[ 3001.480208][T26576]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3001.486103][T26576] RIP: 0033:0x4665f9
[ 3001.489981][T26576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3001.509798][T26576] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3001.518219][T26576] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3001.526176][T26576] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3001.534137][T26576] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3001.542106][T26576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3001.550082][T26576] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:14 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x800000)

01:50:14 executing program 0 (fault-call:8 fault-nth:41):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:14 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41b", 0x15}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
r5 = fcntl$dupfd(r1, 0x406, r1)
perf_event_open(&(0x7f0000000180)={0xf6d7dd61c0ccb6b1, 0x80, 0xfd, 0x9d, 0xec, 0x5, 0x0, 0xad, 0x8801, 0xa, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2322, 0x2, @perf_bp, 0x11034, 0xe27, 0x3, 0x6, 0x401, 0x8bb, 0x590e, 0x0, 0x4, 0x0, 0x8}, 0xffffffffffffffff, 0xa, r5, 0x1)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3003.623009][T26583] FAULT_INJECTION: forcing a failure.
[ 3003.623009][T26583] name failslab, interval 1, probability 0, space 0, times 0
[ 3003.647943][T26583] CPU: 0 PID: 26583 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3003.656392][T26583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3003.666452][T26583] Call Trace:
[ 3003.669737][T26583]  dump_stack_lvl+0x1d3/0x29f
[ 3003.674444][T26583]  ? show_regs_print_info+0x12/0x12
[ 3003.680261][T26583]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3003.685997][T26583]  ? __might_sleep+0x100/0x100
[ 3003.690773][T26583]  ? __rcu_read_lock+0xb0/0xb0
[ 3003.695581][T26583]  ? allocate_slab+0x373/0x540
[ 3003.700362][T26583]  should_fail+0x384/0x4b0
[ 3003.704790][T26583]  should_failslab+0x5/0x20
[ 3003.709300][T26583]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3003.714511][T26583]  io_submit_sqes+0x601f/0x9e00
[ 3003.719375][T26583]  ? __might_sleep+0x100/0x100
[ 3003.724166][T26583]  ? io_uring_add_tctx_node+0x330/0x330
[ 3003.729724][T26583]  ? io_uring_add_tctx_node+0x74/0x330
[ 3003.735189][T26583]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3003.740748][T26583]  ? trace_lock_release+0x4f/0x150
[ 3003.745970][T26583]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3003.751508][T26583]  ? __fget_files+0x35a/0x390
[ 3003.756170][T26583]  ? __lock_acquire+0x6100/0x6100
[ 3003.761178][T26583]  ? account_other_time+0x63/0x280
[ 3003.766280][T26583]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3003.771895][T26583]  ? print_irqtrace_events+0x220/0x220
[ 3003.777332][T26583]  ? vtime_user_exit+0x2b2/0x3e0
[ 3003.782253][T26583]  ? __context_tracking_exit+0x7a/0xd0
[ 3003.787693][T26583]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3003.793654][T26583]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3003.799187][T26583]  do_syscall_64+0x3d/0xb0
[ 3003.803603][T26583]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3003.809483][T26583] RIP: 0033:0x4665f9
[ 3003.813358][T26583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3003.832953][T26583] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3003.841348][T26583] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3003.849303][T26583] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3003.857266][T26583] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3003.865229][T26583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:50:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x20a40, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x37c}, &(0x7f0000128000/0x1000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
fcntl$dupfd(r1, 0x0, r1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000740)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1000, 0x0, {0x0, r5}}, 0x9)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)={0x30801, 0x2, 0x2}, &(0x7f0000000400)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r5}}, 0x10000)
syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x7fffffff)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
splice(r6, 0x0, r7, 0x0, 0x4ffe6, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x2400, 0xfffffffffffffffb)

01:50:14 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41b", 0x15}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:14 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3003.873180][T26583] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:14 executing program 0 (fault-call:8 fault-nth:42):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:14 executing program 3:
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x1130, &(0x7f0000000080)={0x0, 0x3b98, 0x0, 0x0, 0x83}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3004.050098][T26613] FAULT_INJECTION: forcing a failure.
[ 3004.050098][T26613] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3004.086196][T26613] CPU: 0 PID: 26613 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3004.094916][T26613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3004.104978][T26613] Call Trace:
[ 3004.108268][T26613]  dump_stack_lvl+0x1d3/0x29f
[ 3004.112963][T26613]  ? show_regs_print_info+0x12/0x12
[ 3004.118169][T26613]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3004.123902][T26613]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3004.129461][T26613]  should_fail+0x384/0x4b0
[ 3004.133894][T26613]  prepare_alloc_pages+0x1d1/0x5a0
[ 3004.139023][T26613]  __alloc_pages+0x14d/0x5f0
[ 3004.143644][T26613]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3004.148943][T26613]  ? trace_lock_release+0x4f/0x150
[ 3004.154070][T26613]  ? alloc_pages+0x3f3/0x500
[ 3004.158671][T26613]  allocate_slab+0xf1/0x540
[ 3004.163185][T26613]  ___slab_alloc+0x1cf/0x350
[ 3004.167762][T26613]  ? io_submit_sqes+0x601f/0x9e00
[ 3004.172773][T26613]  kmem_cache_alloc_bulk+0x180/0x410
[ 3004.178050][T26613]  io_submit_sqes+0x601f/0x9e00
[ 3004.182894][T26613]  ? __might_sleep+0x100/0x100
[ 3004.187717][T26613]  ? io_uring_add_tctx_node+0x330/0x330
[ 3004.193246][T26613]  ? io_uring_add_tctx_node+0x74/0x330
[ 3004.198708][T26613]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3004.204243][T26613]  ? trace_lock_release+0x4f/0x150
[ 3004.209376][T26613]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3004.215001][T26613]  ? __fget_files+0x35a/0x390
[ 3004.219665][T26613]  ? __lock_acquire+0x6100/0x6100
[ 3004.224680][T26613]  ? account_other_time+0x63/0x280
[ 3004.229774][T26613]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3004.235407][T26613]  ? print_irqtrace_events+0x220/0x220
[ 3004.240895][T26613]  ? vtime_user_exit+0x2b2/0x3e0
[ 3004.245837][T26613]  ? __context_tracking_exit+0x7a/0xd0
[ 3004.251286][T26613]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3004.257278][T26613]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3004.262810][T26613]  do_syscall_64+0x3d/0xb0
[ 3004.267212][T26613]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3004.273089][T26613] RIP: 0033:0x4665f9
[ 3004.277069][T26613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$BTRFS_IOC_DEFRAG(r4, 0x50009402, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3800004, 0x12, r5, 0x0)
ioctl$BTRFS_IOC_RM_DEV(r5, 0x5000940b, &(0x7f0000000b40)={{r1}, "a4e4de6905e6f6e28e35b61f34b5d912a72e9d2e5ec7c0d0fe9f680c90b24c69a88dc249abe675545b167430648bf93b9ffbd4991d3e6841523e94558527aee76e2b8d518707313cf1413858604c90c97279a8ea5a60c6cb69edd4c19f899b519fa2c6e5c3f8a2959f83fc014805bf2fca3274daba0b84a850e36ebbc50fceb0072698fac8f6a601585118d15cbc7248184cbbeb1e5cc26c9344db2f2e3730487e2baaa5df1130f4f5849da0e44f2b53c68d8d69bd4ff6e5c4ee32272fcc7c6dddcc9b281a7383130e3031cc5050b9f77ee8592db590ac3dfd751235a2c5212351a73955ab3abf9df040b270da9c0da56fe481fa6e2415b07dec9fea4e0d8abcd95b1adb70721bdfca2a043d1b09caeceec69188d70fecdd41fd42633868ad3e4757c237992e9676bfa26dadb6f3463c5df5d42683b8678d00f9cb42fa5c6b0d411de81a39a71e3e7f7e1abb61f41098be2cdb9ac9638d0f5c742423941cb63255a7b4f51b01fd06110869b4436aaeb98a7d35a11ece3a8eefdbb85555832aed212980f2dc7e6a6c0a6dda61f3c0965c55b0fcca492e59927ff8dafe6d4341c817f98f9a71bb19482efe033a762ffbca7a2fa0b0298761c481fa5d9ab30c28254a982350cbc6e598eb564f70f18ed3334478ac48d93b8b1b5e1bfbad53e195bda39035c54a22e3d800c8579af048e950711c32c5b67c1ed50f97eb439a12afc130a29d7a0f4b1d307aba8a1e26f6c96ec9983ab28d98ff2cea10fd4788d6d09be659c3b0da530de0d6102d836a0dd206b295323cd8f49f674f65864bce747fa50a8a71a4fb42e7b4a12ac2a3cbe3eeca8b0740cba28226e807884bac14fea1b57c9c95e180bf451b45129359d96e2e5e61f2d512bcdcd1fba57a14f96690d357464dc6e187942296a4640c1de04fbfcae8f5c39d3045bfbdab9fc26088a1a70587e30184d17b6a4bd3b8513a4afe0db342c0e3e9fa3886823602bfa3c411809b6c401563a9cc1c01477efba69f723cf258bf72dd5c4f6e357c5a121480c03eda5adc72753e7f3de46c77ec5769c529ad0a5e7c54220c8f761cdbf885d12090687c1bc211d6e671145aac37cf93c565754ebd0c5bc90530e11face2b9eaa264a63a64c0542510ac0d5d1cdc4d9841ce4e834086784186900a55e946cf488c3024aeebebdd7798918fa802d560e7db1aef898b85e0c810f264a0401511b1569fc725a6e3b03dbd62f0120cc566b6deea907c0d246cf06d9d87188875ccc186ac76b523296e415352909e1228cbecaccc304c1b734a9aee22228f6fa706794c5c01e8d110fc444e843e3bc55a235499396531637dcbe85f8ac6c0f7dce5560130625bf6b6feebf83e988b9fb7030e73ca0b18a2e23431e35a0cdc00d35129ca5f5d1cd9b14e5bc7bb79a256bb05d5171c948a56a6bca39811bddd47755a9bab8e41a79af8ed103b55bd7420166eb5cdeb0a981ccceb9938aaf20fb746eadcbcebb00d720ed721ae9d1c386e1dd347bdd6a81ee7ac9a90b12c0a2959c92f2f2dff71deb905d09b245f90d3ad83371732dda241e0b1a15a956da02693466f73969c4a912705942be5416d1f2a5e3c087ac469605f5870493dea4c000f534d3c867ad1e93fbeffbffd4d7498460ce0da948d5e0be75f0162e0bba2f5245df6406c52d6bbbebf6e8c81a2c34d521372e96717e808289db27f6a378bc786726f21f64eb602c644fe8b2e7bd0d95450b553855f9154300873dbbcf3e4129f991d93e1ca1158df8469c95479ff71e81db4a0e9954852df76e2941a84661965b744a77d1ca4778cda78370ee3e5752e81c058a85fd0028a84f32696be8cc034c4da803668584bad7f75b7b639f2710a5de65c19af446f804f6a2690e419764a839d9486983084915ceb19cd96998116b132f559da09cf5a0e27dd2a9a7c6ccb325558a89a5abd03f28787cbaac74d5d63da35d80ceb089d82cf9a5cc7601901e349df6c20fecd20b47e81f54b4768dd5deb8f0ad4fd1170b8ff864f07a35dde15556c0bb83c4af6c5d79af47063a4cb8545d25a5cdc62409e887f7fe543046364c4c8892f3d8eebd9db6fe15b49978cec294d0c86cac42733346b28b593594e20123c00fb14b57e9f49c72d4c91f73b6a86ca6012172dcb291e58eb77096e18ee9600fdeb7d1a63dcbb311859bf2c74890cdee1e24d08f558c2d8c2d5a3dd5114d8c1890abac6b8896feb642f492b7737d24d4a4180fb2de1b15912c316f2445c87b1bc76cb1d21cfab31e20a8770325058b5b11a23862b4d00832b8a74e0f6714cde839b82a3c7481e6333e70f9c823ae72243b232768aef8cc032beb97e9448409621891a5d1675a47d3778ffcf37d52b06b5153fe67abb442fadff74a0310d8d198e7cb3b617415324e6e0db50e1162d884aadfa1dfb971f6d079596f7ea3bf8dc6ea5ed0368d5ca6dc1ec046d63a06d3f8df28f9de75b2218592e5c59ebda29afc7dd700a8227f332b99d4dda652efaa6c95e07fc1580022982cf42b65531aaf31c37ced5ec3ab6a0fbaec45c828bd8fe17e5f3a6b8155b2668a320469ee3ab022d97e5144df3e3f05392aef72d07675d201b5feace2b642bde4942e9c495cbb4185c99607f97aa05d31134fe0ff8fc714605c9ab930363c6b64924ec2877f7d5d15591af61a4840e661000a262b6caf53d539d0c27bb6eb522bfa744605dba1e8b9cfee0f6ffa743f9252fc4dc7aa4594565f89aad819b356151ef4a52d569b19ee699d04365d411c646808a526403e6f4974b0ec53f1f7dbf624ca683366ed623a56bfd10831fea17cfe2f45ac470d1e85aad8b86376f263521060651ac7fda608cc0b05165dc1764a19739b7d7693484c5eee1c281ae433a5cfa2cf0bb9b055f06a9fec1ec1af69ae5730e3b9a03054ff8990f7474ba35863eb328c14654612e5474de8093843d81b23bad33c731b789f85b0c48825f0ca6e7ebfc184043675935d0dd8918f2917870407d534b5f2bc72f8965899eef967cdd804ceda6f9fa5cc41f2c884f347b1f767698763455d8b81e5d8608247c46e40aed52b73a785300f71a559696a6d3e56ceb1f7c33ab055f0c972cc2a859b90610177320632b61cf1182196a59b37e40e8c2219aab8a1accc16dc51e43e8ff9c3a2777fb9e438781763b1356e3a25265cefecfe16b59b288551bf5ed9c4352a9d14d763d9b5b915a02b8c4012bb5a79f34f13ddb7db335ef9f723b6b95958a17d842c94744f0f7b0377c052216a5942415addb421d43e6b35923a596e159228c31dc5e49347772aa3dfc02e43ee27b228bab16c82e86e154bef15b3aa2acde6bdd0b26875c77f995fa02de343bb418a9f4c1512b13e60dc66032e55e8b427461bb2695aefe3e7c63950475a0403eea45413a02d7c6a411e04f6bd741e4759d1f40bd147b213782709d33ab7aeb14cfd993021b591f98996e5fe1e980fbc2851c2755b0b447e7c361f96c17c36dae2dcb3a0f276c1dd5726699bd161dcd1f6ac864d5eb9892805b705d71ce69a3524f109cdd892ec69380db1e8362cec599c5110c135f2c9b89e54e873612f594df3d78d8962af1e2f4a1f7539d66459d6117f98e7f4413452e521b8970b5a140a75cd19863942d4a2ae48ffc454144419365f670bb3012b1f3668b1e573329b6cc71f16e263723ba065fcd58c9833a5465179d2891fdc34808e66d156e43c117ba107f0317c2fef091fcbe83dbc560e27fee75a420b10dc6194513705ff3d17882dc59d5c96230b2048d74fca478ea5a76c528f86afb492c27d366542eeb6bc621f64f5aedf0dcacd9c17accaa7b2dd9f8bbb6c5901b5b9c87f1ce3f3d6b01738d3af55ca5a8fb1373aef2ea5ff6b5b3032a0a4b87fccd6618313785c5456552493fe03efd4b20ee6a397acee479f2e6e9365afdee94c4a6199477f57319f975987e31fc2c8f93d7a1e8f1e6b3f8bb4e4de54d8f4cb78e1d43c4b27a6d07bff91ba100bcb01aef9e60fb13884e8ef989404396f80f5f3370d1ab5bcb0f9c25e793f833f5409d9b6c637cbca71344d06d0975423fe563d27e4b6062861ccaafeffb044c8e666d7a767ef886df50dad857a1d1e9c2cc5e06efe842343b89fddb0676a303228063cf50accc9f3716f5d52a9a0e0d36341396a825afcb71ff89b7cdd59850d40f3229cf0d7c9158b0688e17a48dd45b81754d54a66ebb7daadfb7e1f2a2af7717bb2e41aa4e5200249bf743e7eef61cf254a73990d644f760ff36f49d486c444e5ec27278f881a25d0729daef68809d53796d5770dad7ae795e6507b5c3ca5c1948b35c4088f359def414bbfab4a686ade0d77b9b02e25efe7765697b19205db7b9d46390a95d70908ad4df63e406d5a748ac70f9d0598557b8314bd950e073823e25c6f1accade2ede61beaca50547556c382452b204f2b909d8b0aa814dd969d645c72043b4ffec62671006f593ccd27ab2a9c89981f695f11b80b3726a4c56faa931d4783e7a7cce3f6f6b6d14bf529315c3b737ebf66b3faba19c8b7d336d57cd9d07f20794f539dd1ce573c1e2d1d27b32b57a91009b728048282490eb1d7f65de5064f297420ac136d06747d02924824887bdbeb1f4f614792041c3c07e2306abc704d3e9704b5aadbac641d63f978bea45de4caf8ec8cd4bd13ec26e8d2f264619eba78229a6385ec36c885a7774e53a4d0ec731c5df67a1f6f0114b2fa8f44b298eed4154b42a68938664a759851fec94c72f23b5f6dd1d1e43220321c73617a9749e3dff4a9e1b82334ecf0846e53e5b68a23ef82753f93ddea231d6e844d90d4399b8ea74582696f8119a90f7f4888cd2bd2106ac5b82b106b143e6c11812a4dc22cf858e7b5bc4496b7aab896b7add2f434e16a2b6d3689e62545ced00794073dffe3b3bacb416decb62963fd619fe6a78235ea428d9203101284f4c49f92b3b5ae1db74c9211a11e65c4a246e4e21849f7b951d1037d9d489c734f8742e1426f4d4a6c920ae882d77f7d315cb2b5b9276d272281830450a9a500969669867d737fd181ce072d8a69943e3db83ccb5d5685161e1882a0072e49f15a6b68f89a00febcdbc234f90ed0c039fd6e284216e854e418ba8c7b100cab3061cf798e5156a8d2adfd1cc869ee1757d8f1fa7f28122179c655253df4c906718bba225c74fc280330ce34eaee3644f12ad63dfdcefa2972f50ddd43fb655c853655a8432ea434eacdb8bbe66b8dc588c933112e3fd627a87b7d955aba5bdedb8d1505c27a70d712d786163796de5b8c19512522b4466980814eb573563b73439dc07f65cb2696486c5b42fceb4fdd4a202f51193ac32efd3f6f57d94845d3d56f35642c660fe1c4ad48d7ba4ed94db5b49bb2c66ff1d5f14526abc3a0561e44fa0b3d31e62276b0b5044fda307ec6c22859c1c12f8d7d36f986508966892b7c349bad430a76caa5b2217589147420dc397ee3e4c475104e1e136439154ad8b27a582aa89f557f69a9b38628ef2d60a4a91073d7631c5f856f82aa30b480c6fa5a3d6389299034cbed4c315c067a608dcfdf6f0348e80875f9aaeda3ebf2e93f806f88d6eca30f64b59b8715aa45daf4d7351ef4b620df84589f8aa0289bcfe1fc3aadb87813b61c425d35c88f975c5339d10abc4c9e6059981719e411b9fbca1056f1f96c5fc500d603a825046fe482c2d6593c91ad46f11e14866367ff7e496ba159aeeb67cb87d4e51b9c600fe09c6c16e33720aae14be00a8f51a0742f1c95bc2fb9f45fe589bc006819b0668f824"})
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3004.296766][T26613] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3004.305176][T26613] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3004.313152][T26613] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3004.321114][T26613] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3004.329080][T26613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3004.337049][T26613] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:14 executing program 0 (fault-call:8 fault-nth:43):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3004.463534][T26625] FAULT_INJECTION: forcing a failure.
[ 3004.463534][T26625] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3004.477140][T26625] CPU: 0 PID: 26625 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3004.485620][T26625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3004.495664][T26625] Call Trace:
[ 3004.498930][T26625]  dump_stack_lvl+0x1d3/0x29f
[ 3004.503646][T26625]  ? show_regs_print_info+0x12/0x12
[ 3004.508850][T26625]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3004.514554][T26625]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3004.520090][T26625]  should_fail+0x384/0x4b0
[ 3004.524681][T26625]  prepare_alloc_pages+0x1d1/0x5a0
[ 3004.529806][T26625]  __alloc_pages+0x14d/0x5f0
[ 3004.534398][T26625]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3004.539690][T26625]  ? trace_lock_release+0x4f/0x150
[ 3004.544803][T26625]  ? alloc_pages+0x3f3/0x500
[ 3004.549394][T26625]  allocate_slab+0xf1/0x540
[ 3004.553894][T26625]  ___slab_alloc+0x1cf/0x350
[ 3004.558463][T26625]  ? io_submit_sqes+0x601f/0x9e00
[ 3004.563478][T26625]  kmem_cache_alloc_bulk+0x180/0x410
[ 3004.568766][T26625]  io_submit_sqes+0x601f/0x9e00
[ 3004.573604][T26625]  ? __might_sleep+0x100/0x100
[ 3004.578375][T26625]  ? io_uring_add_tctx_node+0x330/0x330
[ 3004.583907][T26625]  ? io_uring_add_tctx_node+0x74/0x330
[ 3004.589357][T26625]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3004.594893][T26625]  ? trace_lock_release+0x4f/0x150
[ 3004.600018][T26625]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3004.605584][T26625]  ? __fget_files+0x35a/0x390
[ 3004.610262][T26625]  ? __lock_acquire+0x6100/0x6100
[ 3004.615277][T26625]  ? account_other_time+0x63/0x280
[ 3004.620413][T26625]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3004.626125][T26625]  ? print_irqtrace_events+0x220/0x220
[ 3004.631580][T26625]  ? vtime_user_exit+0x2b2/0x3e0
[ 3004.636504][T26625]  ? __context_tracking_exit+0x7a/0xd0
[ 3004.641946][T26625]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3004.647912][T26625]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3004.653456][T26625]  do_syscall_64+0x3d/0xb0
[ 3004.657871][T26625]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3004.663749][T26625] RIP: 0033:0x4665f9
[ 3004.667629][T26625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3004.687216][T26625] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3004.695624][T26625] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3004.703581][T26625] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3004.711533][T26625] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3004.719493][T26625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3004.727448][T26625] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:17 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x1000000)

01:50:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3800004, 0x12, r0, 0x0)
ioctl$FBIOGET_FSCREENINFO(r0, 0x4602, &(0x7f0000000480))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, r3, 0x0, 0x4ffe6, 0x0)
dup(r2)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
recvmmsg(0xffffffffffffffff, &(0x7f0000000400)=[{{&(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000240)=""/202, 0xca}, {&(0x7f0000000000)=""/56, 0x38}], 0x2, &(0x7f0000000580)=""/132, 0x84}, 0x8}], 0x1, 0x1, &(0x7f0000000440)={0x77359400})
r4 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x20}, &(0x7f0000730000/0x2000)=nil, &(0x7f0000148000/0x1000)=nil, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0x1}, 0x0)
io_uring_enter(r4, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:17 executing program 0 (fault-call:8 fault-nth:44):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3006.633731][T26629] FAULT_INJECTION: forcing a failure.
[ 3006.633731][T26629] name failslab, interval 1, probability 0, space 0, times 0
[ 3006.646585][T26629] CPU: 1 PID: 26629 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3006.655009][T26629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3006.665058][T26629] Call Trace:
[ 3006.668347][T26629]  dump_stack_lvl+0x1d3/0x29f
[ 3006.673044][T26629]  ? show_regs_print_info+0x12/0x12
[ 3006.678260][T26629]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3006.683993][T26629]  ? __might_sleep+0x100/0x100
[ 3006.688772][T26629]  ? __rcu_read_lock+0xb0/0xb0
[ 3006.693550][T26629]  ? allocate_slab+0x373/0x540
[ 3006.698328][T26629]  should_fail+0x384/0x4b0
[ 3006.702763][T26629]  should_failslab+0x5/0x20
[ 3006.707278][T26629]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3006.712492][T26629]  io_submit_sqes+0x601f/0x9e00
[ 3006.717353][T26629]  ? __might_sleep+0x100/0x100
[ 3006.722149][T26629]  ? io_uring_add_tctx_node+0x330/0x330
[ 3006.727709][T26629]  ? io_uring_add_tctx_node+0x74/0x330
01:50:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
read$FUSE(r1, &(0x7f0000000b40)={0x2020, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
r3 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r4, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x200800, &(0x7f0000000240)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@allow_other}, {@allow_other}], [{@audit}, {@uid_eq={'uid', 0x3d, r4}}]}})
r5 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_WRITE_FIXED={0x5, 0x2, 0x4007, @fd_index, 0x101, 0x7fffffff, 0x6, 0x0, 0x0, {0x1}}, 0x80000001)
io_uring_enter(r5, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3006.733182][T26629]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3006.738743][T26629]  ? trace_lock_release+0x4f/0x150
[ 3006.743868][T26629]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3006.749431][T26629]  ? __fget_files+0x35a/0x390
[ 3006.754115][T26629]  ? __lock_acquire+0x6100/0x6100
[ 3006.759147][T26629]  ? account_other_time+0x63/0x280
[ 3006.764263][T26629]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3006.769895][T26629]  ? print_irqtrace_events+0x220/0x220
[ 3006.775354][T26629]  ? vtime_user_exit+0x2b2/0x3e0
01:50:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f00002d0000/0x4000)=nil, 0x4000, 0x1000004, 0x120010, 0xffffffffffffffff, 0x0)
r5 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x18}, 0x10001)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r5, 0x10000000)
syz_io_uring_submit(r6, r8, &(0x7f0000000000)=@IORING_OP_POLL_ADD, 0x0)
r9 = socket$phonet_pipe(0x23, 0x5, 0x2)
syz_io_uring_setup(0x75b4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00006d6000/0x4000)=nil, &(0x7f0000000340)=<r10=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_SEND={0x1a, 0x4, 0x0, r9, 0x0, &(0x7f0000000440)="e891ee82848905beecba870a2f798a90076e44cc65c7e5502e16a761605cf8b4260cf07cafb8a5742ec02d638c59ddbb66897dbcaf15d59c70821dfee9215029c8428b6e955cf7b28503659eeb213b8495bea318e4dd1d19088146e77f991cdf3df871b7d5574e8ff2d9e3364785846046", 0x71, 0x480c0}, 0x8000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r7, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r0, 0x80, &(0x7f0000000180)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x0, 0x0, 0x1, {0x0, r11}}, 0x3f)

[ 3006.780295][T26629]  ? __context_tracking_exit+0x7a/0xd0
[ 3006.785760][T26629]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3006.791758][T26629]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3006.797319][T26629]  do_syscall_64+0x3d/0xb0
[ 3006.801747][T26629]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3006.807652][T26629] RIP: 0033:0x4665f9
[ 3006.811551][T26629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3006.831162][T26629] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3006.839587][T26629] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3006.847573][T26629] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3006.855548][T26629] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3006.863525][T26629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3006.871507][T26629] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:17 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d", 0x19}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:17 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:17 executing program 0 (fault-call:8 fault-nth:45):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:17 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x0)
sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000b40)="4ff8088343581ba6cd4dced4e89ca8a5c7565fa2d0be44278e67053472c4e9eb27c530c356dd833b7b90b100d17f92d0539266c5ff0511bf20e030599caa6786c75bdbcd924b954a637f1104e50c19ac0b4e1bbaeda6d6bc3f62b2db13951a13e05c99cc72ce40e8099f0799ed59464a28a5b869b67d6255034042cc799b8596ef0e7f000ffb295e390a12fea42dd25136895da11a353450d5105d2b034e393799ef971956c0ff464cbfa32a165826a0f2aaeba9de653581057dc2a1118d6103f4b5f3f31743b34250aee35bd23fe9d2c54299ef22c1e39f60945d0fffed43b8e346bd8995473f99aebe5ed8c8c24f4deefa8c29f57ba5b1ad960bff4805accc5ea8af6b993ebcb6bb27db96ac4905c76905dabe66090f95d307345c6aa20cb5de8a9f5e4c4e9af073b7699afac7b78f59159482166b60aba1528fdbbcadfe868da0e61948ca9aa192fe1e1eaa9330370fe72b0557b583e65f9b8ffda8fe68844e036178039aaba7209b78323839c79d0d2cd0713d7d1e850cc3b692b14ac29ba91ae380a8fffa923ecee4a4840513a81a05318e93f60a9b62fe85a06dc1caa25758e3f5626723a29ce4b133a2db921fdcee41cede9e99a5201ab30e8c2284176e1fb63fce741fd98d7509fad6d2ad89a538c42c09074ee00115d90cc8f079739782a46ca48767cccbd9ac69af49cce0482666b9f51fc507ac90d0029f10814ad78aa303585c290a20a8f8369b206c72bcc462c9acc7f982c189224f0ef354cbf13ee4877349d442c605126de16fb22deb702a8a35b9c14dc59b96ee3fe6c609778c89c195a9f91a0904cda6328183c891471fe136df5974e1cef2e3d4204f802f176b6f5d735b51332e6f789950a330dbada5323748c13a0e26cfebf62224ee633eef264ec1b99a16bdc48711431a152e10dfe286babe1a726f28814feb8cdb03f6d3c4da28406e1a74026bad866dd5f07212d09c392463044ebfc5c8bdee727b76bab49c1f86a24528b3a068d26dadbc27896cbd30ca2319d04283955b699c982438d427326587eb14137d3a9a42affcf523bfa1d9d83cdd2804afb8e88166cfdf3fbd7af56612c64fbbe75ac6b073f4c33382688ddd2f87e24a09c3fd246027afb87a0c5f094a31a5e4f48ff8c6190e8a2e064956e934d72314115a25289574a8f9c0d275526f0b24735fb18e33b40404b57e3c3a5aa7b1150415acde4ee17040b2b81ff395159bbc649f2ddae8b98509d5d2796d082e58678bd91aa50682ba7b0cf281d13835f277c0cab2aeb17d03f7c00692ae6c5beda698803510caa8b5152928ad215c5019908dd3147f229bc22ffc2a795e0ea009a971ab69160bbcd852ea166b47e044fe7d80f8fe8f5afc9e4ce7f832bba59265fbba65ea2a6e17c7a0a8316bb8c308f2fe75c688a90484a2cab3cbca32cdc88570b5813f043d9907e0ea8626c57b74208e5ba78b4a075e5411ad1d5c139b862c795e470adede1f93ab0301f787676ba491dc20dc7187ca99ecdbc1815a400b5f0ab2ace5086c5d9cb2f7d38eb122b40d838dc45a260670bbda62efe0987cff00dc26136f32d90b3fa8070eda66447b4fa94ba03518510aa6d2095f7f1975569ebe0c739381a6daf76991481b4db0cf336ad46d49ccd2f1f2e50542ab421ffed08866ffb079b7290a8cb955af8bc97660ba4dca01b8d85befd5f65f0707953e1e0b7462f3640051b22e9f599ed4af41cf78210afc0d47e6697e84215e2d81ef6bcd68771a227ebe3a8e7335b9eb56bb4f2983cca805409d27a7832fec2ad235771a7fc4b11584077a768e8df40aa0e73d88db6208adda2e0b1ab087bf4a2880c3e054246479bc83d40fc54a3ce2b5e0aee019c61a788b9b471c18c032c2ab813be714727c460e1feed1c003f4e7e12c1f7288ec4727b86952c07299ac66ed00dc123345acdc8cd54ffb98dce446aa434fbbc481da20a6cdcf722a709cb895cc5d9ab30f9d5a7978ba5f4d15be8963a6fb82b39b6b599bb465266fda9f058287f2487b2f937162479aeba5d8b7feb12b2244e7188ee32dbc2dc00bf69009327a8b64cff9a94f9a489ca28e16529c1c31fb82aba13ddc1d865b880019c7a60208a95a523baf028f0162757005f3976273672c971a25cba081b6fa9405e426464362e8aab8dc73adf6b250cf3050487aecc505ed9444d3b0473776a107eb02aba991ae3345791369b380f6301ccea08f26fd43d852b3bf755bcfbc07f706e1751bdb684504f18890533bef4e8478f5ca9d80b0ad9d1c80cab0eaa29d8a36c2af679dd4f4c7f085c0bf493d46985e27da0e8e38b9be8fb43ae1e6fd18f4ef7fccd7bdad03cf60b8403979d27322f803233a5d3abb9080252412649521ce70ff94c3b1ad2f98a4d7b637675cf9fe8bc1b98f0b800cd65599e11e21fddb857034feb2074957574a67ee6c6435cee65cd5858224d6050511fa5a411ba5010e2fc8f2baef07f53e22e3b614efecd11c66787536737ec89b0882f481e768b71c47129533fcce2b4793ddf5aa0e6f504391ad9ca6fdafb3ab71b5cf9dcba8b0d637e68799f83968e1f844256376d6d03fdb9b447a22b2b92f52c0fad23105188f4a5090faf465bbf275327dafe942f1c1e35c9dc5455e34ee093126b7fbbe1e3aae4b2a42b700755fb2a0884526782f9195d7a9ecef7837fc74cbb3ccdafac405e387a89defe35c1e384b370ff0ac4855d7a5607bb7d7741e47ec5387569193a6e4a3855e2171ad37d68e4513e3259915b5512bb436399977c05c4008f7d9f5a56479c196a23fc5b9b2e26e3119badabfcc1a784d6ecccb3178f135bddf8fa56b9ef2a1e31dd8e6a25f8a7314a069bbc097936fee3da2a36197be981c3b5fc77021e900687eefad5b0c6ac98f6d8d406f1af93db878e4e6ba2bc199226a1a66e14dc328270bcca95cfb0cfe6c3f59bf03735317821ca3dba5bd16ca81eb76ef98e5dea3eed575ee6832e1c25c48a10a0c26adc4f7268c80e0be15b433aa7e48d5e7299fffadef171162b728d808caee6f832937f048a594b93363e8bfbcc8801b9440803b9b22bdb010dd7e33c30a1693a672aea5e1c73510ddada607cbf8a34e364cc03be3fcdb65a7d8408e77a4160b9baf40050fcf0fc9b8a13f2fb580afcfd765b9c8892a008afc811c8a463e7254cd3f8850ce5bfd546dedc3552f31afc93f99f235fb719c2beab82aae8f53b29d6ec22cfe1dd86866c8839cd7aac1372bbf2c57219b6d3b48394df5ff79345d5231da780be88bc503f4ee88eb8c4812b0a418ac4501cf3c3121192efe573900c2b6d2464cfe10d2bb57554d1a114067eecc650e078a12e1fe89742bba6ebc9356115b15166c9d10f6eb2662a9c500be521ebce0c1c652d314bdb3c0c2a3fbc1d98383d09caf609a88c73154f381b9a125560ac22f2ab0868dfe59c75e968d075cb6d8bba3ed545210710bb0af38dc9960e3366da20b9dbaab425b5d904abdb986aad411059a18ebe497cd8f3b4c96dfc457c6f2f705852ec26a41e666a7e51245a68151a841c0277555af4ef7840a4355db75dd77332b7936a0a5fdb4017786876f9f14a90c6f90e4183d3f814022f99640f4214e70cb103ff50d9780fd43d7ed7deae18d5a35e4fca47a56edd96fd9c2ccf3711b4aad4478e6631fa1a66608dfcb1c661a11cc01b42256d70d8efda49eb558b56324e4b33146ca69ee83cc00ff823c544baa2d7378bc2191661a352db43f11c494051af91d61b5b5d0360570d84c5b7458a6ac0dffd557d62bdd09dc0f9cabaadc6959bd9594c59d934d40bd14796d8dded3055644a3c9dab3d48625ec3b5ac79118dcbd84f13367f95143e8c00da82d942e8b7d78c0f68e080e9293a0b04ad4bff4b12a4d9cbfa698063b0562ee8fb63a9d9a3e62255201a22e2700a68627bcedcaff713753d4e311019b9de9c88a1bbf3e693b57e347acc8aca5c6bdd32fdbf8a6e8d537bc59cbb725562e944680f9301d7f94c8e0343c4c01ac13af5336b26ab85bc0e17dc1049c2b4bc4a70154443f764802b266a9b84ed355304778bd52618caef8eb6d4d056760409a1361e156d33b8d4b7bb5e2a214b0bbf8bf2cd95df0b9e675adc6b1210a9a77885e8fb81cad1fcb1eed0be9a1411849b614f1f8a07628e2dd2e1804562d64ddcc93e2e3f7a8ed3c1414eae2dfafd4b52f897a877517f1b403dfb9ce83487067dd37485071342f29d2a8aa54dc2dfa0f96067cee69f4e7029f3b2c80b93203d06b162381e784208f3af17ff0b22752a8605b6db0bfe0ea23273dbbedb097303583b77f42cbaa411d0fe24204831cee9bfb8020362c265cf8147eb241d7f686662c7192e535751091cd6c044c94184d041b865a3878ffb64c42fe09c69ae43213f2ba30a5def32bdfd01691cbb888a66ea1a01cdfcb786af07ea257635ebac55adc9fe78c665fd11c921129adce468a5ad7db07822fc79e4bcc40894c639f5888a875aa0d67b7259de21a271c9efb7a743a545200d4675a644405502a8b47a8212881315713b2432a970085f012e42b097c82ec97461c8da06d5adf54d1627cd5b5b2c5ced32044652cbf014a349d7e9d1c1d480ce5764f2846335e602413326ae8e362f0470fa0f401759202ab963ce0e008c1ce5d51ddde24cfb61d8400680fbcdac9fa8f92e54068cb0695a0851e5622bf1146d3e386fea10015aafdd560d75b09294ecb5bb2da71d5754149e6891906dcbb66a52a273ade692baae49b535367091511721599f4ae68510b69c80c32ba78e2ed92a9f29d1624ea74ddba2344586a2a389e0ae1a64862e9042b0a608b18b0cfc2840d47a6534e6af564f49cb8ee1e5c01b24d473314ad74c599644c6c37fcac5c781f13e67f60dc2bb9ca463e1b3ca996404ab05d16aaae09785e9dd868a13f83b99f603b16044d8b577225c51ddd63436b82aad81c233d8169821d7495e18c22be8c06ba12f2712255cf1506fcabd664b905426d16511dffa13d5de87ed9dc026670f27e231a79e93010740974c2ebb9764a8df2f30fb196cc59b6989837613f128046e920219a89de10edfb8d6a0f827a030c59a74c54f2d7f8e5f6ded8f89342b25d52159d562f734cb7f4302a5ea2eac5ba612c5d5aded23643b4aed4bad4f15d39c132695502a29afd90ea39baad97d3c7018059286e90cc561fc578a0565efa02f624faa3c1fab1708cfdaa960538959e1413589bff0db1f8b83e4956d400689989321e740faacb783e2667a18a4fa4fee4fc102c95b46039e8de371b740eaa3b2eff6e0d0dc43eb97a78502da6e38abcf34d40b11bd1e1cdfda1255f930a0acd7618a570a020c10ac6ea3feff3dae42ae9d5390f101dcf434f5b4eacaacc14698672667ca8464a5e866ab031efb5a99b897ea90a8bce5b1af08b605a32d603ebfa4cd26483f9492f6b4a5e06345f56e573a9216ccf275cad0a18d577f4f9c92b538c05ac79060a62cdda40c840a3e2a75ec7a89f02c6b02d97fdf1f8bcf3c8a4df31e27adedf3a46008e78cf4967d79ea18d38fff588c0f0204ffc808e911ed2680296042643f0a3b229eec66bb111d474cb9a3beca783cb7769b8103b2f60d07d7d3f037f9a610460c1545ac9ea995d48f18329ddd8b6fe32b70955333442411508e6840a4fd8a49152086fb97ef0518491e872391724cad12a4712b2b32a311041b735150f6e9abc1cfd2612e0523de2238d6b09056c2d41c2969b6712edcaa949b165c8da640d5e8b04e5ecf57c7180302170f407e322c727a933eb8f15e5b28dcb3562fef3", 0x1000}, {&(0x7f0000000240)="efa3c5b480db081e8953cd0516bdc44cd680c4c16511f8651a44c29e3c63aab6ee3a31f93c3741a4aa044eb763f2e0a7b6432fb09561cb794191cf123ab9a15ae8ab6e0781ba97eee378473895d2de37f0b7e1caadc0bfc327c2de0676bc7d8a5e7ffb919e7779b45688db1e28e7818a2181081e0f63ea1122c9af395f78fba1c85bfb01eac2fcdad71dd5b6de16b3357b294c27235b8fb14786cc78d646e96c71b7ed07fb43c16f305515d6a5f7690af25eceb481e6757f34a96dea88b1c77bc14c4b48513e4568dcb743c70826", 0xce}, {&(0x7f0000000340)="d2277b7adb6f00989c15d57eab54a86421eb0b11d2c6b976461a29134deb96a679f49731ab71ee3d2e3433c05e9a17554f16764c0833f23fe70644cbf1c25d2d82adcf82f7f4ae8e2a748f0fdda8043bc95ba9eb4fe632752b6291e18cbff86298064663c2aaa820524b9815e95d91d9a6f8", 0x72}, {&(0x7f00000003c0)="df7584cc5f2a2d2b4501b41b8272f27c07695366719067001d3d3e241738b0", 0x1f}, {&(0x7f0000000400)="2ff6e93bb480d552025379c5bdf1047f61d08fe680f6c1c1536124ebc56d2a92b1248f6066f775ed99844fc4a5c9f3df55b6fc10fcdfa42c04c59024c5c5e8c8b13c0e8c68f695e5edff480bda644657735798067a572158d15e10df88f6b20fbb2151f1b6001a808cfc7cab19cebc846c5c52a4cb68e72e603cbcc1d9c2cdf3297675ccd4b0625efe98562e4d26daad3e8096f2cda59ff30660f8e4e8b53c5961764659fd9189e22a070341a85c4aea2754f774de870dbf843f63000d641b81199830e1bc50a03ea0a3dc4974949898973e06c79f4018c3de4e8e82b8e4f2cc", 0xe0}, {&(0x7f0000000500)}], 0x6, &(0x7f0000000600)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x81}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x32}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x81}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}], 0x78}, 0x4000800)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x2)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000180))
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3007.034767][T26655] FAULT_INJECTION: forcing a failure.
[ 3007.034767][T26655] name failslab, interval 1, probability 0, space 0, times 0
[ 3007.055466][T26655] CPU: 1 PID: 26655 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3007.063938][T26655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3007.074029][T26655] Call Trace:
[ 3007.077315][T26655]  dump_stack_lvl+0x1d3/0x29f
[ 3007.082020][T26655]  ? show_regs_print_info+0x12/0x12
[ 3007.087234][T26655]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3007.092962][T26655]  ? __might_sleep+0x100/0x100
[ 3007.097734][T26655]  ? __rcu_read_lock+0xb0/0xb0
[ 3007.102512][T26655]  ? allocate_slab+0x373/0x540
[ 3007.107323][T26655]  should_fail+0x384/0x4b0
[ 3007.111753][T26655]  should_failslab+0x5/0x20
[ 3007.116261][T26655]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3007.121476][T26655]  io_submit_sqes+0x601f/0x9e00
[ 3007.126335][T26655]  ? __might_sleep+0x100/0x100
01:50:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x1f)
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, 0x5, &(0x7f00000003c0)=[{&(0x7f00000001c0)="fe8c09f46ca233134ea41afedcaf62539d345af53d68e5152205112a10177d73e56c1a2d554ce8875865ef7e791a", 0x2e, 0x8}, {&(0x7f0000000200)="14f8c7906847a63c30ceba237356f3270c880787ab006a2202937f5d", 0x1c, 0x7e}, {&(0x7f0000000240)="ab25b660780cb2c2a6913f0790a87b6c70e685cf20a93be5684edcff260be8901ecc10", 0x23}, {&(0x7f0000000280)="d5965637ff0679170db9435487ecc70e4ef4b1087342037183a1c7be18be43e1e27cd86beca42e979bff821a3487d9d256b41a1cc59e17025eefa53452033c5403d515cf53e858fb12e3a45d75cdd7f7b350136330cd84234203ae49428ed951a131ab921abf1d65aceb3d8961df83d6bf34a92e7ef59df0afd28846a7a6dbebd73abe75c792fd28a3c5df601d4926c2fcb4ebbce7f83996e62d0ccb4f9e6abfa1f0264bbb9a0ffb9c08f9d09f80ecfeae1f6523da6ffe10247c05c0b14cd720af0bcd204409de3562f258d5de460cb5b9140487266ccd8c0c359dc6d858a42b5d5a15a447ae3bd0a5", 0xe9, 0x8}, {&(0x7f0000000380)="060dfc7a60baffd550e8df1dddf7a126f3f838ed00b32ac8cf7f34834070576bba3b6a681b42d2c234438a2c8048df81c4e5e784cfdb", 0x36, 0x9}], 0x80000, &(0x7f0000000440)=ANY=[@ANYBLOB="6d6f2c43207b38448fc93030303030303030303030303030303030342c6e6f7374726963742c756d61736b3d30303030303030303030303030303030303030303030372c6e6f612e596e6963622c6769643d69676e6f72652c6c6f6e6761642c7569643d666f726765742c7569643d69676e6f72652c61707072616973652c6f626a5f747970653d212c736d61636b6673726f6f743d262c232c736d61636b6673666c6f6f723d002c6673757569643d61616166363764392d636663652d656663392d0e3135632d0036660e373933612c6f626a5f726f6c653d2c00"])
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0xb}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f00003a6000/0x2000)=nil, 0x2000, 0x8, 0x8010, r1, 0x0)
r5 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x18}, 0x10001)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r5, 0x10000000)
syz_io_uring_submit(r6, r8, &(0x7f0000000000)=@IORING_OP_POLL_ADD, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00000dc000/0x4000)=nil, 0x4000}, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r7, &(0x7f0000000600)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r1, 0x80, &(0x7f0000000580)=@in6={0xa, 0x4e23, 0x2, @remote, 0x20}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x4)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
write$binfmt_misc(r10, &(0x7f0000000000)=ANY=[], 0xfffffecc)
mmap(&(0x7f0000634000/0x3000)=nil, 0x3000, 0x2000001, 0x10, r2, 0x3488b000)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3007.131130][T26655]  ? io_uring_add_tctx_node+0x330/0x330
[ 3007.136692][T26655]  ? io_uring_add_tctx_node+0x74/0x330
[ 3007.142165][T26655]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3007.147731][T26655]  ? trace_lock_release+0x4f/0x150
[ 3007.152856][T26655]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3007.158408][T26655]  ? __fget_files+0x35a/0x390
[ 3007.163118][T26655]  ? __lock_acquire+0x6100/0x6100
[ 3007.168164][T26655]  ? account_other_time+0x63/0x280
[ 3007.173290][T26655]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3007.178929][T26655]  ? print_irqtrace_events+0x220/0x220
[ 3007.184400][T26655]  ? vtime_user_exit+0x2b2/0x3e0
[ 3007.189354][T26655]  ? __context_tracking_exit+0x7a/0xd0
[ 3007.194861][T26655]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3007.200846][T26655]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3007.206388][T26655]  do_syscall_64+0x3d/0xb0
[ 3007.210823][T26655]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3007.216730][T26655] RIP: 0033:0x4665f9
[ 3007.220639][T26655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3007.240258][T26655] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3007.248680][T26655] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3007.256720][T26655] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3007.264817][T26655] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3007.272802][T26655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:50:17 executing program 0 (fault-call:8 fault-nth:46):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3007.280810][T26655] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3007.329374][T26675] FAULT_INJECTION: forcing a failure.
[ 3007.329374][T26675] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3007.343497][T26675] CPU: 1 PID: 26675 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3007.351923][T26675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3007.362021][T26675] Call Trace:
[ 3007.365343][T26675]  dump_stack_lvl+0x1d3/0x29f
[ 3007.370013][T26675]  ? show_regs_print_info+0x12/0x12
[ 3007.375201][T26675]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3007.380905][T26675]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3007.386446][T26675]  should_fail+0x384/0x4b0
[ 3007.390857][T26675]  prepare_alloc_pages+0x1d1/0x5a0
[ 3007.395963][T26675]  __alloc_pages+0x14d/0x5f0
[ 3007.400550][T26675]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3007.405844][T26675]  ? trace_lock_release+0x4f/0x150
[ 3007.410958][T26675]  ? alloc_pages+0x3f3/0x500
[ 3007.415538][T26675]  allocate_slab+0xf1/0x540
[ 3007.420027][T26675]  ___slab_alloc+0x1cf/0x350
[ 3007.424605][T26675]  ? io_submit_sqes+0x601f/0x9e00
[ 3007.429629][T26675]  kmem_cache_alloc_bulk+0x180/0x410
[ 3007.434910][T26675]  io_submit_sqes+0x601f/0x9e00
[ 3007.439762][T26675]  ? __might_sleep+0x100/0x100
[ 3007.444522][T26675]  ? io_uring_add_tctx_node+0x330/0x330
[ 3007.450106][T26675]  ? io_uring_add_tctx_node+0x74/0x330
[ 3007.455639][T26675]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3007.461183][T26675]  ? trace_lock_release+0x4f/0x150
[ 3007.466287][T26675]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3007.471853][T26675]  ? __fget_files+0x35a/0x390
[ 3007.476636][T26675]  ? __lock_acquire+0x6100/0x6100
[ 3007.481662][T26675]  ? account_other_time+0x63/0x280
[ 3007.486793][T26675]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3007.492443][T26675]  ? print_irqtrace_events+0x220/0x220
[ 3007.497894][T26675]  ? vtime_user_exit+0x2b2/0x3e0
[ 3007.502829][T26675]  ? __context_tracking_exit+0x7a/0xd0
[ 3007.508312][T26675]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3007.514315][T26675]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3007.519857][T26675]  do_syscall_64+0x3d/0xb0
[ 3007.524272][T26675]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3007.530153][T26675] RIP: 0033:0x4665f9
[ 3007.534039][T26675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3007.553649][T26675] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3007.562049][T26675] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3007.570148][T26675] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3007.578209][T26675] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3007.586170][T26675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3007.594132][T26675] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:20 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x4000000)

01:50:20 executing program 0 (fault-call:8 fault-nth:47):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
pipe(&(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000b40)="86ef502e7eccb273116c46443ac0a6b271d60a3d47f58639f5b50300f7d83684c8a21b532d10f4c31b359ee2a6005b9a6cc78fa61274f3432c34b7f5541f43cecbb9e7ca0416c8a0b310bd40244d999cb57e1e0a4b06a508ce97612d10629c7915e9fd9a66b18a9adc375f107d05cc23a2d5ea1606b4accc2991255b26b80bf83f056c3f60ff8f360f4e5143393b3817c6c81b27bbf69b43165883dde166b32c0df06dad8317c6e4fbd42c5019d898a0351109bf0f506c3eefc7b1c7a1f9ebed13d1f71a57848cc4705ddd3aaa4800a892ecea1cbda8167ef53e75b078332fa32c76cd865d027b08095f0d781aa8202d85ba9f15af318cf5ea8f9fbe3f43eb9ee7a3560e2f8e474059ef29d2e712c099eedee62ec594bef14a0dc9eb07d413438f41227ffbb6d284a38d966c4922a8c80835c9f64fe7c89bb28512e7bbc0476ea324ce12b8e368286e17bb4345a8212cfa5cad3f813a8e528626e1d40ed1e1c6b8a0ee3460d17bb5af675a9661fe499bb53a93c9d1b2c6c1d283cc9ddc2d3067df211789a4d1558aeb0d04102d1d32d86a63252d52a04e05551d0651de9eef153f10ea4dc649ab6fad00049ec7548484146f3368591c87bc71af44ccc10475ef1dc86804711af47b247bc1e660cfa3a44505fb6740265b345e37505dbd3c8135cb0c62b85d72de1958ed9d612c66d9f18d20912a49c292204e3204aa5369fb5ba50a4c412e9fa772422760bf72bf8199bfeebf3943c6a8d3f3d0945028e9d1a2e711ff9168665ebacaa6073be5a6f025e4d1dcff9e864edf11294660c54f607f80280b7466ca4c570580303ae7202dbd4279bca101ccb8950dd946ebcda004a81c4a8b2c0b34ae9fbecd6b1c95b583539dc2de362ae70b706ab368526e9783123dd08dc1dac676e1f77065739e38c79c2f6ec729fe971481bfa302582f70ecfd91522d2a441b410215135d2b9e773aa4935e1a35546b527a060f2e140064cd9a6d11099a19e4b763f4d1bfc2d18e2717c508df6eb91ee71e0c49d6e79f6cc7e2aab2455b66d05d6a82b07b8999f55448fee7341eaef9b6f572dccb7fc7e092e6e2fbce154110a68ef47b831e82eb0a306daeca5b919bdd973af4ee01b95eac946ab70816bdcf8a1931d10b3e982992638fd12ebc3a7fe553f840567f6e144a1c9bb2583a02198f583e1ea16109e57ce53a1f3ebaa5f2bf37e7a53f6f7dd3be14619988ec2f490d128436ac2efd8e39f386027850c0c926f9ad87b972f0a8f91394bf42daecfc6baefe001fb174175f8b4707c7dda8a262296709582133e6a76bc0fd81800d66c083987ae74700519de65a3f91af65d26dc728f7e76bfd803ef24582937b07cf2001e161a58f124aff83d500dadb4ce0a68ae7c16f9cef01f60639dc91833f0ea8d32b115a0404d1443245d0df97fcb5d5b38889025a28890a9358e834fa675a6963f5767a92d34c64a65615632732c9cd183d39474523f8db27f9d5b23c7686160212fbda4fd15c02f29a651e493d1903e951812fc87b1a5e5d70f2898b2f19983e4195a183e64806d73d2ddca1fc9439de8b43c8f4ca044021f086616c5a4d65025e4764b12ffe6c7e0321d2cbb2d81c00e21886d517cf3120058593e1b71e83f19fb5c39e19e1cedde471bfe0603bdb7cd74461e400d597e0b4537b2da7f5fa67aa97443f4161a4e9e57d9f834dc6fbcd5ddf66b5e705f9b931e56c9de413712c9593137d2181d3dcb524b8bd6212408bb54ab31427955d3d5462c2b5a1c2c19dfb4d340ed5b79e25750006901b549067762d698975f1cfd68473fa23b33db7ebc6e5b5a1d1622e9ef2731e8966b9d47073248b7af6a1e7d1b85faf7d0ce92dc1e9fdfb19d44a10a02fd9446b5a5ea4234be9e37abc993fada4dfc1851a9b83869acd0bc8becf625c45a4103785e50e0a1a0c146963792fe8d20b421db2a3222e590e614be0d435add0bbe1f30738e5a0f64d491d0fdb93d7350c37909b3df24ed2ed571ffeaa33c0f13342cd609c727c31f63532b363fe6a8f3cabc1f9f0931a9b79a56aca7dbbd100f20e2120672ce10ce907c113007605836d6acfcc5ad88004090d644320f980bbaa362c660a0d1fb34e0604251a94689bf7fea5b9cdc13e8bd4fb282c8721a5441b406a5703ec29a7536e68f47c225f23f68014f7dbd829e25d746ada12d72a1616235ff52105e0e3ae51b2211055732185ee265887bbb6d119b49ec5f624bcd2933bfc5db2731482599aeb1bca51497cc15d837a0331cf34a6eee84c00cc857d8477be3bef4f0c109c273351c963ba457a9f7792ee480481949fe7b6c82085fe363375e67fbc6067a1548444bcfc2e8382f758791d3af79bd19c1b7a12ce2e3d545675a99e2743cf01b6d2395c08a3b27bbe71e7f9dbb311d2791c7aba3a3c976cdea85633ce1e5d646e706f0a9fac58615f686f856a8a29709b36c07f7e792655391da7e95bbb988bdf25337541fe054f8bed4aeafbadd577ed1fe5f4f879d95bd85fe1954a9883edb9fbfdc467d5f8c049e860526a96c0eb93b0c9986607ddc37acedaf3a9350848125c6fd4cb091082b30773674d9a74f62c7233f5ec0b98da42513899127000852edb342233781f9448dcbf1f506e61b6676fa2b9f0c749835278d80a6aa8fd9d2f63d91cd751f978a82afbf3db15f1c53df9957f67552e64030531665fbc280c0f96899d9ad8e5aeb3405e1440a55d63ba28cf545c2c08c7ee52b61d4186e17f4c58b4bac0720dffda70112d24c210dac974a29bb94d48c3b34456f503f5bf263cdd95a9a30d47da89904b7861282dbfaf4f45a4b86f67395466a1542560d7728eab125457b4865ee5d45b9a372da9f0aaddcf67353331471dec8abc662da30aa9a182e35e87b6841cd24f74afe51229588378b89667c806e1694f8c337780c7aca6b03f9ee97547924628b373ae3f15ac567d695487b347ae1a11808701e97bfb528dc75e87039680fc1ef9d79e45fcad5a6355c777945fffa0e0ab48f8c2cf1f5cecc41814beca974954b0334d0571080a76b147ed671cd89d4b01d4bec442775f09ebf389da1d8a5c8cec1d30d5dcaad58cae5a6d6c20ab11f3d228c3fff74fd5f2219dd9ee654a6855e7ed752cd067985981403ef684bd15606039345e370d1b3d0656ffc7e73a45329ffa848a5f0ef2a5b62fa1437b4f700f07d9c9c98144f40b41d33bf25f92ce84db4cc132748e09bde0829508dcd48e7382dd062f5fc2e33ad70ae8aff0b904e5657078001c26235bbd1ff5f3942d73051e930c498099c78e1865eec9276f50efb9175ce81bfe6d262fb8c53fae653a30836f0c391e3ae0cbbe675ad63f34f9040d2d5c78d79ae046854037e3dbf6619169925a8bfff7ab1fca2bc037dd475ff24b4109e35580e8f452ccf5d73898723cfee53c9618ce78de41ba57701b234b05989b49b5f0b5ab55f5f68b641d6ec3f59e5d1eb603b8def8bf277902b4fd6a304341897a6767f18fe3e8e75c40dd2273c08fea135c3340b531d239b69eafb9093b762afa9c30a39aa55b8563caec6cac915b23919af5978f408f1450f7bbae8450ad362d83a91348676ddb03e0b248ecc5622d417ecd43c47d528f94e34ce5bb9844eee0f9d4657ff32553ab62340ffae95b309e3cfabccdfecb67d07d2578eb6746c0ccf9cfdf6c4787cc281d8e10a4151aeecf77c611c17de43e242483c0d467b118fce3fb094701f299a2f32bbfb66b3ad06621781dc4a40cf7bcffad46d6414ea484e3827064b532f4c7194797ec25c2c1d190fb3027933c413d6a7ec026b0ac2551426f4be133c96d9e1f3535cc8c9985c4b0424272b37df922e4198dbccc3ca21a635e1b34bf37bbd90255de16793c035999c353b6a7f7a6b1f38a32d3a70d955c1b66a9f1fc1f3a568f3cfabadefa3a6d71fb3a8e8e2f36a2ee267958cac231ff3b6f8245eaadfb35fb08ae80ac14ad2e7c599c35e6415c414e490730d93b8efea81626c404bc491451f9ac45f5cca326ee14126bd5f3ec3ae6a767aff46ee58fac2ea072fca00ee31fed3580c531104210edda204083792cbaec12ecf0d64c635e8084f14313ec1af8b3f743b26ee078bec736e152e9a1895bf7112526e43aed8d45d3dbe49a008be972b365694e97251dab1188c9a3fb1b366936510382aaddcffe2160e0587bf0a2a5af4495bce6438b233a09498d9facd3183a42f9e9125c5f9188c7b3eb60d51945aaf64f27c7a1120f7de660806f992162472a58821f58d981b8a5829dcfde4a66c730b8e3a3ad2a9345ebac548f5679da42935527af2b221c502f841a935310b11c17b5e87835b81a67426c63b0b0336639f2c2368e14956ee87f1dcd9d9c1f71bcc7bfc44eea31e9cc58973e72e8c30a02e8bb1fc63f5791afb7c75a57b7275254f90a17ff808444bee00210f0069fce72862efb5f93ec2436428e1b865ade03d8d84e1e17ca30a1450244d2a7d067de6f8f88a04fd94c24462a07a59503be6bf1fb80568276e74a12d1a64c6a7db1625e1bab2a1a91f4fd17581096cc19aa470e4b6cf25222a4e0bf9f441f7ca073627a17f5adb8ca3f956a3cfce22f93d892cea67dca5033d47d552dd4aaa860835f1ceb45f4abab2483733318544788e1b84e6ded1a53b0540aa94be1c3da395d0b8c77ddde34e61c757579b51af2ae8cafa6cf2ddbec5f6e658f03ac7e3c776c9e6ee8545803dc93d34f2779283db205117cb22ec69027d7e8249077c47f9127514463d555206a51dbdac877d2950225bdc4e0e2f68c383b911f3de7fdfd46dea1ab1ebc3c173bef078aa88efd46ec0e4e4e1f9adb2adbed89591c83ea5dd4a3e533b114dc1cc0e157654abe8ee7f9c91323645c2bc63ded5f8f1c1df3e07bab251ae66966e52fa587bd0e71b52f8a6be6e2234cbb6d2a7ecf1d57db8ac38705bd33fe22b855b0a228d202b2313a75536aa62c85d62677917577bd259d6c8b8beab8f58ab7b7dd78a7583ac7d43691d236c48539dc19c956360c3dd714707ef1180a52f098f723ae766b89a35db37dde0d4f2133c421c00a577fbe0655c6c6c6c6f1a0b83f374cf0f72c43ef0d5356bd1794bd101cfa15eb11baafa7e8c25e144c3bd4344e1e6aa98f8ea62d46a3c9f7ee82fd4679034bfe96c7871c06280edc68511a089122af558bc0a4577a510df7fab861063471cf555749f60c3ead79524741115628efbf4ad60976e921877c455fadf37562c74ea9adaffc883176aa04cbfbdf84226b1dcf9d16577774ab07ce001f24fd68e66a736368bf1e62bbcf58de6c101fab4f594fb411ac7361e4a18add96811d3a838552e82a16d55a01a153c2f92eccd4b0739bd79f7e62baa12af67de5384b0d2e9f288a79fe863152e8f4315170b0546e0ec66e8e1cd3a32d1ac50064764443ba9b036e16b0a820fd27e0582445cfec8e605674937ba036e89f59956c6f6b08720cc9462401ee976dd7b6d903d9b2bbc71f985f45d204ef71a31763ba28ee88ff737552db706a077f00d4846560db7b5f20c0730f7ca10fb4b4be83377ef6f5f19114e48f6d2394f2beac66e20db9091105a3a57ec21f49f1b28acefa6fd7e750c7a86e66803a69b3aecd89c3824896cd1829847626ce1d339c68c8acddd6115ba6aeefdafe5474ba89a8791edb6014a3d672fd0bf6bc644eca1da7fd07ec49873de2a8d19597d0368887bd8faa5e39fb65ddb732e8a4bd53cab47727555a93129ed22bf4bc7242364c5010634e9f313cd326e599ebb4b5bbbeced7559e2c1d7eecdde4c66aa7962a", 0x1000}], 0x1, 0x0)
ioctl$USBDEVFS_GETDRIVER(r2, 0x41045508, &(0x7f0000000240)={0x5, "f7ce2b0da308cbbfc34c6aaea4d79b9fed7b493f90fc77e476f79cf1725f3119e6ab159f44acf68e7a21f6db281a4d51825f31fcfe180256b353110994f8c8c25a832ed1a920f163f13343e84e916390c51120eca99ce614fa408eb5033bdadec0fefc7356bc62c2a4734bf9da876191222e7ebc4c915e3c1d909d9e50980fbd4609196f9205ebf1cbd0091a2346d9649deaabebb0f58a59c6688a1e2870203048729b43d11df415320653d067cd83ac896fa0b800a0ed1c8df2b2deccf5cb0efd7b0cde5c46f30ffb63def62f24ed618c5257eecee4f62c97359f00b2ff9aee753cf8900e8c06f6355c63aa30cabde38f0663094cd8626c9b6a8876a0fb507d"})
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x18, 0x140d, 0x200, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x81}, 0x4000800)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_misc(r4, &(0x7f0000000000)=ANY=[], 0xfffffecc)
ioctl$KDENABIO(r4, 0x4b36)
pipe(&(0x7f0000000040))
r5 = syz_io_uring_setup(0x5ec4, &(0x7f0000000380), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x2, 0x0, {0x2}}, 0x0)
io_uring_enter(r5, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3009.658204][T26684] FAULT_INJECTION: forcing a failure.
[ 3009.658204][T26684] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3009.671908][T26684] CPU: 1 PID: 26684 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3009.680350][T26684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3009.690412][T26684] Call Trace:
[ 3009.693792][T26684]  dump_stack_lvl+0x1d3/0x29f
[ 3009.698476][T26684]  ? show_regs_print_info+0x12/0x12
[ 3009.703666][T26684]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3009.709380][T26684]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3009.714936][T26684]  should_fail+0x384/0x4b0
[ 3009.719352][T26684]  prepare_alloc_pages+0x1d1/0x5a0
[ 3009.724542][T26684]  __alloc_pages+0x14d/0x5f0
[ 3009.729136][T26684]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3009.734434][T26684]  ? trace_lock_release+0x4f/0x150
[ 3009.739562][T26684]  ? alloc_pages+0x3f3/0x500
[ 3009.744137][T26684]  allocate_slab+0xf1/0x540
[ 3009.748626][T26684]  ___slab_alloc+0x1cf/0x350
[ 3009.753218][T26684]  ? io_submit_sqes+0x601f/0x9e00
[ 3009.758227][T26684]  kmem_cache_alloc_bulk+0x180/0x410
[ 3009.763515][T26684]  io_submit_sqes+0x601f/0x9e00
[ 3009.768386][T26684]  ? __might_sleep+0x100/0x100
[ 3009.773157][T26684]  ? io_uring_add_tctx_node+0x330/0x330
[ 3009.778688][T26684]  ? io_uring_add_tctx_node+0x74/0x330
[ 3009.784129][T26684]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3009.789664][T26684]  ? trace_lock_release+0x4f/0x150
[ 3009.794780][T26684]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3009.800321][T26684]  ? __fget_files+0x35a/0x390
[ 3009.805118][T26684]  ? __lock_acquire+0x6100/0x6100
[ 3009.810136][T26684]  ? account_other_time+0x63/0x280
[ 3009.815243][T26684]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3009.820858][T26684]  ? print_irqtrace_events+0x220/0x220
[ 3009.826305][T26684]  ? vtime_user_exit+0x2b2/0x3e0
[ 3009.831226][T26684]  ? __context_tracking_exit+0x7a/0xd0
[ 3009.836672][T26684]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3009.842659][T26684]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3009.848196][T26684]  do_syscall_64+0x3d/0xb0
[ 3009.852628][T26684]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3009.858508][T26684] RIP: 0033:0x4665f9
[ 3009.862387][T26684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3009.882064][T26684] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3009.890482][T26684] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3009.898447][T26684] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:20 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d", 0x19}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 3009.906415][T26684] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3009.914374][T26684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3009.922330][T26684] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:20 executing program 0 (fault-call:8 fault-nth:48):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:20 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3009.996346][T26692] FAULT_INJECTION: forcing a failure.
[ 3009.996346][T26692] name failslab, interval 1, probability 0, space 0, times 0
[ 3010.023689][T26692] CPU: 0 PID: 26692 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3010.032147][T26692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3010.042211][T26692] Call Trace:
01:50:20 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3010.045498][T26692]  dump_stack_lvl+0x1d3/0x29f
[ 3010.050192][T26692]  ? show_regs_print_info+0x12/0x12
[ 3010.055398][T26692]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3010.061120][T26692]  ? __might_sleep+0x100/0x100
[ 3010.065874][T26692]  ? __rcu_read_lock+0xb0/0xb0
[ 3010.070647][T26692]  ? allocate_slab+0x373/0x540
[ 3010.075421][T26692]  should_fail+0x384/0x4b0
[ 3010.079869][T26692]  should_failslab+0x5/0x20
[ 3010.084382][T26692]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3010.089582][T26692]  io_submit_sqes+0x601f/0x9e00
[ 3010.094447][T26692]  ? __might_sleep+0x100/0x100
[ 3010.099248][T26692]  ? io_uring_add_tctx_node+0x330/0x330
[ 3010.104804][T26692]  ? io_uring_add_tctx_node+0x74/0x330
[ 3010.110277][T26692]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3010.115839][T26692]  ? trace_lock_release+0x4f/0x150
[ 3010.120964][T26692]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3010.126524][T26692]  ? __fget_files+0x35a/0x390
[ 3010.131210][T26692]  ? __lock_acquire+0x6100/0x6100
[ 3010.136254][T26692]  ? account_other_time+0x63/0x280
[ 3010.141378][T26692]  ? rcu_read_lock_sched_held+0x5d/0x110
01:50:20 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3010.147019][T26692]  ? print_irqtrace_events+0x220/0x220
[ 3010.152167][T26708] ptrace attach of "/root/syz-executor.4"[26707] was attempted by "/root/syz-executor.4"[26708]
[ 3010.152480][T26692]  ? vtime_user_exit+0x2b2/0x3e0
[ 3010.167817][T26692]  ? __context_tracking_exit+0x7a/0xd0
[ 3010.173290][T26692]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3010.179281][T26692]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3010.184832][T26692]  do_syscall_64+0x3d/0xb0
[ 3010.189263][T26692]  entry_SYSCALL_64_after_hwframe+0x44/0xae
01:50:20 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3010.195163][T26692] RIP: 0033:0x4665f9
[ 3010.199063][T26692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3010.218686][T26692] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3010.227140][T26692] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3010.235123][T26692] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:20 executing program 0 (fault-call:8 fault-nth:49):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3010.243105][T26692] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3010.251090][T26692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3010.259156][T26692] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3010.307535][T26718] FAULT_INJECTION: forcing a failure.
[ 3010.307535][T26718] name failslab, interval 1, probability 0, space 0, times 0
[ 3010.320473][T26718] CPU: 0 PID: 26718 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3010.328883][T26718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3010.338941][T26718] Call Trace:
[ 3010.342225][T26718]  dump_stack_lvl+0x1d3/0x29f
[ 3010.346894][T26718]  ? show_regs_print_info+0x12/0x12
[ 3010.352105][T26718]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3010.357817][T26718]  ? __might_sleep+0x100/0x100
[ 3010.362610][T26718]  ? __rcu_read_lock+0xb0/0xb0
[ 3010.367416][T26718]  ? allocate_slab+0x373/0x540
[ 3010.372191][T26718]  should_fail+0x384/0x4b0
[ 3010.376604][T26718]  should_failslab+0x5/0x20
[ 3010.381096][T26718]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3010.386307][T26718]  io_submit_sqes+0x601f/0x9e00
[ 3010.391147][T26718]  ? __might_sleep+0x100/0x100
[ 3010.395919][T26718]  ? io_uring_add_tctx_node+0x330/0x330
[ 3010.401451][T26718]  ? io_uring_add_tctx_node+0x74/0x330
[ 3010.406899][T26718]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3010.412438][T26718]  ? trace_lock_release+0x4f/0x150
[ 3010.417537][T26718]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3010.423200][T26718]  ? __fget_files+0x35a/0x390
[ 3010.427884][T26718]  ? __lock_acquire+0x6100/0x6100
[ 3010.432918][T26718]  ? account_other_time+0x63/0x280
[ 3010.438036][T26718]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3010.443676][T26718]  ? print_irqtrace_events+0x220/0x220
[ 3010.449125][T26718]  ? vtime_user_exit+0x2b2/0x3e0
[ 3010.454050][T26718]  ? __context_tracking_exit+0x7a/0xd0
[ 3010.459497][T26718]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3010.465474][T26718]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3010.471011][T26718]  do_syscall_64+0x3d/0xb0
[ 3010.475417][T26718]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3010.481314][T26718] RIP: 0033:0x4665f9
[ 3010.485204][T26718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:21 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3010.504807][T26718] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3010.513207][T26718] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3010.521162][T26718] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3010.529126][T26718] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3010.537077][T26718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3010.545044][T26718] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x21}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r5, 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000000), &(0x7f0000000180)=@v3={0x3000000, [{0x0, 0x16a81e9b}, {0x80, 0x1f}], r5}, 0x18, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:23 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x7f000000)

01:50:23 executing program 0 (fault-call:8 fault-nth:50):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000c80)=[{&(0x7f0000000640)=""/255, 0xff}, {&(0x7f0000000740)=""/202, 0xca}, {&(0x7f0000000840)=""/188, 0xbc}, {&(0x7f0000000900)=""/107, 0x6b}, {&(0x7f0000000980)=""/72, 0x48}, {&(0x7f0000000a00)=""/237, 0xed}, {&(0x7f0000000b40)=""/76, 0x4c}, {&(0x7f0000000bc0)=""/10, 0xa}], 0x8, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000240))
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)
r5 = syz_mount_image$ubifs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x401, 0x2, &(0x7f00000004c0)=[{&(0x7f00000001c0)="af1e9e4bdd826a5e6574b8a750610a", 0xf, 0xffffffff}, {&(0x7f0000000440)="11841b98b4f710e3aa6ee333df33866d98696b28a2350750e6cfa4cc1a02cca82e4fa8ee9154515ccf270735551a8f33f417d9a585812ef3500cfd65ecd141c8c203f4220e62a60ff9a6c90b2409aeafe92a5fa05bd49072084133836835e39468c2a800fd3446e6651a0c34e96032f4df6fd78f", 0x74, 0x4}], 0x2a, &(0x7f0000000580)=ANY=[@ANYBLOB="636f6d70723d6c7a6f2c617574685f6b65793d002c636f6d70723d6c7a6f2c62756c6b5f726561642c62756c6b5f726561642c7065726d69745f646972656374696f2c61707072426973652c6673636f6e746578743d7595778141752c61756469742c00"])
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000500), 0x1, 0x0)
pipe(&(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
close(r9)
splice(r7, 0x0, r9, 0x0, 0x4ffe6, 0x0)
pipe(&(0x7f0000000080)={<r10=>0xffffffffffffffff})
r11 = socket$inet_udp(0x2, 0x2, 0x0)
close(r11)
splice(r8, 0x0, r11, 0x0, 0x4ffe6, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000600)=[r5, r6, r7, r2, r10], 0x5)

[ 3012.664656][T26736] FAULT_INJECTION: forcing a failure.
[ 3012.664656][T26736] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3012.687397][T26736] CPU: 1 PID: 26736 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3012.695849][T26736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3012.705910][T26736] Call Trace:
[ 3012.709197][T26736]  dump_stack_lvl+0x1d3/0x29f
[ 3012.713893][T26736]  ? show_regs_print_info+0x12/0x12
[ 3012.719104][T26736]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3012.724836][T26736]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3012.730402][T26736]  should_fail+0x384/0x4b0
[ 3012.734838][T26736]  prepare_alloc_pages+0x1d1/0x5a0
[ 3012.739966][T26736]  __alloc_pages+0x14d/0x5f0
[ 3012.744571][T26736]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3012.749869][T26736]  ? trace_lock_release+0x4f/0x150
[ 3012.754998][T26736]  ? alloc_pages+0x3f3/0x500
[ 3012.759628][T26736]  allocate_slab+0xf1/0x540
[ 3012.764144][T26736]  ___slab_alloc+0x1cf/0x350
[ 3012.768752][T26736]  ? io_submit_sqes+0x601f/0x9e00
[ 3012.773792][T26736]  kmem_cache_alloc_bulk+0x180/0x410
[ 3012.779099][T26736]  io_submit_sqes+0x601f/0x9e00
[ 3012.783955][T26736]  ? __might_sleep+0x100/0x100
[ 3012.788755][T26736]  ? io_uring_add_tctx_node+0x330/0x330
[ 3012.794313][T26736]  ? io_uring_add_tctx_node+0x74/0x330
[ 3012.799823][T26736]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3012.805366][T26736]  ? trace_lock_release+0x4f/0x150
[ 3012.810513][T26736]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3012.816072][T26736]  ? __fget_files+0x35a/0x390
[ 3012.820758][T26736]  ? __lock_acquire+0x6100/0x6100
[ 3012.825767][T26736]  ? account_other_time+0x63/0x280
[ 3012.830868][T26736]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3012.836645][T26736]  ? print_irqtrace_events+0x220/0x220
[ 3012.842092][T26736]  ? vtime_user_exit+0x2b2/0x3e0
[ 3012.847020][T26736]  ? __context_tracking_exit+0x7a/0xd0
[ 3012.852482][T26736]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3012.858458][T26736]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3012.863990][T26736]  do_syscall_64+0x3d/0xb0
[ 3012.868393][T26736]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3012.874295][T26736] RIP: 0033:0x4665f9
[ 3012.878172][T26736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3012.897784][T26736] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3012.906207][T26736] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
01:50:23 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d", 0x19}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:23 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
fstatfs(r0, &(0x7f0000000240)=""/169)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_io_uring_setup(0x79aa, &(0x7f0000000180)={0x0, 0x4567, 0x1, 0x1, 0x199, 0x0, r1}, &(0x7f0000082000/0x3000)=nil, &(0x7f00005a7000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300))
preadv(r4, &(0x7f0000000440)=[{&(0x7f0000000340)=""/207, 0xcf}], 0x1, 0x4, 0x7)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:23 executing program 0 (fault-call:8 fault-nth:51):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3012.914174][T26736] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3012.922145][T26736] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3012.930124][T26736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3012.938082][T26736] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:23 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3013.023041][T26749] FAULT_INJECTION: forcing a failure.
[ 3013.023041][T26749] name failslab, interval 1, probability 0, space 0, times 0
[ 3013.059291][T26749] CPU: 1 PID: 26749 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3013.067746][T26749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3013.077824][T26749] Call Trace:
[ 3013.081102][T26749]  dump_stack_lvl+0x1d3/0x29f
[ 3013.085788][T26749]  ? show_regs_print_info+0x12/0x12
[ 3013.090972][T26749]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3013.096676][T26749]  ? __might_sleep+0x100/0x100
[ 3013.101422][T26749]  ? __rcu_read_lock+0xb0/0xb0
[ 3013.106180][T26749]  ? allocate_slab+0x373/0x540
[ 3013.110931][T26749]  should_fail+0x384/0x4b0
[ 3013.115336][T26749]  should_failslab+0x5/0x20
[ 3013.119822][T26749]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3013.125023][T26749]  io_submit_sqes+0x601f/0x9e00
[ 3013.129857][T26749]  ? __might_sleep+0x100/0x100
[ 3013.134619][T26749]  ? io_uring_add_tctx_node+0x330/0x330
[ 3013.140148][T26749]  ? io_uring_add_tctx_node+0x74/0x330
[ 3013.145602][T26749]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3013.151135][T26749]  ? trace_lock_release+0x4f/0x150
[ 3013.156231][T26749]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3013.161761][T26749]  ? __fget_files+0x35a/0x390
[ 3013.166420][T26749]  ? __lock_acquire+0x6100/0x6100
[ 3013.171447][T26749]  ? account_other_time+0x63/0x280
[ 3013.176561][T26749]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3013.182176][T26749]  ? print_irqtrace_events+0x220/0x220
[ 3013.187623][T26749]  ? vtime_user_exit+0x2b2/0x3e0
[ 3013.192544][T26749]  ? __context_tracking_exit+0x7a/0xd0
[ 3013.197986][T26749]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3013.203965][T26749]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3013.209495][T26749]  do_syscall_64+0x3d/0xb0
[ 3013.213908][T26749]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3013.219787][T26749] RIP: 0033:0x4665f9
[ 3013.223665][T26749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3013.243252][T26749] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3013.251647][T26749] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3013.259600][T26749] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:23 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:23 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b654b49", 0x1e}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x600, 0x0)
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3013.267554][T26749] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3013.275506][T26749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3013.283460][T26749] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:23 executing program 0 (fault-call:8 fault-nth:52):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3013.441542][T26777] FAULT_INJECTION: forcing a failure.
[ 3013.441542][T26777] name failslab, interval 1, probability 0, space 0, times 0
[ 3013.454568][T26777] CPU: 1 PID: 26777 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3013.463001][T26777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3013.473066][T26777] Call Trace:
[ 3013.476357][T26777]  dump_stack_lvl+0x1d3/0x29f
[ 3013.481053][T26777]  ? show_regs_print_info+0x12/0x12
[ 3013.486261][T26777]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3013.491994][T26777]  ? mod_node_state+0x103/0x190
[ 3013.496852][T26777]  ? __might_sleep+0x100/0x100
[ 3013.501628][T26777]  ? __rcu_read_lock+0xb0/0xb0
[ 3013.506394][T26777]  ? allocate_slab+0x373/0x540
[ 3013.511283][T26777]  should_fail+0x384/0x4b0
[ 3013.515691][T26777]  should_failslab+0x5/0x20
[ 3013.520176][T26777]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3013.525410][T26777]  io_submit_sqes+0x601f/0x9e00
[ 3013.530254][T26777]  ? __might_sleep+0x100/0x100
[ 3013.535020][T26777]  ? io_uring_add_tctx_node+0x330/0x330
[ 3013.540552][T26777]  ? io_uring_add_tctx_node+0x74/0x330
[ 3013.545994][T26777]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3013.551522][T26777]  ? trace_lock_release+0x4f/0x150
[ 3013.556610][T26777]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3013.562194][T26777]  ? __fget_files+0x35a/0x390
[ 3013.566864][T26777]  ? __lock_acquire+0x6100/0x6100
[ 3013.571905][T26777]  ? account_other_time+0x63/0x280
[ 3013.576999][T26777]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3013.582610][T26777]  ? print_irqtrace_events+0x220/0x220
[ 3013.588048][T26777]  ? vtime_user_exit+0x2b2/0x3e0
[ 3013.592969][T26777]  ? __context_tracking_exit+0x7a/0xd0
[ 3013.598409][T26777]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3013.604368][T26777]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3013.609938][T26777]  do_syscall_64+0x3d/0xb0
[ 3013.614342][T26777]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3013.620220][T26777] RIP: 0033:0x4665f9
[ 3013.624106][T26777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3013.643782][T26777] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3013.652204][T26777] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3013.660156][T26777] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3013.668110][T26777] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3013.676080][T26777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3013.684027][T26777] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:26 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0xfeffffff)

01:50:26 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000000))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:26 executing program 0 (fault-call:8 fault-nth:53):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:26 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b", 0x1b}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000009, 0x10, r2, 0x8000000)
r6 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x18}, 0x10001)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r6, 0x10000000)
syz_io_uring_submit(r7, r9, &(0x7f0000000000)=@IORING_OP_POLL_ADD, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00000dc000/0x4000)=nil, 0x4000}, 0x0)
syz_io_uring_submit(r7, r9, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r7, r9, &(0x7f0000000340)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00000db000/0x2000)=nil, 0x2000}, 0x0)
r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r10, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r9, &(0x7f0000000180)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x5, 0x0, r10, &(0x7f0000000000)={0x14}, r1, 0x3, 0x0, 0x0, {0x0, r11}}, 0x10bd)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3016.061044][T26796] FAULT_INJECTION: forcing a failure.
[ 3016.061044][T26796] name failslab, interval 1, probability 0, space 0, times 0
[ 3016.095297][T26796] CPU: 0 PID: 26796 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3016.103755][T26796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3016.113821][T26796] Call Trace:
[ 3016.117108][T26796]  dump_stack_lvl+0x1d3/0x29f
[ 3016.121800][T26796]  ? show_regs_print_info+0x12/0x12
[ 3016.127012][T26796]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3016.132755][T26796]  ? __might_sleep+0x100/0x100
[ 3016.137526][T26796]  ? __rcu_read_lock+0xb0/0xb0
[ 3016.142299][T26796]  ? allocate_slab+0x373/0x540
[ 3016.147076][T26796]  should_fail+0x384/0x4b0
[ 3016.151507][T26796]  should_failslab+0x5/0x20
[ 3016.156026][T26796]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3016.161243][T26796]  io_submit_sqes+0x601f/0x9e00
[ 3016.166101][T26796]  ? __might_sleep+0x100/0x100
[ 3016.170896][T26796]  ? io_uring_add_tctx_node+0x330/0x330
[ 3016.176457][T26796]  ? io_uring_add_tctx_node+0x74/0x330
[ 3016.181925][T26796]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3016.187488][T26796]  ? trace_lock_release+0x4f/0x150
[ 3016.192609][T26796]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3016.198158][T26796]  ? __fget_files+0x35a/0x390
[ 3016.202838][T26796]  ? __lock_acquire+0x6100/0x6100
01:50:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000180), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000), &(0x7f0000000180)={0x0, 0xfb, 0x49, 0x0, 0x5, "429a3ec5d5e40f1ef13d84e844b27228", "d12eb8b6e6880ccd9cb49c70ec2601572498ec6a50beb121154d78e16523e0846ef0a71de8c1008d348469275be4be7d8a854b32"}, 0x49, 0x2)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x80000187, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f000019d000/0x4000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3800004, 0x12, r6, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f0000000200)=r6, 0x1)

[ 3016.207873][T26796]  ? account_other_time+0x63/0x280
[ 3016.212992][T26796]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3016.218637][T26796]  ? print_irqtrace_events+0x220/0x220
[ 3016.224102][T26796]  ? vtime_user_exit+0x2b2/0x3e0
[ 3016.229054][T26796]  ? __context_tracking_exit+0x7a/0xd0
[ 3016.234519][T26796]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3016.240507][T26796]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3016.246066][T26796]  do_syscall_64+0x3d/0xb0
[ 3016.250494][T26796]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3016.256394][T26796] RIP: 0033:0x4665f9
[ 3016.260292][T26796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3016.279906][T26796] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3016.288327][T26796] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3016.296307][T26796] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3016.304287][T26796] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
01:50:26 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:26 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b", 0x1b}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 3016.312299][T26796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3016.320275][T26796] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:26 executing program 0 (fault-call:8 fault-nth:54):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3016.436006][T26824] FAULT_INJECTION: forcing a failure.
[ 3016.436006][T26824] name failslab, interval 1, probability 0, space 0, times 0
[ 3016.453296][T26824] CPU: 0 PID: 26824 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3016.461766][T26824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3016.471827][T26824] Call Trace:
[ 3016.475111][T26824]  dump_stack_lvl+0x1d3/0x29f
[ 3016.479803][T26824]  ? show_regs_print_info+0x12/0x12
[ 3016.485011][T26824]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3016.490920][T26824]  ? mod_node_state+0x103/0x190
[ 3016.495778][T26824]  ? __might_sleep+0x100/0x100
[ 3016.500552][T26824]  ? __rcu_read_lock+0xb0/0xb0
[ 3016.505325][T26824]  ? allocate_slab+0x373/0x540
[ 3016.510097][T26824]  should_fail+0x384/0x4b0
[ 3016.514530][T26824]  should_failslab+0x5/0x20
[ 3016.519033][T26824]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3016.524244][T26824]  io_submit_sqes+0x601f/0x9e00
[ 3016.529099][T26824]  ? __might_sleep+0x100/0x100
[ 3016.533888][T26824]  ? io_uring_add_tctx_node+0x330/0x330
[ 3016.539440][T26824]  ? io_uring_add_tctx_node+0x74/0x330
[ 3016.544911][T26824]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3016.550475][T26824]  ? trace_lock_release+0x4f/0x150
[ 3016.555601][T26824]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3016.561155][T26824]  ? __fget_files+0x35a/0x390
[ 3016.565834][T26824]  ? __lock_acquire+0x6100/0x6100
[ 3016.570864][T26824]  ? account_other_time+0x63/0x280
[ 3016.575981][T26824]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3016.581620][T26824]  ? print_irqtrace_events+0x220/0x220
[ 3016.587083][T26824]  ? vtime_user_exit+0x2b2/0x3e0
[ 3016.592028][T26824]  ? __context_tracking_exit+0x7a/0xd0
[ 3016.597491][T26824]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3016.603476][T26824]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3016.609033][T26824]  do_syscall_64+0x3d/0xb0
[ 3016.613464][T26824]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3016.619364][T26824] RIP: 0033:0x4665f9
[ 3016.623283][T26824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3016.642893][T26824] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3016.651315][T26824] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3016.659294][T26824] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3016.667276][T26824] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3016.675270][T26824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3016.683248][T26824] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:27 executing program 0 (fault-call:8 fault-nth:55):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3016.997395][T26826] FAULT_INJECTION: forcing a failure.
[ 3016.997395][T26826] name failslab, interval 1, probability 0, space 0, times 0
[ 3017.026834][T26826] CPU: 0 PID: 26826 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3017.035287][T26826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3017.045349][T26826] Call Trace:
[ 3017.048632][T26826]  dump_stack_lvl+0x1d3/0x29f
[ 3017.053328][T26826]  ? show_regs_print_info+0x12/0x12
[ 3017.058567][T26826]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3017.064292][T26826]  ? __might_sleep+0x100/0x100
[ 3017.069068][T26826]  ? __rcu_read_lock+0xb0/0xb0
[ 3017.073847][T26826]  ? allocate_slab+0x373/0x540
[ 3017.078678][T26826]  should_fail+0x384/0x4b0
[ 3017.083104][T26826]  should_failslab+0x5/0x20
[ 3017.087616][T26826]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3017.092829][T26826]  io_submit_sqes+0x601f/0x9e00
[ 3017.097683][T26826]  ? __might_sleep+0x100/0x100
[ 3017.102474][T26826]  ? io_uring_add_tctx_node+0x330/0x330
[ 3017.108028][T26826]  ? io_uring_add_tctx_node+0x74/0x330
[ 3017.113496][T26826]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3017.119051][T26826]  ? trace_lock_release+0x4f/0x150
[ 3017.124170][T26826]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3017.129730][T26826]  ? __fget_files+0x35a/0x390
[ 3017.134423][T26826]  ? __lock_acquire+0x6100/0x6100
[ 3017.139449][T26826]  ? account_other_time+0x63/0x280
[ 3017.144822][T26826]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3017.150456][T26826]  ? print_irqtrace_events+0x220/0x220
[ 3017.155919][T26826]  ? vtime_user_exit+0x2b2/0x3e0
[ 3017.160861][T26826]  ? __context_tracking_exit+0x7a/0xd0
[ 3017.166326][T26826]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3017.172310][T26826]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3017.177865][T26826]  do_syscall_64+0x3d/0xb0
[ 3017.182294][T26826]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3017.188196][T26826] RIP: 0033:0x4665f9
[ 3017.192176][T26826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3017.211784][T26826] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3017.220209][T26826] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3017.228191][T26826] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3017.236174][T26826] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3017.244149][T26826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3017.252131][T26826] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:29 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0xfffffffe)

01:50:29 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:29 executing program 0 (fault-call:8 fault-nth:56):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3018.750181][T26830] FAULT_INJECTION: forcing a failure.
[ 3018.750181][T26830] name failslab, interval 1, probability 0, space 0, times 0
[ 3018.781888][T26830] CPU: 0 PID: 26830 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3018.790343][T26830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3018.800407][T26830] Call Trace:
[ 3018.803695][T26830]  dump_stack_lvl+0x1d3/0x29f
[ 3018.808396][T26830]  ? show_regs_print_info+0x12/0x12
[ 3018.813603][T26830]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3018.819331][T26830]  ? __might_sleep+0x100/0x100
[ 3018.824106][T26830]  ? __rcu_read_lock+0xb0/0xb0
[ 3018.828885][T26830]  ? allocate_slab+0x373/0x540
[ 3018.833664][T26830]  should_fail+0x384/0x4b0
[ 3018.838093][T26830]  should_failslab+0x5/0x20
[ 3018.842597][T26830]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3018.847808][T26830]  io_submit_sqes+0x601f/0x9e00
[ 3018.852664][T26830]  ? __might_sleep+0x100/0x100
[ 3018.857472][T26830]  ? io_uring_add_tctx_node+0x330/0x330
[ 3018.863025][T26830]  ? io_uring_add_tctx_node+0x74/0x330
[ 3018.868494][T26830]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3018.874057][T26830]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3018.879605][T26830]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3018.885242][T26830]  ? read_lock_is_recursive+0x10/0x10
[ 3018.890630][T26830]  ? account_other_time+0x63/0x280
[ 3018.895746][T26830]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3018.901383][T26830]  ? print_irqtrace_events+0x220/0x220
[ 3018.906851][T26830]  ? vtime_user_exit+0x2b2/0x3e0
[ 3018.911793][T26830]  ? __context_tracking_exit+0x7a/0xd0
[ 3018.917257][T26830]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3018.923249][T26830]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3018.928808][T26830]  do_syscall_64+0x3d/0xb0
[ 3018.933242][T26830]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3018.939143][T26830] RIP: 0033:0x4665f9
[ 3018.943031][T26830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.962638][T26830] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3018.971057][T26830] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3018.979037][T26830] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3018.987017][T26830] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
01:50:29 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:29 executing program 0 (fault-call:8 fault-nth:57):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3018.994996][T26830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3019.002972][T26830] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3019.105139][T26846] FAULT_INJECTION: forcing a failure.
[ 3019.105139][T26846] name failslab, interval 1, probability 0, space 0, times 0
[ 3019.119188][T26846] CPU: 0 PID: 26846 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3019.127624][T26846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3019.137672][T26846] Call Trace:
[ 3019.140948][T26846]  dump_stack_lvl+0x1d3/0x29f
[ 3019.145615][T26846]  ? show_regs_print_info+0x12/0x12
[ 3019.150798][T26846]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3019.156504][T26846]  ? __might_sleep+0x100/0x100
[ 3019.161251][T26846]  ? __rcu_read_lock+0xb0/0xb0
[ 3019.166104][T26846]  ? allocate_slab+0x373/0x540
[ 3019.170854][T26846]  should_fail+0x384/0x4b0
[ 3019.175257][T26846]  should_failslab+0x5/0x20
[ 3019.179741][T26846]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3019.184926][T26846]  io_submit_sqes+0x601f/0x9e00
[ 3019.189764][T26846]  ? __might_sleep+0x100/0x100
[ 3019.194530][T26846]  ? io_uring_add_tctx_node+0x330/0x330
[ 3019.200061][T26846]  ? io_uring_add_tctx_node+0x74/0x330
[ 3019.205522][T26846]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3019.211060][T26846]  ? trace_lock_release+0x4f/0x150
[ 3019.216156][T26846]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3019.221685][T26846]  ? __fget_files+0x35a/0x390
[ 3019.226343][T26846]  ? __lock_acquire+0x6100/0x6100
[ 3019.231352][T26846]  ? account_other_time+0x63/0x280
[ 3019.236467][T26846]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3019.242084][T26846]  ? print_irqtrace_events+0x220/0x220
[ 3019.247523][T26846]  ? vtime_user_exit+0x2b2/0x3e0
[ 3019.252463][T26846]  ? __context_tracking_exit+0x7a/0xd0
[ 3019.257908][T26846]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3019.263873][T26846]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3019.269405][T26846]  do_syscall_64+0x3d/0xb0
[ 3019.273808][T26846]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3019.279705][T26846] RIP: 0033:0x4665f9
[ 3019.283757][T26846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:29 executing program 0 (fault-call:8 fault-nth:58):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3019.303344][T26846] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3019.311741][T26846] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3019.319704][T26846] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3019.327669][T26846] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3019.335649][T26846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3019.343620][T26846] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:29 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:29 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b", 0x1b}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 3019.412994][T26848] FAULT_INJECTION: forcing a failure.
[ 3019.412994][T26848] name failslab, interval 1, probability 0, space 0, times 0
[ 3019.443032][T26848] CPU: 0 PID: 26848 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3019.451509][T26848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3019.461598][T26848] Call Trace:
[ 3019.464881][T26848]  dump_stack_lvl+0x1d3/0x29f
[ 3019.469574][T26848]  ? show_regs_print_info+0x12/0x12
[ 3019.474781][T26848]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3019.480510][T26848]  ? __might_sleep+0x100/0x100
[ 3019.485269][T26848]  ? __rcu_read_lock+0xb0/0xb0
[ 3019.490018][T26848]  ? allocate_slab+0x373/0x540
[ 3019.494775][T26848]  should_fail+0x384/0x4b0
[ 3019.499185][T26848]  should_failslab+0x5/0x20
[ 3019.503673][T26848]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3019.508861][T26848]  io_submit_sqes+0x601f/0x9e00
[ 3019.513703][T26848]  ? __might_sleep+0x100/0x100
[ 3019.518483][T26848]  ? io_uring_add_tctx_node+0x330/0x330
[ 3019.524020][T26848]  ? io_uring_add_tctx_node+0x74/0x330
[ 3019.529471][T26848]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3019.535013][T26848]  ? trace_lock_release+0x4f/0x150
[ 3019.540135][T26848]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3019.545684][T26848]  ? __fget_files+0x35a/0x390
[ 3019.550346][T26848]  ? __lock_acquire+0x6100/0x6100
[ 3019.555358][T26848]  ? account_other_time+0x63/0x280
[ 3019.560470][T26848]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3019.566086][T26848]  ? print_irqtrace_events+0x220/0x220
[ 3019.571529][T26848]  ? vtime_user_exit+0x2b2/0x3e0
[ 3019.576467][T26848]  ? __context_tracking_exit+0x7a/0xd0
[ 3019.581932][T26848]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3019.587914][T26848]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3019.593478][T26848]  do_syscall_64+0x3d/0xb0
[ 3019.597885][T26848]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3019.603765][T26848] RIP: 0033:0x4665f9
[ 3019.607647][T26848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3019.627234][T26848] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3019.635631][T26848] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3019.643582][T26848] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3019.651537][T26848] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3019.659490][T26848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3019.667441][T26848] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:30 executing program 0 (fault-call:8 fault-nth:59):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3019.756877][T26858] FAULT_INJECTION: forcing a failure.
[ 3019.756877][T26858] name failslab, interval 1, probability 0, space 0, times 0
[ 3019.772971][T26858] CPU: 1 PID: 26858 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3019.781402][T26858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3019.791464][T26858] Call Trace:
[ 3019.794756][T26858]  dump_stack_lvl+0x1d3/0x29f
[ 3019.799450][T26858]  ? show_regs_print_info+0x12/0x12
[ 3019.804663][T26858]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3019.810397][T26858]  ? __might_sleep+0x100/0x100
[ 3019.815256][T26858]  ? __rcu_read_lock+0xb0/0xb0
[ 3019.820023][T26858]  ? allocate_slab+0x373/0x540
[ 3019.824798][T26858]  should_fail+0x384/0x4b0
[ 3019.829227][T26858]  should_failslab+0x5/0x20
[ 3019.833732][T26858]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3019.838938][T26858]  io_submit_sqes+0x601f/0x9e00
[ 3019.843791][T26858]  ? __might_sleep+0x100/0x100
[ 3019.848580][T26858]  ? io_uring_add_tctx_node+0x330/0x330
[ 3019.854139][T26858]  ? io_uring_add_tctx_node+0x74/0x330
[ 3019.859613][T26858]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3019.865180][T26858]  ? trace_lock_release+0x4f/0x150
[ 3019.870294][T26858]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3019.875844][T26858]  ? __fget_files+0x35a/0x390
[ 3019.880519][T26858]  ? __lock_acquire+0x6100/0x6100
[ 3019.885551][T26858]  ? account_other_time+0x63/0x280
[ 3019.890670][T26858]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3019.896313][T26858]  ? print_irqtrace_events+0x220/0x220
[ 3019.901775][T26858]  ? vtime_user_exit+0x2b2/0x3e0
[ 3019.906717][T26858]  ? __context_tracking_exit+0x7a/0xd0
[ 3019.912175][T26858]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3019.918161][T26858]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3019.923722][T26858]  do_syscall_64+0x3d/0xb0
[ 3019.928153][T26858]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3019.934052][T26858] RIP: 0033:0x4665f9
[ 3019.937955][T26858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3019.957562][T26858] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3019.965991][T26858] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3019.973973][T26858] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3019.981953][T26858] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3019.989933][T26858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3019.997915][T26858] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:30 executing program 0 (fault-call:8 fault-nth:60):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3020.097390][T26860] FAULT_INJECTION: forcing a failure.
[ 3020.097390][T26860] name failslab, interval 1, probability 0, space 0, times 0
[ 3020.120557][ T3239] ieee802154 phy0 wpan0: encryption failed: -22
[ 3020.126898][ T3239] ieee802154 phy1 wpan1: encryption failed: -22
[ 3020.145685][T26860] CPU: 1 PID: 26860 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3020.154134][T26860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3020.164195][T26860] Call Trace:
[ 3020.167482][T26860]  dump_stack_lvl+0x1d3/0x29f
[ 3020.172170][T26860]  ? show_regs_print_info+0x12/0x12
[ 3020.177375][T26860]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3020.183110][T26860]  ? __might_sleep+0x100/0x100
[ 3020.187884][T26860]  ? __rcu_read_lock+0xb0/0xb0
[ 3020.192658][T26860]  ? allocate_slab+0x373/0x540
[ 3020.197432][T26860]  should_fail+0x384/0x4b0
[ 3020.201866][T26860]  should_failslab+0x5/0x20
[ 3020.206413][T26860]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3020.211628][T26860]  io_submit_sqes+0x601f/0x9e00
[ 3020.216485][T26860]  ? __might_sleep+0x100/0x100
[ 3020.221277][T26860]  ? io_uring_add_tctx_node+0x330/0x330
[ 3020.226830][T26860]  ? io_uring_add_tctx_node+0x74/0x330
[ 3020.232295][T26860]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3020.237861][T26860]  ? trace_lock_release+0x4f/0x150
[ 3020.242988][T26860]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3020.248536][T26860]  ? __fget_files+0x35a/0x390
[ 3020.253213][T26860]  ? __lock_acquire+0x6100/0x6100
[ 3020.258243][T26860]  ? account_other_time+0x63/0x280
[ 3020.263362][T26860]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3020.268996][T26860]  ? print_irqtrace_events+0x220/0x220
[ 3020.274456][T26860]  ? vtime_user_exit+0x2b2/0x3e0
[ 3020.279398][T26860]  ? __context_tracking_exit+0x7a/0xd0
[ 3020.284872][T26860]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3020.290863][T26860]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3020.296505][T26860]  do_syscall_64+0x3d/0xb0
[ 3020.300926][T26860]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3020.306819][T26860] RIP: 0033:0x4665f9
[ 3020.310711][T26860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3020.330324][T26860] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3020.338745][T26860] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3020.346730][T26860] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3020.354709][T26860] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3020.362684][T26860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3020.370687][T26860] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:31 executing program 0 (fault-call:8 fault-nth:61):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3020.754357][T26862] FAULT_INJECTION: forcing a failure.
[ 3020.754357][T26862] name failslab, interval 1, probability 0, space 0, times 0
[ 3020.778414][T26862] CPU: 1 PID: 26862 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3020.786869][T26862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3020.796928][T26862] Call Trace:
[ 3020.800220][T26862]  dump_stack_lvl+0x1d3/0x29f
[ 3020.804911][T26862]  ? show_regs_print_info+0x12/0x12
[ 3020.810111][T26862]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3020.815841][T26862]  ? __might_sleep+0x100/0x100
[ 3020.820610][T26862]  ? __rcu_read_lock+0xb0/0xb0
[ 3020.825387][T26862]  ? allocate_slab+0x373/0x540
[ 3020.830154][T26862]  should_fail+0x384/0x4b0
[ 3020.834574][T26862]  should_failslab+0x5/0x20
[ 3020.839071][T26862]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3020.844282][T26862]  io_submit_sqes+0x601f/0x9e00
[ 3020.849153][T26862]  ? __might_sleep+0x100/0x100
[ 3020.853942][T26862]  ? io_uring_add_tctx_node+0x330/0x330
[ 3020.859493][T26862]  ? io_uring_add_tctx_node+0x74/0x330
[ 3020.864959][T26862]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3020.870520][T26862]  ? trace_lock_release+0x4f/0x150
[ 3020.875640][T26862]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3020.881200][T26862]  ? __fget_files+0x35a/0x390
[ 3020.885884][T26862]  ? __lock_acquire+0x6100/0x6100
[ 3020.890915][T26862]  ? account_other_time+0x63/0x280
[ 3020.896033][T26862]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3020.901667][T26862]  ? print_irqtrace_events+0x220/0x220
[ 3020.907129][T26862]  ? vtime_user_exit+0x2b2/0x3e0
[ 3020.912066][T26862]  ? __context_tracking_exit+0x7a/0xd0
[ 3020.917529][T26862]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3020.923521][T26862]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3020.929078][T26862]  do_syscall_64+0x3d/0xb0
[ 3020.933506][T26862]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3020.939403][T26862] RIP: 0033:0x4665f9
[ 3020.943301][T26862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3020.962907][T26862] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3020.971328][T26862] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3020.979309][T26862] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3020.987320][T26862] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3020.995294][T26862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:50:31 executing program 0 (fault-call:8 fault-nth:62):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3021.003268][T26862] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3021.093803][T26864] FAULT_INJECTION: forcing a failure.
[ 3021.093803][T26864] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3021.122593][T26864] CPU: 0 PID: 26864 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3021.131125][T26864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3021.141170][T26864] Call Trace:
[ 3021.144435][T26864]  dump_stack_lvl+0x1d3/0x29f
[ 3021.149100][T26864]  ? show_regs_print_info+0x12/0x12
[ 3021.154279][T26864]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3021.159989][T26864]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3021.165534][T26864]  should_fail+0x384/0x4b0
[ 3021.169940][T26864]  prepare_alloc_pages+0x1d1/0x5a0
[ 3021.175044][T26864]  __alloc_pages+0x14d/0x5f0
[ 3021.179621][T26864]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3021.184889][T26864]  ? trace_lock_release+0x4f/0x150
[ 3021.189987][T26864]  ? alloc_pages+0x3f3/0x500
[ 3021.194565][T26864]  allocate_slab+0xf1/0x540
[ 3021.199053][T26864]  ___slab_alloc+0x1cf/0x350
[ 3021.203624][T26864]  ? io_submit_sqes+0x601f/0x9e00
[ 3021.208628][T26864]  kmem_cache_alloc_bulk+0x180/0x410
[ 3021.213913][T26864]  io_submit_sqes+0x601f/0x9e00
[ 3021.218747][T26864]  ? __might_sleep+0x100/0x100
[ 3021.223526][T26864]  ? io_uring_add_tctx_node+0x330/0x330
[ 3021.229065][T26864]  ? io_uring_add_tctx_node+0x74/0x330
[ 3021.234595][T26864]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3021.240131][T26864]  ? trace_lock_release+0x4f/0x150
[ 3021.245233][T26864]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3021.250761][T26864]  ? __fget_files+0x35a/0x390
[ 3021.255417][T26864]  ? __lock_acquire+0x6100/0x6100
[ 3021.260429][T26864]  ? account_other_time+0x63/0x280
[ 3021.265522][T26864]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3021.271169][T26864]  ? print_irqtrace_events+0x220/0x220
[ 3021.276610][T26864]  ? vtime_user_exit+0x2b2/0x3e0
[ 3021.281533][T26864]  ? __context_tracking_exit+0x7a/0xd0
[ 3021.286983][T26864]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3021.292947][T26864]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3021.298481][T26864]  do_syscall_64+0x3d/0xb0
[ 3021.302905][T26864]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3021.308800][T26864] RIP: 0033:0x4665f9
[ 3021.312678][T26864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3021.332265][T26864] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3021.340659][T26864] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3021.348610][T26864] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3021.356561][T26864] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3021.364511][T26864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3021.372465][T26864] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x200000000000)

01:50:32 executing program 0 (fault-call:8 fault-nth:63):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3021.762800][T26867] FAULT_INJECTION: forcing a failure.
[ 3021.762800][T26867] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3021.776604][T26867] CPU: 0 PID: 26867 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3021.785042][T26867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3021.795107][T26867] Call Trace:
[ 3021.798397][T26867]  dump_stack_lvl+0x1d3/0x29f
[ 3021.803088][T26867]  ? show_regs_print_info+0x12/0x12
[ 3021.808316][T26867]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3021.814053][T26867]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3021.819618][T26867]  should_fail+0x384/0x4b0
[ 3021.824044][T26867]  prepare_alloc_pages+0x1d1/0x5a0
[ 3021.829166][T26867]  __alloc_pages+0x14d/0x5f0
[ 3021.833764][T26867]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3021.839054][T26867]  ? trace_lock_release+0x4f/0x150
[ 3021.844172][T26867]  ? alloc_pages+0x3f3/0x500
[ 3021.848771][T26867]  allocate_slab+0xf1/0x540
[ 3021.853278][T26867]  ___slab_alloc+0x1cf/0x350
[ 3021.857876][T26867]  ? io_submit_sqes+0x601f/0x9e00
[ 3021.862908][T26867]  kmem_cache_alloc_bulk+0x180/0x410
[ 3021.868203][T26867]  io_submit_sqes+0x601f/0x9e00
[ 3021.873055][T26867]  ? __might_sleep+0x100/0x100
[ 3021.877848][T26867]  ? io_uring_add_tctx_node+0x330/0x330
[ 3021.883398][T26867]  ? io_uring_add_tctx_node+0x74/0x330
[ 3021.888865][T26867]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3021.894428][T26867]  ? trace_lock_release+0x4f/0x150
[ 3021.899560][T26867]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3021.905124][T26867]  ? __fget_files+0x35a/0x390
[ 3021.909806][T26867]  ? __lock_acquire+0x6100/0x6100
[ 3021.915232][T26867]  ? account_other_time+0x63/0x280
[ 3021.920349][T26867]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3021.925991][T26867]  ? print_irqtrace_events+0x220/0x220
[ 3021.931451][T26867]  ? vtime_user_exit+0x2b2/0x3e0
[ 3021.936404][T26867]  ? __context_tracking_exit+0x7a/0xd0
[ 3021.941875][T26867]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3021.947865][T26867]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3021.953423][T26867]  do_syscall_64+0x3d/0xb0
[ 3021.957853][T26867]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3021.963755][T26867] RIP: 0033:0x4665f9
[ 3021.967652][T26867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3021.987260][T26867] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3021.995685][T26867] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3022.003665][T26867] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x1000000000000)

[ 3022.011649][T26867] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3022.019628][T26867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3022.027696][T26867] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:32 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x80000000000000)

01:50:32 executing program 0 (fault-call:8 fault-nth:64):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3022.185092][T26885] FAULT_INJECTION: forcing a failure.
[ 3022.185092][T26885] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3022.198945][T26885] CPU: 0 PID: 26885 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3022.207381][T26885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3022.217451][T26885] Call Trace:
[ 3022.220825][T26885]  dump_stack_lvl+0x1d3/0x29f
[ 3022.225516][T26885]  ? show_regs_print_info+0x12/0x12
[ 3022.230724][T26885]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3022.236457][T26885]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3022.242016][T26885]  should_fail+0x384/0x4b0
[ 3022.246449][T26885]  prepare_alloc_pages+0x1d1/0x5a0
[ 3022.251574][T26885]  __alloc_pages+0x14d/0x5f0
[ 3022.256176][T26885]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3022.261469][T26885]  ? trace_lock_release+0x4f/0x150
[ 3022.266575][T26885]  ? alloc_pages+0x3f3/0x500
[ 3022.271163][T26885]  allocate_slab+0xf1/0x540
[ 3022.275663][T26885]  ___slab_alloc+0x1cf/0x350
[ 3022.280250][T26885]  ? io_submit_sqes+0x601f/0x9e00
[ 3022.285257][T26885]  kmem_cache_alloc_bulk+0x180/0x410
[ 3022.290546][T26885]  io_submit_sqes+0x601f/0x9e00
[ 3022.295382][T26885]  ? __might_sleep+0x100/0x100
[ 3022.300158][T26885]  ? io_uring_add_tctx_node+0x330/0x330
[ 3022.305686][T26885]  ? io_uring_add_tctx_node+0x74/0x330
[ 3022.311140][T26885]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3022.316682][T26885]  ? trace_lock_release+0x4f/0x150
[ 3022.321780][T26885]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3022.327322][T26885]  ? __fget_files+0x35a/0x390
[ 3022.332000][T26885]  ? __lock_acquire+0x6100/0x6100
[ 3022.337044][T26885]  ? account_other_time+0x63/0x280
[ 3022.342176][T26885]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3022.347814][T26885]  ? print_irqtrace_events+0x220/0x220
[ 3022.353264][T26885]  ? vtime_user_exit+0x2b2/0x3e0
[ 3022.358200][T26885]  ? __context_tracking_exit+0x7a/0xd0
[ 3022.363647][T26885]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3022.369612][T26885]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3022.375146][T26885]  do_syscall_64+0x3d/0xb0
[ 3022.379553][T26885]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3022.385432][T26885] RIP: 0033:0x4665f9
[ 3022.389312][T26885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3022.408984][T26885] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3022.417392][T26885] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3022.425345][T26885] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:33 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3022.433310][T26885] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3022.441264][T26885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3022.449230][T26885] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:33 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:33 executing program 0 (fault-call:8 fault-nth:65):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3022.599214][T26898] FAULT_INJECTION: forcing a failure.
[ 3022.599214][T26898] name failslab, interval 1, probability 0, space 0, times 0
[ 3022.615171][T26898] CPU: 1 PID: 26898 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3022.623616][T26898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3022.633720][T26898] Call Trace:
[ 3022.637007][T26898]  dump_stack_lvl+0x1d3/0x29f
[ 3022.641698][T26898]  ? show_regs_print_info+0x12/0x12
[ 3022.646907][T26898]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3022.652631][T26898]  ? __might_sleep+0x100/0x100
[ 3022.657402][T26898]  ? __rcu_read_lock+0xb0/0xb0
[ 3022.662169][T26898]  ? allocate_slab+0x373/0x540
[ 3022.666940][T26898]  should_fail+0x384/0x4b0
[ 3022.671368][T26898]  should_failslab+0x5/0x20
[ 3022.675888][T26898]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3022.681100][T26898]  io_submit_sqes+0x601f/0x9e00
[ 3022.685959][T26898]  ? __might_sleep+0x100/0x100
[ 3022.690756][T26898]  ? io_uring_add_tctx_node+0x330/0x330
[ 3022.696310][T26898]  ? io_uring_add_tctx_node+0x74/0x330
[ 3022.701772][T26898]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3022.707368][T26898]  ? trace_lock_release+0x4f/0x150
[ 3022.712495][T26898]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3022.718044][T26898]  ? __fget_files+0x35a/0x390
[ 3022.722716][T26898]  ? __lock_acquire+0x6100/0x6100
[ 3022.727748][T26898]  ? account_other_time+0x63/0x280
[ 3022.732862][T26898]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3022.738507][T26898]  ? print_irqtrace_events+0x220/0x220
[ 3022.743970][T26898]  ? vtime_user_exit+0x2b2/0x3e0
[ 3022.748919][T26898]  ? __context_tracking_exit+0x7a/0xd0
[ 3022.754389][T26898]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3022.760381][T26898]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3022.765936][T26898]  do_syscall_64+0x3d/0xb0
[ 3022.770361][T26898]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3022.776264][T26898] RIP: 0033:0x4665f9
[ 3022.780158][T26898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0xc4)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004db80)={<r1=>0x0, ""/256, 0x0, <r2=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000062c40)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {0x0, r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}], 0x0, "8bebeb894f74c3"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000055900)={<r3=>0x0, 0x0, "4ec28aaed1bb3447c69e283137eddf22a77f49cd7597643539623dfa97cf0324c5a19349d8929c6d3d34a79ee1c802e69a732ff96d0f3d761d15234b45e9400f0d154b75851c77123df4e18fc463f54474d97216cd3f5bc7190fbdf5123bb04a4c4e8c984dbfd64e022589b6d8157e5e4355ba47840a0a0f55a59053c9eef43c21e41d056c7c1e8d81a3106ef4ac3a6f22b157049f8757d174a202f6cf5b472f6657c580efa8b575be67c4b9ed2384bb58f6d536f75fecd93183f7739d61d4656408f26455b85d76b8c04a79f0e9e201648702c5b1a498e748ea06c138efcc5b9e276edd7f10db132deef091fae78065a3d7d7ac0a9dfd9b149b36f10e8c9da4", "c64d8bed6128be7c6aeb6043b0eb21ed0da2eb5c851f7a19aa0684e3e28728c8517595ffa9779ddc7c953cfec579a683617309838a4b8142f732139382106cb3ec237dfdb2353cf942b87c3e5c8029c103c25df798896b9294590d45c179ae6734506768db3294cfcd36a8d9e9825e0f7bd497d56ea7b3f2aa4a506672dd4a1e4bca2a7b4634363fe28e191a6430f27375bbdef2d7a26c32a57b4f346f56546832f16218a8263172b373fdc0855b240a1d6fc1880a560ec00492887474af83a20108d78283d590970145bf52e0040f78810019b4ba3fbe8ed017e61af1211900ebce2f27149602d1bf27e3b400753e5e39228405e6755681ec02b7965eda3e840c1595bd0a168739b1355630a862446a7019f3186bea3bac7c4396e85944b753b9519927bab0c46785b3046c6db265a4427024a0b7cfe7d5167a11352dcfacf5ce021866d142a2d4c3b8d6f5b3e13bd92875ffbf1e964af24ca3e9be8d1f0bd892bef7a5bd37b29dca813830ec40c27bddccb59ca23d708e669d39cd9e8a15a8e70e700513a34e52d3724c3600e50d448c5b08a1985b588284ccce29277a7c68f89133f130cc84fbf7097094a849c96a35714d2a31b7e42785ee24480dd3e8bd58dd450f8b2fdfc4981911e6b7c96acb260c12e6d82866e460f039fb73c52214e4fe1ea6365d4f2c837d52563ca3791e9f7225019bb798f9a11a6f121a583bbf4de1d8f9c44d390f6f0f8772ee55b0747b6b016eef8e0efad71309bc94b055a8bf29766ad02b34b49c6525974ce0477c045dea8070a4b785a0757f5f0a95214223524c37cda5c079cffefa77d905a659ff6bffb47b6c7894e34f557ae5d4bc0226b46360e7dc13b5deace79aa9af0d187a7e1a7cc438505da34e651bb7150913f172cb5e134019ec24a39bfe46450d771bf191fb5095e64584e705cf466d99f9670959bad6d5549a3a000b2aaa513b7f2b5688cc7b9c5e1854054f310d56b1fdbb9cda295dc587b15e2ec80dca6be36391efb3b4b63f228a0fe98083c402e8b5955187581b0f6849727a0a9d2c663997d0c3f0f649a290f5a8d3b1c1ac900bac0f028bcd27cd2a4b6c9edbf56e3f62592e0f6ae250d20e3da2f784fb2172f7b17c52ee854480250f3f9765eac1a429d6a9d9dd31a98fba05cc828016b966e1324a3485fe16737676ad832980d549f35a65a75832ac2427ac7b879559511789b36f95280acb02a62ac93a80fddd293e2d1b1accce4a228890f8759540de6102c66a13a6d52c899fd610a7bad2cd1cba4b841512832efb15306735d9c9cdf33adc7a3458623df36aa9fe5bdcb8b08246c16e66c8775021c8a03e24be994ab529ce3d22fc46042e39289a8d353c72cfd28eca70397d66cd54ee4e97fb6698e014cb7102f5c7580592f6fc5c1f8168d14674119df220b47391ec1640a43218a8ce322904b521c3ce9d88ff1867590b76fa401e5d2cbd840bf4af3a90e6e8c856fdbb36731ff5123097a757b3de3bc58b3d1ebd8f39c6aeab6486ff7993d8afe3b90ed5c780148ff9bc3d821ed9bcb9338481a56f3521b6af6c17911d9644d81008413b3ea11c80e63496bb02f983ae028c051f70031898dafd7e3dd3f615ae32d2fe5691849dfa7fd725f61e0de12125dd072354941779e40f3f4b9006c467ee5fdd9ed04de029ee74e52f62acb2ce744d3a477ae9d3cfb5874ef953d6c18d6d846d75d1c6b05464d6a64d25be684957cda34d589ec07e548bdc7700a8ec527be3c30096cf4cbe80ba7991ea9641aba55830bc03fd455c3e4b16dd022c66ee01caae7e6a58c9f6080eccec226b4f845327fa88b2d130bd21e6f28d4e4a74b0bc74b6ddf98689830cbd53dd029eb154acb98faaea28d63534baa690d737a33eae41d36f45e854d516f5d7010a16bf3fe97b89d1c5bec9b620ee641133e0864cc5df9483303c5deee0fad8b56c1204833b693650a520f1ef8e23d68e40fe1bf5a6b309570df64898beea3c15a2beb8b9d7097bd734c32e2cb484a4a87634c6480358283ca853aa8aef5abdc27410db0d5a48c585f602f904519aef6cc4bbfeca5828bccf7085b5d576e051887951b3ebcb9a9f8842a011d3ddf4cf1ce2669dc94c1d38b7f32dcb4a1d2b9b8431d276090cc667d91219fd47d3b021af6ab36434e682d36515663a39c7e84972b9bbdde935c3391547e2a8eabea94df0abbbb604ae22641c84f8d55ef64a817fc28abc43834b3e271676ec57d8fa0cead969369268772b91a0b180dbc72ab703b059a0748523527162669cc866020b18a53d2f670d1ba48e86e7819754a8ed7d788debfc4705fdf2b0eec168e38f34699c54db5a81f6a0aa709b332287367b8a6d7bc4a733c4719991d3a4f4fc44eab5a97b6e9c72e5de4357485227e8f206c38132eefacd84fd9771ca0959f607ecda58b8e9ec169c8403261382df38e756f266476a00565d472dd3881e8fd2f51d257f8effe5bec9f1310ddf9a90ab02eaed29c488c3a653418c4b0ba7af595c762b8af63a6469e9643726f342ecbbb9df835c1d82d98120c94d4fe836f0c015e19c487b484b6da3390bdcf8360cc165f672ae14050dd2526fbdbb45762ae9d3c18128afdc3826474bd4f662346d11518bf6811a15dceb99342f8ee50ebf26de07b92f1748a23f33a1bdc92b5ca5d632ef2e84f4c1828e08a45760b7a4a37e46363cc8ec3ea870fde2f6783a71cd26366d37074ea8871410a18ad246d067dc2ec653c210ba72e80634b781e5a9bae9d445f4cc68ba5717fcb7a40221fe72154d033aa3077fb3d962082ed4ceb8e954cfbc58ed5c3c25564cec2a23180311030f7696f1813d10b460b554231b21dc790f0bc0e33747d6ef3aa025f43b0c4f1550aa6022ef0d8b1bcf90eae0f695970a161fea3c660494ad2e6e5b3920f79386ab26a33f5ae8da013eef3ad304beadd0129d5aedfb6714e60d2c7cabedcb13019081d9d94bdd512b0a0962ea878f94558557f3549eb9e8fe8d205eedf4aa081d3201f6a9e54ffb5ebefe4996c91fd5a76f50c1750c007d657948e89f71151a4e23239bea3af970a4f324294f35159bee00c6f8c68530c1f3ae24f96d659149c7322146a03ee011fe40a1413c53229892943177ac62853f953b78961e1ead10bdf5eceb32fcd0c873bc8a3d8b84b9521b03cb7cc88f03c6b9d754b81c96379b79893959acc8b6bd1bf6f75cc6573a8a477e9ae312b52971d426f94628c7101e2063c5b43b51d4b9bccd7ef86d4762f5421b132b9311e9da10186701b4e9508c9ef6f077a326521a313231956fbcff307bdd9e8ceba95b3f37496bc2c3f19491a2ee371de8ede126ddd73e395b467d7716eb7eaa9e610f84a56c97546e9236e9f1cbb1e2ea8e0322d263c5465130e066c1fdb65d142cbed11c270c4e32ccb9dfeb890c983dbe586e219f8424e1d67ed67f4596d1afef48ccc214b1e06fc660ff6fb082efa8a3bd57083e821b5ca1d2a29b5328a261b51acbaa326f30274b1348769a4d618ff404c47336f941c17ac48443ac2470dff47f5ed01713ebf430283899513f9368063774c49ccecdf28d645dd2e6c040a7554fcbcdbc81caa397bf17b80ed15cf3cd27117809dd7b2cd282faf26658921df6a9ebb6737180196bb978424656b63312c5c33c18463bd06cd2a45b5b4eddd4df4ba9671d5c55ad72cd033ff1748f0e29b90f9fed9e8edee4cd0da1adae1a5430c3d0617efc3374689692c7c04ca19aabed2a533557774a032941ff10b6ee49ee23b05040bfff6648c36712e7a1f6b8fc06c00f0b62df52f0798af288e3fa93a5d23e7b4d1c2f12acea7f67011f6f1d8d4074d7cc779b67ff5bb585c6a3d68d618cbce5299d700f06a9f0d59c49d287b0b17889a97b05f94621bab8c65cc36e8f726a3ebc1f98b3d79512a766480eabd9642352f54163200acb16386049061899c82a22e8953b3384d72b8ff32d617e87664d0b6ffebe1dc52f51abe9857dbe780cbc4df09ffb9ad9e23fefde518a8eedbe1ca840b0fd05d2bed47c0ec21e4636d97e9b91d163d208084b2d94b4fba68b9d66a05f7a22ace8fc1582dad58744379b8e369933c755ef02ee716661ea6c28ea809ddf77697ad75dd9aedaecdfb28486fd43ba370b619a90c837f0885a149c0954e281d62ebb66783e45b0748d9f143b3e0a7ace25d1e7821b7829a6cce775ccb015ba8778769024006be6abbdd12c11e6e06e20e52e9ee84c8136a98d6591835e20aa70eea0f06d6bed8cfa5efe4682cda096f7add2b3260c43c55e9a81c6fe930ac2e0006f32ad15583e38f7fdf3a5273803d6b02a810a3ac6bb4ff2a9d5f0d069a504f1dd0626727fb8958f17985311807a9f2509300da5ecf94b1472c33d7ff3463161765e5e26ec144f317e0d4c8f34bc2ba52d2d0a5725bca12b257daa9e1b695ec4f13665db32eed55b50f5566b2321291dba6bffb5235336c8546b49139713145f99d7e9f555caf97ee01514a0f30f6090d53450a01f05911ff27747c3168af60878333fec2386ce5c3a604570723fd684a1896ab830b93f82b65824db2ba809ad0a9ff523c92744fafdab452d2e11eefbe00c23ebc1b7874568bf57651b38e66be958e0e75d3825f27c8842d39fdfa9d73764587f528f82b35a040791d902754a9e4c3d189527c0f23f530479e126f2f3ad59b1151677ae56843e677cf3af9f3eaf85378f016992dd533592d5fa061613f887f6fc0fc88b1d40c811ddbbfc80996c2aebc66c48bcb9a4e42d7b3b13dfe5380c71068c3422fb0ae3319e8575204cb0f94343b86fc2bac4eda8cd86b0a59148c862f5ce605054e3b74361da22e047e2e9bdaa9ea9d1f54160289603370fae397c17d9d4a654886c9f32bde1a40c65629309cdaee224d756ccf6e254e8edc810817f6d80d78274e8d7c7e5cfec62826c9d9eec92054084ba52e75a745e6f5f9c0d8d668a2b11b023e72be30ca67b68d33de5d1c6ad973ac9efbd9a2053434706792018d7e693398e85dd2555750d653eafa39d30c61c21c79643110ca82846322068b6423bf4a8670c031934689e6883d25a1dfbc1347f83962548eb1494cedc97d2b9c6aaf7f76ed794b27f6af4b70466f2e4890a268964c296b173b3aa534c92372f8ccbe23e7fa278373e1c144e17e621c944c52c20eeb00a69a25b264aceba3409fe08626c90b5be12738ba283986f3be1ae64ef67ed36c9c4dc7a48e978f08fa9a4eabd44b87fe01cdd3598850d97a203ed23d8d396b82e66790d493a926deb2f894f0e4955016a114cb3acdeff765cb15b5633d36a3e42ea06f90a1cee6b52c23fc9ce94f003657f6d89bd09368502e33083a9f2c638871ff36c36509d24dd05d758cd8ab211b2d425165bbc7b4665439ea643cd99d3f64f642bf9"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004db80)={<r4=>0x0, ""/256, 0x0, <r5=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000062c40)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "8bebeb894f74c3"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000056900)={<r6=>0x0, 0x0, "599a308616c731d93ec4257bd4bcef04beeb54235cdcbf8e713d381814943a3bfd7486f71e0ba7e6c12026651be67e4071c09ecfd1f7f98a1a7ecc437ffb2a37138e5312e84d0721fafd132f1648b4e7175b4ab61ad99c10541347024974f2bd655fecd233f1b3d8c533a066378f77da2c94179b3db4492218d468a7da9711a68beebd881471af92ebf4176742abc57e0ee9a1b0cfbbd86f7095061d5e55f3a31113549700d6e094ff7ef4edff47bf815dd0559ac9b442d1b852cbaec37f389c3f0f96226d702a48576744b6d0cedf6728980a0300324e723af2a7dfe56286d3c2422602b27472a7d52d0b31434276cbb5c500650d5595eaafc974aedc481db3", "49e8ad615b1d6268749525fb493645dec30be37d304a4d00e7d108c3cb2d425af336562776771d2f164f8e60111f323d3c4a40f78a8165be0669aa5786843cd225b408b15f653667cdb0d24fd5eedccd03f76d1ea000f0088df00c3f2f52ee03189a88a064ef97554eb72b4b9dbd05bb9b67ff65d5335c51bd5bf70d4739b05a73ad1a0a069911b5b7328c3d08be79948a00874a0fd14fd66cc51dbb3775eb731e87ff0a4818c5b15c774bf5ccf41810c58e0415592bbb216902a6378af493334de458d1d79cec8e5239e9e3643caa1ac7c3c307103ad84b6a13a1f0207e40001d9e307fc3717e9c6716a522cbb6fead15fc7acf19ab495a7f42308652fb1ec719b0c65f757fbc5cf8a66b85042bbe48aa0d3c1c1bf4d0812d19f28900610f266692ad9e857fd3ccec45289cf1448e88bf0c8f9304cd6c99c3372e0c8073e91fcf81f8ea699bc8bd2c7f2abc85cc1a90143939a023a9494e81fcc09fa8701f62e4cb29475d64256bdd49df11fe1ba71260f4591612a228af69e3f166491243fcd9a60fe627f55ac26ca3d9387f08d77f2c6aa6a52585655435b35dc35096128c7dd708a9450ce57eedb47904d392bfa28df724105f5c60c8fbd069085b2ce1eb44b741dddb8dcc2258f87a81631e0b2f70022d7aeaab059368ea4b8f6f52fa322f397256f205523f8e15d920fe0a1ff0d0d977a0ef58779bfabc0a4933df0b95adecdd0fce98a0365ac601b2e42250b991cdf29818c74a6a1f77de07c514c2e0b51b37857383398652fcf959b2986b122699e020d87827b2b24eccfb5f336b903b347e366831d99ddc05adfac145734e2c2417e399330f7799759ddd66aad16379c29b95bd8511bee3a6f80ad5ee4fe36ec7485992aa640d3de60dab3e40769a48b71ccf8d2fd13efef84303867b4f7f46199e99678cb4612b16fb5fbcbbdafd34351b060a5bec3305070333b12d641584ebf6a8a93515736efaf4a957c196d83d159788fff6b1ae7f271b06c560e77d53431c171138de897d5006c2ba14797edc8b0d3314fb61bcc6f427544ee8e78432b783812842dbbe05abd11095ea7d3e78cfe3bfb9b409d31246b2d63e4cf0d024b202363a8aba0a3900fe8ca678569e9de99fc93504569da4095b43446f2f89a3792248c04ccfa39af3ec19d7f29889b15718a39157148ec9587097b25ee0818db60398e2b18c58df0d8c00f5df0c8dfff3838d62558f071d04faa20924f27c71b6deb6898e073fd8d62ff86be414b5751b66cdd9657751526582feefcdc935a7d74a209df9c895752d04c376709a1e013f040734304ae1e055d3812cd74cef376ed53faf54a96d2fc5a7aca4d18f48e0ad32530dcea0f2bc4e0bf2c4fed3f7cc962ca92a28a61b91718d6418095dc1236229440c6bfa4b2d578985ca9293a5e9833032b97a50967023b778eb6075655c3b60c98e0ec0c9737fb0a5a2558d0a359de0421c1a7d04a37b4e0d031f3734886690dec406ad1303b38261abb2a7c7a1ca6489753a97be87f098ca963ea15ec316cf154e128c5db97314eb24f7e3686228f807fc08f20f4ad3a2a376bef48e6d6ac5d23082e7e61ee1bf702346989e5bf18b9b54adc0af7ffc0cbfb6cb05a797a93b513ac215593bd12fe290d7f73a4f563c3f4600182a9f1e61e2315b5d0469250eb2527696a59a2327c508eabfc74318229d3a44a7e3567e33392bfd3ac5b1d20393c5c0128d1328cf7c9af3b5fd102807c4fe72dbded9caf94a323b981caee866bad9fc66a514d57414df6888a3dbc2fc91d1c1cc266228b64641a58fc7da05893b8ea6ad559e735769a54f75f95052e309fea3812fc467280767392dca20cd25df38cdc8fc2bbe82146deb9c8b77a57da116a2902b640a753c7624318452aefe7985d6f75db3af44e7b37ec3d4154698f75729d191098b84a9d5a1355c3846e8b1bc05dc0555fcaae0ef668f184070a1ff5deb8d20e71c6d66e979e43687fabbc0a0ab4a64b8da40502fe555a821b9f2fb9e0966af4d27eb07d42961a89267face965a8fe18210b5144112dcebba6dbef164dfce76b226241da51578bebbc7a585f3ca4cc5e851213c5e1d79ab7b8f898c21ccffeb6443203b60aea92a1976f6e02a75c32d435cc8e917fb7040f4f90904b3a291dcd21898eb857a878ae3dfc931c11ba2ad7c36aae31d8d94c636af45388f3813dd1b451ffb3b349755a682a6f1d89f963d7dcf59ed063b30fa614d775008dee95a6eb9239b1dcaadc0eea1e98a0d11eebd82ed9040ce09c91a0783e0b8f3d66d67816b27304828e31f107510260517f34410b93027ff63ab6bf9188804cb3a0a7f81a40aae00279a177ed04e66060afe90d4697e181891408600ec8431fb3769d25551a5d68fd14318bff0cf400e2a67202361130fffb891c4d18a6ff6d78969d9b524b32cd235a04a56803fef744bc5ed57729747633eb3d3b04663fa32b379ccc1f411d70863c51154b6e1c34f36263bbc9325b11257e9f88155b63ce142a0624ca43efa447500da6503ab5c7a4a472b00fadea1d64442caa3057d047668fff82caf6fd5e05753459839430af9a2c52705ebc2baeef031a77eae47a463b37d6f07771a8c289e57dee3c807504c6e84fd2fe3ce0304a66e8882ea32ba4bda3750e63934d1e55dd1a42090be6e5ea12b0bdad8d4cc7fbd213372f47f0eca8646b7ab38c198602d2ecc381ef8c1d29436363e04b878999db312bcfb7165099635629a49a6f43c49159334ff650a08f2941d819a38585552a6595f57e72669dfbb70aba70be8b03514ca0ab93c2cfcb38fbfd66005a392614de1baf87f9cda016cad0ac4d881c148743bce6c0703a57d1832a7014540bd5d0ce6ca46b27fcdb6e67363a89bfada74007b5f7b244d967124227201b87f0d2060bb4824f4103b49c1fa52241884b64e03fd91488a70cec32ee74a4deccef35a03ced522c664d7f88d2a6b26262368971b4b1e748f711a26e1c1cbd061318899df4cd8edccbbf3dd4a5715c7cf547e8b3151674c1cf3d5ed87b486901c515f7923075465c94ea6717e4751fad310011713c8b619e557ae60c4c4870526c7d390288f19b06e00a0bbeea5f062a0d643465ea1b4a5857e76f754b7502a8974fe06641c1615b759e075591688a9ca80803872b6ce6f7dec3e5d23cc29dccf0b4c5ca00ee293be086607321063e10e05cb2d78ccb1095e86a7d892401788ddf11201ce7528539d023a0f4f6e834cd8d4110175cbd79a86c1a934d609d576b79ab26b38d106cf72fbd6004bd947262e8bb5ad6bb73b8713685c0136186cea6c7bc26a21b444f443bd24488fefdc5b25f431b96b5885b6e5169bfd344abd90d7397b528f9da0d5b071b4ba892d660acba5a78873444f844946063a094a51f468a598c155d457e450925cd5e6b464f666fda9b2bfbc419770c2f06c99843214b4c20133bf9176febe480b2cd0cc3ca1914e662b6f0c572001bb6e24b81d88be65a47db1cfe18ce660d159ae483af184fb6fd2d0ab85add48415fb0c8134ee5d754a3ea26ce5aa4d7e48738414cf05ea752f387a29d92ddb54909c9d3d71151c59a8a37e4035c7236e671ddc3b2c8abd7d1a3b279402758e5da5f4cf2cd108bca42e27b75ad422bec0f0a065a482b1e05f68cfc735428b42fb6eaf65bf22394dcac1ec028f25afbb24ed6ac8ae40dd456c2dc436a6ef204cf7e93a3c7a36f1229ce3513da0369f3836b3cc817197f2588bb1ad7bcdef18c52246e2d8ddfb2f1e8ad8c60743bb694394848fc7355c6f6a781ff39cbfe71de2551f568abc300250c45957ad8094de07fc47ba7e9604aa58371d5a1c7edd05066fd96feded9c9c9dd219e7457747f924dbf498b97bcee55712e330ae03372da8da36bee062ceca0dd65be9f6d8ffea76222b877953d32ec26d7661516b22fe8fa42da837499bd42bb148c0610a42899cdbf54b8a422dd3b5f39cef0120f4db4da2e55e71948b5714327b20a044aa172ce73e1b4ee5b57ad23d2466996d2944a0abfe4dc431ce5f80ebabc46fd518d6494a6175e1762303485395ef65ce402e0d41ccc5fc09c6c9ba367e2f92acce43be4f32f98aaafd82caf6ade4c70977d025f9dfe7a38b470da9f33e1ce54dd3be8bc0f8472db125225ea93f8631be7f437cacf085c6dfa147dbe63a8a155003db619f7967e57a998c2745f612c305064bc41d9745efc854948192b26feaba1fb3b6772493f81a53a6674379a15b8ac7cb426ae12fa204cdc24dfdaba586835b1b7e3b370ba595c7c5300a7f0da8b319975a39129820fe86e7e3856ea920e3e221bcd8b0597903863c65791774306d62638a574a1a04a8cbec385a714ebee2acdb3c1efb93a7ab85105383054ccb25f27f9c42e24b9d82d412ef1c7bc7d37e1876c2e81f83629336b8d4b02426ee4902f32adae7ffb3538b405cf1f6142f9b96649d755ea80128948346d472a6c395215da0644401265bb3ba27f81e653f9c2b35911699458b253c276c12c2055228d816bafa6f5e074feb72ec1f964215576e3a686916b93407bde6b308aa7131057150d34adab6e11c6cbb280a9634b2faa43e8177ea18b686baad2032402e3dd9d3e4d5fd59fc71f44a7231400a81e516f30a5fc7faa864fe73373a6df048646da03d719d91c2c8d697178a8a622d8d3d922193a2f4912f24a8df1e00df8b28fee9e89195489d4715a0240f7e615cec7866863e7ff00496d28d23fe1c8a1f52f61055b672dddcf6757693e6ae6cfb24cb0f69a1c7c95c9f70b19680667ecd32f67da71bf09156cdfe67626a1d71853030d29fcf20267141e0264133f9e0f8342476e30782d4d03d8c80a8b6c2f512eb6ead4e44df7f92e6dbd585f74b5fb8d368e0cce190645d765a85bd1317d732db6bfe22611c7051d42a5334c5820efb1056867c7c342f12c2fad0781d31373c1e00482f9f05446460df9e37b2d6ef5e3d2acbca37615f8da4fd9364a05e4f267b10985ea4ce4487ae9616a91c70c63c40655a6fb7504dc08806464f1e75f80698674901ddea05773d6162bf5c809d25329488563f2ae7e35983b92a71d170c94547b19f5fb52940b89bbc08678920bce6b343a9f120af92086394db20aac111a2ad128e91ed7d8272bd3ba79d66bb15ae3d626aa2b45fea5b2557941cef109eb114173a80cc490b5a533acddb8292a1f293935df6193a2a190dcc5f9ca4479fdae100b20202167b7bc39cd32cbb0ec137deed4990272a1d15bbeec5a272133337ebdfa3b40013c7f1ad125a6e383ec57bde5e29fc481b23a4606baf25bb973e96a7ba23f1dbdd303b577e174d8fd8fbd13f5de894e4076ac01499c530d13b2efa685f5ce1d1a6ebb3e025ff766264a24e54275358142c4bd79a0803c8b2b3dc93af9f"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004db80)={<r7=>0x0, ""/256, 0x0, <r8=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000062c40)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}], 0x0, "8bebeb894f74c3"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000057900)={<r9=>0x0, 0x0, "ff2a9d1f59ef2219abe7354289e89bb79e19243ba6f70a5e2a0a899980ed2228e07cccd00c5002caee9992d40e076ea5ce8651ce0d10a0dcab7abf0522d3c78de5d0c419ccb39cf876418ad37e0254ac962e5bee3d6ccca3e498c67ffeded4368ef573f46740002be22de4d368acc361ca2ca9e7b516172ab476f8085692eda4f221064fb90fbb78b6baf4e09bb9cd6a71c741c539ebaab73c5d4fad446bbca1b096afa5498d07e934a24a215b2617bc8afe0fc8597239af13d69fe91fb8afd1873a2d63c87382adbf9f863bc3cd679536fc8b4f30c09dfa186c8073fdce8b8ba2fca5c95fc8474a6ccd3f63465c2bd93e8c2e6a543ad82bc4013e3c4b9911b6", "bc42ee6c81c36647cb9be611601832bac3266e578535120df8c23ba46face896fd2eb4623c4b329afcfd56d7878b51f762fb55574bae603c80de092abcd0d8889590bfe7600bb6e4bca7bd22e5dad34bd9088a63c7ddb1f733fbe6b8baecec5243ed547d07dca29aa71c593c57ec41b86a8f5e21f4f087d94d0ee0442f95108aee64ac88b0fb1c46a87aaba38ee4fc9a671e890228be1c97de0c38e70619fefa425da5c1af90ab0181e78ff65a9d3d6108b6f0f315d518db5d323a49b7d4902013765facb9947bd3dac50856c4548aeb89e21463f337a603c76d7a3125c3244667f86ff41a41bbe239e04680a7737f666ef6c6dbc081ef5bb92ba154d38064c9cccc26a8237a9f8040afc00042610cf95c5853a25218ca6a5cf997d5c77c6712c16c590056bfa729728605da5fe24829924c54f8b9a80fa5b0d1b2d921520bf2a5de98967b083c10f2b389142d6688829e8e054d9336e9ffacd13b87220f78f3a5c92aa30faf13f4811b969e57d41028f83af8b3a711663b1a943e811cd4b811c5bb92290f8d835ce8557d8613b5e6df97fe0488332bba21687b4138885ea815671bbb81796948f016e161e57d3575ed37ae2948a647562aff5fbbc585501131c949b61bd642b9ec4309f69c14e37e77d62a8d89602f8d84296cb3ac49e55bd9a5999d8d19ad2b869e803be5a2ed05ea8053a2263177906826a59de8303e2225b0fbfeaf0f63cc10b7e0425ddfd28f2c233e05d5bbfa1a88a0f85f91887d8e70c2cfdb0162f19e062d2a602c0cc307b74382095418c33f1b264112917c5b8712895a939e6487e772eb0cfc8c17ae817646e0b6c35b7d47795b8cc44024ff4045c58dfa8611f97eb59a92e39b9f54ca3b1a1321b0d921bc0cb7bcc0064a406a0d57ad9d34fedaac6238706cc60c6ecb1a0c1a13ded870ca033af27f3956ec3e7c6f56e66494ea0f76c8259e27135caa821ef17e825f2b617bebfd9a1cd26a87b8da8c2c312549e1fe47589c13b1c6097bc1276baa0b5d1c07fa244e2532256e6cdb82b23e847c7636fed50f42914580c2f82e9bc54b35440a93d76741ffa1e84747251551b6dd781250b59cf8856d9f2bdba0ef1384283f2943f22af9326ff3a3a382ebbe6a37cdf44ea84f23e612691852d733ce3909f56674a85b86f0310a6fb0b2772496d4a579fc6dc1ba04fcc2f6084f35542054e3a19e8d61d00d7c774d426d88da3dfafd87291b8c07a131f99d9d19304c9fdb64daae3167ab1707668ca77314786f804a2f93bd961fe89369fc5aaba556dc0e7f5d33eb4a8e19186171f9a4b18fe61480bdb6c407ada0de6fdd0a75a4799b7ee9bb4804adc0368b504f4c49958e32721fe297829bf2f0e29380f2d33fd4438b84fb9286d9b9e76ad8ce3754507a388fba045d78ab62db1904056bdf0ae6693e9edeb2400e98a03a5ae8deb3b0142f94265becf5bde576748e20f5716ebc980d0778710b7b2148979f697492bbc5553e148333398f3eddb0e6c9cd300c4ceef8bbf7610155980841ec0eb1f0644c7b658f94e6af8dfe74f51b8ac252d8a99b273dcc1e9a55f2f8272172f207fe45b8ec649b81e0ea40a39ca89a8c484244d457839e8088ad148430a1bc6d791a923e3de292040f5e746f1fbfa90eb1c82d3bae9c7171a54f137b70a5f357ee4a0adec4806b693078623c9a8ea851af680c0c2d8ddb497b042bace023346a04fcb5731933844d2b9f4d1401c76a636df96eb0ef7fd79f5788e6325bf0ea2e8f073eaeefedbd6cff4ce627b385e4e94a3228eb0292f4f6dcb2014e1a95745c51439ed079b56704506721f44bbc78d95c360f409010115886118f4ffe2c69ac22a293057a0b4ed10d1f2de851126190e03cc72372460fa7825fc1644b1dc24b7f6f91c9642ebacc7044e7dd8904e53d4db5b082c06f236b4ef18ca05c3c63b0d8a48f8614398d81bb92db609852fd12e21a836df715a88dabda1cb097404b1d7706ad7ba14cd147cfab9327ee49f493a047539b33a3563a60954ea5798e6f5c86d55e02e12899de335f530f3d67ae428d436a5fc2661ef8ca0185deb4e7d115da89a60609b5b6f7d683a55ca67dc14e9a519b91d7f4e1b6b5d6b6547b8e6edd78e668effb1f1294367771799c574b96d4e6e44c2d4c21a9b68d65fe89247e899ad9193d6bc049b9fd8952e0bdf79fe900cbde1cba34fe6bb1119ead449a09c16eeb69825f73a894f4780172e27f1e3cecf6e51f8a759ed4aac60697c0204ab5e15b7556de76a38752e43bda695088a15666d9d06743e0fbdb09e5213871e298ed62e544a81c5b19293367012f7c32d51e943d9d8d8daa99fddcdb72ff01c78fcea870c1817a49e11ceab7cd97600d7c29c3f5a53698add39d67b4d414fcfbe4f7edc3b82bc78a06c85f0944c10451c2352f71853fad47333425577b31af5ab540d2fb57c35de7ffe20ba521864f741a571e5dfe89a8353ea4eb08d6fd62ea3a692d90d9746af8f0142945d613259c20a6a521178b6c90b7e349f2e21f90af39e0dec4a9cc99b6522118caff8d31762ef1a6e546cb4709c4bd29363204f262a4e5b63ef84f3f82290afe25a074aefe76bbdd9c58013713001ddbab5c62ccadae442aa4d50c48e19e2191eeba1da40994e80a4678e9d36d7f395432556fddacdae5f4375285ce473062fdfd30deb04b3fcffda27555ba74e22ab883662d99295477b299b7a9dc5eb8b82ac52d856191a7cc95cce2089022cb41de4f02ea59ac8decbb8c59d3f1651e1784443dd8f9394899a76f84284f33d9f75500668024b52967c5b586becc2f02c51085efcd2ec23cd0c440f26d6ceb93d9ffbc3c61d26ceb20049aff4a5bef04ea3713f61ff2f68b82bdc9c37ccba5598663cebf64838123f604a7033f244bc3173759304acdd23d7c4b3e870feb918154a6f77fe75f4651b797adeffb813fe0476385ddb0c640fcf6804816ec31f53800c153a12ee38c765c23cc977713cb49778f5448b4ae6381942976d2222ef1982c869078de9b2ea46d0147b238328c6b098c34f04c0fc7ada5c411f1878339f94201aa42cae772ba2a388002e9fd4f695a2c2a66e64cd5154a5dd1232d48b1097fbfc1854dcf17730241ecaa59ab1875af7cb8b85372fa02f3c58bf49db3ec4127fca67dafba9227ab7eec18a084685c0c5f562fe2b3f9d3bda462431369652cdfa08285f195be91e54185c26db64d087d90cc539d6f4f96af16aad198f82f8c6c9e0c27f21ad6ed784675f48b07d16db990a790c4b645b652678ae6b0865880e96fb28ae0a483131078a302e4f7ea748df9c87ece5b799e701596369730c0e3cb503983409b00aa298659bc80e5220a61469767c6cb03321c7e3b580407cbaf936a7174d864e7436059d3436bd98012b1f6851da955c9204a534812f942f7499440be39e2aeb4ac64e3bc613109ad44f868a11ff1c95e2d97c6908139fcfd6c4406898d3293fb1a40ef33de6b0ee6d29a6e79df2a5764ff7e48b9d57dc62b52c9e2d12895004ce0f72b1711c2e4e44f3e242c842dfafa61244df442d21566931590c584c80c087186575c0c1f71221e56a4cd08e7833c8a26b1238e538f818fe6cc93b7ac49fc3b523c6f7dc2fd164611b1dce4212c637095e7ca9e44bfe0c8c2b9f628b479dfac7b07ee48b3e0891d906e5f80b9a3e054d7506a106ed08ac47349352a503b479aa30a14e0928735ab1bde46587536268367f24ad687253ea96d3005fcea48eefa37c3827b7d50cbe3e7ec9abb41aba1648e9ee0e22ffd5ad4b9a8756d7df0a681b8f842439438223fad1a1d6fff23abaa2dacfaa8922642ae064c09d0037d3fbb51645e0795054575fb994e3e3b96148f44b7c2550d5da612582ae6587a58fbd101c6faf2080a3135defed21e385daef1a4081d9e95fcde2650e967f76ca0b42499a450dd40217ec1c040f6abd19e2153cf587a8954d17aa2dd18291bd8fef63fcc125c7d396b04310b9f84e729a74cf000dd300c31ae3f3d43b72e8b9fb3530eef82006a22ad1bed2719e8d8dcae4d9d51de4a01b2180c68be13f450167734c5955d12d8c7bcd80755409cd2999fd1f6b04ddbacd8c113a149270638734c249ec9dce7d6de5893f83915c0cab230ff4062c1aa3202d5d0b4529a767b5fc5beb2dc31a0c5d91a71e7ce812644c8f68e17964e2eda74551ced8fe69d5e0affcdd53187697a8db530a3f49db3d09b07b05b398cbc620f61b5d9e06c0d27a323d975e917fb2d2f8d705809de4890ad4478452549d8f434ff53c5759d37b5cdec0912d561694ea84241d78ef20858c1cace4beb2a268ada3d8ec3c749cd293fccb962420236e6983aa3151056f754723cfe748886e8d94365bece13dcc81ae87688431b17eef3f115fe7d62703c5b869915785ce3c4d3808941307eed9db1e4e420d3f4aeea6a73d436630d8c1bdbd352015a77b9eb6567484bbfd4e9f7491c95da233320ca9daaef082452260c2764d6bcb986937b2c95bf2156b12f3e754392dd7a48500a5e128bf36023b21a301e4019960247420e9563dee53103ac777f10913221ab2fc161aa0037ccd53f1394308334c87b5ef0a0cc5e9ed4fa999e198a01e71fbb083ab2db459cc57b284fd244876813c9fa2a2a896229007f4cc58054c5313d678c6d2d563f00df930d36d8789737bfcf09fc74eaf1472398c30cd600851faf4932bc8f20b3895c168809bf545bfd1a045843433f4dfc3ff7ae72ac6d0eff3a8278f0e3749a9dcce5fb007896682c4c38b684f0d03c4e66c968a8fc3abeae1dacc104f4ff4a017074996e4f0637f02b6f383f3bee77147b36a7f4d9ca92ce6dd33625d16c79565e59d021f16886da01642dfb4ce92c4bdc80b2abdbb8e4ab3c86fe9ddab0ac496f99081a2490302e599351bc761ff3b174170331a75206aef3151f09cb6d6b3325cdd645165107417ffd570782744b4a5ed20eb25fb8cf4c11b0513c4934c497b495c44cce18cb63a9caee0a0f829098363cf6881490f6649ab48ed3449c7130ab26c315bc0f6b5c7f6c4101c34944cfe77df11736a64dc8bf284a97b1a48ee5e4d7685f13865cbfac6cac421e45f993f66a3d2b2d98c94414153287d1b39756db87875cb725b333481377adf0373a0f3a039ac8ed81a93e8eb5865ec731a7ca416f222972ca86a9d943369b4283c2124b3e9dd93a08697af26255d079df03876a738b1930d73f1a5456ad798a8f3a8d332674b89779aca1f2f0571e114a678fbc18dc3845f030408e00597f271be12b370d4aedff456424dd43fdc591ad82003d90f2d683a9ac7d67de7b8752162c401c1d17f3dbf1753a624a9a02f78b999e716bfa73881b7256e08cdce6fc6b8a75c6f20b08deac9313b3b328019502e3b34a516c14c82e26"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000058900)={<r10=>0x0, 0x0, "b9da15441d19eb64104363e07e7681e9146e7b7bb4a65e1d63e1be0e1fb91070b401dd0e0e405d1134dd98d5274d08b07c57f19bd581a40330381aa2483a734084b9680d97b1fa49b878cb63047bf82af7ea36f30b00c6bcf60d1f28d3485c2d9605837e4ba69910c7dc437f19e538873ed77a9dcd4791ee242c06722e26ec4f00a6f8d9a87447ef4d99cd5925c1d973039e4dec50054e7e711c529fd07c9af436359094158239b308c2fe37e484cba116771a519e034cf3cc6c8b99ed3e095c61cc769e8f46e7ec23d7761f2316d52b6dc7aeddde2ab697a9b4fa0fce0d30990edbeca6056f9f2189b457ca4d821466cfdd1a0fcbe68e91a356a6700b9db493", "8a5fb6b018f70ee0e3b3d9f13e1806ecc6955a631f29a7f7f8a4cb459ab478174669beb6e1adfb18fb05a7cea067199b919ce284f9826588be983d09181cd9d65edcd744ee48ff2098945f70198e4d7891582f639fd89d5da3cb638e7f86b797a39f4d1e0cb589038966ff75f5f6db1a99b1d3784ca71eb8ca06759c5d3a721f8e147a38c82933670a0df6146ef83e34ae60073b799718da3d7b4e33a4faad789123ec48d2408368913ca9b6a25db028f2eae6fc19b7902c71c2feb5a3e030cc70fe178edc2d59a0b10da6d6820903be66f6ae583253b3938ffc5c5cc55bad56af375d51d279d4eb075abc0d75fd33b830a4ca014da489f1e8bd2406bd134c44f98a5238a4bde373c487fe78a50866f20c2562ad3bb1967f4bde26610db06ee678a27c56ceaa9f6ee904adaaf12dc82bca6e6b54b9c561456a681970fcc760c47855c01aa77b2599e05cdb62575aa9e0848c8083086f59a446291aa82af4a49296aa439473e33b7ddc194d4da3ed02324c49fe6b81ed74982343766f2af6d4ea29d90fe5ac2a3ff3e0180f2519b42c0df50fb97e680144d6b04481379827614bcc605b51f3f1627bdfb973792b8f30a18391eaa83edf60ac3bda99d74da8e12f749983f6c4f5fa0f4557fa86f47b5acd9ab78f06b20934ccced8f9f5d62901dd67db3d9da5cc210cb850d6cf5f64a89aa6b486dcc3eecc73bc83f5b043ab8ec8cdb3de7e0a0fa2c1d66c89c51c352e9de3fdd6460411497c6002905bda717e0481530c4ed11228b6a361b351ced45f4cc5a35914ff82a4af3df73446b9cc1a6f313a0d8ddd6d1d2b93ed7c803fd9e270905ee351bdfe2295a57d116e8ee71c33403b3d987b174f3d581f1b59c030e06a28f00d63bd1bda3422a75ee8011b05489c0bffe0197c066f9eca1217d6439266860c5e096711b2fe8c1d222841f28b8aeacc54a7c76821dc6b0fb59ac5e6a0f2a4fcc3fb29914f06474247f3ffe226d341d1b0f65ec8e3ea123b508fce29c37ae14711d09ee2aec516bbf358c0669ae8e214ef5830e6713edac5ec68ee145eaf3d6f17b734bea75f8807837ac90ddc3abe93fc581d47575db0663a970df4d381b2b3b0f7359a3c1384d5212da64c029f9cfb8bb3745eb2fa8a06d81364dd30e5fa2fab3fa284a6b7b2ffbe78ad7c2a0e8323f42b8dd36eac09f904aa44ec844b13fb3b5b31675e05e9b7f339948c1edbfae297880fa171e61ca4f6b777f4d92958a2e8794a11969a1c7e8128092f17590da446db0d5c8ac438cf514f16ca46d0b6085fb8a67ac270d8b73b0edf37080abb472705848dab935b687f7983ead310166a4f5c16210c680685b8df8f6a78369ce79037de640f2b1f958febe10115731d403c32e4d260062d89aa7a86a213ed54f12cbdfaded68edd25e00d0ded7390f89b93585974bc21835bfc858f50602b1098c00ba8973a8618fc80af09faae60cca83b3a377df392384a3d8840ef24471a35aa74ed2fa9826b7f5b15a8011a9c562b013dbca82a81d384fcaf3d66ba98c138cd510bc4915f0789cf1edd5617d1c209ffb81a5a462a2ffea94855d2b552fef17a456ad3283572727c106fc22a01d9d1299c9a581ed1e8adffd129f5f95b7c64f1ba8c72c83afccfd050fc687bdcfc67b9465eb20bc7bc6d160b1c3039780ac4953c26c4a6555e54387be8c1a799699f99e403a62250116dd60d619f1e144b5402ca73665e648721de79106fd4a027aa4b4d53b89832d37d7d9106e64ab17e1d2155aeea42fed13fa081be19089af9b2fa94cfaddd63abff4e220098775e5d4c425ac07b50283138f6c26c30420427d394ea9cf89d81c960ef809230cef0317c9e9a021b6706ce88d90bb1046a068f2c0648579bf4c03d5ed71b7c43e9fcb1468331232de70446c0ecebc39b16f807d8ef0110b22319678b03992bb990d564bf611cff71b8f7916a96b73d28546706afe9afe0a6e7ac0a939f235d7161c6fd64849dfa4c53a8d8c1c164ae59dbf48b28a4933f32297b39ba487dcc2776fffff1934719cd5e15c1c0185bf7a07b4d744620c6a385c98f0c518ecd07079da27c0028a886758d3ff407244d023bc976b634cd4cdc0a017ae3094ae8a827c8e2456d8659a9dd7dd10225cd935c4db601b9ddd6c7d0715b1ab60d4e80b9c723c4e220b87e227a4039cb2b79d10dd4a98ec8aca8597ccde357ade918852ce467dfecb70b724fac23bd17584bd082a7a4eb306eae836d6321958f780360adc5f1bef7bce900262d2ad2e51d6be508f0d3e297449fdda6e04f6a5f43457c3b23c62691c8e398994a383b15e73a0d93da195d7da0f99999f204f041cef2d7a762706e9db023d6df8928522b65a94724770db8f2ffa2404524ce272cd570feca69f19d2d5879af58d092300409d825d3e4f83908fea9aea160f88e136b096d2dadf37a3fee8c8a99ccba3b018962fd8f32097773a59cc201a44676ecf4d84d43fc9646dba7ee59bea444fd4ab35946512403c449feb3e40bb5a5393f1830e9c496c5c1c64e1afc8b76c6b96fef88374161608d637b05bb2544cb51a6a239db712be8f5e2cb771cc0db326b798c6228f401858e8937045e2be8def73a95ea51b6cc59220851c45d6eaf62f3d430fac179b660eb70f151b9ad0490d6d234406c7e804e302eda9f5f59f70880a35606b1ac7e28eefa25b2809037cc029c0467cd3e61cb4bd91c3afcb401f9d2781bd9a4db1168ff9aa3f97a72d44965b10381258a0e74bfff7631c66e2d2814e719c0349ae062f9751d5989627beaf9bc07a204de64b95cf86a1ba820595789f9aa2346968214f929289d6c318178c4cfa1acbf6ff1f906dcf742970f544c1f37ad5887a71ff0216e7f3b2d8ce81f7eb89231266dc82303b6dc45cdb16aca66f95773288a3fe33907e615bd815505d30bfdbc8f3edf03dc8e8b238b31b283c059cbef3b163aa19e29af185426c1561575c3740b50bde3cbfb0f90ae3ca8b9e11c0828479e6dcd1300de1994cec9ca190023b0b3899d7a420c28707333ed3d5b014b054d40270e17ddd7341b2d3d4eb669bbdb3396135d14a50597022db4f4e35be7d5e975e24dfbb988a0a760d696894b7b7c876acccf60bb84a320a89ca62f831de88a165ef00b049e54d7a7bd9788582d95fc586106f3c159b5f3d39bb7ffe1f71536dff8c137fcf204b49b24499957ec81caa906f0b1aa4dff7cf65ad4a42979e9d1377daaeb057e3888bbdd7c79f4a8ac23f199bc1e7ae72f93fe1f19248791b7040a65012c015f8ae72da9f9ded203c4a1d57eba22279370af893b91075d6efb4cc2475676822b4e253077286fb432193337ad807c461809d7f96abea0c9ce09c62f54822dc9aff49c64e1e1f8f94cf2eddd642e93621adba40a95833a09885af214ea2bdebd12e496b7ff3fe3fd3a267678281cf0e255f3f4f65fa8c742cbe4d0351ba2e74caa64c2ea0cab2e7845388cb6ce04564c7ee60e57c2c96bb9453df53dcab840520d3d512438727964c389670a648e1ee6a3fdadceb03d3bdf5fde427a804f001874da462aa09d530449c45398aa439b5437efb9b694f7c2b431915cdc12068b54a4c8715140bf85a8ab9e74dfab3ca9613645a6b5e4f26392b5dd46035392323bd471920fe918d52b2a969668c4c2fa971c08aa408533f389f54a5b23e978e34bc5ffa230020061a90a2d6b3ebb4e326dc4c25e7a7c97601d0db9c05328cfeefc824696bf19e97733faf5778e535738090f7ca6072e48db4f6d747d2dc09d357a77d75cfa10698f38c51898d218c7b96ae19e15483abf98aeed763db11ac746a0faa919b54c751d8ab7d7348d18e79ef7dc59a06ba4edc837a18cd7f983e104356612b5d722dcca8f6af9c693b80cc469c280713e619473c46911c98e197b6cf61abf2bea1c66a7f6ba927556d895f506af7608fa1e83f83ada323935e5a6fd24f4de4f8f4d1e433d31b8fb29ac72c210f8c4700df76f43a29135b5d2cfb74047b50eed644d6d4b9027b235a80a46548cf1c7452dc7e8f9cc4160758e2afbbeec9cd1a4cf8a1e8adf0ac0f361149b22304a42f5fc04a72ada92db65e8e8a654b1a54c7d3bf6f68c09ca30ab5a0f4749d62b1545b5d93d7008ebff00dd9080599894f7aa50010d1ade140f4afbe7e3c5c9ea2661988c17c6fd3312dae0298e49e4b807ce8d71aa74cac721aeeb31970d5eaad2a28474ed3eec947d07880f45b04dec79bd814c9ce714298f693b2717431e100b1d4b5b5ce553e95d0eb0be96cad64d5837707e4592aeebe08af1ab0a5ec1e90fb68a93e4a973db8ac791f8c0e1a06a726114a64dfc3e7366e9073a3cf37b0a02361259b9d7897a26f6c5e1ecc4cf4e49e9a98070d4072bf8401961ee9de44563dc9da2884caa6f692db6f80a5fc96737f1e5cb1aed429194f820d2c54ff5db558839c74cd3bb70679c0568a0efc7f8bb9335bb8a4fd57907ba102592088af74c02622e598841e61134feed42821d47bd252ecdae699a9e8167c59f8a1876a03f373083f49610296f333373ca2f8bc88c576398edc1d12b9f50962f5cfc0ea616814a24d2c881848874d7ba209490a44091bc6eeb2038e20c0b5be0474fc0ca9280ecc928ec5589a6bc2ad95d92bbf66d052db4ea94ab6b822f26787800ac7463a1723016f480242991a5b8f1aa596b03c403ffb16f604a1018e07896b8bef90add05026f859ecb4a5f6de93e71598ec0da58ee2448428241baaed2a655874fbf884b3ef3353d18f5875995cee4b8a4704ef903497e063de5c0064bed110f3f6f321068c355c875cacadec6cfe944d42be5d5570b8a04746b9148772ab1e88b69c98ba5ff2ce10a2eda8ac865dabe98e4b04fcf79eab0f31bb93e4541cf73e58cebec17c77baafb141091c05e77b447450fc24e0dd3a1d01cd148ce96fb79cebe895c0bc2c753ad9088393c830ea25b24527741b0db92b22fe3841e04f7bfa6e9f56af9def40b37e3ea9cdb39e0e3b775e281f9e4070165d3a2a30e9e267ce1570591457be8c8bd466359b4c15cb9b342f0131da4e1bca1d214c33cc64f552b0e8839f13d9e04de5199272629e4a437b78c2aa1e983ae2d358687842d5d8264ab0b35b4d477329f90f279449d7ca3e087300690d1a2211da2e63263f48fcdc75bfbe1ddacbc59910576b8c62d8d7b81a084d95e6502c92e5ed2041ab94bf4460b3d3e8f2f94052b6a3172353cfaff31751249fc790658d94b473b78654a1f21758153d71b235a1a21d1b149a40a36abd771b607040a0d3ff335e25710545209d07ed70f22c944086d2139e9be5df43561f445e65a98405a67a1adcb450d05ee5d8680d1c9f2c1a4e72ed0c6a1223e7dcb17c3196279938d9fa88a26f4af8023efa5667690f430719807156e3d2a"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000059900)={0x98a3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r11=>0x0}], 0x1f, "735b843b49158e"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000005a900)={0x10001, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {}, {}, {}, {0x0, r3}, {0x0, r5}, {0x0, r6}, {r7}, {0x0, r9}, {}, {0x0, r10}, {0x0, r11}], 0x8, "b365fc5d4c577e"})
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r12 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r13=>0x0, &(0x7f0000000100)=<r14=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r12, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000680)={0x0, 0x0, 0x0, 0xfffffffc, 0x142}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000707000/0x3000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000002c40)=[{&(0x7f0000000840)=""/60, 0x3c}, {&(0x7f0000000880)=""/120, 0x78}, {&(0x7f0000000900)=""/119, 0x77}, {&(0x7f0000000980)=""/210, 0xd2}, {&(0x7f0000001b40)=""/4096, 0x1000}, {&(0x7f0000000a80)=""/83, 0x53}, {&(0x7f0000002b40)=""/224, 0xe0}], 0x7)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r4}}, 0x80)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
mmap(&(0x7f000029e000/0x3000)=nil, 0x3000, 0x7, 0x4010, 0xffffffffffffffff, 0xb0c0c000)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000640), 0x440180, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x4, 0x4004, @fd_index=0x3, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000240)="0447364d1f5320b113f3f112c11ee3d433b093499e55761c388d9c2ad02aafd1493416075da5d3e94ce22be14aa606ac70f6d58d9c2012ed77f734c3e369913f689da1ede6dfd52d9a0045d7c132d6540443b919f671673839348afc8c0a0ed5c081631b4ca7f1dd6c99b969d02dbeefd34d86656253a8635b498e20f408a18ff554369a32f049f8ef1b022fcabd3517c8d3c642d60278018c655c5a670a9ccc51140653f37fb9066ee2fae99df75d8ffd55d924a47230ff2a", 0xb9}, {&(0x7f0000000180)="77d577793e570e6f50f82dcf4068a8f2839cf1b9eb9e9096a9a991c65b4c612eee02da5747b27045c691a75b20bffbff89a9b91fb7c2f75ff49c87b3c64bc90302c319aa382f25242dd1e2345db9672f9466842d22cfb89a98c4fb5162f57d3d", 0x60}, {&(0x7f0000000b40)="c82488e530aa1adb13a9eb2cf532b851e3e1a9e5adf63f6fb9f0512aa3cba14f76992b45f15f4e0b2f304d7da01cba860151cc31ac288cf2ac08d2216266f80f7a8e369f129bec47ce4533064a0f34849fcc66e476c91514012b0ee64b1e50688274f8f034eda271e11911ac70cc129c85ba27ea70c85101f4ed9f19f628fb2a3978734eb77cdc73a39bdcb78e46611117593ad7151d8b2c6a6b14eed82c44c295c6766ef9e801c8d00e69e29652df376f874bca69f48b42425d74e772a45e9322c2b7c569628753ee1624511594ea6027aec6e4876c2813e3d9e85d59bd0f20b75798ca7d850547f90d5ad32e60ffc839d5273e81e07ae2fdf957a9924fdcab01644ab1142a9d86d5dad0ed96e3222c6c8796a9d444566c01ac868f518e96478bc8d974accb1841d2c0801216592e404c56674c06ae5deb02e6d937f6df0b738a49871a5000483d05a0f9e5e28149cd432a21803d681108805ce15ed775bf05cdd3e36d411c9dff60e357f031f225fdd8784a868d550090e9d84dd590da5d5104225b15d04f9d7e9bf43377db28ff4f2e7d328c4429e315add825d844995537d299bc5524bc0f699803247dbe06eb3395e34ddcd04d916524199d8ad69ef36e2dc4bde6fd5a3d83325e60a3b230da765bf588fa9b6cda88df54727fb91f30b6b23bb41ad807262e81c6d3d2fb511b9e1e0c30bd6ff0b60571534dbb4a04d8790690e4968e7a0d492266a2492d2e409596a0f4e15abdbc63e2213cffdb99bd79731ef8db7066ebb28dc0a78618fa47b6fe4dc038694853cb071e898415d972d9787c7b8c7ad7909249bb4e08cb5d6339955a0222b214fc9a9ffb1d3786a03712f1cb0f512a584425b16c88d7918fc6a3e776b89064808b57f0b20dfabbd2419c9604be3ce5dc602fc03656eef24a605fa2d154073d5c414a866e1695ded33879de651c45283070b25ae1df70e8781ef403387d331f39d11094a7e96f9c0f6e6ea88ed481c973be727e36c60d56e93a782855ae2dae4e5c3271d27756ccae5a14eecf443f7678e07e24bb0c01c61b314810ed12ca376333909995b4acff3f14b065947a2aa571b98613db36e30d293b4800515b4e8b1abd50a6974d15ee8cc162584e655e44e111ab7a06735193c5f9e5283a037f489879cf8b761e0144281bff0e97183ebe6f8f4cd862f1b8e514a1acae9fbafc6cf4b98e8ca065e057a708659de00b164d509bd17470e8b31aa8cda39a8875e49681c445d238fcd96528d7516cc0eb645c7cc15e1770c52354ea138ef2fe50c4eb43c76215996e4ccdfdbdeba82aeba508869947ea8053f81627a17ba400e55aad3a39f10e3c3fb6e5a77eebc7e6a6bf4fbc3832f3eb971b61c20c47e7f31461d6c903a74acc0b56e7b43b3f9b846a7e7d4cccf827a449527ecbfd8891205b88685a8e8d574994509b1b5204e1cd43368746cccc94be1372b2eb73a994b2704b7737d6dda0b0650d810198680cbd3858a9c99defae063aff45c8021d58e04801cb1f6af0ffec862c71c47cac20dd54db876fc6fb955f4819535fc7390b3f54882e7474019f261d3cbcbd8ea83d933648767a3ddcf52fea920f983d9e0592c166d409b47df2b070c34cd82241c29263e54a813352067abf14d3added69f2cf955adaf48c97ca1f5dafdc6c38b0a6d8acb9b7cd5111e64a239a931375246aa4c9eba0420394208b7da994e3a9247b3520fb2f160ea5d9714d046ac4a656280770a3fdb1328e401e652eea35ea34ca52ffa3d37f9c3dea1bafda14813de10ef8ca8dabe9753663d3a2726b745dceeae6584b9d90de86e36ba7cc9b910563c5f006270585661737e2db08121591b3868333abe36a9551466bebbf7bc7ac1bdbbeae7a605fb0fc2255d06ad9fdcf1ec9c20bf7aab9e8eab0bee4c47a20c8d9932a78c3fbb006091490c485967102cce8669faf9e7fa88ddd6092b65f8068efa98e1c16233cae4734244d81ed1fa96ed6af10647e5b52e846502048946bd4b7bc512ac7dc451bfc8247c033defaced6db76ab7c43dfb212b6e59daef9f73722bc569f7bf550b62b28344fae1b296d43352c199ef55d595aa2abbd28366f2d41abc97e89077373223597079f91dfeb6264ee5d387013a2b99a9253a3d013250a29c6a1b3d059a0f5d4ced88fb5e34bc09fc94942e740681d3ba35514fc732e9dcd30813bff3cb1b25aeed9f2448a5d83de21e501fa98a4a4c0b998f728e69400e4cca0a04c1def4221fbda67033fb15452839673472fd22b40b78dcd2ab286e114825891a0838f5d8405c896899a6ee5adc692ed20c88941ea4bcbe33cc11a4de3fd1e132d0c59b3942e38b2dfd60134b32f08a8b002379ebae4289a120ee5376356bbc25b1d5b41b0a9273c806f2dd28d0a0991b43c0e61e113ecf630428b82cc23f992c393f9b4749aa16987d47b005610de071fd3100919c1654921f519b66f4b896a3a3d2c8451bee08aaa5a7b4667ea1e26ac3ca3eace26e4427d7f49de31fa39383d0cab7cc8e842301008c3cbd2d6706971317b973ff8697b933b17b67559b4e984fae48898b94ce9f895a799c2fe2bb051fde28b3397f334b6fae0758b4ed5e2c33d26f4c335e8732d032b5e63e470841fd85bc96dc1d5eee83110b05d2d01426cbc6645fee339e931788171c77ccdf6227f0a72b92bc254278efe34d5a3fd986296dfc134c543ee08ce8490d12799017db25d901f7feda47a7be1ece361997908610e59e48b5f0297e11daef97f5e567c34081c00956d916d5938c10cf5cdf551ba451302b5997377431f63e95bd398127c11c715075100e9f0b4148e62370143ce2a542d57534258cb53e0657fa007c58d2562e471f784f67f02379792a1ea7bb82926328e6ac33d4c561554ed767d07ef1f625256973c27472b8012724275ba275c93db8f9674a5007e4cd29ef8aa46ee45973455d1735925e7436341772333d51018224b378514a26d4563e88745f665e6b19716d9b896521d5525059840edc0ce309836419bc23401b089a66ff892d4d9a1f95408265c50065ea258b8bd22d4316551832e16ee8502dc56cab5e831174ba07acdbc7cd49cdf696d71c7d52f6d047f9be9d6e0d42bc0446079e4d0a8ea9c4f11724879c52ec232315200feea0b818c11d93be73bdc4ed687afd2febddb0c2f6ede98c6449180f361077ef0947c2fa5e55dba20e6fb257743971ae7137b5ce53855f175514df2c74721420b1520ded61c0bbe87e414519f31a12466267a2a1a3a1f849b05c8cf12494e703a10f1a3840d03b01f00a2477190f0896258da20766530c8c879beb6ed986bf932e76362a74624e08bddd46c5f3d7168236fd7bfee4f168da5045e709f3f9d10b442a1e2afa9d956f9b16a2df02ba56f198259580e38f1b1e4c6e9fa871a3e9ff4e3776d725b464e00cc03f9d94cde090aab056f64fd44c7e501cf0a8e1b3cad7925580c0ed65340e9700ffb435dddf5e7bd7b36624171c8cf21f4ec2d6171cc519d0f208b324b5b89e2569089beff48337df47e4ab7e43d63763a01248a853845959d9c30e4b2bc9194c922622afa08ecb2e20c3f15d2f2349cd8d808e8dd00134821d54160876899567efcfc36a587be3f2d3cef6b89ad1be12ce56e84ffa686206b8d3ccfc3930bee153cb86e1ce692a622c8c89b5e04aa1fb4c6d5e3c801cd30732e5dddc8832193cd9f2c6d3863cec00cd647293da9d6fae00c03e1ef5be3eb98fde27ca9d9caf15a73c58ca61a18a35214450631057e30ecea40627e2b2940eeed238ddf7656e54526cd1602e8d6d3390e91c83cc99726b3475d1ac4013cefcb2d91a034d9ec877f046e669272a3ef1c199325a01be73b9d551048f62ed3a88bbbcea8831d9b0333a565c3d16a5f2666a129ef4a71b7e9f8a542d277ac7b17af59dfddd60b1be8790667ef407d695cd13e170ea12f913e64328fd3f2df2859b761a828fcb3d6606d1d4882cdbda8fdd470e6b3b8f13dc818a12e5e379461c9c0a95eb89770d8e82ff37d0e67fe64613c9aec0b6899d79d6f189dbfdd1d7b0ec5c8ae26558efb95353c0a6cfebf25488d5856b3cf3dd47f8694e64daf3388ef9ed2f242d7c59dfb5c7f4db51655825e15a33801f144ef93c06ccd13fcd02b1a46e62148c6500620885e7b30ebe073f3715552645697f015ac32bf391f45c04a35d054c6b8b8977b930284de82e76104afb96cb83de9de4af80e43fb7756c545c1cbb36c7c99cd41598d70b5b81fa12d0089e4c06a77e474fdbabfa453c65dd683d90c602d4b4dbbd3c1e210eb7257707714572495bb0cdae2f721949cc992c158e0047a5f9aaf9129a7806dc9da9ca38029a329f1bbe5cb5c8a8eba4f2f5ab82e6fa3221f42e38468a2601da66b1256481b6142f5fae712e9448df246ad83f1fd7d8faec80a2e90cfd14397c8c9c06d1b04ee81188a2bc47d3e14e77d01f7471dcec8de2c6884436c82cb8bd56d72a61c8e4e7befe3a6bad0bb044d5b9c75edeb42730b950d2304c078dae9fa9f765dd31f718f5d706fcae75e324342b910f711cf231ae7882bbdb4c89ff7acde05dd208cf992708fb38777a6f4642a66c2fa028226069208db38becd8aea159ffa276a06c1f471fadaaa2ba9effed0d150801a3417b436c15d29abcad0c28d2aa986e525a13939c471f10330eca612186222ae18c48c0e82428bdf416dc41730a8aedafc05b48636d63ce639f0868cad83186f4ec236378ccf1970c25e6024ae45b159485efda3c72cec39ab84d7ca1182c1a027e9374e01d350294133ce6fb00a6520147c30ce594882c35fa53666e11387ceb32ddb34fefa98e1b5c0d2a515ffdbb7f48281df5a20acf48ad103203737335f7b36e5ecc8cbc6be4dc97c3bbffdb288c75deb957c9a922d6e38b7f7759e4c168135c70e4905a506f1cb30f267f19e5f7882f248cbf7b2529b164f3b25bda4a012cfc1581e8b1006b55c0ac9bcc4d8ad4a94175b719c9b958be187ca30aa410d8b5f9854882b6308a6dadbdf54d4c1e56c987e5c36d7095c6af3f0085d64df5739ec69f1d1300503980f6f9d832d01dc0ac0f265dccd4a9a234ce51adc867a6a9e58825e53783fba66ffa8963dca93a2440f3cae1c01bcc42066a2268284d99a55b87c38e182f0ae2bbc605a219209d6074c7ef25aecc6574ae5c087f2715345348edbcb6dea623a53bd7f010394a3a171dd1f971aba472360700001ffce1e4b6b2691c4b2ee995f54a8777e329d7f4eb0be3cd0c3ebb51b4c300019bfb1fb20086625e5b40d5a6360f5f181c7d2a94105025e512a0d72d31bd93832f9bf0f6d2856bf5add1f64351e26fbacaddbda22fe8ebfa50ed95bcb1b02a7a73f9aa02b104639148e765d147065dc17408e8d508f0aad08c45312b14afa2d84e04bf6911887800677f48bd1fc5290de0e2a855c50cc6ce9a558b7abf7fc39d6507d3f93f21162fb41158c08250d527504f3e0813c92da8d28fd93d9aa55d089f6cde4c7ca0845fe0b45bd87a4e2f3dcc0196a0f4b9ee240aae286319ac1de88bc4430129a834b0144d6cc07b50efcf130a14c4f5ae9050291aad0ac3aea4a1c941bf3e273a814ac56242b0971c0a4be47a127669a58ca58e19f2834d42c7298f0f44d9737f7fc3eb41404f64f0aafb01414e20f9c39347f2e46d0ba18975ce2a54f915c6ee0474d4bb2ef3893fe7e5e32d56703efba26098b8a13ef16214722d3e13b5569d46b8870d587a994873e67a4f22377790beba5bf1093bb4d286d41b58ca51e965608f60e695a048c7", 0x1000}, {&(0x7f0000000300)="68eab6f240ad05c0e2a4726e83b8dc69bb2daa82c12247b74c56f7cf802c5e69b392a7a28196cd497ecbb07e9acd7832f46016be0c4e752a88c064ab48625255ec8a3516048547cc50492187b94fb4141af70a3fba580b38", 0x58}, {&(0x7f0000000380)="e410a6f51b5be203ae39cf927ce8f60ef44aa19c977bb1beaa7dd37587ad16537abe37077e727ce47f1a05620be12f85b6013f72733214b8d2f1691bbebe24d43f14476a43afada44e3b6fa571b8a6b4fec0f92a221776a169e6804a2699081346", 0x61}, {&(0x7f0000000400)="07748e113398e77620792d65fb8a3f06e2c4110c22a818ed8f824d968979d9f89c0533ffc0396b52f6425e0d3e994a0fe29a0123bedaee1afb31983f4a13eaa25245eddaa10f4b73303814c65edb4bee64485ebc3b5d365bd7b626f654de3d83b9265d5c926ebc72344d0807a7fafaa05814b544ac0513deb5af4f12b6dc5c42811bca690769", 0x86}, {&(0x7f0000000580)="5bb4d4134d21b05714559bbd8e04ecc6150e68e6b1c63096bd70bc170589f361c386bde1a7ad0bfdee552125c46983a4d4a8785fc972f1ecd683c487d826a60561eab1f8d8c6d7735cbef8840479e61766b9a9d4e63f0c740ad20871c01674c9e6223e815dfcd32f86b1d64c83eb83f2de782205ed900d3437dc6b50f937aa64d4a4cbc1ea1943c7c7b2b54bb5e3add86329c58205d62481f43b7bb2af4ea60781059bd951a36907e0dfa67e40fc57943692c3fee8944c5130bbfb", 0xbb}], 0x7, 0xa, 0x0, {0x2, r5}}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000700)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0x7)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_FILES_UPDATE={0x14, 0x1, 0x0, 0x0, 0x200, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, 0x0, 0x1}, 0x9)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)={0x30801, 0x2, 0x2}, &(0x7f0000000400)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r7}}, 0x10000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000800)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000780)={0x2200, 0xc}, &(0x7f00000007c0)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r7}}, 0xf0d8)

[ 3022.799766][T26898] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3022.808193][T26898] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3022.816171][T26898] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3022.824150][T26898] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3022.832125][T26898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3022.840102][T26898] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0xa}, 0x0)
io_uring_enter(r1, 0x45f2, 0x735, 0x0, 0x0, 0x0)

01:50:33 executing program 0 (fault-call:8 fault-nth:66):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3022.953943][T26912] FAULT_INJECTION: forcing a failure.
[ 3022.953943][T26912] name failslab, interval 1, probability 0, space 0, times 0
[ 3022.969550][T26912] CPU: 1 PID: 26912 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3022.977993][T26912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3022.988050][T26912] Call Trace:
[ 3022.991379][T26912]  dump_stack_lvl+0x1d3/0x29f
[ 3022.996042][T26912]  ? show_regs_print_info+0x12/0x12
[ 3023.001225][T26912]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3023.006926][T26912]  ? __might_sleep+0x100/0x100
[ 3023.011671][T26912]  ? __rcu_read_lock+0xb0/0xb0
[ 3023.016418][T26912]  ? allocate_slab+0x373/0x540
[ 3023.021170][T26912]  should_fail+0x384/0x4b0
[ 3023.025588][T26912]  should_failslab+0x5/0x20
[ 3023.030095][T26912]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3023.035294][T26912]  io_submit_sqes+0x601f/0x9e00
[ 3023.040129][T26912]  ? __might_sleep+0x100/0x100
[ 3023.044943][T26912]  ? io_uring_add_tctx_node+0x330/0x330
[ 3023.050474][T26912]  ? io_uring_add_tctx_node+0x74/0x330
[ 3023.055916][T26912]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3023.061491][T26912]  ? trace_lock_release+0x4f/0x150
[ 3023.066650][T26912]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3023.072182][T26912]  ? __fget_files+0x35a/0x390
[ 3023.076844][T26912]  ? __lock_acquire+0x6100/0x6100
[ 3023.081867][T26912]  ? account_other_time+0x63/0x280
[ 3023.086979][T26912]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3023.092595][T26912]  ? print_irqtrace_events+0x220/0x220
[ 3023.098034][T26912]  ? vtime_user_exit+0x2b2/0x3e0
[ 3023.102959][T26912]  ? __context_tracking_exit+0x7a/0xd0
[ 3023.108402][T26912]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3023.114367][T26912]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3023.119894][T26912]  do_syscall_64+0x3d/0xb0
[ 3023.124299][T26912]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3023.130176][T26912] RIP: 0033:0x4665f9
[ 3023.134060][T26912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f00005c4000/0x3000)=nil, &(0x7f0000793000/0x2000)=nil, &(0x7f000066b000/0x3000)=nil, &(0x7f000048e000/0x4000)=nil, &(0x7f0000215000/0x1000)=nil, &(0x7f00005b3000/0x1000)=nil, &(0x7f00007e8000/0x3000)=nil, &(0x7f0000741000/0x1000)=nil, &(0x7f0000206000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000001000/0x3000)=nil, &(0x7f0000000240)="769a239d186fb094ef85c0dd919234fdfea3b27a6e0229fe0351fad2da00e086434947f63d731106609c36bec4278909cde82fa637b1d296f06c7055ae00928c76ee47f0f4aa15dcded863c2d8f337f04132a208bb710a5fb889047fd8ea01460279967d516be60abf6bf5e3ea4a1e10f2c6caf8f442601e188cca15ea731017ff2e3409fed6f4a610971628d2a8bd9dd2d42621bb821fbb692ec3ab39a4714c6af72cfda45b879240eda0df723e1de4b176d6f8a7c842e00fd35cb46018ace5f35e623c6e36ab482c06330ac20c2220867722f3", 0xd4, r1}, 0x68)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3023.153655][T26912] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3023.162072][T26912] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3023.170029][T26912] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3023.177988][T26912] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3023.185968][T26912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3023.193922][T26912] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:33 executing program 0 (fault-call:8 fault-nth:67):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3023.274567][T26919] FAULT_INJECTION: forcing a failure.
[ 3023.274567][T26919] name failslab, interval 1, probability 0, space 0, times 0
[ 3023.287681][T26919] CPU: 1 PID: 26919 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3023.296112][T26919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3023.306263][T26919] Call Trace:
[ 3023.309530][T26919]  dump_stack_lvl+0x1d3/0x29f
[ 3023.314210][T26919]  ? show_regs_print_info+0x12/0x12
[ 3023.319417][T26919]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3023.325140][T26919]  ? __might_sleep+0x100/0x100
[ 3023.329887][T26919]  ? __rcu_read_lock+0xb0/0xb0
[ 3023.334643][T26919]  ? allocate_slab+0x373/0x540
[ 3023.339390][T26919]  should_fail+0x384/0x4b0
[ 3023.343795][T26919]  should_failslab+0x5/0x20
[ 3023.348282][T26919]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3023.353490][T26919]  io_submit_sqes+0x601f/0x9e00
[ 3023.358326][T26919]  ? __might_sleep+0x100/0x100
[ 3023.363089][T26919]  ? io_uring_add_tctx_node+0x330/0x330
[ 3023.368616][T26919]  ? io_uring_add_tctx_node+0x74/0x330
[ 3023.374066][T26919]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3023.379601][T26919]  ? trace_lock_release+0x4f/0x150
[ 3023.384696][T26919]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3023.390261][T26919]  ? __fget_files+0x35a/0x390
[ 3023.394918][T26919]  ? __lock_acquire+0x6100/0x6100
[ 3023.399923][T26919]  ? account_other_time+0x63/0x280
[ 3023.405027][T26919]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3023.410638][T26919]  ? print_irqtrace_events+0x220/0x220
[ 3023.416093][T26919]  ? vtime_user_exit+0x2b2/0x3e0
[ 3023.421013][T26919]  ? __context_tracking_exit+0x7a/0xd0
[ 3023.426451][T26919]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3023.432429][T26919]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3023.437960][T26919]  do_syscall_64+0x3d/0xb0
[ 3023.442360][T26919]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3023.448240][T26919] RIP: 0033:0x4665f9
[ 3023.452127][T26919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3023.471715][T26919] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3023.480119][T26919] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3023.488093][T26919] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3023.496065][T26919] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3023.504043][T26919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3023.512002][T26919] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:35 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:35 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x100000000000000)

01:50:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$AUDIT_TTY_GET(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f8, 0x4, 0x70bd2b, 0x25dfdbfe, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4044010}, 0x44080)
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f0000000300)='./file0\x00', 0x0, 0x18}, 0x10)
pwritev2(r6, &(0x7f0000000780)=[{&(0x7f0000000380)="22e9b4b6802a8d981b0020fd0133cbeb66677a00b078428f13940462f7558b5f2b1e8c2c56fa9219fa406c715ae377ea2104e50d1bfec33a816a9963379b59d0451c3d7cd7", 0x45}, {&(0x7f0000000400)}, {&(0x7f0000000440)="5e510edfaae909dc3da40d643154302aa43cfce818f6520b06893a", 0x1b}, {&(0x7f0000000b40)="00468cf8bb7f1d0c4baf10e0fc0ca8e9f505fa7180169c0d99b62b3030f8431f505d82d7c4e846746a2ae7cda2ac6391fd0417055db77c3d45d1009af6640f15e75afce7325cac33f60ef33024968c9fc4f1a6eeaa875a09150112b8ec4726dd4aff08489c7128413eb1d9822ce9ede52111ccf64cdd5235ec7f7aae0ca0db5334c50c2359cd4d0a802048797379eb23eb91485f061bf9f9d895d1a53fbf4f6fada1ad29ff5d668d182627c7878b2acedac547860b00b31b0d9e2cd24668afff684205f483cb7aa71b13364132d96b7dbc1860a84a25a98c2ac056177bb74c3e014284647d9ed366c26da963e1f9d0abaa8a657c6100a675e1fe1e9dc326f1fc6a1a9eb554fc164cff51e2fb304ab6dd8fd3ef4a958d54432d0732309b663b6c952ea96bbdeb0dc80a3e11b2c371e5e4fec29b9fbb765e1d6c12f32aaeb17fc0465e1cc3eb5015df7ab408ace2236b431fa9671f07b8d3cf27a11b4e474df32a1ea4eb02bd70ce198e7787339e04ddc9e6d37f4d31651e78a2bf3901cc61159da246d90befd9c30721eae5ba3f9f1352c59932d7b5d0fb66050768667006dafa34e77a0e362674e1c5949fb07cc32db68d740574862e96e98e6c89c0a4da82cd41a74146e8dfccfc12c14b9e31f66426440ac65ba86aae8180e4f2c1a794e66b33e7217dfd9283d05ba5011215ef9113eb4abb9d81c3c0bc1b78eed3f17a15d1cba78b98484d660df0e2ae97df52398500cc11f341b32735d92ba7dc8d4a45f74a002dd2c17faf58283a2231f3d5e8a506f86644c48d302a0687164b18793885005c13aa7f665f67f9a9b6008fe006afeaea9b18ac044668ea803e42cca9896b89aca1229f25c41f7f3781185bef36e92f18166b18597d68cfb9a8b82be2232d2768aa433678da88a3898ddcae2ff313a1b94c36c26b1609d92284db1f4eb5faacc28164346203f174f9378dfcfda59eebdbd62596913089e3d84d8bf7a2a178b696bda2e6af70d49a67efb6a992bfa3de0d9e8d243b14b97c8c6f583f0d4a98eb512d2029f5742ea2c85e653b92b7d1fd7b472899f68b5c662c4b41d1645e3fb49873bafbe751d9e24340765e1b48ef97122d9699fb6874ab1db5f4008e51a1c705c194bfbb5a43480f6cd9b6f8c70210aba878f86b0cda197e529de84014e9e78a5de4e397f4f397b0eaf845e924e20f65d975aa25dc416518477a2680dc70ca899fef15c35146bacc7c6f8d8287183e79f637b0f369f126b1681c7f965bcc17d983d357252288a7e06c6c2911c622f0c30866b99495469a96b33b8d2df03972bd7d3887d84b90bde1ce67fe8a91d4a414e1891d08322a9290487edaf027c343d7dd939564aabe016b0beb90d46b874c35e4ee0804281294d368bb18bf3061eab8198e66e84336a46246aef852600f321e28e3f0245b7a350b2fcf6c158decb9788a7e4e0ed850f005ddc704fe1becb3ba0cfae991d0df456c04e450e1e88997d859167666f87a35f7bbe7eb64b596ac8e6169fe6d3dda283ad1146e9c64fae93229a60a7c3c68801a91678d7953ff34a328dea7a354106c8683db725abaef8a9bfe21c21132cd2413af26cc5f05dc3ddb7ce0a33cf82a7261a909b9d27ad1196c4bb8b7604c922c49e35cf2673b62c57e1e486188502810bd2c84e56196c77f046d87cd18fc8ef05196421b94ddda240dd6293cce413511fc249b1088f51b81463680aee127b16214a9a36e11d957dc5942f5ed13cd7a78aa2337ceb40293eff7781a67e28ccb9c21b017eb0cd3d11b37efdbfa7df11c58293d65fdad4d0dd2b4835d45f416d0736d982bcc11b379c78f9d200f7f98bc283e91d469a577d183705df2a95a666a473423ae770f84c79735667d528a1f7506a54ffaf436fda1e7daaf8b5f739cdfa387a00ca7256e6276315ac29d95d8a294cb5b62cbebb90897a85e23c5f97d3653acfce2f7ba495202b832981d2b85ddead908b0b51e01cde2fe6f3c9cfd80403ade3b5f0180d48a7dc1e44423c43a65117ee7cb9c075023ec226201e0567be7d9fbb5716d0a44a62c587918adaa5a62a738cbbdc3f705a763c4fdebec8e14fb028d6bb21e97a13494787ee77418d34e63cb312839cadef1315f2d9a1b0f9c745ae4164c4895d6f256f85d31affd292762505c3d44db46458f986f77b4450eaffe27903cef8f82f121b33da065771fa961bcec731cf4d5f650a4233385ba3d9927342a21a9d52cc407685f65f6d26cfb3eb0ef3b6ea7716f80b0c4cd6595c1c4d74d54474d554530c010bda0b0baedd2ead2560c21351227da01b0a9d075e6c8a872925f61e7d76cc3a3a247b596d8c2a358914dc3e043e02b5bcfa8fe16a5bbd5a6c0f4156ab4ad5c43686eaad9d8a97b0bf3a9fc667bbebca667eec05f2cba80a2e57445f00685c6140009a53466e76e5dd627cb28facf422b7a3c29df787e75565e971dc8d34282e0a5a028e5b8865dab9724849869baa0e0303547c1aaff974627238f742ca36f4fa88e226b38ad318769fcaedf5c55f6c3802b4aab8c1a78f99378d222b56a5366c2ac45f67a1fab22c2a0c5e5aa03385734ec828d2882bd0a5f5a85f64cb150939a10475334b6444a6bf8d6ac681cbb8083c647839e091deec7da4741798ca6708cbe4b56b119ed15b251f49b6217e4436d0294c68b614083fe231ed5aed9b77722bf2868320f073947fb05d8b85bdc20964ca11c001ff7c706085d48a8db1691d921331e8bac6024a1b52a120b9b880bcec7e247b97b301b179bcf6ac8f2f0176804849802c185db04b15ffef99d2d2438c603226bb9946b3fcee2157bfc8774c39768afbd63577e0714b61e96b641f21d419ea926f265980a99a55922e67b842453f98226bb7d7e11c42ae09819c5d25088e59d5311a8e7f9d706f38589ae70dc2dd6a40d335243b6566fd7ca192f5052af3a5af27dad17d4e038661a3f7bb63fa90455db8b4dee32992463e77d117d2db51fe3c78f9a5b97b38dac9ebe1519b232c470aa0059792c0cb68e86082516e740035906b0417d51a2e1778c83cb21e4d379b46fec1d2cf71b17f3ccff7edbaaa77a66025944315bf1d0329dc0c33c858c1f0e183fcfe60274b0cfb7288bda5f3eb6f4e262f9b46cef0a7042ccac45ab7e82cf19a44e872839d0e192a2f3a0c0387a6a61aa33183b6598376abc41d06cee5cdbe40f1125b803af26f5a658571cc2ad0d6b920918731c7e6bccf2f9aa61c71b7653a1fe594107ff2018df8ce373e5b3263ca75d63f356b531655e2dc6dbf6bc4b85c16e7f0ec50000c3c8b428ad060c4e238389b1dbd31f431a4dfad4f07a94f3e14f28443b5979a121bb20abec876aae5473d27512c20e500657cdb90c4f205891f91604574693e90295829544fcde508a22f9ecf2fe2e6bf9d96fe8c22d377e79b2d2031e16888b7ac5db000d6660a2362df77d867c1164a51c9218ebf1faaf1c46a4af29319d384e58404603cc10bd18352d97c14ab5295b5e991798aa95680ed077ac06608a6c88260f194740450d315a274daa460e7eba4a191560e8a1ad7a68e47a13403e519247ddd81d0e0b5dfbdbd6182e164c57010c3831784fe139b9cbb6abcd9e2e8a0654fec871430ed5f283bd15f41072c71208f6f4e8f77db6e7c28261145355aecf9283668cdf192805192cae4df0da7bfd4b3c78c015b6cab17b0290c592f2b5f95c4017168e24bae547e733dde1b39b879d3f44ffe6099169d1f2e33a3da2a669cc291e41f1ed746939e00fdc5e391872b0065ec31aa1ec83dd66af4361d6f885282ac197fd8829fb26c9a7e4567da2cbf67c1aa911bb3b2e841c2917abe0f8e1b69ac0ce0bd5c23eb7a13c63b6de3cf76371f278c73dbabd72af5aa378d93c32817480589c049b184f4dc94ee7d817f05447f4ecc1f4b5fa4f861e68c23ada7d3925c4bdda4ea306be99406ce473db11558462653c1c249dcbc2d98cdee504808ce697702f44c49cb380229ad80e7156b39aa947f3132879410ae54fc4f1046a06a8b62d6362de601bdabec7ad8ac06b1163ef55e9bafd37173fe5b2fd17d02256a2593b6e23215cbb9376ad44fdbea7f306a1df3205775ce4a1283add02cb7b1480b329b30c4638c635e53aef6e080497920514fe3d7335d8b8efd4dc5ffde127d8b364d069c56f0d8e428362a5f14680fd1a3c2cf06979246b04015df89e5deba268a214bf10ae00fa2feb25fce650ae6fa60fef6366bb55bbf982f6a0e0d17af9b6ef5617c8ddb65fa158d1e3d216a26936ad8f1b7d4deb526ce0d77352dccb54555b4d642be2f1cd0d9b7926e0f7105211b5b7896be9ab6ec272091dc134529b872f75f93559ca6284244208416219a37e4205975295135f86832445969766cce2ea8c014582a18eb52c5d43ac4f831b089fce10dc474596eeff06fe1d0748e980fd6147b6d90e2f6dfbfe5418dc5a881aa91da7dded12666114dbcf0413a6bb78e5ed07f7fb19fa9539aca414d3710969aaa769f409bb2849388f9e3e9b87fe1fe42d27428c628606dfaf585d481d9f98c91a9a1a40729e54d475179e4e869813a961e6d6b1605749e6b4f9803b9d30a14eaca528e2a1e4346c8ecb65b279cdb198fd63cda09c659858bc0f1290d8d8bdd091439aa54366a2032fca69fa4063013336b917a3179336c35e793e4958e6fe66178892b0ff1ae4b87b72089691d0201d8b7ac8228be7d17950451425a545144e6c2fb6a7082405fcfd7f3bc2d69afc1b46a1b0a1e2ddae6d5b3b35eadf5bb9a3df42fb9409bff6776738c0e67548d8e3ee71179be18502d272e110738baa4ebc1a85e4819ce7bc4ce102d5a4c3f2f849ede243906d350039224d26b7ad50036cf816803806ff49592bb10e1b7c2836cc0c86ca0fe479eff7c350094ffe7754099f2b5e59cc483804f7807ab4ea77db07ec3cf6d5d3e84b98d133bf9255277745aed843ba52899226e8807494bc505a555bf2ddef17861f24db96d0fd457fe1b0d57098a5598b3a75b8b9f039698c3d8d3956b2a73485e904a82110eaf85ba02d249f323b0f1b9593bcfcd72aebc1881226273793aa2e0609b462c2b70638e00f80f1361ddd856ac71931178f1f5b356b65340d6d06aa7dd7e0cf95de2c0c488b36c3ef9bf44fbe85e0ae17003f34b606080a25ec61175b709e472fd13886fd906d595bc309a3f80bf03316630e13dac3b54fdfafe4210bfe552264ef484134fee1407757f0f4b9247eb9e48d838f3a906d3d9821c7bb2ca79dd701923685c705dde8cd10a5d278f6f5e05751387e74b65155056c88394437580f5cd53c0420f8aeca29093b34fc2767d547654ecd0c654da6d35cb4e7c33fcbfd53e59e25fb01be4ffc991761beafc2193157fc64630fd718fdfb2b606be9cd15010ed90255582754962546885a5e1c476f97820c040114fa51939358014a8d3c38755a8d1034b74e09d878df9a94d41a153c84b8d1dd724e91d28276dd27d72cc2ef67dc2cc6ae00da50d4a8adada14acad6412d407e454d67062f2b121cff1ff770e63d9bcd8f9bba240746d0d6e2a6dec1a158a3890b357be7abda1d48510559bba9236146f36cf6e8d4e91e087d91e53a89445d7ba091e259359e611560b4a3c4e83d3319d268d2a2e1bd3393df5dbe76da0f68b677f584ae96a7a5ead70653e3fc873a8f3c35d7a2544486253a2eb41fc7354e0edaf25a973f3b6e1e748e8cf4b65139057bcddeda5cfd41eef0da18cf0ed4f20788895ee012075882ffcb692fcf506d023a3671c9436464626948c9eb85", 0x1000}, {&(0x7f0000000480)="941e296a0d91202b92dcd9c4befa52b3da57b4a31d257eeaca01d1f5c6b5e26b27953e215f9703762ba5185abb6668a64d0bf3ea5dbdeb95e0c7652b7ba569661c61", 0x42}, {&(0x7f0000000580)="bdad55ceb234c232e25b641e78897722c4bfce19d749e2316f4fc1f5c72e65520e4f8539a45ee4fa8168247a4153596c15a2377968947817de8ec77b00d9fd9251c0ffd8136f1147d2d0943f8f2dd6a9f32442c378b4e2f99e433b24f75534b93d2ed1da0f2ff6fcd8a0d60fd3b88d528eb2951eed6a62f6d64af0de1be5bbc35f43dc479e1dfc61fc33304e514a4b8bf860edd8581b1084f0e2a64314efa69588a4dec6f16c4f55d5dad0f0559904b38bfd4e62561da2ae4307be5840a3fa03879cbd71c61e06f0a6acb80cbd27659f0ab88801d942", 0xd6}, {&(0x7f0000000680)="5f9f59aeb4698be0654ae71ee76f1bc1b7a1bb232e56821e46c5905cfc14be1f7540be4b061f4ac8a6b8abe2d63f2ed1fd91bbb386ee96311cc99c3d49b7cf37e46f5e6f0c1ccf240e4c0b514ca47041a30610ff9fa744eda324a04ee1e29ccb5fda720c13d6cf493c79633b58fb5544a43cc85551ada540fe624aa2eab13f885016e2a7955d01bc0f2462bbe89b1f956cd2d7de1c5d7a8a131078b9d0d04fa061ab0c8aba646770d6049a78a91386581d3d5cd504b9a4e268c16d2cd9a641bf78d3c230ab7fe9ed0dc0a1", 0xcb}], 0x7, 0x4, 0x6, 0x0)
getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000280)=0xfff9, &(0x7f00000002c0)=0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:36 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:36 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:36 executing program 0 (fault-call:8 fault-nth:68):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
mmap(&(0x7f0000573000/0x2000)=nil, 0x2000, 0x4, 0x100010, r1, 0xbcf47000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
mmap(&(0x7f0000714000/0x3000)=nil, 0x3000, 0xd90fcf64dc126add, 0x810, r2, 0xd5d9b000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/class/tpm', 0x6c0040, 0x100)
openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0)
io_uring_enter(r5, 0x45e2, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x39e2, &(0x7f0000000180)={0x0, 0x7ec8, 0x2, 0x1, 0xaa, 0x0, r1}, &(0x7f0000162000/0x4000)=nil, &(0x7f0000593000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000240))

[ 3025.591241][T26948] FAULT_INJECTION: forcing a failure.
[ 3025.591241][T26948] name failslab, interval 1, probability 0, space 0, times 0
[ 3025.605922][T26948] CPU: 1 PID: 26948 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3025.614360][T26948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3025.624415][T26948] Call Trace:
[ 3025.627704][T26948]  dump_stack_lvl+0x1d3/0x29f
[ 3025.632390][T26948]  ? show_regs_print_info+0x12/0x12
[ 3025.637587][T26948]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3025.643311][T26948]  ? __might_sleep+0x100/0x100
[ 3025.648072][T26948]  ? __rcu_read_lock+0xb0/0xb0
[ 3025.652832][T26948]  ? allocate_slab+0x373/0x540
[ 3025.657593][T26948]  should_fail+0x384/0x4b0
[ 3025.662011][T26948]  should_failslab+0x5/0x20
[ 3025.666510][T26948]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3025.671713][T26948]  io_submit_sqes+0x601f/0x9e00
[ 3025.676556][T26948]  ? __might_sleep+0x100/0x100
[ 3025.681335][T26948]  ? io_uring_add_tctx_node+0x330/0x330
[ 3025.686877][T26948]  ? io_uring_add_tctx_node+0x74/0x330
[ 3025.692334][T26948]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3025.697886][T26948]  ? trace_lock_release+0x4f/0x150
[ 3025.702993][T26948]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3025.708533][T26948]  ? __fget_files+0x35a/0x390
[ 3025.713206][T26948]  ? __lock_acquire+0x6100/0x6100
[ 3025.718228][T26948]  ? account_other_time+0x63/0x280
[ 3025.723334][T26948]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3025.728962][T26948]  ? print_irqtrace_events+0x220/0x220
[ 3025.734415][T26948]  ? vtime_user_exit+0x2b2/0x3e0
[ 3025.739352][T26948]  ? __context_tracking_exit+0x7a/0xd0
[ 3025.744811][T26948]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3025.750791][T26948]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3025.756337][T26948]  do_syscall_64+0x3d/0xb0
[ 3025.760752][T26948]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3025.766639][T26948] RIP: 0033:0x4665f9
[ 3025.770528][T26948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3025.790131][T26948] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3025.798550][T26948] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3025.806521][T26948] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3025.814483][T26948] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3025.822451][T26948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3025.830416][T26948] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:36 executing program 0 (fault-call:8 fault-nth:69):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_io_uring_setup(0x495a, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000008540)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x18}, 0x10001)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r4, 0x10000000)
syz_io_uring_submit(r5, r7, &(0x7f0000000000)=@IORING_OP_POLL_ADD, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00000dc000/0x4000)=nil, 0x4000}, 0x0)
syz_io_uring_submit(r5, r7, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r5, r7, &(0x7f0000000340)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00000db000/0x2000)=nil, 0x2000}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x0, &(0x7f0000000000)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3025.923065][T26960] FAULT_INJECTION: forcing a failure.
[ 3025.923065][T26960] name failslab, interval 1, probability 0, space 0, times 0
[ 3025.939700][T26960] CPU: 0 PID: 26960 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3025.948149][T26960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3025.958215][T26960] Call Trace:
[ 3025.961499][T26960]  dump_stack_lvl+0x1d3/0x29f
[ 3025.966196][T26960]  ? show_regs_print_info+0x12/0x12
01:50:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
write$binfmt_elf64(r1, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x2c, 0x81, 0xac, 0x3, 0x1f, 0x3, 0x6, 0xcf6, 0x270, 0x40, 0x365, 0x6, 0x0, 0x38, 0x1, 0x8, 0xfee6, 0xda38}, [{0x1, 0x7e, 0x3f, 0x4, 0x1ff, 0x7, 0x1}], "ded0baf91d71b9ac745c2fb07fa80fff7aaf2a99fab4a4c96caa91e9a2d27bc349c4341d8a7640dd170afcf8cb5f18ea15494685e1d4d7c1d753925db3471f4a22bc17b7f17b9ebc62324c4f7464382f0d0f1cde0b2015c3f9ea5460ab11e97a31496a87fd5e4e4d7f02a9df81400135b2429ba7828814113ef4b5e7a4def5b9d43e26884deedfdb43f3e53380f589e0e9", ['\x00']}, 0x209)
sendto$l2tp(r1, &(0x7f0000002e00)="054f876c3ec85dc02f4e1a90da07745d458d7d5f2345369eabe7a0a3271b156aec6f078aa0a6880f71a649fdf669e6185f4a67c99ba7d19eac1e60dd7c725b21ee542b4228f337ea2a3610036af3e0eb5e2dd623c97c9f6068b96f27b0fb6a1f902f3842b3609514e4017d08dbb79fd0a3517c50a049a15072ef4b8a83b0a0368bc27ba3a9e696d8f94f86d21f678c4381df79fbe0d6aaea2aeee4d7a7e3ed3848e5c13eea", 0x10, 0x8800, 0x0, 0xb)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r5 = gettid()
process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$binfmt_misc(r7, &(0x7f0000000000)=ANY=[], 0xfffffecc)
openat(0xffffffffffffffff, &(0x7f0000005400)='./file0\x00', 0x2100, 0x2)
io_cancel(0x0, &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x6, 0x6, r6, &(0x7f0000000a40)="7b2b5abf44e343145cd8e7fcee05c9caf96a7bd35eb379201de193f5328a54a2a2e6a42401bf5419cfc031fedb2fc401fec592eefc851eeb3d93060c3804215ed3bc490263784a0577a1521b8eeb95f0a4695247e1286b8d6fb86c13f8cf60f8", 0x60, 0x7ff, 0x0, 0x2, r7}, &(0x7f0000002d80))
perf_event_open(&(0x7f0000002b80)={0x4, 0x80, 0x9, 0x9, 0x1, 0x93, 0x0, 0x0, 0x40080, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000002b40), 0x1}, 0x400, 0xd6, 0x5, 0x8, 0xffffffffffff0000, 0x8000, 0x7, 0x0, 0x1, 0x0, 0x49}, r5, 0x7, 0xffffffffffffffff, 0xa)
r8 = syz_open_procfs$namespace(r5, &(0x7f0000002dc0)='ns/user\x00')
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x4004, @fd=r8}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ntfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x3f, 0x9, &(0x7f0000000900)=[{&(0x7f0000000b40)="7b64400884bc6220017e85fe420ca9614c60110da73cf6a55105532cf3802fbf07e86a73741bfe66493346db92c87ddcaac8a0b29bb11d99fcac84c95479ba2cd92a89d4515263fb6ea7f25e6318c36e645cef8e55a6932f59829cc2a21ab17d0a93a4378977fb70e5d2f7913d73f78445c80358aaef4b18b7f04039da95f6a6b56fb000bf629b99608a93952561a89d94a94e268417fbc9995960cd62c364bfd3c27a86bcd31e01fd3835155e898630d9ea16accf774f4dbcbcf4e1a0d9cad886727b514702555c6606fed7f231e72ac5ba0c679f6803131bf1e9784dc8ac5122fa1a44ab3e7f575717f6d05cb7dd110aca8b99558462211dbd0859a1137d5a1131d763d686b044c2856b58189c115884e48d1391d31f32311c1b89b65b59356d71bc1e64408d0246ca6cd82c8662b4d8d040df540b7b0b5e6ea54cc2e15eaf3d821984134ac6ebc49285ee5ddab8e999d5f054ea8bc5a7a510e080e9fc0e86ae31d83b8029415f105bcaba72934509d3b46b25b0bb9cfaa314a066c19b8eac733908b0b5767be54278df95763bb19509a0d4f6b67cf99c02575932e318b9a052ac2822bd0d5d403ddcee4cbc5426e8be65b90e179ba3d9fb1aa9eec2d2e5b5e0589326ac492679e6b67199aa0d845bc12944f71590c68a7af07c3fb50a3be322901a2452b4b14a99fcc6c039241c3fafd6423a8fcdfb970f4893948dbfe92a617e2fc3c863937e0028dd1e1c9afed2bbbc43c0dd08d01bccbfe4baa5989fbb3706248f484416badab3a52f9af54f0e1c1150b1d8387fb38b94b94bb3707a47e759c5cac03ee3ab486089a1af64183cc510ab63e288f4dd1dee352f3d730d344dd9dd74104cabc7252b0f228d935e5ae6bf3e7f7876ce92646388bd3aa2534cf13d28df40af21e52de9ef322e3e77387413eba361d3107791c641340e31678bc0927526491a776844f5b6bd4aa6871efc423b7ec8503db6c2da9e90666ed1317c629d4386120b88abf3abe661ba562a7ee3b13d15f761dd6927ef4b2ea1b339cb722a0459b02a27140e85a1a05da7d08d71b69e3c4e7e4aa3f9c928839ee4ef02295cfe0dadcff8cf455ef11d14f0c215772bfe3a17b04f3af5097ef8e6728544360e8ac333643621ca97d6eb8cc26475436ec4f74c5831acc32bf2f8474772093755fbf05790d6ca826516039082841272f21b4e2260016851b92ab42dbe296d9d7482e992cdb66289464ecc4ecb9218dbed6f482f7fdde340b4c57ee6c8cccca2dea3c00579155dd03bb4449c562b1d321d7cebbcbb8054d335b2148ceeb5bb8e98feee27bfd50a17b49f0ec61a0060b0e75fb10ec11c782576a0ba592d3550d57ebba70ab04d128c951124ac77a5e5e7884efe220dae9c4b596d82ef66ca63879467b490dda35649bc6687e037bdd9a068e080534d2d7f6d4068b959fefa7db69374ab998ebc279146867daa87a255bb387399b187cb12793420c303c9d01ba89dd74760909705ab8eb38b7c4234ae892d231b8abddf269d094ce02770e5f58f68c078a996f12e728465161486f6484b72e4c9ebefa01f5e16f3d5ecbbe3024136ba7fe1a060294570d6c4b3ff7ae6b05d518abaad99764643ece66b0902983c6a36b35fea599089704ebbcef5e5dd1c54b6db3fb904a9161cef25bee43d84e3fcddbbcf6704e0dd75e5162cc8b4c666f17a87e205dcc34046f2121cfb68da3d25f7ab5dd5e7478747033318b413f48e55f632769d15b19a4ad0b377f969e20dc7c8fe1f073b978c7e87abf928dade4f2af53bc5086e6a977dca97ee6bf7504ec7b2faf8bb9222352b8b0f4177fb3db8345cc5e9505097c522adf54fdb0305f2ffbe86a43a32bfbe6096da1a2e48b4cce6b3cfa83efabef5f7bd543fb50ea6d98e87d346b2d2edac3fa9a988f7fe57ab2ea50ef7f33aeaf89a0804fb03881fa44a809299e3bee57d4f3407c5aed05b2d3f71d13031db5632c368bd363943b0f43b2185eff0ce640d1d2e79a9d07f46060162820c91961dbc7b68960240ff1c3218440e6c1684870e2c1f80a842f6b076ff4b001bd0cf569a082912d55635513ae8db0d559967650a8e1341deaf1344c8ad6d272a3bb927fc4dc6e9fbe481b6d33215fcab8bfae6ed4f8f6c0aa2169c008ab385b9a05c0fcd3e92149aafe369774d181dfa9a13851f378c91b2efcca737ad79c0bc1533b798d6e5e43c76c7d0bb74dc67753662dd2cd746596df4c0ea8d40fde19453d67e182be28640e492cf49349a44ac4c94437b5b7f9e8bfc8faf0fb90eda217331402e15f803a88275b4eb20da3f9db31bcb307f18b28b9e59445818e4311965f638199e1337d196ca79f90586d261c83787e4e64fe4006be7cdde1856ac42ce176c6d59fe56ea8ec50fafc7790b19fdbf09a222927c1cf8884b8f17e230fd0c35e29d01020c3b8c4537e7317e2ca17cfa15c671cddd114f3ce5af8c7295baee0faea9f6747e4be14750aefe60cc1284cb42984a0894dee0c29d0b8a0e55b6b0351002dc744d514827f998dd4582ecbe813a84b355bfdc4e75495af2d5fb22d75d53cc114aa98d1bca0acc2f59d695a35dbaff9c09fd99506b5625b2a753048ae7fc28fc8abe52d6d6ceb1563e1de9cfeb63fda0d7dbae1bc2e1fa3e6f5f4d1bb62cc046f36d09824cde76c1b40795b396676bb9243a7ba3c02de947e5c38fed4ae0eede74678d8ea34b43169f896b4c24b498af782d66194b965fadd42f115b862c7fa23b8e9a0e11c15b65ec9c5e14bcc3ab1703864de9e6713e54d671ff53e8b8a3aa268d80a5182d950faa7b13bcf1b332d108c8ba0ce772765902af5e7dd22dd92f2e041655003121d011618689521dcbd8701e4eca274e5111806d5ea9a288bd00e00ad4defdf5b650987a6b3a37433d225c1d9047f89ef8e4de6153bb141b42aec52a15129fb03235ff2a948a3d68e1df522858a05f92b73a5784124ecb5907c58604e21a073e893baf52dffe70d44cb76994616872d65964dbf8bd45dfb8a28fb4718a9184392f125b6afa60a1d5644dd8a65dd52a848cef81701cc86b2e3d509e61b043747ba2c6af5afaf2cb77b73537e15b4e79318b41f833dc42ca3ce07a35b911f8e994cbfaf1817ba69f0288fe40c68a2abe217a6a400d108f54ead9a41aab09c29ed191199373241a1f1937bc5cb12bd9e971457941c4e10af40b524509da5f8485e178fc2c64779505b61328132e6ffe22df49777c54309df5c076c92e5aad14dad716cb1c9a6a1db244aa507dfd035d298c0c98809686a11cd5453f2e97a9d57fe0cf771080dd4ed0db8c0f8cd77a52f84f3ca4cbba19a439e65f565e9d099ff00e9118076909dd9163a30f5a65e5a4b812c897906503140f73b1c105badc89610bb49fe7c8b63e7f636bf74f90c000dbdf2b040e7d4157b36ee6aef665c128dff6b4e5c6171379836acb464e37b11c99992e4919b3e5e2eff47342f389b8321d2b87ca5ee103c7a6c7dcb756e3d5d4d9e3d33a5a3e9c32d25f487b6c4949d70835e22f71d5c1a6f7bfa3fdde954ec9f0871976dc23616ffb0df7ac23ea40cf252d88e402ac1005bf8cbacb726ff4aa1be48e4c2c3dc0fec184594eb6ae3d80bf7e453514db68ec61a1d77a507c449385192bed3c1bed53d656efd0ddfea21c8abe9cb714945378554ea64e08e9a39048f53ad2266efdaf7baa0abb13a22d7b8319204e0651436bc104becf74ad6831ee421f12856512ab664e64841a2e43e39a6e626111fc9f3a584c960dde9502d5275aef93003b83cb5ac212312264a360b00d152b2ea3087ec0944e38d64e0521bb96310b6ad866ded28b30514b3151b85a23d5dd9cf8b256b63bacdcd755f22a09778f63c21b26e27f48579128e175590d08f62ea4549e3e0736ad2021ca1f745c9425649f8d9d2cd53410425e8fd8c345934ec8d1d7152de6b2432e8e7e38b901b16e8018deefdb429f07f0848467dd3fe6df80cea7e35f004983991541d8fba23ae88543246abdd63a45f1255a3fe2641632bf6061350c6c0e124b8209d88c8dcf38dd7bf59e4883a794b028676e2972c0f266369d0402668fd21ee982a1505acd909da237ee392c38ceec2a21c24208050d3bacef83c4f0109fe1821d8c6c6fa707e3f8989dbc109d8cc5a5876b81b6f7d10013de8954a6e7d19e099db69bafedb2e0e5474741641febacd6e0eef62f4caf387573b6f742769a8ab630d609cb23ba66429f0dc1ca67fcb197b4de5436be16772b795aa646eb3fa722e9e15039390d04ace5ac52aceee5a386e3f3ff6a107aec7bb3062196a07b5e7910ab725c73dd677bb7b904215af537b846b056e4887bcd611ba695a31f565dd4595841c0122139be6bd9b6bf49c5f0e25f19e1318469595a04cb617d7a382487742330697d8d0fe2c2d0301a64ba3536c3d9fdba15b43b898bfb5dd53e7206201c128a0d000d1ea3f69bc587bfde88cd260361ce9f03a5780b2350db03b31f686eb4475c34f249579943591ae0e17ddf2439162a0b5e1c774c10f30ab7ec95af4818b477f0c9f76f118e05feb1a2e54136183ab4cf3bb83229b3094623ef5f5a3e11dd384f5e349d871f1d46a6fab5b9f91370782e85cc62e1da650e6075da47998a06ae265117b2af44b468581d610bc549915e4e643ca7b4646ce7fa27bbf28c04ae969b1ce5c5e291d8acc6f2c68fcac90595325079602e0d6f3fcd37cd8caa71b9cd74ec3de988fe26ddfbb07f3e4ab3654ab641c68e5da9e1ed6c6ae6bb02d3757656e909e7f830a0968dbd97b3603769c3b7455fe6f7efb7e35d9348b36f7ddaae2995cc1a79673dfcdc2ff78a87f95171ed80dcc687569b0f0b58f3caa522a59bb62546cae2c9fa8a20f5d979a850185e8ef352ab8ca5af672c2c6487b8b1c6e562e8d9121694949a9e6714fc1e718a74695600957313f594d1d08c68e2867208456cdeef2163e042150f19811c811ae2468a0a23204c102de5877dd2456583177f117d64009dea039b261a61b21b40fd802665f63c04eb9c3af726fec260f87f102f4984eff5c88cd2a6fd9be08234fa45d491587cdad44e4751a8f765d49429509893196df0d8d73b7fce816affa777e4ec17b6432e45121ca2d268209aec9f57baedac3ab055cfd210f0caae013e86f04364bced19c74011ec36a75ed294dca11fc1179ffb1011d9944c8f64c562632af6f7e8c00e0a5c533a0351e3c9ba6493263f479f3d15e5d4fb3b53e386532a05107f4b95444675c3457d4d9dd8ba96ec9dd5147cbcbf142262622760b56bdc9a9e72650d7369d20da587310ea87f8a8288faf731399bb4725a9db26b4354120cebe5ea13713ee4f53478883564dd4ed48fe1a4667967f00f6267a10c5b908f759b89c974f3a8a1ef30d5637a669231c77896768441039c3e1f385d17fd15c8bbc9617337f83ceb7b32013badbebb83597971197899207a49fc0aa20ad64cc3ae1cfb74f4d2ff394c16c6680b70adcdc9fc9fc7fbf8979e2f7ead97b1b2f93b039362a210a7974ff68d027cce5c98daa2d508474ec6c68e32d77b01706468c72d1a7ff0250f3ade49a620f6001e92d74f68df7fe7e6ec050cd2784d04491370a559b49df0812a814fbab63e2659fcaa130ef7787c35dad4325af8dd85069b72dc4b84cc0433a01da76b15d1a53b64957167b8eccc4a70460204300f2b601a6c0b5f4e814dcd48a60d662442d511df0b3853b5c7b30efc5fd9ceae20d94ec26b41273a6e4916e1941c74e91f53d341f3784fae9f5e098d4709042df4d404dbfc", 0x1000, 0x5}, {&(0x7f0000000580)="d46cca871ae38a055b359ab982d6183a51fb94b31ebdc7a0010d649d926688c70601c6ce50078eedccd42c80fb12dfd59a5f677878834c6e2ef42ef2dbcbe694d195567d70f8aa310a6a4d175198d8336af6f429e3fe0257ddae342e842122140ddfdbcee1d6058db860c034ede0fde7765d17278bf6a79677c3671f23ae2cf809a7df3a98e8f1e86b2a9305ef4e4550fc913f84654064dfeded78cbe5924376ebc0690156b01ae33c919d6223c8154579b1f3fa7a97079f8e8b684f78fad7a7c380065613d9e5c5ad934ba6eebe62b21ca249b908", 0xd5, 0x25b}, {&(0x7f0000001b40)="83bfa4571c4bf893e5ae09173cb62b092a04f67f9b4ad5bfafdb91eab5bb12c8dc9bec91353c9d548f5e8482be3e43252e472e0a7df35e379c11461a84cdf314fc2f85741de9829a167490ef08040ccd79d6696968dbab981d62685df6f5eebb81c5cb35caf2df167d35a68ba4771cce83d3f1ceb3946d0e72ecd3cbc04f4ad4c4ae9cf730d7a1b985b0571f4da61d429c5e09ea7dd9b722c83cd55b3529c0df36348c238033fca3755f73622f1a1b46cb28875577eb4ae22cebff8d361596e595478a94bb53c1d83f82c3f6bf19ab58d1a9c33c6a72bb18e21157118d873302f38e1fd2eafa9829deeef66be8375ee7dcb495f9535a5ced556b0748e9976fe9e401d75987df61c6d34ff413301a80e7cfb6199d34a1519405c1fa8de440eacb26d26f0b5041853954204249d68206830fdea01da0619db7c19bbdd3030c0c8bcc3cad524d53043e43d565fbe238dbf074d6fd3395f6384506589bcb5d511aed61964a5389bcaeed8b95b216fd54fe7c028ac9f9299ff7bb1205fdb4952ff1f2a2f09e78e9971e7369a8868d4d96688425bf435016ed9f41bb9314f4b2b32fe4489e24d83a8567a5ef9d6855564808967a959b049c047f6bd26a8e653efa00b017617f05c570957cec963917deceeec94f8b3bb477ba5518b6edb6f27ae13cc066b084911e407848d142d28cfe6e851a7950a6475de0a22ea1a156158e966457f08493cf923c4c455880ff0c3837dcc0e676405bbec84441b4c1c7bff9c35ef6d28f1f1bf3e5bc35d1975e5db1ac553045d8c66a86e74824c7df8992c1d159ad468fe4f6317a46636555e663c1c26fbea76f85675b167c40235f8d0346ef335eaf182d197f8e891df4106fd882895b45f15715e69d5e7b5dc91c8067d2101cdb17ef1bfe35c6f486199787bcf3d9551f3ad1fa1c6c47cebb85afc20b5a41ab64b4ab3460399888b5b64b831cf8be81a8bbb1088db3e61e850857fb5e4b4403895b45cb65f67c1afda078f633dd5bc98384092f3299337e0869bf61f96728a2b278ec836b8b1974dbc90d0d04999823d81e6f9b026bd6634184a69d07b5be4dbb4e0574277a5a84188e1404852faadc2f7f78d90abbdd1e7931580d3522ce1c7207710afcaf80a183c378b787d9a41b2f9f96cc898daefe9e4629a9ece5e4ae48bf64aab1651e112613bd4b71ca20b83561dc8938518e679cce6c9ed0fa31ab53bf7fc90d47bcdd50901773bd1ec6d60214c9b562bbd0238fdeee9e53186d548218616366272397cf7e0b6557e9d8932bb9b70dbc5fd37eb521d66a8bc8ff65215be824476f70861290eaaba54435311f3ab2dfc95672dd8e0d5217e16e13abe23e0604914962d3a91bba6df8b34ac00614243ff405ed372d029d2c8b62ce4d6b73238218c9b7a6e7b0f04daf90cfadc872bb3c99592a5b2f6fde02bfb7c87d6b774348d588d27b52dfedfcf350bd55c751ea09112bfac556831c7a4280305af490fe7d9f7a51590b0f6a6fec0310986cfd432582b6059957717a6a3268156482e02427eaca06f7cfe018b5a85a6bfe279965ab0892074db2c86ad3d9082e77a9baf5ac1c759dd3bf1dcd79d607d7f191caffda88d58bfd921257d66c807cbca99234e4a9477806f4273d4c4fff6d9d995adecbe94d70485faf079e27294286dabb9eae3e37a636e30b083a2c4d37bd0c91e14f7f5eecb1a9711deef1947794e13867cc5e58e090d19f7c2a9a6aca599d3a54eca2efc5bf9cc69c223f08d025d8f6302374baf97450c48a592065b7ed883d6d3fee6098732c9773fba7f03c336274a61b7632e1e0127bf2fbfa7d3971381d7fd1fcbba65883a9da4c48385347b00d1c4f008d46f766cf794f579d49b4dffec03116d3f95ac3cb7163d715a6c2105881afb19c2ae062657e7e03cb8bed83f17b2792c02d477c767e206b67a8264d2d0e8d26621620dbc7cdf00283e55ef72194ff67f9941604172b039ba52449f902d5fb8a08760fc10acadfaf119cab5b3f5ebd725845164c1dd02a3233aeb65cfe059030085f975c1dfa796847e278e8b645d6ffcc9e430550a9d8355ef88b7d8c5bee963b3c3c41c1e5db0cb76a79a9aaeeca882f7b6f6ec03dd04308be4c71ff9eba14c687943ea82cf30b189cfcde8f03ed834839ae96272f15221fcad9497061b5af5fe6ab031642193fdd225c6e14537071e80f70ed6493d3690e291bb03f22101a5e8f50743d17d3ff92f95a5bd44c1154eec474fa03fb05b225ebb5270280d8fbce7ae00ab31820f4a6c26e35cc951a08dcf75a5041673e36cb48f765c63a50af653c80266973727029bc6f7837371fb920286da3f742107132ded9eff69e347ab9539f266e871706ac3d90473d2857b28fa1ce813b74fc48c5761e8c80674988795015f765d378859d32d650c2aa0d2238551260c7f0d48197bf8b33dd63614b9d9f5d60d3ca7fe00d508a557c67e3c42239ce4e9998515c8873140cdd8f981200356f97ac0d8ccfb0a558a750ca8808840ee7444647531d4e9e76b77c3d4124297e1cba9f625c6359ddd76b2ac0e0139b11901d210433adb7720395d5e1b1c95279e10f6a8f2d3d3467c756042cc400df1e2c16105f57dcd0b7d1508bf7c1cc4e621539845d1c6a691374f295426f399441a6787eaec01130da25e3dce70b4ceabc09d5423c62bb6f3d8115e497360c56bebf2a01b6bbaac4706c7d958737adff188e3c1d4799aebae6bdd7af28b4077313166a98d15e2dad6f4ee9c8ecd9f3dd700433ffb977c8d4b2f91007a7fa0ab6c0cc8c76853ee02dc480035f50d06f385831da2db8f35766f5b7acc7dccb5ae0b3a3758bd666240456498d2a78f1eb3b32fbd818794863f834cf536a9b02f05817818d67d73fc07e670256ace0fb91671c6b043fbfb09bffc7862dfd533d0dc26c836d637797ba5be45a63c619561c4fd8525102fc11ea18301cae83a069e044c1e8a14c3ad236fc81d9c6f5be418a87745cd442046b6f78cc966154797b0905fcf93c689a7f3b35435de4544bf1ce1f3f45bdba97ee9e348c483a364d59f45c5aaa6e6816a670e58bedc037f4b2959ca732fd42d5b64da41ecc41c9a6dc26717312913822f9bf9a700ebf5888238382541ec983b9c605f01ca41a7ee3f5b6eb37c0459b3df04310cc17c04b5857604636e736ffe8f5679c9d3cb73a7f09f197a6fc291c3d29263540e5ad4afb5684ae7fda12fda3dc1262959e86b5822b808d09b3364c15c10dd917c04fbab4247b406d0fe761e05cddf354b8c501b90233e67a7c32f51441475b8afa63905e9fdaad20cd5637e358a40ae639d7caa9de79551d26ece95458995e2c3dfa3e1bb26a15b45894afd80a83dc55282a917dc7c5996eb9a31b9621ba0eef84139f959da48822b7989ec5fdd9180cae88a4345e8ddfb05c66c2ee45a51037211e1be716ab6d3d6915fd9654dad8ace1f2edfcf492b4c8bd435d99b18605756f58388a722a8986ad96ef548d63d30e63a401c7c1b8c428cc9d7843caf6df15ff81028a2fdf73f40d0381fdf95f8092e1fc588265ad1e0661e8ecba93bad8091ad23e722c080925e21a71b5ece40df21894d5ff02ca98c5ea72e45bd08981b17e66738f7608f1923db3f0c4dd95bfd228c8f6b5bfda3c0dfa856c9fc18aa173581715d2293b8c1854aaeae86ba83d1237c1405cb97f8e5196592c9d075cfb54736450bb9519ab50f63f6531b751ce2d7fa896400c0a819742c06bef9988eadfacd40a8c0e2fe20573f963cb312181951d8166dca360110b8f1a10367f59bd736f74a1fb50ae6532015f62d3d85dd62de6a5be85c85b6d55dfb650cfcc515bb273d6b02e877c07109c0048c8092a529bd7c3d1b493782782c316316e90c2a630f2b7eff396e1f70ae6873466e1fe83274f35ce5b7e8c3a1d63761a276edeea6e5218f10a1701555103a3bda30837d8a44ae4781b999e7c1cb71a3d6a7586551cb2711cf983841eb68e6d2baa60c1a526cbfd4969456140b2d7d8f1e007ee61d79373214e1506112344fa6e62075d28de2a93961ec3c1e1894170e7140ea1e922c081bc97e068ff686393fc09b06af199db29e67b3c22225e874254263e91698f7c3a5cbabc4d78907fa3a1c8cc8cdda3a4ad8e0dc0f5a95e37680da4138dac7cf8addf06b65080df62c7fd68da8a3ff74a391d8074a6cc8c1eebb3bb6d3689132724c070efde10c6ea8f8e5a52a8a683dc045478f420ebc0b4b8966a82181ad6ae76596e581c9ade1a61db2e47a9cf54b897eb4e8175915470a8757a0cf236a5466a1de506ecc9a332600c6e02478bcc603f15e59ccbc91295603d6f290dad48fc836eeb45222429b3a66fcbce4894b8c0b438deb148adea5307b0f6a140d6a4a7ce877948b8564db559d6ea40888042d4ebf687fc340c720c31b5011cdf6643b06906c227cde7c4a3b226d4f81c9402b79581bf61782de9db48efcd93311b6f004eb85c842db56012780732bcfe63915873ef1c94f85a7216eb4362526eff35baba7fb8494c0efe082251794d509fe33d390a998545a217388f6405c4d6deb35c9bf5b3991ff6c2cc841c6b0c3b6409bbbd64cc7b70765286567e28e33d875258e69063a7d6255eba1784c88b04ad37581553fccf6a272af82a975b87051c3ec95a933cfde7a892b3d27c4ed7e21f1c4a04efe5407342a9598330d9c05df9fea3106e9c62a4dc6613dd29479a7ca9840bce3702636ca5e83fe415ff8d7479876fb0a8cebfa9529471886d92f5246825da7629050582d6b9c3cf8144c92af6d35bc5f50d8851851016cad4bd39f583b02729849f60a4e99edfe01d9c5a4d384773d48f04447f2fbb5606f2508f3958e76c4ab7febec5e08c3803590e201ed6f60579c10522a51c9e6c844e4ac07b4d2ac851d943792ad64f6ff036601a36735f65fad0ea0184ae06aa3599146fb570b9dc421732d5bc7e7e0521aa5bfc75cbe1441878201af301f5f5281e4bb4c0e12c00e7f4515950345dc6c7bb97553780a5e5381b094d4f498af1f69272e5c7fd6778e6da07e2c973c67d678ee98561f647410b75dfc450392c38e8dd828266e1d503f78962bd4d64901ea947ac5fb45358fb653d8f1efe4ac04a1b125da85cc9311f5bfe294450fec23ce6027a842bc9ae90f75b2ff2cf26091ad03e838b55f6561370ab92d952631b71533afecbe73d80339614cac285ce9c454eabebe5ee06f8fbacb2414cf26a82c207fd939065dd00b5f4c300b7141296e60eee9996a060abe1fb00bd392e1828cf21866a2926befe94ce14001060ee790295c42f7caf382af5e6ba32632e6d894e9a032c468b257008959f9b5f8a1c91f60c53675a6007235434340c19746618e1388a71bab4f69ce77f9f3d9d674e3d80184009e8f51abedfefd1a14ff066811a55fb5749c37a59026d997327d98c404a9ad39a25e96ab205a5d8f1503aa2c083b711c1c00ab93abc945b3038e3ab1ea7a372d3b00cecab6d4e610cfa462843ebe2769a63c59b928bb298fb11ece3b295b935d95da44814b380dc9ba33479808c4aaafee185539967810d0d36b5b977f89a9ad47a746c494e6a997836676e0d805a4d39605e7676a9a47a71eb9f86dc0b3099f2b8f88bb876dffac9838dced6656753b8c48c73bc70d709890fbf3f2ef3a3dfbf5fadd7e527196e75a5fafece5a1f321f7db4f6acff85ebffb292eac49041ea92669e7392bbc0935d60401755944f1b748531570d9c163956b23513d29c2f834bec08debfedc0c2186873b7bd2db7785b3f5b557fb9af", 0x1000, 0xffffffff}, {&(0x7f0000000480)="6b0db97d569c199f6f30a6579161f5f6cf10f0caafca7dc6f2e4512f98e8a202c582a137b922b0e5b4806d4172e6633ac80a31b2d1e38958af5b44d119397e545b61612c137965ba7ac585b3611a23a2ba3b53eb891f295fa0ecdc61b1696acd2c65c35a5691f0e3ca5a", 0x6a, 0x8000}, {&(0x7f0000000680)="cc67ae8bfab8768028b82993b8f6962a8f95d2a8cdbfc2ea61c3c30dab1e1e81a71bafd10eec99aa96e8a7a4ebdf0dbae3872d1b6ae2dc73dab0812da2aaa69d2e0b7b3ce330fb7397441c060b170e83adf158b1c638f21c15adcb8dd47bf7449e29877fc14a7173d6fe6383e9b215e6dc39099dd47385ca5ee2f42299ad71aa06738e02c1d37857edb953f2e6f40a78864a6674e13d01938644abbae1b1f7332a86ec3bb5fffa4c374d9eb45c502f18141fe3fe89df664a6a10d17313bc7a793d1e39c1ed821bcfaac18a276c22", 0xce, 0x5c}, {&(0x7f0000000780)="c2c6ec6f35d59e1fdbbb2f8113d9e25351c5fefcedbec8a3a505f02ff71aafdb8f9de4697a2b8d371ffd16eaec201bad06baee7b9313f70675793ab61098f5fe9ec3139a9f2d1bbb32bc1b486aa4dfaba59cf77cf8e708c267965a9b8c6db221122a223251a3cd6460544a083a29a19895ead34a1c021c1e12e77d7614b519986981189e6a406c7584f95795d323b2d778f921dd647f8c7482fc1508814844", 0x9f, 0x3}, {&(0x7f00000001c0)="ad3f89a24c101227e332c4f95286d3e2f95b49902e8cfc7766cd772548d9861163a9002585cf527394d0eb581685964c47506ac6e5478098164012", 0x3b, 0x100000001}, {&(0x7f0000000500)="b0351d553c157a1d073f54be00c459382bdefbda56f6d28dd7780282ac7e13a5a9419b8850", 0x25, 0x1}, {&(0x7f0000000840)="e3579d32574821830989abe326f4f2bdceb96e55d06ef6e9fe010b2785866b40ae2f6ed820c6cfa1a088ee78a151b65c1d28b8475dc30ec0f439d0b8fd91effb8e7de845368102e569645f06b71b1fb2225caef0b583fa2d598e82c4938d007e0890beb7e63aeb04833ddf6e0b1391158beaeb7a960971cc2b9ac021aaab5760d7960519cbff6392e59c393cbc2e89839e0e1b9eabe6176de1ef6e28f2e05196", 0xa0, 0x6}], 0x40010, &(0x7f0000002ec0)=ANY=[@ANYBLOB='nls=iso8859-14,show_sys_files=yes,disable_sparse=no,disable_sparse=no,errors=recover,utf8,utf8,case_sensitive=yes,fowner=', @ANYRESDEC=0xee00, @ANYBLOB="2c3440311055bb4dd54ce9e610988102a83f2fc1204e733701bdad5e8fb24a0caf83c15e7432f1ee7e18a07cac5c7dd2b214a8b136325568edbe8366d7f0498502ae35fe41f0c27f3b03c18b9b44ce7497a4491a98ef3bda368612e00642e5a4bf94d243b9d30370f20e4a41bf1746fc122a51da1d09116ec4420f93c2293ad576025a4f1498fe9ed859c5c28bbc1a818c520f875fa57715c851d6c9b483b59dc9d09085da00000060b2dc6a0eefa92e4f76afd65e366ea696117212fad9d8dce22865d74f957a33ae8099c0fbae464df992d415beb5199615f7538023c826780e24fe8a1c86183abd3b222ccafd2e2773934171abe8049fe8"])

[ 3025.971408][T26960]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3025.977138][T26960]  ? __might_sleep+0x100/0x100
[ 3025.981915][T26960]  ? __rcu_read_lock+0xb0/0xb0
[ 3025.986690][T26960]  ? allocate_slab+0x373/0x540
[ 3025.991461][T26960]  should_fail+0x384/0x4b0
[ 3025.995897][T26960]  should_failslab+0x5/0x20
[ 3026.000403][T26960]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3026.005615][T26960]  io_submit_sqes+0x601f/0x9e00
[ 3026.010473][T26960]  ? __might_sleep+0x100/0x100
[ 3026.015263][T26960]  ? io_uring_add_tctx_node+0x330/0x330
[ 3026.020811][T26960]  ? io_uring_add_tctx_node+0x74/0x330
[ 3026.026252][T26960]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3026.031788][T26960]  ? trace_lock_release+0x4f/0x150
[ 3026.036905][T26960]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3026.042456][T26960]  ? __fget_files+0x35a/0x390
[ 3026.047115][T26960]  ? __lock_acquire+0x6100/0x6100
[ 3026.052122][T26960]  ? account_other_time+0x63/0x280
[ 3026.057216][T26960]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3026.062834][T26960]  ? print_irqtrace_events+0x220/0x220
[ 3026.068294][T26960]  ? vtime_user_exit+0x2b2/0x3e0
[ 3026.073233][T26960]  ? __context_tracking_exit+0x7a/0xd0
[ 3026.078681][T26960]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3026.084668][T26960]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3026.090225][T26960]  do_syscall_64+0x3d/0xb0
[ 3026.094648][T26960]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3026.100547][T26960] RIP: 0033:0x4665f9
[ 3026.104441][T26960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:36 executing program 0 (fault-call:8 fault-nth:70):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3026.124047][T26960] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3026.132448][T26960] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3026.140409][T26960] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3026.148376][T26960] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.156327][T26960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3026.164281][T26960] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3026.214854][T26970] FAULT_INJECTION: forcing a failure.
[ 3026.214854][T26970] name failslab, interval 1, probability 0, space 0, times 0
[ 3026.227729][T26970] CPU: 0 PID: 26970 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3026.236166][T26970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3026.246224][T26970] Call Trace:
[ 3026.249510][T26970]  dump_stack_lvl+0x1d3/0x29f
[ 3026.254201][T26970]  ? show_regs_print_info+0x12/0x12
[ 3026.259388][T26970]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3026.265107][T26970]  ? __might_sleep+0x100/0x100
[ 3026.269880][T26970]  ? __rcu_read_lock+0xb0/0xb0
[ 3026.274641][T26970]  ? allocate_slab+0x373/0x540
[ 3026.279389][T26970]  should_fail+0x384/0x4b0
[ 3026.283790][T26970]  should_failslab+0x5/0x20
[ 3026.288273][T26970]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3026.293467][T26970]  io_submit_sqes+0x601f/0x9e00
[ 3026.298304][T26970]  ? __might_sleep+0x100/0x100
[ 3026.303068][T26970]  ? io_uring_add_tctx_node+0x330/0x330
[ 3026.308594][T26970]  ? io_uring_add_tctx_node+0x74/0x330
[ 3026.314034][T26970]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3026.319564][T26970]  ? trace_lock_release+0x4f/0x150
[ 3026.324660][T26970]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3026.330203][T26970]  ? __fget_files+0x35a/0x390
[ 3026.334862][T26970]  ? __lock_acquire+0x6100/0x6100
[ 3026.339871][T26970]  ? account_other_time+0x63/0x280
[ 3026.344963][T26970]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3026.350579][T26970]  ? print_irqtrace_events+0x220/0x220
[ 3026.356016][T26970]  ? vtime_user_exit+0x2b2/0x3e0
[ 3026.360934][T26970]  ? __context_tracking_exit+0x7a/0xd0
[ 3026.366377][T26970]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3026.372351][T26970]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3026.377932][T26970]  do_syscall_64+0x3d/0xb0
[ 3026.382338][T26970]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3026.388218][T26970] RIP: 0033:0x4665f9
[ 3026.392096][T26970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:37 executing program 0 (fault-call:8 fault-nth:71):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3026.411685][T26970] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3026.420081][T26970] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3026.428040][T26970] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3026.436008][T26970] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.443986][T26970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3026.451949][T26970] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3026.504990][T26972] FAULT_INJECTION: forcing a failure.
[ 3026.504990][T26972] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3026.518780][T26972] CPU: 0 PID: 26972 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3026.527211][T26972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3026.537255][T26972] Call Trace:
[ 3026.540529][T26972]  dump_stack_lvl+0x1d3/0x29f
[ 3026.545196][T26972]  ? show_regs_print_info+0x12/0x12
[ 3026.550395][T26972]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3026.556124][T26972]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3026.561658][T26972]  should_fail+0x384/0x4b0
[ 3026.566070][T26972]  prepare_alloc_pages+0x1d1/0x5a0
[ 3026.571316][T26972]  __alloc_pages+0x14d/0x5f0
[ 3026.575896][T26972]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3026.581171][T26972]  ? trace_lock_release+0x4f/0x150
[ 3026.586274][T26972]  ? alloc_pages+0x3f3/0x500
[ 3026.590853][T26972]  allocate_slab+0xf1/0x540
[ 3026.595461][T26972]  ___slab_alloc+0x1cf/0x350
[ 3026.600038][T26972]  ? io_submit_sqes+0x601f/0x9e00
[ 3026.605070][T26972]  kmem_cache_alloc_bulk+0x180/0x410
[ 3026.610349][T26972]  io_submit_sqes+0x601f/0x9e00
[ 3026.615180][T26972]  ? __might_sleep+0x100/0x100
[ 3026.619946][T26972]  ? io_uring_add_tctx_node+0x330/0x330
[ 3026.625474][T26972]  ? io_uring_add_tctx_node+0x74/0x330
[ 3026.630932][T26972]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3026.636469][T26972]  ? trace_lock_release+0x4f/0x150
[ 3026.641570][T26972]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3026.647100][T26972]  ? __fget_files+0x35a/0x390
[ 3026.651758][T26972]  ? __lock_acquire+0x6100/0x6100
[ 3026.656774][T26972]  ? account_other_time+0x63/0x280
[ 3026.661871][T26972]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3026.667487][T26972]  ? print_irqtrace_events+0x220/0x220
[ 3026.672927][T26972]  ? vtime_user_exit+0x2b2/0x3e0
[ 3026.677848][T26972]  ? __context_tracking_exit+0x7a/0xd0
[ 3026.683288][T26972]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3026.689249][T26972]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3026.694778][T26972]  do_syscall_64+0x3d/0xb0
[ 3026.699179][T26972]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3026.705055][T26972] RIP: 0033:0x4665f9
[ 3026.708937][T26972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3026.728525][T26972] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3026.736920][T26972] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3026.744876][T26972] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3026.752830][T26972] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.760783][T26972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3026.768735][T26972] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:38 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:38 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x400000000000000)

01:50:38 executing program 0 (fault-call:8 fault-nth:72):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3028.196609][T26979] FAULT_INJECTION: forcing a failure.
[ 3028.196609][T26979] name failslab, interval 1, probability 0, space 0, times 0
[ 3028.209497][T26979] CPU: 1 PID: 26979 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3028.217918][T26979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3028.227972][T26979] Call Trace:
[ 3028.231239][T26979]  dump_stack_lvl+0x1d3/0x29f
[ 3028.235902][T26979]  ? show_regs_print_info+0x12/0x12
[ 3028.241079][T26979]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3028.246785][T26979]  ? __might_sleep+0x100/0x100
[ 3028.251531][T26979]  ? __rcu_read_lock+0xb0/0xb0
[ 3028.256275][T26979]  ? allocate_slab+0x373/0x540
[ 3028.261021][T26979]  should_fail+0x384/0x4b0
[ 3028.265474][T26979]  should_failslab+0x5/0x20
[ 3028.269955][T26979]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3028.275142][T26979]  io_submit_sqes+0x601f/0x9e00
[ 3028.279978][T26979]  ? __might_sleep+0x100/0x100
[ 3028.284756][T26979]  ? io_uring_add_tctx_node+0x330/0x330
[ 3028.290297][T26979]  ? io_uring_add_tctx_node+0x74/0x330
[ 3028.295741][T26979]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3028.301272][T26979]  ? trace_lock_release+0x4f/0x150
[ 3028.306424][T26979]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3028.312000][T26979]  ? __fget_files+0x35a/0x390
[ 3028.316706][T26979]  ? __lock_acquire+0x6100/0x6100
[ 3028.321712][T26979]  ? account_other_time+0x63/0x280
[ 3028.326802][T26979]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3028.332416][T26979]  ? print_irqtrace_events+0x220/0x220
[ 3028.337867][T26979]  ? vtime_user_exit+0x2b2/0x3e0
[ 3028.342788][T26979]  ? __context_tracking_exit+0x7a/0xd0
[ 3028.348228][T26979]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3028.354195][T26979]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3028.359731][T26979]  do_syscall_64+0x3d/0xb0
[ 3028.364193][T26979]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3028.370084][T26979] RIP: 0033:0x4665f9
[ 3028.374047][T26979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3028.393789][T26979] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3028.402202][T26979] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3028.410169][T26979] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3028.418124][T26979] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3028.426077][T26979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3028.434045][T26979] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:39 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:39 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x100, &(0x7f0000000000)=0x5, 0x0, 0x4)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:39 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:39 executing program 0 (fault-call:8 fault-nth:73):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:39 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3028.602018][T26993] FAULT_INJECTION: forcing a failure.
[ 3028.602018][T26993] name failslab, interval 1, probability 0, space 0, times 0
[ 3028.623612][T26993] CPU: 0 PID: 26993 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3028.632062][T26993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3028.642123][T26993] Call Trace:
[ 3028.645404][T26993]  dump_stack_lvl+0x1d3/0x29f
[ 3028.650100][T26993]  ? show_regs_print_info+0x12/0x12
[ 3028.655306][T26993]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3028.661038][T26993]  ? __might_sleep+0x100/0x100
[ 3028.665808][T26993]  ? __rcu_read_lock+0xb0/0xb0
[ 3028.670576][T26993]  ? allocate_slab+0x373/0x540
[ 3028.675332][T26993]  should_fail+0x384/0x4b0
[ 3028.679760][T26993]  should_failslab+0x5/0x20
[ 3028.684260][T26993]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3028.689460][T26993]  io_submit_sqes+0x601f/0x9e00
[ 3028.694294][T26993]  ? __might_sleep+0x100/0x100
[ 3028.699062][T26993]  ? io_uring_add_tctx_node+0x330/0x330
[ 3028.704589][T26993]  ? io_uring_add_tctx_node+0x74/0x330
[ 3028.710025][T26993]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3028.715556][T26993]  ? trace_lock_release+0x4f/0x150
[ 3028.720650][T26993]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3028.726179][T26993]  ? __fget_files+0x35a/0x390
[ 3028.730836][T26993]  ? __lock_acquire+0x6100/0x6100
[ 3028.735849][T26993]  ? account_other_time+0x63/0x280
[ 3028.740958][T26993]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3028.746586][T26993]  ? print_irqtrace_events+0x220/0x220
[ 3028.752027][T26993]  ? vtime_user_exit+0x2b2/0x3e0
[ 3028.756946][T26993]  ? __context_tracking_exit+0x7a/0xd0
[ 3028.762402][T26993]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3028.768367][T26993]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3028.773897][T26993]  do_syscall_64+0x3d/0xb0
[ 3028.778298][T26993]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3028.784197][T26993] RIP: 0033:0x4665f9
[ 3028.788079][T26993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3028.807684][T26993] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3028.816085][T26993] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3028.824039][T26993] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3028.831992][T26993] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3028.839943][T26993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:50:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f000037b000/0x4000)=nil, &(0x7f00001f6000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f000046e000/0x1000)=nil, &(0x7f0000251000/0x3000)=nil, &(0x7f00000ec000/0x4000)=nil, &(0x7f0000fe9000/0x14000)=nil, &(0x7f00005cc000/0x3000)=nil, &(0x7f00001df000/0x1000)=nil, &(0x7f00001a6000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000180)="1181128db99b348203e6b38a801dc330e14768e188105441c502cdb497a7d24b84ea49582485ad746b1b0e5201f2ed301e167a14c66bc36b5affe2e6f428f763f329fe8a6f41e5aa11a5df057f18", 0x4e, r1}, 0x68)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f00000002c0)={0x80, 0xfd40, 0x1, 0x0, 0x0, [{{r0}, 0x5}]})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3028.847893][T26993] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:39 executing program 0 (fault-call:8 fault-nth:74):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x2082, 0x0)
recvmsg$can_bcm(r1, &(0x7f0000000340)={&(0x7f0000000180)=@l2, 0x80, &(0x7f0000000280)=[{&(0x7f0000000240)=""/42, 0x2a}], 0x1, &(0x7f00000002c0)=""/120, 0x78}, 0x20)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3028.941618][T27013] FAULT_INJECTION: forcing a failure.
[ 3028.941618][T27013] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3028.955474][T27013] CPU: 1 PID: 27013 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3028.963909][T27013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3028.973977][T27013] Call Trace:
[ 3028.977270][T27013]  dump_stack_lvl+0x1d3/0x29f
[ 3028.981964][T27013]  ? show_regs_print_info+0x12/0x12
[ 3028.987175][T27013]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3028.992906][T27013]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3028.998479][T27013]  should_fail+0x384/0x4b0
[ 3029.002910][T27013]  prepare_alloc_pages+0x1d1/0x5a0
[ 3029.008045][T27013]  __alloc_pages+0x14d/0x5f0
[ 3029.012649][T27013]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3029.017947][T27013]  ? trace_lock_release+0x4f/0x150
[ 3029.023073][T27013]  ? alloc_pages+0x3f3/0x500
[ 3029.027702][T27013]  allocate_slab+0xf1/0x540
[ 3029.032217][T27013]  ___slab_alloc+0x1cf/0x350
[ 3029.036808][T27013]  ? io_submit_sqes+0x601f/0x9e00
01:50:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r5 = accept4(r1, 0x0, &(0x7f0000000000), 0x800)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001100ff0a000000000000000007000000", @ANYRES32=r8, @ANYBLOB="006709000000000014001a8008000580040001800800000002"], 0x34}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000240)={'ip6gre0\x00', <r9=>0x0, 0x4, 0x1, 0xa2, 0x200, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x8, 0x9, 0x8}})
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001100ff0a000000000000000007000000", @ANYRES32=r12, @ANYBLOB="006709000000000014001a8008000580040001800800000002"], 0x34}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_GET(r5, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xe8, 0x0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [{{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r8}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0xff, 0xfa, 0x2}]}}}]}}, {{0x8, 0x1, r9}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r12}}}]}}]}, 0xe8}, 0x1, 0x0, 0x0, 0xc4}, 0x40040)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3029.041837][T27013]  kmem_cache_alloc_bulk+0x180/0x410
[ 3029.047135][T27013]  io_submit_sqes+0x601f/0x9e00
[ 3029.051994][T27013]  ? __might_sleep+0x100/0x100
[ 3029.056787][T27013]  ? io_uring_add_tctx_node+0x330/0x330
[ 3029.062345][T27013]  ? io_uring_add_tctx_node+0x74/0x330
[ 3029.067810][T27013]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3029.073371][T27013]  ? trace_lock_release+0x4f/0x150
[ 3029.078491][T27013]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3029.084046][T27013]  ? __fget_files+0x35a/0x390
[ 3029.088728][T27013]  ? __lock_acquire+0x6100/0x6100
[ 3029.093763][T27013]  ? account_other_time+0x63/0x280
[ 3029.098882][T27013]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3029.104534][T27013]  ? print_irqtrace_events+0x220/0x220
[ 3029.110001][T27013]  ? vtime_user_exit+0x2b2/0x3e0
[ 3029.114951][T27013]  ? __context_tracking_exit+0x7a/0xd0
[ 3029.120417][T27013]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3029.126408][T27013]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3029.131973][T27013]  do_syscall_64+0x3d/0xb0
[ 3029.136403][T27013]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3029.142305][T27013] RIP: 0033:0x4665f9
[ 3029.146208][T27013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3029.165821][T27013] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3029.174244][T27013] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3029.182225][T27013] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3029.190201][T27013] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3029.198175][T27013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3029.206151][T27013] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:41 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x7f00000000000000)

01:50:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x200800, 0x0)
sync_file_range(r4, 0x0, 0x254, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:41 executing program 0 (fault-call:8 fault-nth:75):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3031.227013][T27032] FAULT_INJECTION: forcing a failure.
[ 3031.227013][T27032] name failslab, interval 1, probability 0, space 0, times 0
[ 3031.242165][T27032] CPU: 1 PID: 27032 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3031.250614][T27032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3031.260681][T27032] Call Trace:
[ 3031.263964][T27032]  dump_stack_lvl+0x1d3/0x29f
[ 3031.268743][T27032]  ? show_regs_print_info+0x12/0x12
[ 3031.274120][T27032]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3031.279849][T27032]  ? __might_sleep+0x100/0x100
[ 3031.284622][T27032]  ? __rcu_read_lock+0xb0/0xb0
[ 3031.289397][T27032]  ? allocate_slab+0x373/0x540
[ 3031.294172][T27032]  should_fail+0x384/0x4b0
[ 3031.298605][T27032]  should_failslab+0x5/0x20
[ 3031.303118][T27032]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3031.308314][T27032]  io_submit_sqes+0x601f/0x9e00
[ 3031.313165][T27032]  ? __might_sleep+0x100/0x100
[ 3031.317924][T27032]  ? io_uring_add_tctx_node+0x330/0x330
[ 3031.323452][T27032]  ? io_uring_add_tctx_node+0x74/0x330
[ 3031.328898][T27032]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3031.334450][T27032]  ? trace_lock_release+0x4f/0x150
[ 3031.339556][T27032]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3031.345094][T27032]  ? __fget_files+0x35a/0x390
[ 3031.349756][T27032]  ? __lock_acquire+0x6100/0x6100
[ 3031.354777][T27032]  ? account_other_time+0x63/0x280
[ 3031.359875][T27032]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3031.365509][T27032]  ? print_irqtrace_events+0x220/0x220
[ 3031.370958][T27032]  ? vtime_user_exit+0x2b2/0x3e0
[ 3031.375892][T27032]  ? __context_tracking_exit+0x7a/0xd0
[ 3031.381422][T27032]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3031.387398][T27032]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3031.392936][T27032]  do_syscall_64+0x3d/0xb0
[ 3031.397339][T27032]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3031.403319][T27032] RIP: 0033:0x4665f9
[ 3031.407218][T27032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3031.426810][T27032] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3031.435222][T27032] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3031.443178][T27032] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3031.451142][T27032] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3031.459298][T27032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3031.467258][T27032] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:42 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f000056c000/0x2000)=nil, 0x2000, 0x1800003, 0x810, r0, 0x9ea07000)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f0000000240)={'syztnl0\x00', <r1=>0x0, 0x2f, 0x1f, 0x0, 0x2, 0x1, @private0, @dev={0xfe, 0x80, '\x00', 0x25}, 0x8047, 0x20, 0x2}})
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0xf, 0x9, 0x4, 0x800, 0x80d, r0, 0x8, '\x00', r1, r0, 0x1, 0x2, 0x1}, 0x40)
pipe(&(0x7f0000000040))
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f000056b000/0x2000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:42 executing program 0 (fault-call:8 fault-nth:76):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:42 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:42 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa7", 0xf}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x80c01, 0x44)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
r1 = syz_mount_image$minix(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x8, 0x7, &(0x7f0000000700)=[{&(0x7f0000000280)="b31046d2fb", 0x5, 0x6}, {&(0x7f00000002c0)="cc87944c80cd55a5bedd983431d07157e2d334b163d180ecffcc42edb35ef65a35ed3fb733fbaa58429dec5ecc9098395a43502fdae228", 0x37, 0x3}, {&(0x7f0000000300)="25afd8001958af87a96c40f832aa8a40fcbc4c906703c6bfd0562efcf59dceda0d6bf841735d854fc364aeb9c39da63d11e7c8bce9bd054d3111d084a3f83b0ea636295cd3ec8f7abda3d5225ef1d27e53dab5bd86e516058410a065aa9f970b3d2f1fd58ef96ad04659378d6eb893e2267a9a83c19b5994a82fa8410d0482068e933f35d15753534bd0b0d3be795f274cd16fa42f41d8ebe46ff720e2a7", 0x9e, 0xfffffffffffffffd}, {&(0x7f00000003c0)="1cdc591b721f4f06751a3f0b061344e3b64f27204209d243cc07e2f96c65e976e8dcf1b68edf2fea4784c8020d9c6d41ca1f6f6a07ab4abbf985612509674aca87eb5af60abd3955d23be28df0789edec1a217b353063274aad860801a5ac2ddc611dec70e78acc885810b7db5bc31fc9782530ecd403daaf6e458af84763e0c0a3d9106518de2962ffe1f500ad59863a86b0e30e05094bb56771472eb5b7ff828c76041c2f07d9c985390ac0a6474c383f59b8220ebb35d7b0a59b5f2cfe7b22a76ee9bf481a15ed44ce0038642a4016e8eab1cb332a450acc57f626f627c3dbd", 0xe1, 0x5}, {&(0x7f0000000580)="5b907894eae444b79184adc867dae29229247aee78857cf2802d90799391ded09877e256b69719c9250504a8f59d17b3a3f82e9c07892ebd36b6b834a332da2b052bf41dcbe3823e6a298cfa7fa8779f8bd5340ca98dc6ecfb62edb6f38eb511f0b4662771c69a72d75d05212b4bf93a328bdb0f9868c11dfbbbcf84fb652fb1748423625a745f75ee0ce3da1190fe2eb04ab8d8054a09b2c9ec2812eb65746e7a673c3b83b828a1dd8a2a91d3937b95f52558553d498ccc5f52c350cdccaf614beeb16fb63b8a59db51", 0xca, 0x10000}, {&(0x7f00000004c0)="69ad23", 0x3, 0x9}, {&(0x7f0000000680)="53953d9e77c6a64559d3ae71facd1d98e91f6f38e2b8d945f99f2a5032f35ad677cf4b8ebead471f5920818bef8b8f5745a4b6d801c6a1f1bdd1d3314f2782eac5ccb4107dfe30abfe6b92f7053d31de3e3075dcd6a7012b459084996b5e3b366456ab96ca72c81fc8248851dfe56175b1365d3294be34529c3bd5", 0x7b, 0x8000}], 0x800000, &(0x7f0000000500)={[{'+-*^$'}, {'\'@'}, {'\x00'}, {'-'}, {'\x00'}, {'\x00'}], [{@fscontext={'fscontext', 0x3d, 'root'}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}]})
preadv(r1, &(0x7f0000000a80)=[{&(0x7f00000007c0)=""/86, 0x56}, {&(0x7f00000001c0)=""/54, 0x36}, {&(0x7f0000000840)=""/244, 0xf4}, {&(0x7f0000000940)=""/69, 0x45}, {&(0x7f00000009c0)=""/131, 0x83}], 0x5, 0xd9f, 0x4)
pipe(&(0x7f0000000040))
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
chdir(&(0x7f0000000b40)='./file0\x00')
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x5, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x19, 0x0, {0x2, r5}}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3031.673247][T27055] FAULT_INJECTION: forcing a failure.
[ 3031.673247][T27055] name failslab, interval 1, probability 0, space 0, times 0
[ 3031.691807][T27055] CPU: 0 PID: 27055 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3031.700264][T27055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3031.710324][T27055] Call Trace:
[ 3031.713609][T27055]  dump_stack_lvl+0x1d3/0x29f
[ 3031.718302][T27055]  ? show_regs_print_info+0x12/0x12
[ 3031.723508][T27055]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3031.729239][T27055]  ? __might_sleep+0x100/0x100
[ 3031.734012][T27055]  ? __rcu_read_lock+0xb0/0xb0
[ 3031.738784][T27055]  ? allocate_slab+0x373/0x540
[ 3031.743614][T27055]  should_fail+0x384/0x4b0
[ 3031.748024][T27055]  should_failslab+0x5/0x20
[ 3031.752531][T27055]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3031.757743][T27055]  io_submit_sqes+0x601f/0x9e00
[ 3031.762601][T27055]  ? __might_sleep+0x100/0x100
[ 3031.767390][T27055]  ? io_uring_add_tctx_node+0x330/0x330
[ 3031.772944][T27055]  ? io_uring_add_tctx_node+0x74/0x330
[ 3031.778411][T27055]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3031.783974][T27055]  ? trace_lock_release+0x4f/0x150
[ 3031.789100][T27055]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3031.794656][T27055]  ? __fget_files+0x35a/0x390
[ 3031.799515][T27055]  ? __lock_acquire+0x6100/0x6100
[ 3031.804550][T27055]  ? account_other_time+0x63/0x280
[ 3031.809670][T27055]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3031.815311][T27055]  ? print_irqtrace_events+0x220/0x220
[ 3031.820773][T27055]  ? vtime_user_exit+0x2b2/0x3e0
[ 3031.825716][T27055]  ? __context_tracking_exit+0x7a/0xd0
[ 3031.831185][T27055]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3031.837170][T27055]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3031.842734][T27055]  do_syscall_64+0x3d/0xb0
[ 3031.847164][T27055]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3031.853068][T27055] RIP: 0033:0x4665f9
01:50:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000412000/0x2000)=nil, 0x2000, 0x0, 0x10, r1, 0x10000000)
r5 = accept4$tipc(r0, &(0x7f0000000000)=@name, &(0x7f0000000180)=0x10, 0x800)
syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f00006d6000/0x4000)=nil, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x5, 0x4004, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}, 0x0)
syz_io_uring_setup(0x552, &(0x7f0000000180), &(0x7f0000ee8000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000040)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x10c, &(0x7f0000000280), 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000740)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1000, 0x0, {0x0, r11}}, 0x9)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@alg, 0x80, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/171, 0xab}, {&(0x7f00000001c0)=""/37, 0x25}, {&(0x7f0000000380)=""/48, 0x30}], 0x3, &(0x7f0000000b40)=""/4096, 0x1000}, 0x0, 0x0, 0x0, {0x3, r11}}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3031.856964][T27055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3031.876579][T27055] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3031.885003][T27055] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3031.893067][T27055] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3031.901045][T27055] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3031.909022][T27055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3031.916998][T27055] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x3000002, 0x8010, r1, 0x141be000)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r2 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r2, 0x45f5, 0x0, 0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/vmallocinfo\x00', 0x0, 0x0)

01:50:42 executing program 0 (fault-call:8 fault-nth:77):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3032.051776][T27079] FAULT_INJECTION: forcing a failure.
[ 3032.051776][T27079] name failslab, interval 1, probability 0, space 0, times 0
[ 3032.065175][T27079] CPU: 0 PID: 27079 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3032.073605][T27079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3032.083718][T27079] Call Trace:
[ 3032.086986][T27079]  dump_stack_lvl+0x1d3/0x29f
[ 3032.091655][T27079]  ? show_regs_print_info+0x12/0x12
[ 3032.096836][T27079]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3032.102543][T27079]  ? __might_sleep+0x100/0x100
[ 3032.107347][T27079]  ? __rcu_read_lock+0xb0/0xb0
[ 3032.112093][T27079]  ? allocate_slab+0x373/0x540
[ 3032.116845][T27079]  should_fail+0x384/0x4b0
[ 3032.121265][T27079]  should_failslab+0x5/0x20
[ 3032.125749][T27079]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3032.131018][T27079]  io_submit_sqes+0x601f/0x9e00
[ 3032.135851][T27079]  ? __might_sleep+0x100/0x100
[ 3032.140607][T27079]  ? io_uring_add_tctx_node+0x330/0x330
[ 3032.146131][T27079]  ? io_uring_add_tctx_node+0x74/0x330
[ 3032.151579][T27079]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3032.157118][T27079]  ? trace_lock_release+0x4f/0x150
[ 3032.162223][T27079]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3032.167756][T27079]  ? __fget_files+0x35a/0x390
[ 3032.172418][T27079]  ? __lock_acquire+0x6100/0x6100
[ 3032.177427][T27079]  ? account_other_time+0x63/0x280
[ 3032.182519][T27079]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3032.188134][T27079]  ? print_irqtrace_events+0x220/0x220
[ 3032.193597][T27079]  ? vtime_user_exit+0x2b2/0x3e0
[ 3032.198518][T27079]  ? __context_tracking_exit+0x7a/0xd0
[ 3032.203959][T27079]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3032.209923][T27079]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3032.215453][T27079]  do_syscall_64+0x3d/0xb0
[ 3032.219862][T27079]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3032.225739][T27079] RIP: 0033:0x4665f9
[ 3032.229616][T27079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3032.249205][T27079] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3032.257599][T27079] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3032.265552][T27079] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3032.273503][T27079] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3032.281475][T27079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3032.289431][T27079] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080)={0x0, 0x0, 0x20}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100))
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[], 0xfffffecc)
accept4(r3, &(0x7f0000000180)=@xdp, &(0x7f0000000000)=0x80, 0x80800)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:44 executing program 0 (fault-call:8 fault-nth:78):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:44 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0xfeffffff00000000)

[ 3034.243158][T27083] FAULT_INJECTION: forcing a failure.
[ 3034.243158][T27083] name failslab, interval 1, probability 0, space 0, times 0
[ 3034.256037][T27083] CPU: 1 PID: 27083 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3034.264476][T27083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3034.274537][T27083] Call Trace:
[ 3034.277812][T27083]  dump_stack_lvl+0x1d3/0x29f
[ 3034.282479][T27083]  ? show_regs_print_info+0x12/0x12
[ 3034.287700][T27083]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3034.293407][T27083]  ? __might_sleep+0x100/0x100
[ 3034.298167][T27083]  ? __rcu_read_lock+0xb0/0xb0
[ 3034.302926][T27083]  ? allocate_slab+0x373/0x540
[ 3034.307687][T27083]  should_fail+0x384/0x4b0
[ 3034.312094][T27083]  should_failslab+0x5/0x20
[ 3034.316579][T27083]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3034.321766][T27083]  io_submit_sqes+0x601f/0x9e00
[ 3034.326613][T27083]  ? __might_sleep+0x100/0x100
[ 3034.331370][T27083]  ? io_uring_add_tctx_node+0x330/0x330
[ 3034.336919][T27083]  ? io_uring_add_tctx_node+0x74/0x330
[ 3034.342377][T27083]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3034.347913][T27083]  ? trace_lock_release+0x4f/0x150
[ 3034.353033][T27083]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3034.358563][T27083]  ? __fget_files+0x35a/0x390
[ 3034.363226][T27083]  ? __lock_acquire+0x6100/0x6100
[ 3034.368247][T27083]  ? account_other_time+0x63/0x280
[ 3034.373346][T27083]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3034.378962][T27083]  ? print_irqtrace_events+0x220/0x220
[ 3034.384407][T27083]  ? vtime_user_exit+0x2b2/0x3e0
[ 3034.389333][T27083]  ? __context_tracking_exit+0x7a/0xd0
[ 3034.394786][T27083]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3034.400759][T27083]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3034.406291][T27083]  do_syscall_64+0x3d/0xb0
[ 3034.410714][T27083]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3034.416590][T27083] RIP: 0033:0x4665f9
[ 3034.420472][T27083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3034.440177][T27083] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3034.448581][T27083] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3034.456541][T27083] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3034.464514][T27083] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3034.472472][T27083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3034.480446][T27083] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:45 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:45 executing program 0 (fault-call:8 fault-nth:79):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:45 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:45 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa7", 0xf}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3034.671896][T27096] FAULT_INJECTION: forcing a failure.
[ 3034.671896][T27096] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3034.695608][T27096] CPU: 0 PID: 27096 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3034.704055][T27096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3034.714129][T27096] Call Trace:
[ 3034.717403][T27096]  dump_stack_lvl+0x1d3/0x29f
[ 3034.722089][T27096]  ? show_regs_print_info+0x12/0x12
[ 3034.727293][T27096]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3034.732995][T27096]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3034.738527][T27096]  should_fail+0x384/0x4b0
[ 3034.742933][T27096]  prepare_alloc_pages+0x1d1/0x5a0
[ 3034.748034][T27096]  __alloc_pages+0x14d/0x5f0
[ 3034.752611][T27096]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3034.757895][T27096]  ? trace_lock_release+0x4f/0x150
[ 3034.762997][T27096]  ? alloc_pages+0x3f3/0x500
[ 3034.767576][T27096]  allocate_slab+0xf1/0x540
[ 3034.772080][T27096]  ___slab_alloc+0x1cf/0x350
[ 3034.776655][T27096]  ? io_submit_sqes+0x601f/0x9e00
[ 3034.781681][T27096]  kmem_cache_alloc_bulk+0x180/0x410
[ 3034.786956][T27096]  io_submit_sqes+0x601f/0x9e00
[ 3034.791801][T27096]  ? __might_sleep+0x100/0x100
[ 3034.796593][T27096]  ? io_uring_add_tctx_node+0x330/0x330
[ 3034.802125][T27096]  ? io_uring_add_tctx_node+0x74/0x330
[ 3034.807575][T27096]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3034.813119][T27096]  ? trace_lock_release+0x4f/0x150
[ 3034.818211][T27096]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3034.823739][T27096]  ? __fget_files+0x35a/0x390
[ 3034.828397][T27096]  ? __lock_acquire+0x6100/0x6100
[ 3034.833412][T27096]  ? account_other_time+0x63/0x280
[ 3034.838520][T27096]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3034.844134][T27096]  ? print_irqtrace_events+0x220/0x220
[ 3034.849577][T27096]  ? vtime_user_exit+0x2b2/0x3e0
[ 3034.854496][T27096]  ? __context_tracking_exit+0x7a/0xd0
[ 3034.859936][T27096]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3034.865900][T27096]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3034.871445][T27096]  do_syscall_64+0x3d/0xb0
[ 3034.875853][T27096]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3034.881732][T27096] RIP: 0033:0x4665f9
[ 3034.885613][T27096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3034.905202][T27096] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3034.913600][T27096] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
01:50:45 executing program 0 (fault-call:8 fault-nth:80):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3034.921555][T27096] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3034.929509][T27096] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3034.937472][T27096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3034.945440][T27096] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3034.993529][T27105] FAULT_INJECTION: forcing a failure.
[ 3034.993529][T27105] name failslab, interval 1, probability 0, space 0, times 0
[ 3035.006767][T27105] CPU: 0 PID: 27105 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3035.015200][T27105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3035.025259][T27105] Call Trace:
[ 3035.028541][T27105]  dump_stack_lvl+0x1d3/0x29f
[ 3035.033224][T27105]  ? show_regs_print_info+0x12/0x12
[ 3035.038408][T27105]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3035.044117][T27105]  ? __might_sleep+0x100/0x100
[ 3035.048872][T27105]  ? __rcu_read_lock+0xb0/0xb0
[ 3035.053643][T27105]  ? allocate_slab+0x373/0x540
[ 3035.058430][T27105]  should_fail+0x384/0x4b0
[ 3035.062837][T27105]  should_failslab+0x5/0x20
[ 3035.067343][T27105]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3035.072551][T27105]  io_submit_sqes+0x601f/0x9e00
[ 3035.077388][T27105]  ? __might_sleep+0x100/0x100
[ 3035.082158][T27105]  ? io_uring_add_tctx_node+0x330/0x330
[ 3035.087707][T27105]  ? io_uring_add_tctx_node+0x74/0x330
[ 3035.093149][T27105]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3035.098684][T27105]  ? trace_lock_release+0x4f/0x150
[ 3035.103788][T27105]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3035.109330][T27105]  ? __fget_files+0x35a/0x390
[ 3035.114001][T27105]  ? __lock_acquire+0x6100/0x6100
[ 3035.119009][T27105]  ? account_other_time+0x63/0x280
[ 3035.124107][T27105]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3035.129738][T27105]  ? print_irqtrace_events+0x220/0x220
[ 3035.135196][T27105]  ? vtime_user_exit+0x2b2/0x3e0
[ 3035.140122][T27105]  ? __context_tracking_exit+0x7a/0xd0
[ 3035.145567][T27105]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3035.151532][T27105]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3035.157069][T27105]  do_syscall_64+0x3d/0xb0
[ 3035.161474][T27105]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3035.167354][T27105] RIP: 0033:0x4665f9
[ 3035.171667][T27105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:50:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
dup2(0xffffffffffffffff, r0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3035.191254][T27105] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3035.199653][T27105] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3035.207618][T27105] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3035.215571][T27105] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3035.223523][T27105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3035.231474][T27105] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:45 executing program 0 (fault-call:8 fault-nth:81):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5, 0xba}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3035.330736][T27113] FAULT_INJECTION: forcing a failure.
[ 3035.330736][T27113] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3035.345168][T27113] CPU: 1 PID: 27113 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3035.353606][T27113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3035.363661][T27113] Call Trace:
[ 3035.366948][T27113]  dump_stack_lvl+0x1d3/0x29f
[ 3035.371634][T27113]  ? show_regs_print_info+0x12/0x12
01:50:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
pipe(&(0x7f0000000000))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3035.376838][T27113]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3035.382564][T27113]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3035.388124][T27113]  should_fail+0x384/0x4b0
[ 3035.392554][T27113]  prepare_alloc_pages+0x1d1/0x5a0
[ 3035.397686][T27113]  __alloc_pages+0x14d/0x5f0
[ 3035.402284][T27113]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3035.407586][T27113]  ? trace_lock_release+0x4f/0x150
[ 3035.412725][T27113]  ? alloc_pages+0x3f3/0x500
[ 3035.417320][T27113]  allocate_slab+0xf1/0x540
[ 3035.421837][T27113]  ___slab_alloc+0x1cf/0x350
01:50:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x10000000012, 0x4, &(0x7f00000000c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1, 0x11}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3035.426432][T27113]  ? io_submit_sqes+0x601f/0x9e00
[ 3035.431459][T27113]  kmem_cache_alloc_bulk+0x180/0x410
[ 3035.436750][T27113]  io_submit_sqes+0x601f/0x9e00
[ 3035.441605][T27113]  ? __might_sleep+0x100/0x100
[ 3035.446396][T27113]  ? io_uring_add_tctx_node+0x330/0x330
[ 3035.451952][T27113]  ? io_uring_add_tctx_node+0x74/0x330
[ 3035.457419][T27113]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3035.462974][T27113]  ? trace_lock_release+0x4f/0x150
[ 3035.468093][T27113]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3035.473649][T27113]  ? __lock_acquire+0x6100/0x6100
[ 3035.478685][T27113]  ? account_other_time+0x63/0x280
[ 3035.483805][T27113]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3035.489442][T27113]  ? print_irqtrace_events+0x220/0x220
[ 3035.494906][T27113]  ? vtime_user_exit+0x2b2/0x3e0
[ 3035.499856][T27113]  ? __context_tracking_exit+0x7a/0xd0
[ 3035.505329][T27113]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3035.511324][T27113]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3035.516972][T27113]  do_syscall_64+0x3d/0xb0
[ 3035.521400][T27113]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3035.527304][T27113] RIP: 0033:0x4665f9
[ 3035.531200][T27113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3035.550839][T27113] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3035.559256][T27113] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3035.567268][T27113] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
01:50:46 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000040))
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = mmap$IORING_OFF_SQES(&(0x7f00006ca000/0xe000)=nil, 0xe000, 0xc, 0x2010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r2, r4, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456}, 0x4)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_misc(r5, &(0x7f0000000000)=ANY=[], 0xfffffecc)
write$binfmt_misc(r5, &(0x7f0000000240)={'syz0', "05225957c82beb868162fbc1fa96a07bc8654b90a6e951aa27a334565fa0fa06741431ca124192a421cd583a6b9f3446a3db69569038529bf41720ea40b8c27235a56e5daa893096b9787a7e761796f570725320da0f78ac9a47b4a0655c31b0ad44c81d71374a26c332c1eb6f0c69dfbff0c30a80c22d9e6120fecc25078cf878adf18a2d5a2244a8544076baf398fc07b7736e4a26a164bcfc99f7fd5b9f8da0f24fcd681edee1481aeb61dc568c195cb1caa8d0fd9a6558668a1e58e5ebf06bf4f8b064df9f87135c25f8c1385a"}, 0xd3)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r6, 0x0, &(0x7f0000000b40)="9438577c7940a5ce425be0fb690d7197b12a449a7152e46fcff9807e77983209b758f4ac0ce697d97b9670c3bcb3d40b3b20233e68aef7267af0113e553163a47b59598420721486c98226c9414f0f3aefc5cf276be4cb12fdc892446e421dccc81ced6303883514d0f95362ad57971fbd486a6484d6536c0aeda17d9064b1aebdba45d57a7450d5df5d3516f453c90b1f7c01ff2630e8fdf87fecd39bded8f825e1ec34d0dbf3109e084e49558cede64c266a2b0c6179666c2572c6893a0db40232b550749d0ab938d6f48f8a9a7c9799986868df66c565c035d7aec0cd59646a0bba43fb6088c1a2a04e0425ca44e4ca88b23548aef5798e9aa96118969e32ae967261d0bf52dd71a7d46161029876719026ffd25b990bfe3ac178d5aa6f53c497c02a49e013d689b451b1db988d8ad98a5ad1af13f24898c2c61cf7b6ee0de373ef924b78c84f2c15d229bf4dd93515bdcf0566a866e232c3b629a007a77d5cb79d79f9c7fd7997054f1cc9d6c8f045fb9926b07be4798bb02f8ee0b1a03c39abcceaf4cb8370321b655a72895444974cbb9bf0b062225ec6b9b9b603b1230e1eb3616a4dbaf6ef52a80bb9234119037b2c9b765285efb9456a71e5a6ebf7a4f7eefe0345102f0acd90d95eae1dbc86f230f447fac5b7c73cb5266decbb73e685c70584b1df96f059a3f39a0fcf6c8b1b9e28c06de56b262257050d20475880927c15512299ddac36236a84d5a83dd674f9be5e0897e32426a90c3af123bfe6bc45ebd27a47fcea7873bf973362bcdf576d4b5a5ea5e775c114515949b52d212f5b1766e764dda8752f14e50db8d5f35b15427d3e263d48fbb1a2d23a6d6e6d6d3a49450b77a93d12be2037119f58a8a0520eccdd37cd721884c7b5fbe07f493aa7a60c47545f10fc74ec41b4bcdc5c5de93499ecf1fe614359bb8cd52ed09df1d1dc0e05362ca5858ffa09c53ea1e9de451e45365fb7be8197164dd7f00a36f1df3023ac6656e80ca718c87dc5a8400f5c72d456b21b1cab4a213e105ddb77ccc7aa6898d0a514fc53aa7936f8daf0e784ed366caed715dd2c3fd17208f44d784f6e03b37e8373746bad92fa07937febbd8877cb8805021efcaca4918aaa708bc46d5c68c2d0b918b533a7b789bd584f24255197df0831c126348cf097ccc8999a68ace31f4888c3c6391b9d2d7fb6d464a4c65b61f37851d747ab843f666c65bce502cf1c97e41c5d13a56ab1dfff946c0da4df1675e4fe8b93cba66464ef68cb9befdfb4c082c4c9605f4286b90aa30b57b9ff90ed22d6186ba230c19f4f4bef34ad613b1d13336c1909650b448e6df6378475e769f05bae3002b0439a5886573fe543aff7bd0e9e60ed16c83605d0178fac0726f207189b87c969baff540cfa503e58c6e4368106bdab9354f4283267b75acbba2f6cceb609ae2b5a06f9a349ee3bf0639d2abde8e663138c0c707a13c6c089a338c8dee651537df2ab8b6de9c0ce88fa93d293f85b5bc24e119da07f0c68221f8a0c6f3e2220622b6f421f54a8d6302dd061d5b4c1445c5d23e766c15bd6914e466ae0c9d35a62f5ae1232e9b5c65f380d299bbc5b1d53c115da65241aee99b340be8e299804c829979b447f3f87ecdb00ee58bd22c72d6343bb5db325fa94c72a82961522aa1470a8e866bb713e1edc386352ebfe785a06b5fa648e6c72d39f8319c5d63f5476d478b1c8b63c42fc1e257bae7ce541a209ec3baa95241c1d10221042d5535ccd951170ad7624d6016736ee7b04dd3c8545175c3d41933c30572827903c9292d963f1e6f90f76bd91f85fb4fcc9c0cfedcc43e53fc28f249ba8211ec1d436bd541dc3fd4fab367327e08c4470f6afcf192632bbe7dfbe1780a3163e1cb5376bb89ec5dd644ae8a438c834865f1ab859183d1c57c70c8b15850743ad8e1486334c50ab9b37d5c50f5415c2bbd68e5cce61f67499cfbb60814e653a2c254860eda8fd31a19fd28183b0696d5973c1d04f8d8681e7c069d0d667f40dc2148c4a135ffa2bdc56c560081adc4fee49d030c0d894277c4d0a82cd9f11558a3a9a9682b7c1721bb74a903c8f6b84a076d87ba90655d30c1dd55b1b597103240642488ca506f95406458403d1de92e6d9a33495e387a0b57c04302366ee8a0d07e7a70efe2595634b72eef5784e6a5c94aa45f89d1ef25fdd3094eba4fae8bb622ccc71128724ca3c7ea8d2d392662fbc22c24c858a239315de573e9919e7a4e0f8c01989187b3eb5381e17de64da9844da60cbbfadc6f7451ca5b45f6834023d69c9e3b31f36c0a0b5487c7822320196747899c059c025affe964fb28cdea0a228e1d9c00d81e1839089e97be137cd2581a3233bb99bd120ab3ba3a33a76dc9896e1327bfcc8a13b693f00043856e276d5d0a77082e1929eb19bf157604730b81d2a92b586a65a6603d0e205ad3bf04696b8e944cd9cd83fd2382aefcf2912ca0edd44d39ef1178b5d5d48f75a5f5be2290a75efe9c156082c3f19cafb6029fbfc4d49068b6f0671ed434f009f52ddf805600214b320f9f1b8e5c294fc673032d4ffbccc16cfba161973900aca769738486d6e7afec3ce5f619bc5e3f5a2a805107f90e297fbd10a39b558a5cf0763a9be35465ea174b88048754e6e068c6bd5d76c3a2fb193bf07bbd936acbe1c31ccfe38b6aff60475822fdae3249a41f4d5cc31ccb683560fd1e571be303fd14f9751f7fa00f2c869c142a70a8c912054825dec5bc10097ff1c0950736cd7c1d5f750eff97097538faec67fc50847e6e4f7fd091df71b1e196864c1f007191c1dbe14eb8b892a207615c7841f4740d96138a68360e7756e3babc155e8935c299dd49a5e6aca5585b1815c33c53d041c74e72d3c696f1bc6181b683459f61aeaaaf92cbc26de2e08bd10f4bae36055298c778e8818c387ced74482f4742d189dde08ae7d05129f23ed907235cc020dee7cda80d413747353ca14e4646ca375dc7c4c39a66217824d77d63b5d1c4730dc0f4a50cc336bf404c02a6e3eed9cd96221151bcf0a58211070f09ca67e31957a7e5d986f4b3ed4c041f32a02ae768bcafe169818b756da176cee28230ad717e3b247576a81137c317da1e05a866f662a652ee328ab0887f8dc1cc1bdafdba1dafe3fc034a218a658f445f643f7e83a487c597096ca76b841cd17ffb3747ce6babe469feeac990a0ca4079fb0ff007f0effe2dbcabe1982478fe7e664f8230939c133b6cdda6793f6c11bc05c37fe93e7934ab8d4adeb51ae64c9b65a8cba3d4aa2c723bf72ac84886ec0e1d7c0909c456f232f78cce560600eaa7cace443572b67ece5f350a304b7af4aeeba2c276168d0a5e4f5c4fc36c95cf654fd2f68049fd7789a83acee8789be64198a5dbb990dd514aa52e1e78cedf5790f30d2e9040995f514d89b2127dc2789632cb048a72db2c7cb06ea4a01a220a28ff0e5a41834cf0e9528fb4f51ab22a6a380c9dadf7a8c707c9dc9228734b1c6162ec98cfbd1ff3c9b1e575d9b47ff98f5f86a6df8d2a6fc7777e4991d1bda2320d96792292e1e488b3c4d4dcdc812b288bde3b34e35520f3e9aef9e6174cee6afa93d9121d3905cce378bbeb0826398375ad1d0e4df311222af3d71bb23a4889a86647ee478de9053d5cbc90a6a16c88ba762a6d65b08b6b3af489ccdfb9d3644001e006afd7e16a6906042549b0bcfff6540416df4ff014b50bea529b6380b7db4f73143d650fde24d65dfc34ee5c52baef44a53af980435c061dbf74499b31ffcebb2e42684639cc21568b56432786e835eeb86e21244731aea3b44146c99bf302fbe372407329cdf7b5d9dccb60406fc935b80958009b4f83f7d9cc8815d03bfc7f9b7eec5dc3cb009bd27485f200403cba2ef1de71a0ba576786d0c379b3e7429ffe777303f6cc2b5b8595e0f0526ce50f35c2845b6614293276539b73ad69394fb97007daa7abfae6bd0df15ae403518a3bb860274847a4013b78d9e2556e73672abe31ff146c5c8e3cab0689acb926e9ec761d14f261e4c840ad782157cff23486094a1a8a45f4853a971023de643019d0e69df5ae165aae38ae383f134f8884a7a2e27b5ce25b8519bead1f967b4b28b18d72009d18f39b68d27189c20b7683194f577bcc3a76de66366047a8ae08d87f85449b4dc69a876c8c40eae2552c7b517edcef737c3beeff3f35f5b53eb57902607caec2860dcb127fac20b02366598fa580e1a8c61e7c6075b2d9be8607b61078c026f2f1d9795ab1cc16f50d7edcfac8513fbf2a6c79e5594959bc8efbdd12d9a3efc45560db75a7a009ff50b7369272c37dbde5d92e5d387e05abba06e73762470f94844e2359f82a52bdc09c21475bac29d92dcd7dc5bb725941dc0542e4552df96692a5ee6ffa4d48974332497cde5a95c8b746b1a4c1d8a0bd260b3727db3a4e04393feaac77757b2e623d422719fc6ad916c245b65ee7cba4c05c96c2aab404a650c97737540736c7fcc339704f76774de9d584321a4f0a343825d3f8d9dac2a6c0b443ae1009c487ba8e0f784776bef443cabfc11d4940d14659334a916ef1a48f569e7a52cfedc104b1d9b677705ac3a8d409fff0dbfedb9f780b847935c43dbee3cde0aa00e4d97d41360878bf09f3245864df9dd952ff2afc374b1bec98616dde20bb3c22d55cbf7adf4f535ccdadbc1b4ab83117e079b8967f4fea735ecd41ddb2ead54e5e31a839a25623b00adaa5102097dffa2aa2fa8acb2315cd5cd43085544e89252640947c03ca575914c591ee2b8440fa9fa57c42680c0139c0b9f1e9cd1540357619f675b4a72fa5d1fa0f1ffcf89dd2598e7ffc78fa873134a27d280dbe80413d2a28278744f499d870f2ef06123deda3efeee6bfbf8d6468e922b21631ba4b96ca367cbbed42f46518ab55eedabe43e838c7c46ef6163d14c54ef1f36e095c6c8069cb00e63d0ccbe3f004705d277266691c3d736728780d73c7444cec617a9dfa5222815adbf501fea48d4a0440f1b982d245b0cb4d040cc09dabb4f11078cba81ba64da6280b60149d4ccd6ff121d81402388d4fcc021f43bb772dca5461d813e0022624c0cc2c24ebbe4e289dbefce4496e4a1b165ab30cb41e7ad263f6ef3821d7758374458c8740aa7aad97e2d1b54c619edd6e472d7a266d63d3245ae9f06ca2d4dacf8ee7a6931036f59345e13010ddbd16ee3f4a56382279f512e0802a2aa143d4a6b10a627feaedb920e993192f6b1bdc62fe006b26d14ef06f7674f72228638e0a232d202fe456e80a5af8ccd56d94971780f8ae5895f2664039724a7619fb88f271163b9784a85245c5012cecf08dab9a41b31cad674bc4546e3a633c45adb2ddafb5f7495b86672b7bbec620261b6b35ae9bc2b2f82b6a1e05897410e1ce08320c08509b5d7cd23a515a02015ef0df1519afef6b3bb7202fdee2ecc5ebfef4b016c5b827b5671e96533d678beb86af5a94f9eb18b99ef83982887a258f66b2da105de75528fe18bbb6e61a24591291701cb6ea557155a6c07d3f91302bb0f22a3be4d9856115a4fb14c49286dbf2cf5e2e4c2984460b1c43e1779969c323d0d6f919ff7658ca59ef3d938aa4f5c459a203853af7c43976ee572a37852335633577b3a25942559ffaff2bf1498a3464c7daed2f09fcf9972d8064ff328a04b44ce97af7ce459e8038a9c7f246ff1472ba37139353a54328a372ef29446435824572b2a60ba38979a2084e1949ec052b174688d8a96f9d30a2c245e532dc036e5f9ab74718a1c2e9bdf", 0x1000, 0x804, 0x1}, 0xffff)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x5}, 0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3035.575279][T27113] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3035.583263][T27113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3035.591244][T27113] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:47 executing program 0 (fault-call:8 fault-nth:82):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3037.252734][T27136] FAULT_INJECTION: forcing a failure.
[ 3037.252734][T27136] name failslab, interval 1, probability 0, space 0, times 0
[ 3037.265411][T27136] CPU: 1 PID: 27136 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3037.273947][T27136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3037.283991][T27136] Call Trace:
[ 3037.287262][T27136]  dump_stack_lvl+0x1d3/0x29f
[ 3037.291936][T27136]  ? show_regs_print_info+0x12/0x12
[ 3037.297121][T27136]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3037.302836][T27136]  ? mod_node_state+0x103/0x190
[ 3037.307682][T27136]  ? __might_sleep+0x100/0x100
[ 3037.312439][T27136]  ? __rcu_read_lock+0xb0/0xb0
[ 3037.317200][T27136]  ? allocate_slab+0x373/0x540
[ 3037.321956][T27136]  should_fail+0x384/0x4b0
[ 3037.326367][T27136]  should_failslab+0x5/0x20
[ 3037.330849][T27136]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3037.336030][T27136]  io_submit_sqes+0x601f/0x9e00
[ 3037.340864][T27136]  ? __might_sleep+0x100/0x100
[ 3037.345626][T27136]  ? io_uring_add_tctx_node+0x330/0x330
[ 3037.351157][T27136]  ? io_uring_add_tctx_node+0x74/0x330
[ 3037.356600][T27136]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3037.362133][T27136]  ? trace_lock_release+0x4f/0x150
[ 3037.367227][T27136]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3037.372769][T27136]  ? __fget_files+0x35a/0x390
[ 3037.377429][T27136]  ? __lock_acquire+0x6100/0x6100
[ 3037.382436][T27136]  ? account_other_time+0x63/0x280
[ 3037.387528][T27136]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3037.393140][T27136]  ? print_irqtrace_events+0x220/0x220
[ 3037.398593][T27136]  ? vtime_user_exit+0x2b2/0x3e0
[ 3037.403513][T27136]  ? __context_tracking_exit+0x7a/0xd0
[ 3037.408966][T27136]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3037.414941][T27136]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3037.420475][T27136]  do_syscall_64+0x3d/0xb0
[ 3037.424883][T27136]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3037.430759][T27136] RIP: 0033:0x4665f9
[ 3037.434647][T27136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3037.454234][T27136] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3037.462643][T27136] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3037.470608][T27136] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3037.478561][T27136] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3037.486524][T27136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3037.494486][T27136] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
01:50:48 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000000))
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000000b40)=ANY=[@ANYBLOB="7900000000000000ff0f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/2920])
r2 = accept4$llc(r1, &(0x7f0000000180), &(0x7f00000001c0)=0x10, 0x180000)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2)
pipe(&(0x7f0000000040))
r3 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000355000/0x1000)=nil, &(0x7f0000000540)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
splice(r0, &(0x7f0000000240), 0xffffffffffffffff, &(0x7f00000002c0)=0x2, 0xaf0, 0x5)
mmap(&(0x7f000074f000/0x1000)=nil, 0x1000, 0x3000001, 0x10, r3, 0x457f6000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0xe9934ce58157f5f, 0x4004, @fd=r6, 0x7, &(0x7f0000000300)=""/224, 0xe0, 0x10, 0x1}, 0x0)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r7, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0)
ioctl$PPPIOCGL2TPSTATS(r7, 0x80487436, &(0x7f0000000240))
io_uring_enter(r3, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:48 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05c41bd34e677d114b65", 0x1c}], 0x3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

01:50:48 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:48 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa769be6d05", 0x13}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0xffffffff00000000)

01:50:48 executing program 0 (fault-call:8 fault-nth:83):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

01:50:48 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="66530700ae897094e7b126b097eaa7", 0xf}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 3037.683197][T27138] general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN
[ 3037.694953][T27138] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[ 3037.703366][T27138] CPU: 0 PID: 27138 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0
[ 3037.711787][T27138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3037.721851][T27138] RIP: 0010:__io_file_supports_nowait+0x28/0x3e0
[ 3037.728199][T27138] Code: 00 90 55 41 57 41 56 41 54 53 41 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 73 02 92 ff 49 8d 5f 20 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 29 55 db ff 48 8b 2b 48 89 e8 48
[ 3037.747814][T27138] RSP: 0018:ffffc9000b627430 EFLAGS: 00010202
[ 3037.754329][T27138] RAX: 0000000000000004 RBX: 0000000000000020 RCX: 0000000000040000
[ 3037.762309][T27138] RDX: ffffc9000dbc9000 RSI: 0000000000003b75 RDI: 0000000000003b76
[ 3037.770291][T27138] RBP: ffffc9000b627c70 R08: ffffffff81ee1b1b R09: fffff520016c4f79
[ 3037.778269][T27138] R10: fffff520016c4f79 R11: 0000000000000000 R12: dffffc0000000000
[ 3037.783905][T27148] FAULT_INJECTION: forcing a failure.
[ 3037.783905][T27148] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3037.786245][T27138] R13: 1ffff920016c4f7a R14: 0000000000000000 R15: 0000000000000000
[ 3037.786262][T27138] FS:  00007fba1afd8700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[ 3037.786279][T27138] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3037.786292][T27138] CR2: 00000000005136b0 CR3: 00000000811a0000 CR4: 00000000001506f0
[ 3037.808960][T27148] CPU: 1 PID: 27148 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3037.816346][T27138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3037.822915][T27148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3037.830869][T27138] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3037.839254][T27148] Call Trace:
[ 3037.839267][T27148]  dump_stack_lvl+0x1d3/0x29f
[ 3037.847309][T27138] Call Trace:
[ 3037.847319][T27138]  io_issue_sqe+0xed3/0x9280
[ 3037.857345][T27148]  ? show_regs_print_info+0x12/0x12
[ 3037.865295][T27138]  ? trace_lock_release+0x4f/0x150
[ 3037.868548][T27148]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3037.873198][T27138]  ? __io_queue_sqe+0x1000/0x1000
[ 3037.876469][T27148]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3037.881027][T27138]  ? do_raw_spin_lock+0x151/0x8e0
[ 3037.886202][T27148]  should_fail+0x384/0x4b0
[ 3037.891279][T27138]  ? __lock_acquire+0x6100/0x6100
[ 3037.896972][T27148]  prepare_alloc_pages+0x1d1/0x5a0
[ 3037.901962][T27138]  ? print_irqtrace_events+0x220/0x220
[ 3037.907482][T27148]  __alloc_pages+0x14d/0x5f0
[ 3037.912494][T27138]  ? do_raw_spin_unlock+0x134/0x8a0
[ 3037.916880][T27148]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3037.921873][T27138]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 3037.926954][T27148]  ? trace_lock_release+0x4f/0x150
[ 3037.932384][T27138]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 3037.936947][T27148]  ? alloc_pages+0x3f3/0x500
[ 3037.942109][T27138]  ? _raw_spin_unlock+0x40/0x40
[ 3037.947364][T27148]  allocate_slab+0xf1/0x540
[ 3037.953226][T27138]  ? stack_trace_save+0x104/0x1e0
[ 3037.958324][T27148]  ___slab_alloc+0x1cf/0x350
[ 3037.964184][T27138]  ? stack_trace_snprint+0xe0/0xe0
[ 3037.968744][T27148]  ? io_submit_sqes+0x601f/0x9e00
[ 3037.973567][T27138]  ? stack_depot_save+0x421/0x490
[ 3037.978040][T27148]  kmem_cache_alloc_bulk+0x180/0x410
[ 3037.983042][T27138]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3037.987599][T27148]  io_submit_sqes+0x601f/0x9e00
[ 3037.992691][T27138]  ? entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3037.997686][T27148]  ? __might_sleep+0x100/0x100
[ 3038.002692][T27138]  ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0
[ 3038.007967][T27148]  ? io_uring_add_tctx_node+0x330/0x330
[ 3038.013462][T27138]  ? trace_lock_release+0x4f/0x150
[ 3038.018285][T27148]  ? io_uring_add_tctx_node+0x74/0x330
[ 3038.024319][T27138]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.029052][T27148]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3038.035608][T27138]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 3038.041127][T27148]  ? trace_lock_release+0x4f/0x150
[ 3038.046203][T27138]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.051636][T27148]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3038.057251][T27138]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 3038.062767][T27148]  ? __fget_files+0x35a/0x390
[ 3038.068718][T27138]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.073796][T27148]  ? __lock_acquire+0x6100/0x6100
[ 3038.079397][T27138]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 3038.084919][T27148]  ? account_other_time+0x63/0x280
[ 3038.090868][T27138]  ? rcu_lock_acquire+0x5/0x30
[ 3038.095511][T27148]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.101118][T27138]  ? trace_lock_release+0x4f/0x150
[ 3038.106110][T27148]  ? print_irqtrace_events+0x220/0x220
[ 3038.112064][T27138]  ? lock_release+0x81/0x7b0
[ 3038.117144][T27148]  ? vtime_user_exit+0x2b2/0x3e0
[ 3038.121879][T27138]  ? __lock_acquire+0x6100/0x6100
[ 3038.127479][T27148]  ? __context_tracking_exit+0x7a/0xd0
[ 3038.132558][T27138]  ? kick_process+0xd6/0x140
[ 3038.137990][T27148]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3038.142551][T27138]  ? try_invoke_on_locked_down_task+0x310/0x310
[ 3038.147460][T27148]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3038.152452][T27138]  ? __rcu_read_lock+0xb0/0xb0
[ 3038.157882][T27148]  do_syscall_64+0x3d/0xb0
[ 3038.162457][T27138]  ? __lock_acquire+0x6100/0x6100
[ 3038.168411][T27148]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3038.174633][T27138]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3038.180148][T27148] RIP: 0033:0x4665f9
[ 3038.184886][T27138]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3038.189273][T27148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3038.194277][T27138]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 3038.200138][T27148] RSP: 002b:00007efd43061188 EFLAGS: 00000246
[ 3038.205659][T27138]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3038.209524][T27148]  ORIG_RAX: 00000000000001aa
[ 3038.215044][T27138]  ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0
[ 3038.234612][T27148] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3038.240563][T27138]  ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0
[ 3038.246600][T27148] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3038.252114][T27138]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.256759][T27148] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3038.263315][T27138]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 3038.271258][T27148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3038.277819][T27138]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.285781][T27148] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3038.291384][T27138]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
01:50:48 executing program 0 (fault-call:8 fault-nth:84):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3038.332791][T27138]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.338435][T27138]  ? rcu_lock_acquire+0x5/0x30
[ 3038.343212][T27138]  __io_queue_sqe+0xe3/0x1000
[ 3038.347897][T27138]  ? read_lock_is_recursive+0x10/0x10
[ 3038.353275][T27138]  ? __lock_acquire+0x6100/0x6100
[ 3038.358301][T27138]  ? __lock_acquire+0x6100/0x6100
[ 3038.363326][T27138]  ? io_req_task_submit+0x190/0x190
[ 3038.368522][T27138]  ? _raw_spin_lock_irq+0xba/0xf0
[ 3038.373594][T27138]  tctx_task_work+0x2ad/0x560
[ 3038.378276][T27138]  ? io_uring_alloc_task_context+0x620/0x620
[ 3038.384259][T27138]  ? do_raw_spin_unlock+0x134/0x8a0
[ 3038.389457][T27138]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.395094][T27138]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 3038.400323][T27138]  task_work_run+0x146/0x1c0
[ 3038.405001][T27138]  exit_to_user_mode_prepare+0x180/0x220
[ 3038.410653][T27138]  ? trace_irq_disable_rcuidle+0x11/0x170
[ 3038.414785][T27155] FAULT_INJECTION: forcing a failure.
[ 3038.414785][T27155] name failslab, interval 1, probability 0, space 0, times 0
[ 3038.416459][T27138]  syscall_exit_to_user_mode+0x26/0x60
[ 3038.416484][T27138]  do_syscall_64+0x4c/0xb0
[ 3038.416504][T27138]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3038.441891][T27155] CPU: 1 PID: 27155 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
[ 3038.444762][T27138] RIP: 0033:0x4665f9
[ 3038.453158][T27155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3038.457041][T27138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3038.467100][T27155] Call Trace:
[ 3038.486679][T27138] RSP: 002b:00007fba1afd8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3038.489960][T27155]  dump_stack_lvl+0x1d3/0x29f
[ 3038.498338][T27138] RAX: 0000000000000200 RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3038.502993][T27155]  ? show_regs_print_info+0x12/0x12
[ 3038.510935][T27138] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000007
[ 3038.516126][T27155]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3038.524069][T27138] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
[ 3038.529769][T27155]  ? __might_sleep+0x100/0x100
[ 3038.537710][T27138] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
[ 3038.542457][T27155]  ? __rcu_read_lock+0xb0/0xb0
[ 3038.550399][T27138] R13: 00007ffe191c177f R14: 00007fba1afd8300 R15: 0000000000022000
[ 3038.555150][T27155]  ? allocate_slab+0x373/0x540
[ 3038.563119][T27138] Modules linked in:
[ 3038.567848][T27155]  should_fail+0x384/0x4b0
[ 3038.576119][T27155]  should_failslab+0x5/0x20
[ 3038.580637][T27155]  kmem_cache_alloc_bulk+0x6b/0x410
[ 3038.582341][T27138] ---[ end trace 89cf2dc61dcd162f ]---
[ 3038.585849][T27155]  io_submit_sqes+0x601f/0x9e00
[ 3038.585873][T27155]  ? __might_sleep+0x100/0x100
[ 3038.591434][T27138] RIP: 0010:__io_file_supports_nowait+0x28/0x3e0
[ 3038.596160][T27155]  ? io_uring_add_tctx_node+0x330/0x330
[ 3038.601087][T27138] Code: 00 90 55 41 57 41 56 41 54 53 41 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 73 02 92 ff 49 8d 5f 20 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 29 55 db ff 48 8b 2b 48 89 e8 48
[ 3038.607298][T27155]  ? io_uring_add_tctx_node+0x74/0x330
[ 3038.607320][T27155]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3038.607342][T27155]  ? trace_lock_release+0x4f/0x150
[ 3038.613069][T27138] RSP: 0018:ffffc9000b627430 EFLAGS: 00010202
[ 3038.632526][T27155]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3038.632549][T27155]  ? __fget_files+0x35a/0x390
[ 3038.632565][T27155]  ? __lock_acquire+0x6100/0x6100
[ 3038.632583][T27155]  ? account_other_time+0x63/0x280
[ 3038.632599][T27155]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.632614][T27155]  ? print_irqtrace_events+0x220/0x220
[ 3038.632628][T27155]  ? vtime_user_exit+0x2b2/0x3e0
[ 3038.632645][T27155]  ? __context_tracking_exit+0x7a/0xd0
[ 3038.632664][T27155]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3038.632682][T27155]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3038.632702][T27155]  do_syscall_64+0x3d/0xb0
[ 3038.632721][T27155]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3038.638649][T27138] 
[ 3038.643670][T27155] RIP: 0033:0x4665f9
01:50:49 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x34)
ptrace$cont(0x18, r0, 0x0, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xee00}}}, 0x78)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

01:50:49 executing program 0 (fault-call:8 fault-nth:85):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_io_uring_setup(0x187, &(0x7f0000000080), &(0x7f0000729000/0x4000)=nil, &(0x7f00003e4000/0x1000)=nil, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xf9a8050508044f2a}, 0x0)
pipe(0x0)
io_uring_enter(r1, 0x45f5, 0x0, 0x0, 0x0, 0x0)

[ 3038.643689][T27155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3038.643703][T27155] RSP: 002b:00007efd43061188 EFLAGS: 00000246
[ 3038.648892][T27138] RAX: 0000000000000004 RBX: 0000000000000020 RCX: 0000000000040000
[ 3038.654828][T27155]  ORIG_RAX: 00000000000001aa
[ 3038.654838][T27155] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3038.654850][T27155] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3038.654860][T27155] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3038.660476][T27138] RDX: ffffc9000dbc9000 RSI: 0000000000003b75 RDI: 0000000000003b76
[ 3038.665043][T27155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3038.665056][T27155] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3038.775325][T27165] FAULT_INJECTION: forcing a failure.
[ 3038.775325][T27165] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3038.793162][T27138] RBP: ffffc9000b627c70 R08: ffffffff81ee1b1b R09: fffff520016c4f79
[ 3038.834378][T27165] CPU: 1 PID: 27165 Comm: syz-executor.0 Tainted: G      D           5.14.0-syzkaller #0
[ 3038.844204][T27165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3038.849008][T27138] R10: fffff520016c4f79 R11: 0000000000000000 R12: dffffc0000000000
[ 3038.854257][T27165] Call Trace:
[ 3038.854266][T27165]  dump_stack_lvl+0x1d3/0x29f
[ 3038.870142][T27165]  ? show_regs_print_info+0x12/0x12
[ 3038.871826][T27138] R13: 1ffff920016c4f7a R14: 0000000000000000 R15: 0000000000000000
[ 3038.875370][T27165]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 3038.883357][T27138] FS:  00007fba1afd8700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[ 3038.889019][T27165]  ? perf_trace_lock_acquire+0xe7/0x440
[ 3038.889044][T27165]  should_fail+0x384/0x4b0
[ 3038.897952][T27138] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3038.903479][T27165]  prepare_alloc_pages+0x1d1/0x5a0
[ 3038.907882][T27138] CR2: 00000000200000c0 CR3: 00000000811a0000 CR4: 00000000001506f0
[ 3038.914426][T27165]  __alloc_pages+0x14d/0x5f0
[ 3038.919520][T27138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3038.927465][T27165]  ? __rmqueue_pcplist+0x2030/0x2030
[ 3038.927485][T27165]  ? trace_lock_release+0x4f/0x150
[ 3038.927511][T27165]  ? alloc_pages+0x3f3/0x500
[ 3038.927529][T27165]  allocate_slab+0xf1/0x540
[ 3038.927548][T27165]  ___slab_alloc+0x1cf/0x350
[ 3038.927562][T27165]  ? io_submit_sqes+0x601f/0x9e00
[ 3038.927579][T27165]  kmem_cache_alloc_bulk+0x180/0x410
[ 3038.927597][T27165]  io_submit_sqes+0x601f/0x9e00
[ 3038.927610][T27165]  ? __might_sleep+0x100/0x100
[ 3038.927645][T27165]  ? io_uring_add_tctx_node+0x330/0x330
[ 3038.932311][T27138] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3038.940149][T27165]  ? io_uring_add_tctx_node+0x74/0x330
[ 3038.940170][T27165]  __se_sys_io_uring_enter+0x21e/0x1ca0
[ 3038.940192][T27165]  ? trace_lock_release+0x4f/0x150
[ 3038.940210][T27165]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[ 3038.940228][T27165]  ? __fget_files+0x35a/0x390
[ 3038.940245][T27165]  ? __lock_acquire+0x6100/0x6100
[ 3038.940263][T27165]  ? account_other_time+0x63/0x280
[ 3038.940281][T27165]  ? rcu_read_lock_sched_held+0x5d/0x110
[ 3038.940297][T27165]  ? print_irqtrace_events+0x220/0x220
[ 3038.940310][T27165]  ? vtime_user_exit+0x2b2/0x3e0
[ 3038.940325][T27165]  ? __context_tracking_exit+0x7a/0xd0
[ 3038.940343][T27165]  ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 3038.945771][T27138] Kernel panic - not syncing: Fatal exception
[ 3038.950710][T27165]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[ 3039.072662][T27165]  do_syscall_64+0x3d/0xb0
[ 3039.077074][T27165]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3039.082955][T27165] RIP: 0033:0x4665f9
[ 3039.086842][T27165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3039.106435][T27165] RSP: 002b:00007efd43061188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3039.114837][T27165] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 3039.122792][T27165] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000004
[ 3039.130748][T27165] RBP: 00007efd430611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3039.138720][T27165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3039.146676][T27165] R13: 00007ffd6dc938ff R14: 00007efd43061300 R15: 0000000000022000
[ 3039.155941][T27138] Kernel Offset: disabled
[ 3039.160306][T27138] Rebooting in 86400 seconds..