fffffffffff, 0x10)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r3, &(0x7f0000000500), 0x37d, 0x0, 0x0)

[  663.136273][T20201] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  663.144291][T20201] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  663.161705][T20201] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  663.169979][T20201] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:29 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r1, &(0x7f0000000500), 0x37d, 0x0, 0x0)
vmsplice(r1, &(0x7f0000001300)=[{&(0x7f0000000240)="16356a98450690668ff8a7851e9f8cca5f63827fc058f3f231357af78edb3799c6fe7180f144c4789b04a9f8e1703aaf06fe2a48bb484c98ba602c2320c99cc362f1bc62721f256e0cba97eca99e0bf8b34e5d42c9c719bcba7e93af4639daa1c0a4552d291a7f47c81aabe1e10e6fabd06a1765e2cdaec3c2727c9c66eea910dae1f03f4bdd34145453f877e61758304181d271f54f6f28eb079ac18906425150ca91bdc432ed8416584aaeab1ebe9dc00419433bd5e07e4ddccc1ce87a83736bd1baacf91627105fd20856bc54fe0a13cd3d52cdb088799c506ac943f50cf87d1d06aea3bf474262524eb2e0f1e071ea00811cee3fc9908e11fc75d61b75af52ad349333b33f121695fd5c90a27aa592d7bdb1eb330fc624a0a270f7854267e3abb2ad3e0c850c8fcbda0bb772725e6154fecdec7f563c1cb7c6548b048fa59cc59a794b9a0e4f95ff7ef02a284e43591e1fb65781586dd05cd282d3e3b34c6f75f170f92e2c12526377d30db74d1e7490bcfe5a64eba8dacb97da86b6fd42c62ce6e26d3064e3184f288261fdcf7b481708f7e58a8fda08ef708dee124d72aceac46cd6f33b8bbf1ddbd88b9fcc8427cedd25cbab1026a0d082d01f428663fb417d4332da6642a37f58812fc434327203917014a57a25ba6d143d7db431885263340df9bb04532e5c5f38ef2880168a5b5d87e409597af8bb2b57a6ae3e564c6d9f16281f2bd527860501093ea1f4cb65c7a906d8762bace6fecc6511853f21e23095e1e6a20dfa92898cb8278386467afcd03ac7e0db2b46844bf337a381b608ea62bdaf93e82ea825c217adf33801ae2fd63a948fff2696a785c26fb16479c3b665bce8e8e86577e2f02260ae13b0f2f5b2c8ed215e47cc5a06af4550131de510ad421edc87ad83c3794ac1660441f075a12ab9c81e434573484bfec1316c05797a160af89b95a0dc1a2cf90b00c10a2c8d34efaff60a52cd221265418c287dfc073f4bf3d9404cb264df8eee56cd12a65f10e09d29b41f1cbe70d9d40f146242dd4e48b9ce79b3e4fa54d6e5730924d4295c68e3f05bc91de93e317ad1e01b1822b9d18d6fd34369d775644cfe5a66b0dbeb099e78b2f3a3ee7b8cb20dc68612c0c02de9d5fdb43cbb20631b990c5e34fd456a603e5d645bcd81c42001a34d299f908209432e7af9643dd3a98e813724d9a2863f21f92b1dfbde8d5c45e53542628a7aa6a59424f237273d15433c3675a299ccae0c8808e8da7665c892be63a033bf4ef9b02a22d8127921a4b1681bb3fd2d995bf93e73d84f7ed96603c9db6ac13b38095e1ec2369e7199411a508cbbd1fc6f78c9f86723affedf467a76b37a25bc610202598126dad95f84b51de47b576c2bf4cda5d826391addd1b583b3f5149075c3b678dda27ebc3f541d261c5a2767de23c2bdea41d30da149915dce91aa1d98f4a30d37a1a9890bb6a2a0be41e3cdcaf72e4055148819fbc8483fd8a9e3b5514b41f80b75d2b2b0bf241157f726663a53a34312f1b97052ec6dfc406b2eb849bd8e9bbd9c4af502daaa5c01d40da8e9fc02fe59d1a0137b2af6fb214d4df8cd5c66a8ff2c273a808228abacdf483a00a5528c93f05749ac7c36256ccb56883bd9a99f1294a002f9eb0e0dba33dafba02a24f7ae6ecb4a1ca25aba527d71acc0818aa16336f0fc711267b2f8b2a455cb372ff4c547f90e22febbde07f277b9e557de40db584510acf3f76d6b654212ddbf4acfb488d5202a72a19b2d92be7649b2a151685171fa81e112a5f9551fcd599407fcec25ee7c7e71c122a0977132607ab86299056dcd18a20b9b8a5bc69acd8efef6da59b40eca97df1f9cc5812ec0a3387af3b9f3170852955ae638bac3527a006115cae6ab87bfd3875435456f1f09cd56280d469055c5f692d069c8979c391857b8a6db7c6fd4bbc675238edf3659cf46683146045f7a855cacfc395697460f5a4beda7b3ec8d48aebd6d9f7623d6a307c84e11bb654689955a6911c1e979370dfbdf166522fb8e5b365ac45c05e3589ff113ab9ff3ab2491de2b1ff7ece17bb5be5e147e59b6f79df45b3c1ffc70cc53e6fd6e3723663bf253a98b4468f2e0e628b5ceaad83eb15a0d9f25900b8eea6ca8c601f7c4dcdabd4f2abf57d142f0152ab8cf4a6185aaee10ba9058d7b7b2c9328b9788be98c14ddd7293e0ab2972208549034d149218be15af18279ccfe8801cb532139380b4c49af431ac228d4810a12cd4d0e8bdd64950fac82f8709f3dd0393862500a5e6f0e27c9d2492e2c7b898fb1ae8d9e623c4247b87608b3f474ff9612fe6331174790759f058d7649a245af14b42cca7ba5d068fb18aa1d83f1ad01ea05773119ea0a5e3d3d9cac719b6f982be64a7d242c90088225b7e7714f5aa46d51940cc578f304403ad5808e1b270912726c9e9a646df2b24ed54538a7ae1e59994008162a47c3d953cc44ffc5f443e471bb3598ca7beaa32c61d1191f27bc9b7c895e74b6c8ee79ac5bb308698da73111e9a1e962d3ac0d77fd95ce3544c1ab5405dc937a3a0b4105b9006ac78112b99ba877977c940552b7937896a4e78ca5aaf400bff832458c2f5e7e69f9d09f2d65d85341ce256586a7a5fc4dfb162122756b1fb63cf9f6fc821c48e05e003f1100597c1c7878753aefe9e4b4461bd05c9338ae482ad20ea1554ef8a3621a9ad70fa7e1231113e8988b1fc10df8dde4d0853956202a095c0530405a23a55e4b6c928174699f3d6eb53f3e3981e42c33f1214299d651333c91fbf9597cfcd9b85c345edfb93cdb3bf243907284e4ae3b79687a04e4653421882bc3463add56889998622492f1f111bb4b9136856c5ae55f9ac623deee711cf6c1b40551f8dd2912fdac3244382c65244a0a813cf78ac851204c9bfb074595ab8c3615411a2b360990ef754662cfeddd30ccc5c5a92767f62bc21c26bcb72cb99936b176f9303467533eef1660d2349e9ce84d15347640ae99a3960f26b0d16b03cbd4fda0969315d88db5ce9738a2fc8a0d97658386b9a7ace9d590fa5f91a335a28116bcaabc052ddc5a2a3975d3811b224d80b52d7dbc0047a33d6cc057035ab3e442180bab31ef1116bac539b5ef0da0df97f3de86bdbcacdfd377b6f730fe5d5ab50b63ede27ebfb4d61898fbb29abfedce6c82fcb6cf65761749b26a317fb9ea24da83b2efa632e5aab4ce2f4a32495747d7df309e00c98c0ead503e5f57f812d1e4f476dbaa07fa507ef70332aea92544ac9d3a7aa6fa71bb474c6c9009da88ac5400ad3acdcee700590a07e480c16ebcff2884cf4998f59f9e36a9419985bc9bc9ed0bd9b1616ae692976a491b7a5fd09ea5cbb0f0b1b3a5df4f4be0ea4ff0a6a2eba752983b9cf8e2d2ce5958998a0a426241e72ba5113008a289a8b59a685ee696404550147152250fb24936ae3925fe395067092e9c526c7f0202ef998c3751444ad38463896152d2470eb94701ef68393e109cfed743b4bc3647fb46913da822ff870738c9584becf1e71ad301a0c0dbc0711b2d07dfb8274a50f183535fe9076a0c6ea098872b324ae54130c7e302cf644828fc631fb410d36f8a9c6cfc96233bd32f75331b4c0c056d8d917a06fe28f5a81e43ee4b93bb88ff2c0816222e64f96ed986b3ae86733ea0308c5f6d5a9f7a05a4d2a34c347a9223a7d6fc4c0387c21d217e3bf780aff1e4e2c00b18e6bf4ca69fe5404957bf8e2c0d20dc48adc7c8c95d2305ebc2446395eb7b7cf8316b4cd7af3426944e888e4a8f7deaa425787bd2c6a0fb83ffe67fca657b5011864e9c7c176c3b3e1941b94b8ff815326632a0a395f844fd34911d9eeb2caec0ada1f2e4872a72b022343d5aca8e44a275fb5f069e52cd7e8c57b8b04592bc14c451daac70ecc9c3a7ed8027899bf9ce4b7ce0ee5d755731458ba865733f14188d66b37a4401ddf547824595993582dffeadf143693fb7384979ffd1106a3450db2ce0f87fff58aad2334cf3bae846857adc1b7467c31a06e48f6e23bf19c682b52b2bb8d44f9e0d50f0b4ae6a2aa139e10d7f20489a7d681a63b4c47cff2ed41b4425c2e6bd8cd947cf0f59ed05a1e01d6d8ae6be8a35bf405ae23cd5327588d5e8427fb3deee4d282ee47d606427d0f8de960a9686347f9e466d0f0bee2ad9dcba37c56bcc3089ca99381940221729fe92285ded7242ddc5739ad4c5efc8b3e831f3a165499e144c707207deebd341ac54f48b1014136582e08d95e454988714b7e27aabbf82c61105f07e4aade192ab04a73ab0e24eeec35a36c6d5b2c1e7f79be3fa1cf9d7b3b0479e87ff0f76655cd83a47eddd7330c79e810eecab14eb092cce9e3230736bf47fb1fb27a1a7dc83dab3e8214957a497c42a57d6cc8917513b4d26916f92c22e2ed06fb71269bf8a1f278a596cc6c94f9bd605ef220da3f95555a81cabba3188edc34f60d9ebc5075717454829c8c8d55d2c9cfb570c90190305a92a9cd5c96ad95a1e44eb5493eddf471bf6777d64c056cf14f9cfd1726072d44add49d278fa307a14e6083a3e619ed76933a7c3c139bc8e1ae94b4afdd93b38b8332dcbaa8d53af97f59228768ba0fb50c46b355068b0166d735bd404ace93c93cf46b851ee012b1d03cf08cdff808aa91ba73382bc90c065e9aacf67e14770be96fc1058308ca5b6cefaf5281aa84f79e251e70c54cde689b49dd024074fbcb162608da57504e95b8d214d8ae668236ce10faeffb3ad3ff78dd3c66c2e6e7724d4eb0cff8227fbb3f3c08ad4844229aaabe8a0e85dc684539ecb2ae7164d997b9c37621e5b85317f3b71f20c51ea98bed7c3e3f3ab88ced3a9953ac6e1e84f9744a0d4ab0c2240e77531dc876c24776d6c4493ba58d8fd09381b7e09bf19882b5b9474de657505294f9af9c27fef932cd55ab1ecdcbef4e70414dc45828761be16b0711b8039166b208b3b585b6421e74268ed0bf57f9074ca6b1b0e5ece10bf2fb2b85d8f4d2d76c19b2cdcd342e3d329f3c656985b10370b3ea8d5783745f6755c20fe2be4aa008800d4be0a09955e20e9c9e5dbdb516ba697aedd5a1e49a4c37076338cd6c5b56597df7c890bdadcd585c60095f29addb025b86242c8e2df1c73c5c005b41b7aa57f767160d599281713d9c059b8eec176b5b88260683c3694839c513fec5e7363152077bf509587491f7829acdc841e1a506d0b291078caef5b3fd8735d73f6854161be91a5d070d09c456c7f267a27b40e493dc2b95b18dd0f06b1e92938a41ba1cb0828e6a3e188226db46a4b7af45b5d4ee317d597bfd88f9c3adaaffe65c0ffd9e3ac99dca9e7ef795668bcc601c23d1b545b610d5c74183247d55f9dd5602f0f08dda5da17269d2778b45e621736930d9d5fb78dc12d0c7cc087126ff63f356d1a644f90799e391d5abaaa0f935bc2febdf932c1c87bec8457497b73570dcf0e3a7e456f1e0ff8d0dee393343911499c8c65b5af9a238dd7b401b10f9e9cb8e3a7e2cd720e765ff68250c61a052564e767b8d1843024376c1a5cff7fbdbc6bddd32aafe21e988b8ff11f16760311333937c77c1207e7d6c4ed3e9638114f67eb43635c7d69da9e5ae385b35501da5bad902d08caa56bdd9bc7846ada6df83ed2dd8fec63f6f17df764886d8cd76f3698e145b2523018ea40b939abcab6664d59a0dda0846f83bc8337b3a983a7fafbb6cbcbfc31114acc8a7578b9943b43aeb48778d2ce799117c28b20d258c5e0de28ce2265c135ab9b6b8cfdb977a1b230558d8cf2d4532bdee9497", 0x1000}, {&(0x7f0000001240)="41b1b7aef91c60db72a1f44ad93d115201e971b5a122b2a043158f889d6d9e03dc228dd6cf89ef48ec0b856502c0119f5d44e267fcf5998c99de9d4700f11f81acd458e6bef38c3e75aa75e12670ad69205fa22e1714e3fa519fe1d47e5ae6b16456b3937e17454b59f1ebf1cc7d4dbdb9ae0afb243a248e78dbde75aefc963f836f7ca2e0c462b99dda05e5097912dfa7150cd1e65b", 0x96}], 0x2, 0x1)
preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/166, 0xa6}, {&(0x7f0000000140)=""/239, 0xef}], 0x2, 0x1, 0x40)

01:01:29 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)
r2 = perf_event_open(0x0, r1, 0x0, r0, 0x3)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000000)={0x20, 0x1, 0x7, 0x5, 0x0, 0x0, {0xc, 0x0, 0x1}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x5}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
vmsplice(r2, &(0x7f00000013c0)=[{&(0x7f00000002c0)="6958d8b3bb9d19f2bd15873de4bb066ae3d0cd4f2d19bd86f95e30ed8548bf3251bde19e3a43d42a9ba26d0cf41c0f4d8608299cb5d8ba65977f0c4d29a2c59456eedac3dddde1ac740464d6d6876a840cdf6157019d414e434ca32bf9b7a5dc3ad2719a7b2b017ed6d1354dc1f20fc7a9ae32746f4b25a256720c05661c2fa7772c3e91c1143e887dff5e3724bd98bcf20ec34990700cc4b7f5f07984d4752d677b2397e261c7ea8348c0944f9e3011b100e6424349f1f3bef1b135b115dea2c594258e4d0051ca73c18e9d", 0xcc}, {&(0x7f00000003c0)="8b27521fa05ec543f00c122ecda450d9e1b9ef87a4e4a4030ff8bbfe0b9bbf512f1ec1e5f8570ceec25c5d0fb703f760662592c6e7cfc64e75d5165f41756a642621869b7abadc7f60f42b722ff7fbd58bcd6f7bf91db534ae4602ad68b55319a38fa61a6a230bd021c99936183cda26f51488411927ed77fa9ba0a43756712ad2505270288175dbb79a6bca6ca950d88aab880232dd47692f805420f8d91dad59d7be039355796df78427543d5a15ba53749679ca55674beda2accaae7f38479d8eaa242dfe5223c0bc3cfa10da1c02ebe38cbbf228ab3b87a0107e1d3b3a7bf2d0f1a84a30efca56b621d558b4b74a9f4c0ef9ce19d06b0cb9ef9cf065118982dfeff80855a0709ea33db552a63eb7c3800725b0beefdbaea620249be9fae82de25685eab5f83415ede167411907b0f8773721327e066ccb50b489505133f994bc9e9f9726b5bf80d72a51a0f100f198afdfd9c43fb82444b08abf6a08e497943d4028efdcfc88e3b7f7d211fd5cb9afff856c118b8f671073bead8df4ef94ef517876358218d214f75a7ea493073e932b29062bc59b6798cd21a8af27b0bbbb5b78d72f4b9bcd638eb042a5409950ff17b85d3ed729a3089af133495a6962405b9d332ea30fcde26daefaf35044cc9e8c686e010be0fe97c52013d09745a10eca45e3bc8f69f97ed3433c78d4e117b6c4418b2375326ea128ec6f964bc37ff44d7e8268193f73c27ec5f4020c94b900af1d81ba1d9329ed9e0174da0f3ffaaad24450b520cab393a39699a96f5e274fa905ee674b7ce2b75dae75b6df491962f85d7a647c70fa2bbc02e93a662fd5be29e12dec987780334166c7ced4988c18eace7f378983a83156df5864bae2c65084c5e40c94df0b809fb6036ed04e8bd871e47ec41d7951c46d8276b1845456ba81186045fcd08ea82a569bf40ef82d5f1ac6a4c10845fc5bc44050a0aafc3b892bd672f5e5804914653b19f7f9593cdfa532238149a74a6da2d00a6f23805f77c89db65a1b1b0a688211e650657a171df1fd90ef76e6979803908dbc216fd04c96cd77c104f99979d3f33b1695813aee75c8d5e09de32af2c87d29c9ac0516f38ac649d8d0642d156f4974733b543247aad34a7f0c4054e62a98124ff6122bde378d3678605b5153a422b4d5e3eb50f840524f1e5716d399d93207296e29e86570f22b9435e87db31b58f34e4bf0b2b5ad21ea828d09162471f7b86e0c8c5c0d1f107f3d2665314f517b7a415ea310a8a609af9a05c8f4f96106f71c76814702109217fccb8a44a278f6d3c7e47de9135921b086fbbc5065d27bf68df50090dd3ff38ae3792c89ace683aa5985419179c953c64ef16e63000c374c1653b3093b651243ae10b1b7be2c505dfe5fb870b0f03ed33973ee2f01c301b57958a30e4247f728568bdd7f65baab40b56cdd2b2bc56efdc35dd15c272a15997cafe58152a7d206ac0a40ebc4e4fbc684320e457291bdf5ede89d479ac4693dc4b808f2bfaf19d456600bd819073d69a9949820f5231b4ac6e259da2596e19a88b6fba2153acc76c551c6b7fb8548c952eded1d36e4f35b44d3a9abfb790f5bffe305f061d22edc0715b7f7b426e6d1c8ae06372e5170c69f08d9f8d5e6eb24eaa086f2b9ae9571fb16e88051a7d7bcd6668fe33f608af7946dc5b601a561313af7ba3b12f4860e48fe7bef92cb9a4acb2681197bacbe2a1466225edf8b3fe8653b4c92153eae5f5a2dfcef03b70fa61c65df8b7a20e3d7612762752540a201e253b672f2c95083cf0901965a585ff6c47186032809ebb9309b873943a50a4cebb1a86656023763e343a6e6c162430c93d6ebc52784ca544f5455ae8d95ef6be90492860e1048181008f306caabaabaa23fd025e3bc40094b3cf7a4dbaa94fa8b1864e4b7c39add4ebf7bd3ad19d2f7300af0e917dd0fad13a87bb98078af11755704e0a8fd2ecb2ba901be1b44ed839754164c9b351daee848699d214d3835c8dad9e56ebc88e827fb5a2d9cf89ac008d5f07e330cfeb3c911ea815984af012a004ff553318b1e2c7dea78d15a98b07d2aa96fe934df089c52159f608984095758828f398b2bfc51799871b05b068047084cf5391fee48642322f65109af2c1c9dace29b0c38e0a2eb6c05ed1c146ae65f3cc9cb1379d77e8b5a6669d64eecebc40264421c94cf335d243420c75064d12d43212fa9c8855551a7a7f2f9af5a6046df272a39c77864000c14dbddf3eecba27542764de3818bfe38f5c9cc612413454e136cdbe5969428bb5d5e87ea4966684390aa26c05e3a201ca2fdc3b34fa7168b4390eae3bcb85494409d7c3e3344849d777265f21bb4c9f19b838481b23b9f46d5fcb40a730ff42083a45fb6e1ca60fbcf0889064fca81d57fc47e922276037806b80082c3058fc9e507a24e02ef181e85da468cd0f2d528e6f2e0b59894821b0b421810e61e5349c9c5465b4cb75e8fb1e1a951ca042b716d589b7ff020cefb06a3ce90ea5f4ca4739e28c68692ac81ec422503cc4d67a16daa4f4e4f61a19b4fbe5222c2d6fa7aec3203201a136dde7d100146a83555bc04bf5fafb5a01dbf5960de0823b35241aa5e02a0cbbf3fd15a470d1129a0c77531557ddfd5428114670cc7d1b38b8c95924d28c226969a48771c589416311b62ff0269d3d5fb0fce9992e18aa4a2e006de0540cf462593dbb2c75a3e33100e0222d68de72838d60bac88ba7e0223a7cfbb472e3f24f20cc42a913dbe55af0698fc2d395942f92e45b292a367540f465483999675c32d67ec8fe3c8ad956c8048495eb6b4c45af3f8c6820812b879f394432bdf634cecaacfb6415fc7f92e88f16a17fd7c23269043fe6d699179c65e580e65f25b88c6114d2f12a1825afb49cefdf84d2af186e1a2d41ece44304938e073c74200cb790b1184839d5bbe14eb9adb76b60c777296fc17083bfd9821cdc76c5fc6dff7beec12f8784f276d47d54892b40e2ebc696c216d6780edb3140ccc634d69e8c5357f4ae07b859f503ee5f3fe689c15adea98fe8b93b027c873564f82c653cda5023e31fe425b66dff64988f9d7b49a2f8c05ba06ec8fd3a3331c22ddffc97bb3caad1982f96c3b09015c9c9888a9525269411f310676d3527e6b64f7831882c0aa3dbfefd85301a1752be851464ce61dd9b8aa7d7ac68466e900c1e6c69deaf849f76b6b2c7424c6816a8f17c8ad929fec3380cb6b4bd2d6ed4f0b95cacddf468321604b8773b85cfa9cde1c8cf815d28b3e17062f946587e9c52fd5a0474f1909a4677c1bab9e3606721fd2537ddb954e9517539d948479125db55f21d203c4d50247ddc05a0602c3933b2008dfb600c5baf2b6c6093986baeb49e6bb7a94c069ea5964936b4c3b1ab67a77b39cb94a66d0ce08339d47764ab9d2250188b6281bc8150e8dda595d1d305a0fe176086ec3c19891dd4b7f193137f4e6fb77805a6f5e600214fdb8736ba94e775bdf9fbe34df152549ca1fc69596eee9c14bcfe8edb2b83b899b8c056ee06a676057ed7ed079d752d062f7a3827c09ee9216920cb0b56b72d7b9f99574ec229773aec622cf54a4f325aa77486d5026d74507d184abb05e110829a182dd854b39ce240fd975c9d4f2efefc8c7a24e1f77b302bb423978cefacedd2ad108310f8e8c540ba90c026bea852e63172a9ab54ab2b7cac73f1d4b58b2648db20103c8cc5d9df52a551800b44752d3cc611ba2a11264677d1113e90457496435d088e94134e56c1aa20bbf7732d79b9574fb2942bab3673356775452a68e5b5c62e49549dc0e0029be17e01e498a727a2ae59cbad6c16dc75ad5ba11e004b9c6ee7acaa8f52a34e9c791cbc78202b0cd80370c9ce143a4d43d7ec090abe91b5eac89945685d6f9ba81eb3e4cecb163005bbe6330ba2efcefbd01771aae3742eeed0a75e1a22d461f116abc5701ab5c2db297ca2261ef6190d0e9d69d5f61b479a409e9ae80985a3bc5cbe26488dc7c1fee417ccf5151e5ba1634b8ad46f0903df38ba066c3991f95fae4f548c1534414d2c918d52b764d54a1786d975faaf4e582b9b27ef84557b6fbc0e9b7a4853a7a020d99939a3de4794bb5648828ffaecd683f382e992736f3bc29191999bdd04dfaff5e898983fe75bf0a88db22d10ea10793ce7dc09548b6c86dcaf1e62a076eba1744b61bdfd3d52b05f5a078508d360e6605a4998dc133814c8c811b1a8b74b23860852389ea9ed420f55e32ce3dcb83fbafc0389a8e0ba50b87f32df35f65177eae96df3cff148396facb27450e8130b6ce44a7c39cc0b1559254652d517425e1f171582388b57d726dd054ba1ec7d6000f250201ad9570e50f20687e284a1092f3abf94f8147ee7e076b0015e2ea0058a9dd273ed0b533ee8788103e9412b9fc7a337c56a5cf4b6556cd01bbe8b800f5618c83f1981da9456b9342d7f26136a890f885c9c9036759d2f2e0450718004d4667b7aa16594220a85377f0c7511c87b7eb315569706b8a24e7f6c48fd87f098deade942d0b782bf40e0986e9393cbddd80358b5c88d413c67d5673dc097182e4a254110928ee2bba3cf24c1cee52b0071808010ad3466b51e4ca7f4f5bfc9b79946a8fa48daa93982835cd64b1c7ad3d6974a0cee483f95d2d81894fc24aacc78aa5e065bd2b63b444569ac03967cd70a405158af6956c6673581ff440eeef89e69b8d0c4f464839efd205879fffe39cf069a6d6eb133075ba0983ddd4d3a4e97981f30902332ccbf31d63163ea96489640b242e8db6ab0835c0522c811c2fde1d60c375b73a07bd58785ee99b50ca18c37be48269067fe3caf5f650966b1f571191e0058fce49be5acf5d65f55a7d1d98b99c642d8dfbcdee44072ebaddbdee7b8550eb645561d3e63b3ad862a297dfb9612be9cf83e6c353b8fd6b6bf3ef3bd6c58d425749beca6a0291eede160a167edf388b55dd53b3e23ca11a842e8adfa03f3ff4c6fc5f84eba19acc495b5b25031868046397326ebbf9446f6c45952bfefebd5696514eeb445788f709d98f63e36a78b691c320032d94e3d0cf9f6d720a31c7480c4321ed818de393a7784e74ac6f862be1703ca66cbe10d10b9aaea4d48bf7b27bf69b23a2ae69e9f453813bc9b680078c982df7f2392be547f477a83027a7e4e0e249006e6311c652630da13640e878f229a7d812129725c09b5ff01ac52979f24e159f4c491d4060295fcb51601227f30dd6b5be70b147664e035a44d68952981b1484dd2dd81ae8b757f06bd12b2036caab2fd5a124f3d858042362abfa499315ee79052aaa5fa11484e7c19f8f90a9b11bb0abaf0aa9ee2c5d72cd29f692cd7586a62ad304f3360ce67610f6a9b0605120477baf30734c53e946049845737d8f8b417842e37dac2a221661895b452aaa17cb42b73492688cbe31b8f473a0a5bc7e5df67ab0d22380a6857b0b3b9a8f779505b701dc3f9042f2e3df3c1314d5740965dc3a23c298b8d717187459dc357554c8a42bfd2b33a11b0ce0aa1c3e33ef4d714d8dfa654c14651bae45b29e7a4c49bc588d5751b442ecf33dc44d38bf3b6397ab18993625a4385059c19b148d23c4d0a9d026f2140513d94c446a145a1fd8c9d22286eff0cad767666805160943244a4430595a36189574502e47e25a3e8704a8338bbf44a370c89f462d634f12f9b96ffc7a41cbc16b9578a1a51e5ff370767f081500046b4af52b6a8d2420c94374ea3201bed0f4fb61fc61e10e05c2240682b6879316e432a2a72f8115f76352dff9", 0x1000}, {&(0x7f0000000180)="709b66f8dbeecbb28fe87582ced3a613a973a23c11f17fc87ef870619997943501ae5f47c5ba000297effc80a752cd269aec68f5fb474177ab08e3c55e21a990072de4d615d5cbef2d836199202d", 0x4e}, {&(0x7f0000001b80)="c305fe765960ad0254f37b05315dc904b9866f4d768ebfe29b3acb4a3c21fec903b79963c3ef2ea8fbe1cf55bbe9a4d1d3480ddb5173170b2846677e13b91b469640dd8fcd4cf6ad8717cb03fe07cde46872088f0d4de6f9524392ad55f7acbd44b9ccb439a7390c01169a163f594b5ba3938b8dc9c020b265b245038c3ddb6b2b8cbcf58ac9982c35a82ee631507b4e07c68eccb5bd263f354d21a1c34ce97628e46632278118d8b1f1faa8a7aa60eb1b08954da279142ae5dd5709a4d54f62f48227986b7e7564aa992032d97d944006e5706508834d3e049e9b349d8acb42e725703d6e6b6054b736772fd8c6197a83326c8d41bbbe0637495c07429e55ba2a43455f701bf69a454fa35155c08b94c3f5bef2eafa056a80b1e9f5b504814aab3e027b89101d3677a1f1cc277cb141bbe696d577d8c5a3b260be09797e815da9eb6082352da98c60f1eb927c3fedbd61a22187ab0c7fe6faf86558fe6354e24983214e41acc733430f9c1f04a7abeea938f691017166756f99c1b2b0767fef93f4ed4c29dd4e4376365b152a7f51e07f04d901609f24b705ff7b516d204145266f2cf7d2ccc66a647f9151fb1d83010c9c3494790adb5660b5992e3366ee035be3a7dc7b05c827239f4c5484e6a111ce89fbc93d8ade68d420192947d981008afc11dbf32ca316827989cd355c5bbf3d4821d11f7c702279beb92eb76bddfead26da9c0f56b221581643d2b4900ff020231f332a23aadf0fc71e76f76869fe370006af72b378fddae14a8189eb062fa9f203bc7b8ba70d33f849449a4d169daab0e2dd17ee83cd8777bfdfb30986af417f01354d255b2dedf91218b68444b0c35f197ae7590ed3d975fe96b6c8680d69b9d097dd008e636d0e59d9410370afa5439bba80301a62563fef7d9b55475237a1cf3fc040e8778addb56ecf45c6e7215c93a64d574cacced0037a593b05a9b82fff3a44b8c618aef62ce748a7dac7bbd8516d3cb317dd6cfaccd9877fc19297e670709c9bb82ed969a2d9915f51cc9e8a7f8692d6b6141103074a7ac22889c719c8c6981a6cd863a31b4c191fd383a3a37b495337552113736761d81756f80642737c15248198feb01fe8a704f3047348bc8ab2a088547830f9f7f38ba870e4a8660f33bff27d9c7616e80b542dee541a307227dbdf5f44aa28210ab4c89ad0163e2399d5f5ba17e37e017e09c4b1f386de725044bfa17d904a67d9411808a581520474edc38f84c36bb49b3712134b6b3459a8fa3705045fdb8056f2452c963b19129246d3ccc3154868fc1db2f13e9723056d6acd4968757031adbc03278a42e33fb2cc3d47a5332901dead1d4f2dd97d40e60beb09274a16318ff49684ffb26a53dfa22886762eac7c4f076e558685339a4eebdf2e65357fcc58e340d1d0778cdf25b68dbb138d55746bbc084ef8f4119a935e84d058f5f417699c21df20d838f5542f8eb5d7ada19bc7c71bb2dbad1eef82de4ba5374b04a4ce4915c28e6e11fa1590085d75915a40d1758c336cf583593bd7d674f726434c4467146a3776ec4fef98fe591efdd8df8de7b275c1abb34d7a4bf74dd15bb533928dfae5d413ba0996fb23ce689b0741cf42404f08ac31c4b7edea9e71cf44f49fa167bb054f28afe550086afd4ea375ce6c90efdd7819300116145a4382f4fc7282cdf4703fcd712ac997ba427b8e26b5f26dc687a4bdcb98c1a017bca3cadfc946ba8708fe715a41746f59188124573400a43bc79b6dea84f9047fc665ab48d19759a5f756c4f4da3762690c1aa44e121ecb612d641ed93771625c8c1708aeb07066c07ef82e5553597732c784dd3dbe4464ddb8724674a96b0cfbb0a386291a8959b2994c1ebb8a3b0d250fda2496032015b34d0ef5a3d0cba51a607ddcd403f9fe534c34bc1c74a8b03a1712725d6b17ebb70eb2bf3f8744b912cc855eb1f7e3dfb8b73528c971fce4f6fef1435d3886926e2d919e6ca91e509cfe6293facd78b224f86fbb6484aa6b871487b85049cc90bcd636c1508bc5b04c15256fae29970760051b9cb306f6d12b3ec28472053633c07b4fb21eb5e96a144b8ce26768cefb1247d9a832b85c5025da28576617db5a06f23d581a55797a74b8f4027a4a792c3a77e1adff3157c5c7950fcea7668489983d1a5b325ea880cbdf7c4b520a164656a411a3d1a674b80890b518e65bcebf939afb3815613f629f7dddb56c3154c8638f22c62517d2f283295d20d63088dfe038cde66ca66a69725a8ea67d7a43f1e52bd9ee1a5a5d87b8a7b5f247900b48f7475dcf4f7bf879082f0c29dcfa8df70b8f46a8136e16fa91bf6e2026781295bb66d624aaa7bda21b41039512a64d4820dd3e8bb3fdb27bc52e58a3647059ac1e1a7bc9f73c5a1e62ad58d3fdb75d37c732c286b1e8891ece49ee05fc95dc0cc80bb96817fffd44a286f3f61700001b08d335584819d8b7d3b052ceb2a9a81e04bf789e601fa3fbc2f51e1cf6087e9760561aed3e6a5de478c25b69d1e7da6909b39011ae1645b2094a890b402a3378f9d80b8b85fbf562c2466da3014477dccdfa61dc3c92468c75ab5b95e22d1655c8920c567a8ad0987b21a234ea6cd5908ffffc0d4a1e1b51b8e9d5a6f26d8a2ed637fcc1c1a308d3768dfedcb99c45a51f4a49b2258cbdba13d0af64a2b7f6ccc6ef76b322a8f32b408d0d49e8215e6aaf7ed6bb517f7b11aa3446983ab0d2c52f078491afe5b5e2b1f565999933bb01952ed2e25b7ea2ccdc420a2da75e6eadf853d6983da0ed94357420b63f14a2154579f2010ef5a29ceb54a8a0fce07594c4fd3382d914e3f44293ca512e9e926e489971a102676974b635434d9b2a5ccd16737add220b8a2a1049ad6f66c3983a6d96186a79031aa9fa9e32099368ef3b6f24504318a5e770f0cccffc11765df4f3498a29406f650aae4f28d50bcf408a24a7a3939499e36b679d02c1acbe871c4806ea26acf40444506f231c7e6499100771acfc3ea1e4e3e7c7b87d0c76f7236cf0932f1f6923d4b2f3d850e7cfe29b4930ee1b599945c54ac9e896bf70778a66c2288b15610b92a91d43797a3de9c2fad144fbd22371ff3b08551cc8c38fb3fdfceef137194f283d3f9ce214dd25a12d6e1cec3db9065b73923451bdb3a765f5562225133619f5c4419efdb0cc0caea58c22057024ef335b5975cf180e7631fa9a22de2a97b6fe354628dcf77be7b24b8724249fb4e32fa20ed9a8bdf5d77be7923c72197d29ecd8691caa26c3fa5f6c2f1cc9530322e9f3e9a32f9f6f74b846288d674315e989f7e4c2e7fd119266c729a2d343192739ba011dda7fb4ed44499d4604b33794a56185baf9c92b55e87262f3299009d97d07abd9f40459cda2c398835b128353ee2e71d2f8a73feff0fb777c192a15cce61a2096da955eacb096aa0c2aad9f26ba71a65ecbc3d5c63f1c7218a315e6f986b34b522ee650cd79c2f7df8e19ee7529e811ae478a53f165eafabdaf9440ecc5b53c1b567e598244ec76214179fa73192b23f6d709b47f6d556b0a45cd06615983d18b861e0f37bb2c7b477385eb369a68a2f1af7febd4a5397f2bd1c4e07967f49be0c10fb37d7ce11d697fa34180bf72ad3c80072ca2cfcebe2a791207115f61f81f5cbfc9d93fd95f312bbef59f0d3d9c899f0f150438b57aab677c26092c1cc135f085907fdaff39caa43aad8edd6ffe4eb905db8203b7c47b690f3e62a5ef0ef420bc6165c37f8bcd6d2cabb3d31b39b56c5cf3943cc713dc9b01faf444bafd6ee36f0534e33985a1bd8890207a3543f5a2a9d5e9d158393ea1c4910b8d5873670b894bf20e450799c4971a2a49f5d768d1927f60d4ea6ef31d30fed25cf0a08ebabe81765d567d29dd19b8149fb98e8d022661f4cb74da927adbbec0bee314b9b648803fe6307df61fa7d8990b77c64b05c307d2328d71761a97f6eb72a2bdbeba730f9ed1a2277062ea1408b7a7917ef49e3455aaebfd0aa638a99df452a7fefa33ae919726f1e33eb02cfcd6a0fff6d028cb787ecbfb64a14fae29fb67b26ca1ae8646ffd3d859d5fe32253f72459e2d6c6c43ca62245e6a591ddd31ec48a70caedc566a95f43795e6382b3a0e0cb81be4b6c0d2f39b5421704f94a7bcbf6854dcd1acdb65557b1fb1ea83ec287de46bf5016bfc0cdb58e5d7afcadb7b531e7457961a326e9e3ef2d959376c13136c3036df34657039302ace709832f5cfcb6d2a6022246c6dca06a183ec00cdc39936faae7271d5d39754f3e59e2fbf4f682261d3128a768104401a0179316441df7d8b0ebf5c5949200c05a15f4d56c9f43156918194296cff90090d1fd3835005480d647589cb5fd705a2d6dabdf3c3e7fd4d207841210d3e83a1acc3c918487e07aeb31ce7023037b045128680a72b8615e06087a5f9136fea8d8648919d5962eb8d822c7f7efea91db5789a19da5206ade1eae924e7cba301acdadd50de28c9ae3850ac2528c06e4a9cf8988c332e6877e5bdf6993125c71316105dd243455e7869e10a615610bcf745bb17a0ae5d6d6afc74dc6b35d7809392658d39d9ca0c244fda9ad2f6e9074d303bfe267b083429929ba2b3f03ea65dd58243b46baa3c2861bf9de9384808cc0096c8a7fe3ca6083c2e92acf777911fe41360d473b4f211f84aa46ac4b522c8d1268ed1a5cb4d69c97e1c0564f20eb82730eb5524bf9a87b0b7666b031c8a2f8edc6a0f74120bc4c984c2cc07f53df0bdb775934b80c50e5e42eced1bb3881a41616aa6ddd2fec788ee994c64f94fde89de1dfd46f2314a1cb39214166f2e06e078f8ea4f5b13d5fa2c54cea6ef619332be2f41aa5846a5e23695d422f272dcab49cf30f7dd22fd5dcae8d3170cfe1e7698ce398c2afe91435d3cc19596c616c1400bc484afe70dffb0e0dd39afe6ba2a6afa89e54c8adad63f3f3e8f9442d9b16f96798281d7ba01a64430c62e7fed865b760d33332319e0536e964f455f17ad6a290073d4ff18f90d9a023eb468bab68482f024e3a79b0aa82a9e87505c68cfaeeedb27912849a8137d130802a7fb220993a1e512fc8348fde38d3f951cdc28c062e024f02cc5e7d3dcd2d8ce232bb37bdc38d30e4905723cf6989f9e4930d55ce635e3b4a327e170cd626e20f3a31bba93cfe8bd4f8ad5474af2958506557fe82c73c73b2488db9e48bb8116ff3714ff4c7c3a55a4213a70b5202d7ef4036a0c7c2204925693c65a78b6e2617513896e12e77876e5d1b079b1ea034ebc4330fc187665133fdef1ca0235d50480549d09d1a91ee79b74902b2f5fdbe3cd9c33c584d5dbecf96bc4bf64270a3396eeb38fbf75a24c2f100baecc6df034781be61ee8aa3b9bab08d7d6ec9fbb165876270a3c6c46d14d69fa036ff113fbabad75ce25314d914da310e713607608e4eecd5ce8c8a634b6782443e574fd0f50d73720300ea9193b8e1eeab0d4cbe6f2f25e6c74ce8b60188d8485bc141be19a24c27c22db747a17853404e8ed0f30be2e43353059e9d5c59b7285da921791e9c5c9a98c389b35261808f14daee4a33d2e856b3d503362c2d54042094bd80b468e137e0fc18e46196ea5fd3cbd156b6eb1bbdf9fc8a2caa0b4d6b248946a6b7bb775f415f0b9773d6dbf4ac516e4532d46224dfa5f69975d5c9184de19a4030b60cd95f4210532bd96a1e4f9d64e3c76ff5a62062f2e2292dca2599486197d10413882bfb752c4498cdaf381e379ef53eeb4b45774d4392dee6613978236822d19b633cfc11c2ddf4c19dae0a9a0", 0x1000}], 0x4, 0x8)
exit(0x6)
preadv(r3, &(0x7f0000000500), 0x37d, 0x0, 0x0)

[  663.322672][T20252] FAULT_INJECTION: forcing a failure.
[  663.322672][T20252] name failslab, interval 1, probability 0, space 0, times 0
[  663.335339][T20252] CPU: 0 PID: 20252 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  663.345153][T20252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  663.355201][T20252] Call Trace:
[  663.358477][T20252]  dump_stack_lvl+0xd6/0x122
[  663.363072][T20252]  dump_stack+0x11/0x1b
[  663.367310][T20252]  should_fail+0x23c/0x250
[  663.371716][T20252]  __should_failslab+0x81/0x90
[  663.376536][T20252]  ? register_for_each_vma+0x372/0x890
[  663.381987][T20252]  should_failslab+0x5/0x20
[  663.386482][T20252]  kmem_cache_alloc_trace+0x52/0x320
[  663.391767][T20252]  ? register_for_each_vma+0x372/0x890
[  663.397213][T20252]  ? vma_interval_tree_iter_next+0x263/0x280
[  663.403206][T20252]  register_for_each_vma+0x372/0x890
[  663.408477][T20252]  __uprobe_register+0x404/0x8b0
[  663.413399][T20252]  uprobe_register_refctr+0x29/0x40
[  663.418612][T20252]  probe_event_enable+0x2be/0x7d0
[  663.423620][T20252]  ? __uprobe_trace_func+0x440/0x440
[  663.428886][T20252]  trace_uprobe_register+0x88/0x410
[  663.434070][T20252]  perf_trace_event_init+0x34e/0x790
[  663.439376][T20252]  perf_uprobe_init+0xf5/0x140
[  663.444128][T20252]  perf_uprobe_event_init+0xde/0x140
[  663.449457][T20252]  perf_try_init_event+0x21a/0x400
[  663.454607][T20252]  perf_event_alloc+0xa60/0x1790
[  663.459531][T20252]  __se_sys_perf_event_open+0x5db/0x2810
[  663.465150][T20252]  ? plist_check_list+0xf9/0x160
[  663.470101][T20252]  ? sysvec_call_function_single+0xa/0x80
[  663.475806][T20252]  __x64_sys_perf_event_open+0x63/0x70
[  663.481341][T20252]  do_syscall_64+0x44/0xa0
[  663.485788][T20252]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  663.491704][T20252] RIP: 0033:0x4665f9
[  663.495614][T20252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  663.515211][T20252] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  663.523613][T20252] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  663.531573][T20252] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  663.539530][T20252] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  663.547514][T20252] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  663.555468][T20252] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:30 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)
fcntl$getflags(r0, 0x40a)

01:01:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:30 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
syz_open_pts(r2, 0x0)
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x783, 0x80)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r5, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000200))
syz_open_pts(r5, 0x0)
syz_open_pts(r5, 0x0)
ppoll(&(0x7f0000000180)=[{r2, 0x2021}, {r5, 0x420}, {r4, 0x4002}], 0x3, 0x0, &(0x7f0000000240)={[0x4]}, 0x7)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:30 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:30 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)
clone(0x40000, &(0x7f0000000080)="8c81ff192bfda05c876ce7a28a79129a1f87fbc8849c51a8456c46bf1c15212d5fa3703e6b998ddd321158eb121f6eafef99e394be8c0bcf5d4b724a98b86e16ec7e8c43018066eee84b61415f27aaa81c14e21afc37fa09f0b6e2d0d84b8caa9c96db5b5f9b430da214827c45f28125a315b7b55e0e967209c3fead090212b50a3c5b9ceba9ad2e4ec1c19b8d1f39fad940602fa43a1f6019122f76a953f806560527544240e00cd6850bc184b658371a1077e78e9099b04a6a382e3796fa058cde8531363283ebcc2abc8713181eb868486c86b6d6ca2388dceda9b7a26f7749", &(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)="e99b9b4533f8774430e3477630d68aa695241eda78b6798efa65ebd664e01a97e3f61a5969ffedd609f1ce2c3c1571a125aa99f4b2b9f0f3731609109bf77431111fcd76bad80cc0260841bf1a78225a67e9c5fab88ca18b43b1946397f2e596c42cff6bf58b8627d759c6c04a7336f3dfd263b6d7c15aecac30653030c4b520f9762ccc2a5ce75d80919289a50c1a8ddf793efbfe")

01:01:30 executing program 3:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
creat(&(0x7f0000000140)='./bus\x00', 0xa4)
lseek(r1, 0x7ffffc, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfd14)
creat(&(0x7f0000000100)='./bus\x00', 0x0)

01:01:30 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x100)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000080))
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r1, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:30 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:30 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
syz_open_pts(r0, 0x0)
syz_open_pts(r0, 0x0)
r1 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r2=>0x0, ""/256, <r3=>0x0, <r4=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r4}, {0x0, r4}, {r3}, {r3}, {}, {}, {}, {}, {}, {r3, r4}, {0x0, r4}, {}, {r2, r4}, {0x0, r4}, {}, {r3, r4}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {r3}, {0x0, r4}, {r2}, {}, {r2}, {0x0, r4}, {}, {}, {r2, r4}, {}, {}, {0x0, r4}, {0x0, r4}, {}, {r2, r4}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {r3}, {0x0, r4}, {}, {r2, r4}, {0x0, r4}, {r2}, {}, {r3}, {r2}, {}, {0x0, r4}, {}, {0x0, r4}, {0x0, r4}, {}, {0x0, r4}, {r3, r4}, {}, {0x0, r4}, {0x0, r4}, {r3}, {r2}, {r2}, {r2}, {0x0, r4}, {}, {0x0, r4}, {}, {r3}, {}, {}, {}, {}, {0x0, r4}, {r3}, {}, {}, {0x0, r4}, {r2}, {}, {}, {0x0, r4}, {r2, r4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {r2}, {0x0, r4}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {r2, r4}, {}, {r3, r4}, {r2}, {r3}, {}, {r2}, {r2}, {r3, r4}, {}, {r2}, {r2, r4}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {r2, r4}, {0x0, r4}, {r3, r4}, {r2, r4}, {r3, r4}, {0x0, r4}, {}, {r3, r4}, {r3}, {}, {0x0, r4}, {r2}, {0x0, r4}, {r3}, {r2}, {}, {0x0, r4}, {0x0, r4}, {}, {}, {}, {}, {0x0, r4}, {r3}, {r2}, {}, {}, {}, {0x0, r4}, {r2, r4}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {r2}, {0x0, r4}, {r2, r4}, {r3, r4}, {0x0, r4}, {r2}, {}, {r2}, {0x0, r4}, {r3}, {r2, r4}, {0x0, r4}, {0x0, r4}, {}, {}, {}, {}, {}, {r2}, {}, {r2}, {}, {}, {r3}, {0x0, r4}, {r3, r4}, {0x0, r4}, {}, {0x0, r4}, {0x0, r4}, {r3}, {r3, r4}, {}, {}, {r2}, {}, {r2}, {}, {}, {0x0, r4}, {}, {}, {}, {r3}, {0x0, r4}, {r2}, {r3}, {r3}, {}, {}, {r3}, {0x0, r4}, {}, {r2}, {r2}, {}, {}, {0x0, r4}, {0x0, r4}, {r3, r4}, {}, {0x0, r4}, {r2}, {r3, r4}, {r2}, {r3, r4}, {r3}, {<r5=>r2, r4}, {}, {}, {}, {r2}, {}, {r2}, {0x0, r4}, {r3}, {r3}, {r2}, {0x0, r4}, {0x0, r4}, {r3}, {}, {}, {}, {}, {0x0, r4}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000640))
r6 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r7=>0x0, ""/256, <r8=>0x0, <r9=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r6, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r9}, {0x0, r9}, {r8}, {r8}, {}, {}, {}, {}, {}, {r8, r9}, {0x0, r9}, {}, {r7, r9}, {0x0, r9}, {}, {r8, r9}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {r8}, {0x0, r9}, {r7}, {}, {r7}, {0x0, r9}, {}, {}, {r7, r9}, {}, {}, {0x0, r9}, {0x0, r9}, {}, {r7, r9}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {r8}, {0x0, r9}, {}, {r7, r9}, {0x0, r9}, {r7}, {}, {r8}, {r7}, {}, {0x0, r9}, {}, {0x0, r9}, {0x0, r9}, {}, {0x0, r9}, {r8, r9}, {}, {0x0, r9}, {0x0, r9}, {r8}, {r7}, {r7}, {r7}, {0x0, r9}, {}, {0x0, r9}, {}, {r8}, {}, {}, {}, {}, {0x0, r9}, {r8}, {}, {}, {0x0, r9}, {r7}, {}, {}, {0x0, r9}, {r7, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {r7}, {0x0, r9}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {r7, r9}, {}, {r8, r9}, {r7}, {r8}, {}, {r7}, {r7}, {r8, r9}, {}, {r7}, {r7, r9}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {r7, r9}, {0x0, r9}, {r8, r9}, {r7, r9}, {r8, r9}, {0x0, r9}, {}, {r8, r9}, {r8}, {}, {0x0, r9}, {r7}, {0x0, r9}, {r8}, {r7}, {}, {0x0, r9}, {0x0, r9}, {}, {}, {}, {}, {0x0, r9}, {r8}, {r7}, {}, {}, {}, {0x0, r9}, {r7, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {r7}, {0x0, r9}, {r7, r9}, {r8, r9}, {0x0, r9}, {r7}, {}, {r7}, {0x0, r9}, {r8}, {r7, r9}, {0x0, r9}, {0x0, r9}, {}, {}, {}, {}, {}, {r7}, {}, {r7}, {}, {}, {r8}, {0x0, r9}, {r8, r9}, {0x0, r9}, {}, {0x0, r9}, {0x0, r9}, {r8}, {r8, r9}, {}, {}, {r7}, {}, {r7}, {}, {}, {0x0, r9}, {}, {}, {}, {r8}, {0x0, r9}, {r7}, {r8}, {r8}, {}, {}, {r8}, {0x0, r9}, {}, {r7}, {r7}, {}, {}, {0x0, r9}, {0x0, r9}, {r8, r9}, {}, {0x0, r9}, {r7}, {r8, r9}, {r7}, {r8, r9}, {r8}, {r7, r9}, {}, {}, {}, {r7}, {}, {r7}, {0x0, r9}, {r8}, {r8}, {r7}, {0x0, r9}, {0x0, r9}, {r8}, {}, {}, {}, {}, {0x0, r9}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000001b80)={r9, r5, "82bb09f976cecee52cec9ad6f16ec1e20292d30fa58bc6b1970140798d72667812485fdc7d117b4ec61b8f39fa2cbf2e067e6c854a12b5ca11f8174619811bdbafb1186e8b42ba57b160bfcf620bfdbd64dda4e609e97569fa6e93b68f6fc72299ab325207fcdd79a296fe6bc08e45ec9f00f947290cef1f80cf78e79512e4b27e411e19af83bb0481460d5d5bc715017fdf713fe9fa5b58c80c44d57d607be3cabb01f75bbc32f9f81f96f25c259af7747c09dd9a4bedf781bcbaf387d59b7654b8a6da7bcc3b786cb6c2406ada310df54896b7774acc3f47b672042a15409ea4efc71f6198f1002a03020c1eda61ef661f00", "ea061dee791308757d777e991f2b353f9bf4a1ac20d9ba3ce3009fa0267bd58275da4dd57ad8c4b4cb273ab832570661a62ad3d60e3511ddd8dc39b47170fa396e5948236424a6f3561d2a0797b7b4daf1d2dca6a731d3f0bfd2050b518ca44a759dd880eac57887b654b8aa416c29c5a699f8ecadda283a5a9c07a646cdf0d8ddb95edbeed99f86a2a8e195629c2182b546cfd66ef7ef93ad491ff00c7ba7670b7e2da1716cd696c55db15a9861af6b8ba8939db73e02f7a2f00bf39be3e71974d242800ef8efa02c972eff90d0e5758e3317eb7c68556af3f75e7dbc94d5e379bafb9a0604aa810b04d18581e3bf13cb9ebeaf47ff3dffd8cf1a53309bfa3b6b45276a9f113fe2f860f53b39ce8e1e79ec6b5f373370235c0aeeded018bf0e59b1b4316a002ce8c7405bd5997e2063565b01c354256927936dc3885f70a0d85769faae9cb483a87e0265bc5147138ac4f1f0051653b2550d861f068952c1ae50bfa0c1d394cca9e22d93e70ee35fb3ef00648a18eb05f21429bb31bc89cb0542b71546b3c8696234875b35adc4397622f06f29ede7f1e69f23c4bd4413b5880df8002687ceb6bff5b847dc55ea208d71f4f3979bdf5da8253425d3f34494027388850c40db006498e1a94940bc847d17df92d0c5fb97ef9a73c13ceeaf51b5ed75c82acf2fe69689dfc8b157d543589f7e3b41a8645f71960c84b0f6c1cdba6e2367caf41d7d9d7bbb99d65528f7b66d643e4700926e647cf0d572451768d90c706e271a2aba46bed25ea685ab948b49d21d6af4ab6a061ad436a46b51f56a3095a39c3559507e673211b3507fd238c95894feb0a9d25e0a6d69857b0e67fd90e1e069181fc930cd8c1f3f31be925ca2f26cc19b8dd0b0aa81ceba63e466d58d3dd6de63dc9fd01a4fe1ee88c3ea7230168e247cc4a6423e6d3bcda6a7fea8cf6b14d34e94da4804ca2a5b74f8eea65ae99ea7585bbe7691fbc49969f934952a4975dd5c146713fcdedf663f1d093a9c6b7432e768155b009f88f0163194623775bb81aa658239977c0823d8103106fcbc4c3622bfc294e0a9d0d42cff3d4ed7cd1fadad7efa25cf47661c12a62c586202c11e09f7141f8e86ae35b93c416c89afe44d3ff0339afcaaf065422a8cf60d245ceb906f95ae3e1c4f1b3a5a8f0d45446c246e9f2c750beb5ab8882b64c108ee45eb9c7358284e8285424e4aba3e7ef1c3340fef8bcbbf00a9a3530a2ce0eafb41179c8942253bbb6af057f0cdec0e5723d7c1c77698f0065667388347bd318e002a04cc03323dddd8415f299c42db2ac52ad8ff6d2544a32a8d15b932c29ac0712a2601e9e7ce23d0b4ae36a73e65faab723b2504a0a325e3d27dc9ac24968ed48dc861077c3db80f9cf00a224cf2b1b228fb50ca49e25cd535b550a7b753a69fa9689c4b225d5c394d368d993efffce3d405d97eb84c278625bf4d8cae43ca64bb8d0a261f5af41a5a61a6a8a0e1e70e02fa0a5cad0138cfeff13eba594c1c80a949d7e0ce0ebde7df1593e0796cd64f2b1a77051e8e06cea7f17eb32e8c81861588ce10c3828f9b507a55e5d2e570b93a081910d4e3e758db6b460027a2bc39c3c67e5407bc9472eebabbe4385058235b4257d000f79961ef9cec7b16be2bc118832cce906d27abc2b82eed7752d42b3683544b6a654f9028c03161659a702975d3ab5e7892ae28a69b7cb7c2a47a298a49f031b773ee63027340924930d2bb46ff0cd5af2271e046b6e39e39616d6d3769673221cc1ea69860db7d536380d62feca19208b71e297cddb3f87723677aed3d42e54fec88b7ae452434f3289ea43c2fc34f10b411c0ef1ef3e2b7f8b8a7c0d0f51e23fd395b59776ae0440b551af66a0f655d4d8a28e52086a1f1cf079d2b0ecb11784a17e1bfef469adc36b80c71ebdc0be5c75edbfba62ecd8afbab2e339383f3df0ae9acadf7a6ae47d4a78ec3311d399f5a921c1217adb289d6860a79b4fa1851b2acfab51946b1f15dac43b3cad7050f1d47b59c4a2bfac15b2b5030b7b0a2da7bc7e033ed1cf0f66698c0c7a9dc7c99edeb91df727a6fdf575da439655e771d793c527cb1c75ca1bde592c6148b156d72dedfbbf2402ca0a154a97d0d75a5c6b579d919c9fea1cfc8619871036c9a70fea45f05c1fc1d597e28abaf2e5ac6d7ace2ab3f350f7592379492a1ee272ab473bd3c65e4ec639aeed310df613464f33697e43db8cb187945cc467022d7715bdc0dd64c649ab7d3f6be7d1546355948b922c0dd35c83df4986eb005c859ed6ed48364174d888599d91a8c124a6a95580d4d849a4833dd10546066bc3ebaa24ed425430e539f478f2fe3a988cd8ecb3ad72a810e51d106fea55630535094c8270e998b0f49fac01ec7acd85d2ad0f69416ebefa65a8642e240d8ffc773246a17185a89d3efd56720d2c9e1bab1608146c6fd2673a1129c90216bb7ba6633b1eb2b0c379500adfae041d41ee48c0d06d3cd88d84c964375e6a52ca9dc0612ed603b9248b776f4a4f3971bc54fd700bf8fcc20372262b8c9a79e7e5b8dd25986d58846bbedd21a0c611edc9120de9da2d6bfafa67736946ca91a0fec36e3876517dd9b21570479e6b304afd855f93d7a82a53627e1ee1b53cced6ab7d93d1166e39e9d902e3f605c125bed47ada9daf68b31aa3c817cad387d57bbd69a7b4969ce3da38e2bead6c8fc2137b15cdea087307fbb7934e453e549d9149832eb18c5ff10a194f2c3d50643823e1f620c123ef0597b55e3d6f7d6d41dc43a36b5bef3f1e796d4e78856317115d45bf3a77e0d17c40f01381bc47cf5e304e71a590cf29e59ddaad8fc7898a609d565d00b19e0aca14453e9865d5a3d940bac24f4aa55bb7018a7a12fb3161c9324dc4cb681dace9429ae38aedc8c65ba40f842e8c4eb516e3e9aa701ba156ee004ddd2aa4c96d8513a0e188f8fff9f273267a68d507b8291b1f0d217d8e91627278591fc99003e30a799c327cddb7e24081c72c6f8e1da876633443b6c44fe7c1cc47eb0eaf31222d4ad06c077f5eeb34a1572611c9733f11697a01b6a81485cb8ef3a8db1e14e0bf66ea6a430a30e6c440e23b8baad5e7ce4563007da11635f2049f17ba43b85dd4669d2e75b43b7484a980cd0e196a308a704db7db01263e6682ed08fc30c788c2fc9b2f8ddb6982d548ffe417ba4512518af48c84aa7267eb192b255303673acaaafb0d7a2cec9f95a6a2ef71ab36cbbea3f14074d0a329bbfdba2b80a9644628a160127729556f592eb50702098f3281efc9e0d15fd5e2e9cfba9a3690bb14f94b13bb99d4a37d997bf44065c38c1e588cf0fc5897040734617f4b4942449fe382047bde43b5643d1048ba4eaf93bd0785e0fb7ccc0729aea57f4728587adfabe8896fc0413e27dd7a997d837bf7c58dec17f21cdd813ca446af30f04f256e2978dce3488149b5849efd3c2f2c9bee92d4d73208be3a7be44990760333d5394a3c6444b5ba7fece16f98702e188da236e74a933436d9fa590f742e6c76dc84d44298089b52d691fbc02a91af991491b1a5ab488c0d9d8cfdfb16e9fc9ab230d9e4c939bae94813a16e47dca1a304715409d7286dee5510718bc7740350a0de811ce160bde2128f6d6f59160abfb7dda36729e5859e3ab2b508693ce7e375d022a5617628a0be16315b654b59607648ff96daeb35143540d3f67cb5ee708d9063972556c1fc7044c1f6a0b9e09509462a5d94ffad401ce7a201dba0d7eb98e657fb10dec43317bb3932c40b85ed7f6ec94658a501272f4e75aaa53e36e0f10b667f6510f216c004632ebf8448b868407d26aa5a61e9f3bc3dddaec6cc231f96682f07441fb0908afdbb75fff420dc4b9c8e801b08f5a231a9394aa71f6f3abafd0960920283220eaba02595e7dfb5edee5e545ea0bfe8a220ef7905bfb479d408ac1ffe52bcf461cde0269284d27280863cf546dac12f3a184085f22069f0e8d7f1284cdca952e9ba0258d58d7d912b4ecec4cc61e41089025a684546d2388aca4e96a7b0ef211ffba4fc70f73d05d75b2721e620ab18992f5c80c85ec09b40e3eaa4551821a3daf776d5fe51153c3c3454d79a3775263c328c22215344db21f78a701c2902af66166708edba672e2ac611ebe22eaa26017ae3dcfaac40f278b9ed01f289b4a4c8ba69fb0b01c30f5998576bcda7f62e0465e279f8c68d584bc281a288ae174e20cc7697ed766fd0272c492a840016da4f207cf2ae587f00883425ee505c472d7fbc42b6de131734c8970509603f83cfd6555ad125d51d3ddf66cb31acdfea656d312e2b98224ba30ca8dfee18ac8d38e8ab5e6639d65a0bccccea81aaf14abe00a9b0b0b40abe0c27c022846c83b6a3abf93e30c55c59f2657dd6d7602f38760c493cec07de5b73fa30758722b55e7c2f1b028ee91bb96defbc1450ecdf68beba076739226b6341ff4abb1312437d322566cefae95f01e3cd4915b5957c59f4939b9b923ce11b128e99216ff5ba63b5547e7f93f0d1303750c027980492dcb0576ce03f365b1289f20f94c84706cf0578bf371fd97b8f5372e0cdbe3dba283ae00b069c5a9dcfd372a967815fc8bb0ee02298277fd90f4628223d27feb727c21371e478888bd7ddc9ce9ccaff778b85a32a5180fdbf04229b47fc25fb770f8832f504df29de4d6dbb061125a386c3a6a34adfe4e7bb41e20b3bb023fdc94d183694115e6a5aa2a5a85b4cf59aa0938c6749f457d0234568f93f238496efa5c54f5c1ec428950247d0c3c225781007daa6fbc232abbc582f7ca64063d9dfb9b03a0f31a513bb8e39e41ca15b2bbdfea2d6fa9d59599c6c4c19e072f7ffbb9656fc37cf947856e02d228c1dd227799cd2f6edf3d0e90f29a5eccd2fc920e4db73a1096af08b3dd7078277f21db8afbb75dfb3eda88df6f6636decb3e9e078ba99fcff953570eeb7cb87d7c857e5a2e0547d6c2d37ffaf68f1cafd1983aa52781115573b75d1d6f72a1c4a0e2f4698dd294d075eef14c97e4087a6d08f54a41c44401d155c82b0ce6dcaf2a3b9cdf19513fe156f0da5a73699204cb899c3bac4f46329d2cd6b579b791e4456343404a38c38a386cfb6d95b2ae9ce399d51d1de1338a9f0c26af7581e000e3883c41abf7c1a9a3d34a935d2e1beabf56f056285650bc5175a64f75f54d85c8469006718a26b98756b7b7dc75af6deae5c5c766bff5c87bb41641798841c4c74ef8ba65f424ef8ef5ac0d24955ab09537e015fff992c23da0bbf447323d65244428e8f50fa9eb388541c349bb6b3a6c8deed216e658d46ed1003e138f5ae28ffc63d5dbae000cbea8e8472d27514ad9d5dd44f9783e0090e5a291ac1f78afc6d1f3e0e07dc8f94eb3c47021e47fa43e212c223400"})
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r10, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:30 executing program 0 (fault-call:9 fault-nth:20):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  664.078153][T20236] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  664.086196][T20236] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  664.103548][T20236] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  664.111578][T20236] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  664.272899][T20308] FAULT_INJECTION: forcing a failure.
[  664.272899][T20308] name failslab, interval 1, probability 0, space 0, times 0
[  664.285524][T20308] CPU: 1 PID: 20308 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  664.295366][T20308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  664.305403][T20308] Call Trace:
[  664.308674][T20308]  dump_stack_lvl+0xd6/0x122
[  664.313293][T20308]  dump_stack+0x11/0x1b
[  664.317450][T20308]  should_fail+0x23c/0x250
[  664.321861][T20308]  __should_failslab+0x81/0x90
[  664.326619][T20308]  ? register_for_each_vma+0x372/0x890
[  664.332108][T20308]  should_failslab+0x5/0x20
[  664.336601][T20308]  kmem_cache_alloc_trace+0x52/0x320
[  664.341878][T20308]  ? register_for_each_vma+0x372/0x890
[  664.347333][T20308]  ? vma_interval_tree_iter_next+0x24c/0x280
[  664.353390][T20308]  register_for_each_vma+0x372/0x890
[  664.358739][T20308]  __uprobe_register+0x404/0x8b0
[  664.363672][T20308]  uprobe_register_refctr+0x29/0x40
[  664.368855][T20308]  probe_event_enable+0x2be/0x7d0
[  664.373866][T20308]  ? __uprobe_trace_func+0x440/0x440
[  664.379235][T20308]  trace_uprobe_register+0x88/0x410
[  664.384420][T20308]  perf_trace_event_init+0x34e/0x790
[  664.389695][T20308]  perf_uprobe_init+0xf5/0x140
[  664.394445][T20308]  perf_uprobe_event_init+0xde/0x140
[  664.399766][T20308]  perf_try_init_event+0x21a/0x400
[  664.404865][T20308]  perf_event_alloc+0xa60/0x1790
[  664.409792][T20308]  __se_sys_perf_event_open+0x5db/0x2810
[  664.415427][T20308]  ? plist_check_list+0xf9/0x160
[  664.420353][T20308]  ? finish_task_switch+0xce/0x290
[  664.425449][T20308]  __x64_sys_perf_event_open+0x63/0x70
[  664.430897][T20308]  do_syscall_64+0x44/0xa0
[  664.435326][T20308]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  664.441221][T20308] RIP: 0033:0x4665f9
[  664.445097][T20308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  664.464701][T20308] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  664.473120][T20308] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  664.481124][T20308] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  664.489157][T20308] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  664.497142][T20308] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  664.505107][T20308] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:31 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='projid_map\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:31 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:31 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
syz_open_pts(r0, 0x301001)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:31 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:31 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$unix(0x1, 0x5, 0x0)
recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
r2 = getuid()
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x5, 0x1, &(0x7f00000010c0)=[{&(0x7f00000000c0)="c6384b822519f32d143b111f551cf53eb35d3fb987ba5b76c4ff520eb7abbd0f8ef289fa94d240824e0706c149c2d07d6e76b39734cb8df3b33ca9d364bf1bf81f840f6c6e849762ebd838e3cf52b1d4d0f9d9bbe8caed4fc786e22346d30f6851e779460807e5cc29e2ee6efbe012edc35a56595f8cd4b8a7791be7e011ba8f3952dc6f33f6f6e5d6f057859df88ca9fdb141559255bb99e2712e9d976d38ad74f4996a6968302e99d9c4f68e61b162bec1bbbfbe23d2d39d2f8fe8daffdc84039da7c88fbfdfddaae3c5e5688bd120f32c0c40ffb40c42b881d37f666b8f24affe34dc7236560c254aa2e4d59cb27c3b2789576942256856d3f2423bb960f6c3e48d86912b73cb69ab5a95bb721dde6405359006f2a879f4135d5819d6094dd8ea6a80e68ab33b65728eb8e7f7e7d6d7a816adef6a2a66890c8f6019e96d65e427f99dacd222ada4845bf14478727505e4a40d12a8427422ec44a2f52137a03bac61d67f031e51340d23bb91440e39cc71e560387600b367451c80d7a0d7e248b89d840620b5f8d50ad6c65809d10dcff0ea472d09fde9485ef1646a53760712c3185db2d63a0308e55ff524bf5a64a626cd532c6df76dec860e73aad0c44e3fc9384a2f557297111aa76c21d690009d2b4d925d6c38caf4a492b7441ef51e191b835ab1e9022edcbc017fed82d9bc6f94baa6e6eb499629e24690fe3d944d5c77141bdb89ee1ddbf938ef298a59052d5d4a0cba88ed7fa84f59844f0a3841079dcf2381314db5b55632305f291a308bc3ae6b250c4c22828d421449dbbdda0d450145b8a7331a87e6b444eac46d76bd6b6e33cfc1a2104b313a02f2d3ea38ad5066c92605d556af340c9abfea60eafe7b65e890da79e251871bda664f549c2c556c793278f84ebb6e076543a81d4558fb4fd250931469347fdd3b867402f092df5d58cbc56be8c28142c1b61b284700ec7f01279f250289eb08a6c93327ab4b1f6cd55b11392050dbf40953bdbd88a9962297d7040e1a102c01877edb66ca52799a808853520ebb4b2a30b0d0c7f3cf5a7115b06c82e4a00b5a99ec262f4eb108ff240f1619e26feed8d5f2afa0520e1836d33eae5c8c4c6be213ef050f5da3d525dacc996598636d35c210202a2c6e14deced78e73053789d6989bef4dc92fbfa020a27b18716d257118b1fc57f902969c6a88dd0f8aee7929f0fd4abb315b4bf2ff5e428d0bbca6c6f57410b14e3de3e16dbccf7fc9690d8c2571c93838d568fc4c734416df55df3f02d14e262b4542035be45ddf825a4acf204fb10e026d5199fca47341b9ed907022b4f8e907d536ec6f000e398ed5062437e3edbc63f462c2fe0446f15a0fada69aead86cf41c317fa44b5bc4a1656c5cccaa2a9f0540461a28b88cfde424e7f25a914fe935ba3dc1c889863d9a6dadaf948426d7dab7e8b823ecea708bc900007e58478ad5747e5c2b91068406687e6183a6b7fde01c47626629b0456da6f4d803ea7f05ac88f06783460464593cf62579e1063e4348f26f8fb7d9bc50c23908c41a74acbc5ee966870ceb124154b4b66f564549b47017b177f376faeb842769527b5750e88ea557ac884cc2355b162b15ffad51b9eb0d06629e098535209c3dec4e8bf9c3fc84d42158bf67996d98f489de8f2933704687bb02177867690f8eb9e4bd27cc6edb8568be46838dea279263f59e3097583b001375d665e9c3e1a1e32143d8badf5a4b53d97e2842e12a870dea3f75984a88aab21d44aa7f106cd2a074c770f80190196bbccdf63163012278cf94407c1418958c8df56eff1caf6f66b0ad6ed8c636e9e0c312edf976d2a6c9b280f3d5f4e053b73ccb26d4e15c87b440643fa7763fdf3a6b37cb569aa87b56de504958262371f0d7991320a56626d549a9f90d9eb9081ffc3abd5d5b1dd2f5ea49c25dc55d0e759e25ce82302c89a81ef69858cca7eaef264f024757663a58588bb4f4beb47f2445ede425a390d93b362adac0cecadbddf1120fbcbef734d9db9b5528829da5769d7130d5bfdeb0a68536882bc90db10f9912a166e192008c039fee831760dae3aa4b524033b11d0773a7ec6e7a39a8bde2f4a0cff64f0612ac5a7cae22dba7be98f05e7e22212d595b106abadb4de48e0ffcc605cadf8c225182cadd4a9a8cbddefe86e3c2d424d670b89b15b20188969bc784440640e752546d11623b8935ed26b56cfca71d6d91a11f750f0774859f13016d8b413d2831dedf6a80ed916898c7681cef3d8c030da6c8860495e7ebfb76143380cd55fbabfc2183b1f657ddf40a6dc5875d5c9c2b3d741f37dc2289a07b222b360091af2f5f1cd6b49f2f0e14a06bbda93b306925d85e373de42537c628aa47211bc80aba41756e22b23d5a93b7ae63d1f5c7bb4f4d8858b312e924b162afb38589754e06eccfeaf9437b85a48694fe258d4be57be354887d286f0c63306c81ad565ec71db4c560d87b819c46c66729c06b343c559da61d7933f7fd007dff8acb1717aa0be98543db016309e7a687642f14599870e0794e38b8cf034a03628c710b55371975a150f450b315fd6c00b04825a72408952d27f0bd86dc0f6c4ff84e272f2a58d017b8bf98b127a2e3bd817ef714dd9df94ed86b1007fc2465bd997ff16005d2a1e6449a1d2b7479f1e41350303dbbac586af94ae7df37a107f7673c5a04264eac304a14172fd9c66ba1f60d938745f0949fc44df47e6a794c6bc25752b787487522b75d6156150e5f3bcaec88429e53633b820ddcbb5d56ce750bbfeec7bca59910e61d11215ec2d63031e3b1121d6dfc8427b7a12e6aabf388dc568cc8a43e0698484631a89352501491253e2f9afd478e862ea2575f8e59d624e8b7a00d17f1f2cfa016d86e9a71aed449aac7bd2f4272b10de8b273a3fa48ee46c215e59c10cefc669993b3ae9656a2bf22285cabc06210ca2ef970f7f20ccfa7972cb9d16311dc4acc644475ffcacd1a6f558885683bd1930d7d40369fa9c24c5d84362f20c42c22069dc4da23eca05c541537768b3dfbf79ca5c10f4076291990178f0f1969cd35d31dcd5d5774f40e59c895c86d214051889dcfedc7d92d384bbcb924d0fe1fb1de5c1731e1685bffe455c52d10fb274d454c528b2393bc984184ed9a74e7ed7964baaf67c494fc691b8af3fa1ab848c23f9ac1d9e50267317461427d8ad339c6e7af420b17b1321886f5ed7c9c3ed52d6b696ebbfc9836adee48eadc72b6b0396cfceb163cbca719af73ef5ba049a6e2893b89d04a24335dbef8cea9fe2c6cf4886d57f937f86e7b91a791c8f1984c25d5a6f6e31b1803f91eea451070213a8b4bcb40375f1ccd3adbd3825777808a0f41c964c2748a96e4321961720bac16d3f61665e6be04d9d7a5f6f516a86ffde4f10ae7c83caf5eacb18b2fac18db314cabb1a32e0ff0be4fc1b420243c415a8abbb02c39ac4fc21b3d832065df25e1d803af3fb2aa4957244c295ab373a86a30b8da817cee7be84c60ea28671355964478b9c6447037e3edd5fd3146056e31d5589b5bb65f2bd0576e42d99f2a65cc60f119602d7bdc0ffbb9ba51d71d4e202d4551298f76d90984d00e3d639f549c37848178cdf7c685beef8c9b4d18f5c48df4ca53b98b487b96e16c18886c8667b803e7fd60017b08e570dc66cb2d26e40d22f2194b82134ffa4335e6986039df7dcd68f847f7ad3d4129b9e78d9ef650dde3aa59990d830485dae9eb734a4721a1e7af64d57149d340acef49a3e4bcb9ff866ab95f2eac4a9bec8a9305e5a5d59678a4b87e1edf6f80d40d37f00e28a65f451ba9963bde97567b7a858336188b26eeff252c047a6a3170c60988a1b1b9ee5643e6df5c6d95b5a982587a789fcb70cd7db5a4698fd73c629761b4a40f4c32ea3ac806bb99507405640c4ab0d2a304f225f9b32a53392a1f030a46c16ab655fdc1072806a8145ab773de22d53d00ff895c820af8d2d9eed9953b4e5ec6a1e183d70c9b61b45fc643dc261035056e2847a331174d88b19620d4663341b448a752c4c1e36269ad7d47b35af09e67eccbbd65fe30fcb42cd6ef31b282d636664ae63c24f5df2e5a2c8a13955a434f2fbddacfc19555b59db4f8ca458cbcf029aadc7180aefaa5a792397a9848d050b0416ddd63f1579c28db437d53849e31caab3c6f88d39622d88e6a191da71249b4f22a855309b20818732afed2fd04c128ccf052c29ab69a5f9c4bd1381435b784b004bb2aa4e335443bac9e9901e97583bc7bb545f254c73c88c891437990d65bf8e48e69d7f77ae811282689498c0a5d5fb51f5fa502ed6f76ad3f69ea6ca243ba053c73b1725ecd6083112751ca3f6db9da0ad97185e01e39d802fc4fa4f50b1a9b4a1b7dd244a134c474232b7f66dac7c4a35a91421edf1fd9f97490980e143ac0b3f23cbf71646737998a783fbf94321de6f475090538fce42d9452d6736debcc5e0a1cbc64ec49b82661ad5008dd23872d884cddd04b7e211053b21223a92d92dad1822a028b186fa045c66eb45ed3348628e505a7966c112915b3be7daf981435b68081d464024852a7bc9e6226979c831f618db78df35d16711c4425620f7c542833e38adb0b8c95751cd1eeb70b1abe1a59512dd031c540a47ea6bf0cfc61333364d2c3481096ff8252a13635a1138e25a4b58fd0648caeaabf6217314c5eda4b631f6d1fe03db7c80a9b259099feeb1cd01f081476e3dc8c9ff195b03b368faf43015d1d80d039b6a15ff128f6546350d71623b8a699d1bfd3fe236bccecbd5685e47c48ff23e44035fb4f6312fbc7dcf9e5d3cc1cdb16bb60b53fbe1d8fa0f1ec47e2f41292207cf3197854f1c2d9fa6bd01b2b2f26df3796b3bf3024c7b945d6d48f676c53874494675bcbfcf254bd33ebd780d2ccca91e42e5b801c3832b72499317d869dc4abecea25c895d4392a96aedb00ee15ddadeb0ccd2001665d1974162a6c85bda2a22e0d6ed03e80fc0323d98b1d158625dd456d822f25e87daf72f5790914af18c442b0716b486be907ca86aa52b32ab3a7949b562860276797d8acce02fb625fabae818be4229f217502fe7e0a6ab275ccfdc220d595552890ff056443c1157cdd761574522bf07c82030b3de6e51214b24677bbe90d85be3b4851ff35e1cc221b4bde5b8220ec4c62597254f3f63f8dceacd83e09684e6f794f57b234502e0268869f23f99928681277cd651bcc148e6f20e92492f03bdd56ccb07150efa4490ab7fd8d86f5c7214a88f5b4af4166c818dca27c968bb0e4917ca5503fb76c5642d0a3c28d9d032ca7c12ad22d61b43216825f581094f4de55e6fa9b25b914778bfdf3e9f1a72eefaaf74561a98d961055b552b69c6218517e2d2664a38db5cbec4bf9cb5664ac1063b4198ce51b3dc5cc83c05f097f7e226a899eeaad9a06d17045f7c2eec5e446c8248f39c26012d47bf0d4e39a6077c755588dda8a960027929dec7a2bef547081e12cd6950901b9fb84352171b45f24e054c7534e7ce59467547dac5cfd9baa62f0d72264c28f76e27d620fa8e1fb38af82c7923430ad07986ad168d707536b3f98586c29172cbba2591c4f5e3029d7ac13d4eae6ec06cb2fcf12111be7538cb46df06818e9c0631c09da685a73b21ea72e043db3d225a6fd132c058e91538cdd7650716d1acd27b7f71062e01d3df419eea31fe4c08131252ffab44ad26eef4a250126ca4b984b0d3ebd240eb96074c67f86adcefc14daa5bc111db28fb7d6856a05a637705746af1aa77ae78e", 0x1000, 0x71}], 0x40000, &(0x7f0000001100)=ANY=[@ANYBLOB='uni_xlate=0,shortname=lower,utf8=1,fowner=', @ANYRESDEC=r2, @ANYBLOB="2c646f6e740846314703705f6d653a1000000000000072652ce6a67569bacff801b912a68afb1ea1a58ed4066d2549e5", @ANYRESDEC=0xee01, @ANYBLOB="2c686173682c6f626a5fac6a82163d737461747573002c7063723d30303030303030303030303030303030303032322c7063723d30303030303030303030303030303030303035382c7063723d30303030303030303030303030303030303034302c6f626a5f757365723d737461747573002c00"])
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001200)={{{@in6=@empty, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f0000001300)=0xe8)
setfsuid(r3)
preadv(r1, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:31 executing program 3:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14d842, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x80000001)
creat(&(0x7f0000000140)='./bus\x00', 0xa4)
lseek(r1, 0x7ffffc, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfd14)
creat(&(0x7f0000000100)='./bus\x00', 0x0)

[  664.820210][T20326] loop4: detected capacity change from 0 to 8
01:01:31 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

[  664.941038][T20339] loop4: detected capacity change from 0 to 8
01:01:31 executing program 4:
io_pgetevents(0x0, 0xfb, 0x6, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000000)={0x0, 0x3938700}, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x88)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r4, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000200))
syz_open_pts(r4, 0x0)
syz_open_pts(r4, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000001440)='./file0\x00', 0x8100)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001540)='/proc/consoles\x00', 0x0, 0x0)
io_submit(0x0, 0x5, &(0x7f00000015c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0xffff, r0, &(0x7f0000000140)="29bf26c27b2f6b8b8d5f952a996dfd52e8b87832fea1b8d2b8a70a0e73b01768acf4c93cd7548b8bed02a69f82b75e3b6db78b0188595f717f6cb98fcbefe9969378a97fcdefd7e378c2ecbb430e1ce8", 0x50, 0xff, 0x0, 0x1, r1}, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x7, 0x6, r2, &(0x7f0000000240)="582bfe36b3c8dbf35b132843fe0244283dd252dac4f866e0a7ab3ca003014a6077b39dda46d53a2c52296cca7acf715baa49c1759a7935b46354ed7cdadec3dd61f977afc0e0d23169dfeee93c4120f54ddf76aaf53bc9b733e564f0baa4be0266d0dc2a40043745a09f2e80af3dee02d7284386bff5db00dc0ed152e10c86976ed8685e782bbb9d7cb6f6f13bf299b3f0efaaeb9b66970b9791aff37047cc92f66688bbf15f4a9643fe0206e4c2aca031518b8267df45a9509d53acb660aed4cb0a43741b90579b915ba56429f39b4811d79c54f711e85a0a59be919475699557dfa576465a80fc1a0bd4125c71a040118aedb8fb3eee338a550612b53b9d88917a99c9c8b60f930c768ff0c61fe6a57e2bd2309e5cf474f491aa767c77ba27003f3c4cc11f8f6fb53bc7946a36865a93a3195498b20f651fae495fb068467a1f8b4e1b5aee4b32a3b9d3599086d97111bce3e00fbf90a158335923e976385a095264e4ccc31a72eee33e55e22af7001c92524e4192732b0a4cd430d1c4bafe4990ff5ed99c16f60487979bb9a9e0efdf85992fea8d5f62c69be05d45f7d085971bce6936b92d00741f1d5af604bf65c143ed297b5864beca1606dcaa904929de922469b5d84c588e93012202a7d8f8eddce286c545507d5e0c8b11efb6523173aa449aa7dfc9618c09fa76644c1c74a3cb90bddef24f4a39f15f5f9d4a7346df93424cf369f6793413ae668334a856175c6a835f5b2fb912d96566d43fe2d261c23aee1868fd7b46ce7c0b3c156305eb775f2644cf4ddaad013d6cdd858c7bc8e585740911ff865cb607b7511d2841769e02ab5e700375dd6572fcdcb056319d0ff396a9ebb3ebb4807758252e9f752d5b2c28dc33a3c21d2b8341562c8a6fb4b96c99247bbfc55576164e00421f64470a059ad70e507a4af204717a7d8642e956345a10bcbec842b5851d9e66ed1e640ec6c3a4007161e5d810d8ffb40726359d6d2e2db29e055df896b51a989220512219e35e90d928665fe6e22e893f46d1563b5bb281e2cc3455fec603886a42211d96e0013fea61f23cfd6bbe30de12da2c87811c298992483bf844224aeaa5986b16a92c3812461688c065c6320973605bd18613b6f7c014b83d8f5a6f88f4a9fd17310001c308d404601081a6aabbe491eea580c5cc68e5811499dd7dc59e06b59e80b3f74489db63c9bcf3eea6b9bb1068ca626d030fec6d55391cc255d55d6f3f91f39e5fa77d5ff6f3d0e0559fb469a8ee486ba259fee4bfed77dc861e12ce0d054b33e1df749ed6c6b646bd3ef0952660882341f4331e4b94f854ee98fecd364419a05d17fc9cd86f94d7c1f670c9f39286bf725f44242df203f6b523b888ecafc1a1dda85131296779d596dbb05080f2807586ddb0fefba08c0f791fcb6b8525e811e3a96815b243bed30e025eef87cc992e3f5e811096f3707d95a055c85502da81e753a84f18a2d46b74c938bcd5cb827891a0d918aac20c9f2af65043e196cb633456cca0c92d46aca0fb9fee98be10c9625011cf7bc45d9d1a4e86754ecd98cf0f055a45e1b2e451c3a531480292e9a970799d8ac94cf19b45bd162693c826912616e951d42978fe94b697975e58faf119a676f96a330934e54017138fecbd96464f5b3b509c7204584f03984217164bba3d967b5527e4df8733ddf24184d08c991e59a61a28454f858ca7f163df2fcd8c129773f4fe9d334cee529df1cfc52a81908bc766841f8d666add2421102b8066331f688029a9993adee6b6ea5801d1efd1d0b470751d1251627500c596e2a7da255eee3251aaabf2731024b22bcd0b8f253792e896a777a4cb3dc3f783b47886444c3f04333a678bc5eb519f345c5ba1f700c0fad94b4ce6fb4c8b9e9417ae3068abcb66cdb6b0efc11935ce99fefa2b558c0e3a39f53cb0f57a0df76bf621615840528904fdcff75c1048f22ecafcef87025def907ffb0ea619e7aca77e1d513bce27e02e9800f23eb4afc85e5abdf9edabd70aebdab4efcad205b910b189fe2bd16fd52e1938a25e05a219f50f5bd595a05f3848158a98434446bca3f1d49c858caee036ea9a24e2fbe783577e8e7409718e67c5def3d20157fa8b3a3b68837f744ab5de61a6ac7838eb2a6d430c60dbd1f52e367066d72a740d16737c42c523ef1c4969c90caa502fac44df363fbed6c1375dc6286ba2623c04b739eb3f6ad4496584eb8c5c9b5c542972b8249220d77675a67e08d1433c166c4320a9e33952f6fb6086e8c46bb167d2b186a5fb57997d5e0f24a1c4b24eb0a00268c83d59ad652302abb78bdc06bed00fd1ecdd750aa759f45d6f71982f18e51374a75c9dc99fad1ffc30aaf15ee9fb7e780bb2731edb985526db39fb922c4c6dd828bc0d0bbd269c6889f402753f20d251dfc18f5870b222b980ddddd4a70734029e80d572206aac29e45b48af6ad80ee23417eb86d761d858357f51bc7a5a407e489734eb03dcc270f9c434e915e7e749d181b8debbc5e628e2baf5b0117a0340b9fd49f656271c1316f79ab51cb591e70015611ec90a448fb84f995241938c73acc352554ab635fbfa755af4002ed47c646ccff59cb0e9a379f2c7788176399e398bc5403ff69e501843af29f201c544f198b4090766717e993927e1b22c68932d7f21b687b0afb9d09337c37263cccf735863913f4eb9a9225b571ac9b553c3497222c149ac8c2ec4fb378480b8196fcf49539d899a866b4916a63eea878f96263b1b1fe942650bd6cbfb14c8fae66cd353119a1af86092a439ea7d82368bc9724119d0abfab71f887739ee1c9936ffff8e07d7d010fa2b24f2016196177f8c008653baaeb78f715928bd066b42b89a3b4285dfc20ec89c25e88e06efcef798d2d0ad894e90f400618518fa522a70129c8e93ea558e70329eaf3bdffbd95883bb9d9bedccaa402f2add32943ac5ea0a0220cdc4e4b17c13eecc76b2ef8b680fe5e8ec4440528e4b49256bff64abe37daa996697356e2d0fb7ef6d233609754287b6bca42551cf3b8b4489568df60b9fd3eb56e3ede477d72573f673c7299db70fde2cadf6c33a4606beb8ab443c6d77556a499936f02b950008374df1c4d8c352099b4a99ea216e30b5c70d119c0d34917ed4987df96706cf8919abb5ca62aea92d0177bd1da3181e813fa94d910878a7e74cc0299f58269121a752d4300ddd5b9c57a784f00d2ad51651ea5c158f8a3f73a42e5203de6baa55bae953d91be057494e42065f765191275ece27c21fd75962291e3c704a75dd3f5abf01862d0f927201b45402b8548ee65ea6b70abb8d9ba724724ea50275af7b9aacef7a4333a1370bd1a0a62276d823b68b99d6d43a919dc7a70a267a71053fd57d7a67ec9c7bf48fbcbe5281430652a58ad9c8f07658e8d486ae6ae0878a2496cbea196ab7622541a09922e0714d8068f6a19ba60124dfd4c85ddf67b438cd3739217ddba7031baa898fd54143d8af31294fb609c95c0712a3b00a68bba857967a397a2f3bb4b2345c482cb3379a074c8b0f819ad5060dbe40c576c6c673759b095ea15551eac9a9966db5ce1d22c8a5280aeea0dd27af3ae1420b5b56407b553c72ebabb6c65a938e70b80eb536a56a82e43945ef3469e3693b66f11b8b7ba5e005b38b92197332d418f38fd3ec172d775938852c9d9a49d1c44e2edd478f48f5bd3697bb13ee61d22ade165c9d6c8205efa7147f752716cedf6942475e6629a55a906fa70a3f261538ff27dcf61d3928a7eb79892b0edee54b2e8520f34231a163324bac13f3d6a130ef9a0a65bcb9d091d4236cd830ea25521636cf3ec33257820aab8be91023141aeb2ab1d9a4cd9be505fb854069b2e0f7bde4f93346d36833c4f9907f18ab38f47f45f3ff32ae2370441902270b952241bf04d9aa907b13b5ac39aab333bab40400bccd842c21df46cc19abbc3362df87984bce25591697ece2b1f3e6c2f9d3cb64798c0b088866d880203c359bf31088d7bede3e4f511f4d46e7ef1c35e0a086de7e0f9ccb25f3720d2b327a65335b73711a21f4946901a86716e0c9f541cec1d17903f3997aa50a4dc1d62fb81cb3d6094ac1b15856d5df0a876bc9c36a1d2e56bad36fbd3451677968c909335d63858274041b51dd3baed4fa0cfb2cc332e70383130651e8e9ab1fbfe6533766254633644985ff69a84bd407c5a3e4018bcc748c0ef2f44fcb2e56443d29b0b82d3b955c2ff0af214703d1a27679cf2670337901eb4cd8d0ad30233a5178549e59a2d407cf1896fe983cdbfc7c2868ab2f442131525912861daf5cae5d8988fc17946bb4f59bbc66435d21731cc666bdf2b5c8db237e5683654ef5ab0dfaf965a9de331f22e3a182c2e008bbd5ef69f73c3d3b0e58e68bdb60a1e81ceefcdb75a6174ca5f28537d48394c75e15fc23fca111428e3ce99abc73ef48443d8f03d684d91d28ba7f49d5ec91b5038831c3478c6be4be80661bda3a0e25f9bbd4ac2ca5841f72454f149d3904f30c813c3c0776561555611c48c93773340098a644fd878115e0caa34f46a51f42dad3d4b40a91035d8f02b60805584f5f547decbab3e1f40ebceb751b9aa95c9efe4f7c50c6f02c6271534d2ad8c8327c5ace8558b4719fb999f42e7d7a34df7ccf4e454ef6ce493cde6c8cd1678f6d6047d4ac138efe457bf06f158b6a08275ae8976dac9c1602bf1d8e9968574b4958a7b3857847b4af99c20f6a52bfb62a47862b25a6315a2923271f5591c5f307fa0ae2e0848b38fc4214b9e9629f900dda92d021b69079a6d31a2a1fa6171b50ad721a495f0383395c10b395ff31a856a13c2b0088d7a2e853a934c308afae6cb1f2382325d3cf632ac3fdd0b83a2881f61416f0b54db284032f0e10740710462f2686e770977be771364af5854a719e8a15ca8ee812bf59fb19d4641df450f3e1190a8bf168e09a4e1e405b0ddde462d7cb1d4056d8e137aee22ba8aa6c0223c4670782d9b34b73a1678ca42b65869d2d8855fa488a9c7422cda045166725539e622386ab733c01ad86646bf579b3647525ebb8ae9e5a73d189e2636556995f6c97114826dad7ac5eef0d3ebbb05a1debcf2183abe97b2eb0850ee83afff0da6598ff7fc400d42e30f33fb6532902ce0377334b8bb4d05a2d946dcc6f7f4eedbb371b581dce24e55bc9b5e685ea743cc4c938810651b84c15808f0a1965809e01ae37256632b5d608758cd646cb90b62786e2a21b61110a7282aa89ab19dc109de411f1665c65ff29f6b546e5f89cd7a54523aae311a9bd75ad20e5b1f939bae3c7a4cd656cecdc82b5991d3a098506f66a4bcdd27dd4c558ce855c3547eb095c93a0ca6cfc5c01a9f4324046e371f53045a3438a500a61c90283d56e62d9bb9ec52f9af8d00cb155ed70ef8cbc87682d7237d8913c779a91b03c6c714ec912b8f212a66b8f92692fbdfefefd0fb3375dbb14610e17073a1eb23d371684e3d778b95579381d8935c7a5b38c626fde6caab4dd4e759249110d9d80111ee2976216d72346d98afa4b4b9caaf83678a7a9d553a5c8f434d0e402e9621e3ed133cde3784fb1c9bb01520e24ebe1c9d08fc7242dd4dd56c05bd9fe28cb1e9b39d28ac10a66672e545d541f2c6c0c283c26b6a26d06c781e003391954155b5e00494949c08e82ad664b06ce294320165a4fdbf60fc82da407553f86b678a1cde87636f92f8e70a1a2e1fe89569f3d975ec9e11e728456181f805f30b805a647562aa11cb62c14db05377b9814f7091fdf01", 0x1000, 0x49e, 0x0, 0x1, r3}, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x3, 0xaa, r0, &(0x7f0000001280)="383688c5dfbbe22258ed170262999c76d28b843d1e0074034bc17b4fc0b0cf9d62d6b55c7393ffd5a32efac47ed57a0ce624294f77e6aba8ca14841e30f817966a32bbe7edea465ccc0ab0c2911d547b05d1c25fda95b61fcee7ca9bba3ea7171eaeaa1d551d749b1d3dc8e81b992d20c19cbbbf4653acc6158756bd8eaa8b6c7b41149d7ee2b0c613", 0x89, 0x2}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x1, 0x1ff, r4, &(0x7f0000001380)="2780a12b1d6856b1325fc4e853ce294761fe4a566857a56973702c38ea6cd4e6a9edb6790fddb18308d25c14d0f5fd74fd60e97fcfa53e6c84e826c60e27e3e2fbf5c3e481be8b6c33126e614209776506af7c94259ff279f5ca", 0x5a, 0x0, 0x0, 0x3}, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x5, 0x3, r5, &(0x7f0000001480)="e79596b4e3abecd3cd5d6aa1da259fbb7ec156205f84897fdda4edfa1a1ad46fa001d9fd7222d68ed3eea8740271f8db7be49c3ce17aa7ec997af3e0549be3aa61d8a7688e5e485a5c96921a1134176f901837157c1b1d35916388fd341989967171fb1d9c40fc69fc22d114a16b653a2433432a487ee2687b837862ebe16b3beb5a12a4c4c954faaacf4579ab76137c7cddd5482884d0aa74a9bb9878ec488d0fcf2a58746bb56f132059d932", 0xad, 0x101, 0x0, 0x7, r6}])
recvmmsg(r5, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r7, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:31 executing program 0 (fault-call:9 fault-nth:21):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  665.027631][T20301] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  665.035632][T20301] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  665.052697][T20301] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  665.060780][T20301] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:31 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40), 0x0, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x40)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

[  665.210974][T20371] FAULT_INJECTION: forcing a failure.
[  665.210974][T20371] name failslab, interval 1, probability 0, space 0, times 0
[  665.223608][T20371] CPU: 1 PID: 20371 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  665.233405][T20371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  665.243440][T20371] Call Trace:
[  665.246705][T20371]  dump_stack_lvl+0xd6/0x122
[  665.251287][T20371]  dump_stack+0x11/0x1b
[  665.255426][T20371]  should_fail+0x23c/0x250
[  665.259832][T20371]  __should_failslab+0x81/0x90
[  665.264582][T20371]  ? register_for_each_vma+0x372/0x890
[  665.270036][T20371]  should_failslab+0x5/0x20
[  665.274528][T20371]  kmem_cache_alloc_trace+0x52/0x320
[  665.279849][T20371]  ? vma_interval_tree_iter_next+0x263/0x280
[  665.285915][T20371]  register_for_each_vma+0x372/0x890
[  665.291223][T20371]  __uprobe_register+0x404/0x8b0
[  665.296145][T20371]  uprobe_register_refctr+0x29/0x40
[  665.301342][T20371]  probe_event_enable+0x2be/0x7d0
[  665.306354][T20371]  ? __uprobe_trace_func+0x440/0x440
[  665.311623][T20371]  trace_uprobe_register+0x88/0x410
[  665.316804][T20371]  perf_trace_event_init+0x34e/0x790
[  665.322140][T20371]  perf_uprobe_init+0xf5/0x140
[  665.326905][T20371]  perf_uprobe_event_init+0xde/0x140
[  665.332196][T20371]  perf_try_init_event+0x21a/0x400
[  665.337294][T20371]  perf_event_alloc+0xa60/0x1790
[  665.342282][T20371]  __se_sys_perf_event_open+0x5db/0x2810
[  665.347902][T20371]  ? plist_check_list+0xf9/0x160
[  665.352831][T20371]  ? finish_task_switch+0xce/0x290
[  665.357925][T20371]  __x64_sys_perf_event_open+0x63/0x70
[  665.363370][T20371]  do_syscall_64+0x44/0xa0
[  665.367773][T20371]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  665.373693][T20371] RIP: 0033:0x4665f9
[  665.377576][T20371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  665.397181][T20371] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  665.405624][T20371] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  665.413601][T20371] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  665.421558][T20371] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  665.429528][T20371] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  665.437483][T20371] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:32 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:32 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:32 executing program 3:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40), 0x0, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x40)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:32 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x20c0)
r2 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100))

01:01:32 executing program 3:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:32 executing program 3:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:32 executing program 3 (fault-call:2 fault-nth:0):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  665.938008][T20405] FAULT_INJECTION: forcing a failure.
[  665.938008][T20405] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  665.951122][T20405] CPU: 1 PID: 20405 Comm: syz-executor.3 Tainted: G        W         5.14.0-syzkaller #0
[  665.960968][T20405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  665.971113][T20405] Call Trace:
[  665.974398][T20405]  dump_stack_lvl+0xd6/0x122
[  665.979160][T20405]  dump_stack+0x11/0x1b
[  665.983322][T20405]  should_fail+0x23c/0x250
[  665.987741][T20405]  should_fail_usercopy+0x16/0x20
[  665.992864][T20405]  _copy_from_user+0x1c/0xd0
[  665.997457][T20405]  core_sys_select+0x207/0x6c0
[  666.002242][T20405]  ? set_user_sigmask+0x7d/0x130
[  666.007364][T20405]  __do_sys_pselect6+0x1ea/0x250
[  666.012313][T20405]  ? __cond_resched+0x11/0x40
[  666.017000][T20405]  ? perf_trace_sys_exit+0x6e/0x180
[  666.022282][T20405]  __x64_sys_pselect6+0x74/0x80
[  666.027245][T20405]  do_syscall_64+0x44/0xa0
[  666.031667][T20405]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  666.037580][T20405] RIP: 0033:0x4665f9
[  666.041471][T20405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  666.061232][T20405] RSP: 002b:00007f2a93988188 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  666.069652][T20405] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[  666.077630][T20405] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000040
[  666.085614][T20405] RBP: 00007f2a939881d0 R08: 0000000000000000 R09: 0000000000000000
[  666.093604][T20405] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001
[  666.101582][T20405] R13: 00007ffea566292f R14: 00007f2a93988300 R15: 0000000000022000
01:01:32 executing program 0 (fault-call:9 fault-nth:22):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  666.135519][T20357] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  666.143569][T20357] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  666.160678][T20357] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  666.168693][T20357] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:32 executing program 3 (fault-call:2 fault-nth:1):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  666.268692][T20413] FAULT_INJECTION: forcing a failure.
[  666.268692][T20413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  666.281779][T20413] CPU: 0 PID: 20413 Comm: syz-executor.3 Tainted: G        W         5.14.0-syzkaller #0
[  666.291583][T20413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  666.301696][T20413] Call Trace:
[  666.304975][T20413]  dump_stack_lvl+0xd6/0x122
[  666.309622][T20413]  dump_stack+0x11/0x1b
[  666.313782][T20413]  should_fail+0x23c/0x250
[  666.318237][T20413]  should_fail_usercopy+0x16/0x20
[  666.323356][T20413]  _copy_from_user+0x1c/0xd0
[  666.328001][T20413]  core_sys_select+0x353/0x6c0
[  666.332772][T20413]  ? set_user_sigmask+0x7d/0x130
[  666.337711][T20413]  __do_sys_pselect6+0x1ea/0x250
[  666.342670][T20413]  ? __cond_resched+0x11/0x40
[  666.347344][T20413]  ? perf_trace_sys_exit+0x6e/0x180
[  666.352543][T20413]  __x64_sys_pselect6+0x74/0x80
[  666.357434][T20413]  do_syscall_64+0x44/0xa0
[  666.361918][T20413]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  666.367882][T20413] RIP: 0033:0x4665f9
[  666.371766][T20413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  666.391369][T20413] RSP: 002b:00007f2a93988188 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  666.399845][T20413] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[  666.407811][T20413] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000040
[  666.415783][T20413] RBP: 00007f2a939881d0 R08: 0000000000000000 R09: 0000000000000000
[  666.423749][T20413] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001
[  666.431939][T20413] R13: 00007ffea566292f R14: 00007f2a93988300 R15: 0000000000022000
01:01:33 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:33 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  666.721281][T20415] FAULT_INJECTION: forcing a failure.
[  666.721281][T20415] name failslab, interval 1, probability 0, space 0, times 0
[  666.733910][T20415] CPU: 1 PID: 20415 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  666.743720][T20415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  666.753862][T20415] Call Trace:
[  666.757140][T20415]  dump_stack_lvl+0xd6/0x122
[  666.761798][T20415]  dump_stack+0x11/0x1b
[  666.766037][T20415]  should_fail+0x23c/0x250
[  666.770522][T20415]  __should_failslab+0x81/0x90
[  666.775283][T20415]  ? register_for_each_vma+0x372/0x890
[  666.780821][T20415]  should_failslab+0x5/0x20
[  666.785319][T20415]  kmem_cache_alloc_trace+0x52/0x320
[  666.790683][T20415]  ? register_for_each_vma+0x372/0x890
[  666.796144][T20415]  ? vma_interval_tree_iter_next+0x24c/0x280
[  666.802149][T20415]  register_for_each_vma+0x372/0x890
[  666.807496][T20415]  __uprobe_register+0x404/0x8b0
[  666.812435][T20415]  uprobe_register_refctr+0x29/0x40
[  666.817633][T20415]  probe_event_enable+0x2be/0x7d0
[  666.822650][T20415]  ? __uprobe_trace_func+0x440/0x440
[  666.827928][T20415]  trace_uprobe_register+0x88/0x410
[  666.833121][T20415]  perf_trace_event_init+0x34e/0x790
[  666.838407][T20415]  perf_uprobe_init+0xf5/0x140
[  666.843189][T20415]  perf_uprobe_event_init+0xde/0x140
[  666.848508][T20415]  perf_try_init_event+0x21a/0x400
[  666.853697][T20415]  perf_event_alloc+0xa60/0x1790
[  666.858733][T20415]  __se_sys_perf_event_open+0x5db/0x2810
[  666.864366][T20415]  ? proc_fail_nth_read+0x150/0x150
[  666.869567][T20415]  __x64_sys_perf_event_open+0x63/0x70
[  666.875123][T20415]  do_syscall_64+0x44/0xa0
[  666.879831][T20415]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  666.885782][T20415] RIP: 0033:0x4665f9
[  666.889675][T20415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  666.909322][T20415] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:01:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x364, 0x0, 0x0, 0x8001, 0x0, '\b\x00'})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  666.917798][T20415] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  666.925772][T20415] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  666.933755][T20415] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  666.941731][T20415] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  666.949730][T20415] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:33 executing program 3 (fault-call:2 fault-nth:2):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:33 executing program 0 (fault-call:9 fault-nth:23):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  667.089349][T20408] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  667.097382][T20408] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  667.115001][T20408] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  667.122988][T20408] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  667.270821][T20436] FAULT_INJECTION: forcing a failure.
[  667.270821][T20436] name failslab, interval 1, probability 0, space 0, times 0
[  667.283462][T20436] CPU: 0 PID: 20436 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  667.293257][T20436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  667.303369][T20436] Call Trace:
[  667.306633][T20436]  dump_stack_lvl+0xd6/0x122
[  667.311213][T20436]  dump_stack+0x11/0x1b
[  667.315351][T20436]  should_fail+0x23c/0x250
[  667.319848][T20436]  __should_failslab+0x81/0x90
[  667.324607][T20436]  ? register_for_each_vma+0x372/0x890
[  667.330063][T20436]  should_failslab+0x5/0x20
[  667.334587][T20436]  kmem_cache_alloc_trace+0x52/0x320
[  667.339866][T20436]  ? register_for_each_vma+0x372/0x890
[  667.345355][T20436]  ? vma_interval_tree_iter_next+0x263/0x280
[  667.351380][T20436]  register_for_each_vma+0x372/0x890
[  667.356712][T20436]  __uprobe_register+0x404/0x8b0
[  667.361710][T20436]  uprobe_register_refctr+0x29/0x40
[  667.366890][T20436]  probe_event_enable+0x2be/0x7d0
[  667.371904][T20436]  ? __uprobe_trace_func+0x440/0x440
[  667.377189][T20436]  trace_uprobe_register+0x88/0x410
[  667.382369][T20436]  perf_trace_event_init+0x34e/0x790
[  667.387719][T20436]  perf_uprobe_init+0xf5/0x140
[  667.392470][T20436]  perf_uprobe_event_init+0xde/0x140
[  667.397786][T20436]  perf_try_init_event+0x21a/0x400
[  667.402884][T20436]  perf_event_alloc+0xa60/0x1790
[  667.407822][T20436]  __se_sys_perf_event_open+0x5db/0x2810
[  667.413444][T20436]  ? plist_check_list+0xf9/0x160
[  667.418424][T20436]  ? finish_task_switch+0xce/0x290
[  667.423521][T20436]  __x64_sys_perf_event_open+0x63/0x70
[  667.429045][T20436]  do_syscall_64+0x44/0xa0
[  667.433465][T20436]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  667.439413][T20436] RIP: 0033:0x4665f9
[  667.443302][T20436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  667.462906][T20436] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  667.471351][T20436] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  667.479306][T20436] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  667.487261][T20436] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  667.495309][T20436] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  667.503277][T20436] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:34 executing program 1:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:34 executing program 1:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:34 executing program 1:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:34 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:34 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:34 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f000004fe00)={0x0, <r1=>0x0, "0c4bb96b6bf668216a68c9915e9f612391314956b2e7953042d5d7532708d2bc9567d06dee15e6988ca3070802d50ac54d6ada1148c4953d4d338a961bcc4d1e1f5e9c6127e42a1c3d02414b62d02dc88d6d0b6ab1da9049fdea4b77b629b48a0a2a9cd035f493227f17e0e57717f62eae6cd5eff9a577ce1f1b30b254e09f3a27ff38a906386831f4fd011c9afe3f8220b1d39754e9911a71f3931f6bf527e92b8ecd7ce063f31a62a6bf5652ca4aeaf262ec3347e84ab5c7cd5837113a38b7f49446401ce318435b1b1c7f0f229f3d97a1f45db461e3e31e93724f865d5fc03178f2c7832ef8cf893675ef0d54293ff956371602ef2b2542dc0267dcc3b41c", "29bfc5a217de36e481157fdb46877ae28a5b15d573852459421d6cf130beb62f8df7f02a12c333dd835f3d316f39aec1bbcb3f8d3d2ec047855bd1dcc246a7c1075f91567afa4992436d28f63045c0239e2302ac1571059ff702375d5052a579cea4cd932bf2f08365c65e5ee35dfca6a28d43fe2af6ba029742f30f64970c11416cfa7102dbb5f55687dc732bf467482c8773c557686c49d654851ffe2f8229ce49d89044d10ebad884c76c5749ca6e0d36c98799ef63d264410ceff6425d5b7bdccad21509a58c3e81955c537bcf3d8452824458d705044baa2515244cd2858651e7ee85ab54eaf8a592ca462c7aaf7eb906967a9e8f742cd42c274506df5859d7d8a79fc2eb566448815f985da5c2442b920da7d57d6cf57d8b939bf7aa4b4f9ab701e175026316ddbe8d8cb3276365c6ea8e7e560528843923630938369581458acb885fd20f75e60a9efc0bfd95662936625bca8497ff5baae4027cfe2b8f948c23167e3a96fd97635bef829bfc2bb639fdd501ca43ab6d991bf44b2e6994b874dc8bcefdc3046d4db85dcf711e59060137bf35654c1022d5fa938a91c86f10b290035aa9b8aba6814dac6c3aeddba8da218d2e1c85700138527682e59aa302caeb06b0d048497b383b9e63184c54205499f2313a58e11e20cf8352b37943bcbab33856d9229f4ae9a735d52069da6fe20160793e7355eecd7cf6d4f9f790e2ad20f8215de5c6f61f171aa7f3129f41228d6f6d1a23679e8139532ca4e5de2743d668c3f1fc7c181dc92a3deb0800b17d9b1f74e851ea733d7ebf04a5eee693beb918b5ccf536d962625c5f704c977071af0d65623aeb389b2651ff5e26542bcb4d4192af06ad7e36f06b7d5e8986a46affa93bd77db36a889319a5b129f41be04cc109de4da2e89e0854a30ce935d446b10a4c15821ed64a0ffe0591787deb5c7b3208c8a9b93819064054ae2fec72bdc80108f9a1bae204d1a052e50991a83c05147eb1824ccf601bb072298828e600f5e1c1b2688b3c8b9cd2aa745ab84e925775a82690e0bd924cc4eb9be001b782111ba59fb0772569e8d6b8ffeeb2b20027d36e3416f71c5b25c5c042072d596947105cf4c227d3e6155977026eef6a13389714f958a4fdfbd4b423692837606b9cae6ec83da6a12d4115fdc2725ae89f0346735ee1f77c3e83ab39b423a7ed293958a729f8ca6300a7683cb8c9246f171071f9bbc7836d983384f6c2a252e6387322befea4833812d2e816c9ae233ea54b74ab9eed5b72f81447410816efdea95fa2c7316386c54ca8418b388d2fbfa0cf10dd5b8b692875461bfb9af7a1b34eb846b6a0c704631d1b823e7f3dc47895d4463c9ef6381e3ef3543c4e11bfcba61107dec15cefe5eb5566dedcbd409cc38cc3de84b7d5d9f5e96b43c8ce60ba86518ddaf436b3b5b826d656b30af1b347856bc55d4a56f972155510a5da978cd38e55eff3a517306fd2a7ab5ae509f8456ff7e0a53d3e5f0e847972c3578f44030669d26cda77c5cc7e26689cade5f213a4f2879168879049631735669de23cea007d85e7b3cfc5f93457a5314405550d225bb68cefeee97a1a4e5c4f570a47fd867e8c1c226604a6ec6028dca0ca95bda13714ba7bbca1013d0fd41fc95fa1dac5bf5cfd886198f0b718ec2fefaaae98c2156ebc673ce928a908b1d7cffea06eae34731746c4044fc6467922ee226d018f4bf5bd4d463a548899e1c705e12f783e0f1dba5261c0b258980565432da017681be52c64458eee40f873c81292864dcdd8d961a28e20e8f3eefdbc45babd36b8595584ad6fccbbf87a84869f7dae7b488d6467182d5bca13673b1a3783d392e80c07714074784c1f44d03382cc0aed2630aa48307ac9fce12feecc7ba5219c79ae90634d9809129169c1489d6467032f4a9237088df0781f1b1623184fe263bd6eb19bded02aeabff49aac5f9e6e9c1e7e4f78b4c2d5ffd49251cb3fc11e7f959b78e5c01f61d85b0fca51140136326b10ff51611deae2173ad24679b1ffa421391e3df5059f1b9cf1cc0fd7dcd4e8f0693e6687ca3d9190e6c07bfb3f15b1e0a7ef3a9bb45c38d3bd081c74d55be1234d4a9a4085580d3c9f628feb44867beceaae0b15c459d5f999a11c5522d700b9304c48b32a92362fcb3101f7d132555eab3364caca036604ef89f45ef908767d6ff91d88108ce83e37f9c24b181282c2842c5b9f366c4f1f4fb64cd90229e599c6ce64612560cdb3fe218e731f8f96b005b4621e096fb36825f8bc2d362b722953a2c616025030e9e81dcc3951abed6ff5a8dc8e010006ce30c1f0bba52371b9ac6256b30f3ffc926a4e80b657e3de94ff238db613d159794655a85a84c525e96708525c86ecdfffc3ab77360615db25f3a168d8f1664dfa4ca06f29b69bff21a620d10dbaffd373412211152ceaf643a7f52e55714458e0ed351786423d9c2f6cc311a09f5a4899fc99a9e60a93fc183708c557e287951c10be2cee8c1e4b3b49e7376cadb511eee5c890c604ba991528edb4859c523b3fe1a200ff9740e08ad2c37a28cf1ac9ad7e117816ccfa98c1722c4764c36415821fffffa37a905192e03f7ebd60e8c4e824b5f97a7a1992007ef333a9f013a0c526c63421fa6c5d6f896656f03ef263a165e13e77ea6ce4cc7fd74f36e3be48aa6d6ebd49e8cdf47ad45cc00aeacc136d094af8738e370b7dc01ea2cb2b5b5f41639dd14dc044090f3f475407800fb3896713d14e7b203ed379ca55eb66987e49c10c49dc9e0a4525b72baaf5c96a86691170b8be0b1a586ed342ffa138a4bec80dee81af84c90875921faaf12a7118ea31b875d9a5c1d338a75184310177b657634eadab1d3dff0d188969e241c49ecfef5738deee303f855987dd3d0cc85103baf59f6d9aecab02538e747fc22de321ff5c9d4015482187790c5e2e8407ee86b59a864d72ad1ee50b0d6dcdbcd0a1b4e5aeea432af57d3c40eb54431636e15e89400a1b517ad3c24dc7a65d3b27426bf627bd065350cb08a2ee3121f4a5f6522b593f378061e953c69d6060c3ccfc7fa330bad55c6a9079a630fcf67639eb63245624fb9d73d0d14c2580c82bf80e5d63f211f0dd57f50fc3a1665e773377d8812340077aed4a927640e1583b968166678d459b888b793acd94baabf5d039b62a022b5ee17dd305d02af60ee1353629178da4d993625d07991fd6bdc384ea5f3fda12f99ecaab3a40faae0b1de1777a03db85b4c0f862f2ae80625b498fbfeb705e80ee79ed52e6a52a95973cdf3c9326cc0acc57912f52f882e4e5c41a0dd05717e3e07eb2788e4b8badfd89cda0eb205f8191e16fc656eed0644f5452edb173119d76617630c724775801f82824c7261a070ed6eb8ffbaf014d43af7766240ef727554733da9dcc1d16003cbd527464a36f0b3218225c7f0d0123c5d84e1c7ea3d33566aefd70b825ed5cdf3a2110181ed19e1530744fc47fce70dbccbe352397130b5d3ac67f751a92a450dbd5dcb9bf9b2b745ebac96ac676c5168440efd524d72e687c064e968d9ea478093d42012375b995ecfa942473f5226a40779ac6e8da651e9d719c4fee2756cd760d517311288d19dd9d240595e514a39c2b38864db823be051d1a1e58762bc6cff8d05b291d8c09d25b2628a4cccd3bfba74982a87c8e956007c272a2730f56dd043f88ccf088a251ea20e0d0bcaf753f240439ce0a9ecee07cdfdf58b3a514f322dc09acef8ca7a1fb8a4e01b564ca4a2bdfbcc687a2fa82eee38a23810f7193996580ac383c9e68bb54aa2a4b9b082a44080febf1e2b950fe2d69ecdabef3678d33cb69e6fd2ae4eb3d5b0c680393c199ab51223a2219e8f2c1176bdd0a971e37b55ce09e665b2943696da73c874a472d0035f9f61c8c5db18067ca2639911304e41f8ffa3498f8f5ac7e938414dd646c6299261f132d65be47baa53b211b789eda8cd7d9b8bc13ac353eb54c9f8a454e8e75b318a27b636f1464e7ee21aa240292c5cce840af3840eaaed8046cfb008523d28687ff09dcd82c501fb3ae037224bfd726810ff1f368a1e248603693403c44199bc58f534d8c2a1a8edbda90ecba28e0be82cb9631d32a5f41b3fc35d3df923b899b6979fa87a0b4e398f14406de51abc793df342ad4e6656e0845297f63f07d648cb6ee16f607df5828d568a9156467907cd2517fa6ecfece3b2f10e119014569df48745bab0fb5b40e602bb788bfc55830100ea9e3a2c264ae8d82fe4245ac8436e59a36c70f8684a778449cbb92a3a5052834aeb9318e68eeec12df2f8387f2c461e29669add16cf0634fff7484806ac53443a1b483c6881517edd9aec1729fe337f28293224fd15a9d7a5f21084e10df8c01362ddadadbac04a5eb14d8b69dfa51bcb586d7784d7c7c753943874748401cec0371fca045411def7a0deba7b28c9fac6290b78f0a9f2daca191b0554229df6cf17292c000a27f76bc24407598e241d1b44bf183d66d7acb2da33abb5815a43cd520b04581b1d4ecec5060f9275528403bec4689d97d5f222ebeecbc6dec2f08d936d7d79c079d148dad4f32722e4ab2cd5f8644b1744f2333bd22ae35f587e96fe6f9106a18d9ab579745864dfa2b92fc8d6ec543731f201b64c3f1e5c0d44d558a723ad21fafa389a5cb7d9488be7933dc231d6826e253a013faec6ef0ef45cdd3c5ba3a6f8325e8aac5a7ba8dde1d3662cbefa393ad36258f0ba210053e6036ec00c98c58a4e5a85f5701452c6ceab3b694a400153d17aad03368b1d1934ab262056afc625ae0e29cdcad665c6d81aa4b2ba1dc675c968d5599c2816a48b35997ce6ddca92972fb3006636ee5a543dc05d679ae224da4794eea0d5ed89279119efac98742697b515076c142581e81140170cff92fb54711ab27877b37461ca8ddcf8fe90f119f5f72d88782fc407c94045165b376988aceb58d0db53dc57b85f8bfc7f8aea92202c5f9ab499f6e8171109adda95c5ddf89a8420c192d2f5567e2f2dcce899d9e840ce1277e9cafea445c69ca62a78758b8ed0d5bf967d93e201fdaf1599837c36ca25863ccb6654bf0dd8979c89a9b3aada8701dd7cb9b8800d9252f9d3016ac796b3b8fd9f6a0742846728571049d41a13b03fd076e611ba4e445fd92ed271d472d58262d12b429b35f34715a60b25955661c47729aa00f362e11b4b7f35436444fc838a5b85dcb467be7a0c77a248894037e1743fbe6db71b6dfb225b3c739b851058807af954700e917484604b7a3bed997bf015f4422f311a2b611171f2f54fc53d9131ae4a9ac5f6dd92e17bcb2310fc81bb0626931ee27c5520832ec54af0f2b26f0f60e79c7767b9535737ad6c63d8151c0eddb44a221561c8f7e484930e9a26a62426d"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000050e00)={<r2=>0x0})
r3 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r4=>0x0, ""/256, <r5=>0x0, <r6=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r6}, {0x0, r6}, {r5}, {r5}, {}, {}, {}, {}, {}, {r5, r6}, {0x0, r6}, {}, {r4, r6}, {0x0, r6}, {}, {r5, r6}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {r5}, {0x0, r6}, {r4}, {}, {r4}, {0x0, r6}, {}, {}, {r4, r6}, {}, {}, {0x0, r6}, {0x0, r6}, {}, {r4, r6}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {r5}, {0x0, r6}, {}, {r4, r6}, {0x0, r6}, {r4}, {}, {r5}, {r4}, {}, {0x0, r6}, {}, {0x0, r6}, {0x0, r6}, {}, {0x0, r6}, {r5, r6}, {}, {0x0, r6}, {0x0, r6}, {r5}, {r4}, {r4}, {r4}, {0x0, r6}, {}, {0x0, r6}, {}, {r5}, {}, {}, {}, {}, {0x0, r6}, {r5}, {}, {}, {0x0, r6}, {r4}, {}, {}, {0x0, r6}, {r4, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {r4}, {0x0, r6}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {r4, r6}, {}, {r5, r6}, {r4}, {r5}, {}, {r4}, {r4}, {r5, r6}, {}, {r4}, {r4, r6}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {r4, r6}, {0x0, r6}, {r5, r6}, {r4, r6}, {r5, r6}, {0x0, r6}, {}, {r5, r6}, {r5}, {}, {0x0, r6}, {r4}, {0x0, r6}, {r5}, {r4}, {}, {0x0, r6}, {0x0, r6}, {}, {}, {}, {}, {0x0, r6}, {r5}, {r4}, {}, {}, {}, {0x0, r6}, {r4, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {r4}, {0x0, r6}, {r4, r6}, {r5, r6}, {0x0, r6}, {r4}, {}, {r4}, {0x0, r6}, {r5}, {r4, r6}, {0x0, r6}, {0x0, r6}, {}, {}, {}, {}, {}, {r4}, {}, {r4}, {}, {}, {r5}, {0x0, r6}, {r5, r6}, {0x0, r6}, {}, {0x0, r6}, {0x0, r6}, {r5}, {r5, r6}, {}, {}, {r4}, {}, {r4}, {}, {}, {0x0, r6}, {}, {}, {}, {r5}, {0x0, r6}, {r4}, {r5}, {r5}, {}, {}, {r5}, {0x0, r6}, {}, {r4}, {r4}, {}, {}, {0x0, r6}, {0x0, r6}, {r5, r6}, {}, {0x0, r6}, {r4}, {r5, r6}, {r4}, {r5, r6}, {r5}, {r4, r6}, {}, {}, {}, {r4}, {}, {r4}, {0x0, r6}, {r5}, {r5}, {r4}, {0x0, r6}, {0x0, r6}, {r5}, {}, {}, {}, {}, {0x0, r6}], 0x1, "2156816c73038c"})
r7 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r8=>0x0, ""/256, <r9=>0x0, <r10=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r7, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r10}, {0x0, r10}, {r9}, {<r11=>r9}, {}, {}, {}, {}, {}, {r9, r10}, {0x0, r10}, {}, {r8, r10}, {0x0, r10}, {}, {r9, r10}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}, {<r12=>r9}, {0x0, r10}, {r8}, {}, {r8}, {0x0, r10}, {}, {}, {r8, r10}, {}, {}, {0x0, r10}, {0x0, r10}, {}, {r8, r10}, {}, {}, {}, {}, {0x0, r10}, {}, {}, {r9}, {0x0, r10}, {}, {r8, r10}, {0x0, r10}, {r8}, {}, {r9}, {r8}, {}, {0x0, r10}, {}, {0x0, r10}, {0x0, r10}, {}, {0x0, r10}, {r9, r10}, {}, {0x0, r10}, {0x0, r10}, {r9}, {r8}, {r8}, {r8}, {0x0, r10}, {}, {0x0, r10}, {}, {r9}, {}, {}, {}, {}, {0x0, r10}, {r9}, {}, {}, {0x0, r10}, {r8}, {}, {}, {0x0, r10}, {r8, r10}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}, {}, {r8}, {0x0, r10}, {0x0, r10}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}, {r8, r10}, {}, {r9, r10}, {r8}, {r9}, {}, {r8}, {r8}, {r9, r10}, {}, {r8}, {r8, r10}, {}, {}, {}, {}, {0x0, r10}, {}, {}, {}, {r8, r10}, {0x0, r10}, {r9, r10}, {r8, r10}, {r9, r10}, {0x0, r10}, {}, {r9, r10}, {r9}, {}, {0x0, r10}, {r8}, {0x0, r10}, {r9}, {r8}, {}, {0x0, r10}, {0x0, r10}, {}, {}, {}, {}, {0x0, r10}, {r9}, {r8}, {}, {}, {}, {0x0, r10}, {r8, r10}, {}, {}, {}, {0x0, <r13=>0x0}, {}, {}, {}, {}, {r8}, {r8}, {0x0, r10}, {r8, r10}, {r9, r10}, {<r14=>0x0, r10}, {r8}, {}, {r8}, {0x0, r10}, {r9}, {r8, r10}, {0x0, r10}, {0x0, r10}, {}, {}, {}, {}, {}, {r8}, {}, {r8}, {}, {}, {r9}, {0x0, r10}, {r9, r10}, {0x0, r10}, {}, {0x0, r10}, {0x0, r10}, {r9}, {r9, r10}, {}, {}, {r8}, {}, {r8}, {}, {}, {0x0, r10}, {}, {}, {}, {r9}, {0x0, r10}, {r8}, {r9}, {r9}, {}, {}, {r9}, {0x0, r10}, {}, {r8}, {r8, <r15=>0x0}, {}, {}, {0x0, r10}, {0x0, r10}, {r9, r10}, {}, {0x0, r10}, {r8}, {r9, r10}, {r8}, {r9, r10}, {r9}, {r8, r10}, {}, {}, {}, {r8}, {}, {r8}, {0x0, r10}, {r9}, {r9}, {r8}, {0x0, r10}, {0x0, r10}, {r9}, {}, {}, {}, {}, {0x0, r10}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000054f40)={<r16=>0x0, 0x0, "a4b80581d94dab801cfc847d02f8c1a8a1e6cbe4d99932132c7dcc9f267b05d6a44067675dd4824df3d794c2082f60b1b1443256ff59aa915738608926836ea5ff291bb3805bbbd611bba5b6a208d655fe011485fe83653615483ae418da8dfed2366007ccc83714ccaa5b550fc86a546dc1420899ca93b7ab77c15df133ea13d175d9919830e8b88f600b1b7a894540fa837b1c828fc3fefbf0c8ef0cd1503a3dcb92ce45a43cdc8579a9356bb02fe84df2ffbd25cbe83ebbc0a5936b387c09baf5bf9d6cad9ba5955b5ea8a2092c88883026b6d928f733aa78e6ff75d1508f3ce80ce50260122e4144fbc7efe0463adc96baeb79bb98f20635127097805b33", "d0a139cead4d23c7fc6b805915acd692aba4398c72e16ea6999e361170a3de112795f4f511458641c803bdd2c0227fce9b0366b85846f593c660752464290b61ae77513a06bb760feeed4a78b823b34f1884539e2d9f09b2a4b9cd6204dc4410fa08b28ed2dc419ed3983730a7054bcddfb85d3095bb99eb4481fba777a58bc9cb6006da05cabb25beabc089df727368b963e2d583aacfe4609d25f446991bb5e906f6c3c4650a9849a955aa724b2f576d119b280c0c6a0bf08216b6ab249a4a0bff1bb16a2b8c04b0a4f6c23ea476be24549397ce99db9d530e2a7a5cd5532b964b824f14fa39beea929397391f3c7b73c0fbc577dffdabba3cf41bef23a21b146c30388ab2925dd97e0485856ce6a70c498ddd821fd0e6fa1858c67379be513f2df28e9bc9b240c24358e986e6818a83471076eab546601ae88eaefca1fe322a4eb18fe37711dc650ef5eb32b308205ee8632778663f105d779b101c702835296530d4bb2a2487b59d7a7504eba728e9933ac5bb4fa9e0c44f9e0dd5e86db32bb33baa236c505cf373e1ac58bbd8e2c8250b97323e2a454b421a6688088e27e9141eb9e63f50868669737af247aea0b36c6b2cd90ca0efb02437547da8ac37243648b0f4b668c01ab9ed6a236c67a2e3d592d35de1eceaf5e38f0994b47d0857543c4c262fa5f718dd536a74e0506fae250f814b04c229cbbce2ced505b20ac118fdd84bf08832176b6cdd68e1236041e0546ef44b5826c911fb0d407b2c8313bae53373de7e79880344e14ea3a0752a6724253913b0b2b69493e8256ff3678de45a3eb82eb00e4ffa2ec88b925be9abe5e6a395198a8273e569282f1285d8c298b610749b2e3b7bddd0b1bdf303d3d962f1a2b52ad0bd25ebaeea19e2fdcfbede894c0b419171e482225e2f54b709b6916b93f0190016bc699745d6641d86591a601153a84e193395bad28a3c58a6ac3db34c58f0f1f53f53cc78573758a8a865fb3d091aaa7487e855df5ac9768bf08266de6c8ea2ac4116606510af363203eab0989d1906ab95b66d6e7b081d376b392abff6f61306943dd19a038f953975a4e9d3e7569c0cd320675419055d201b5d4009e4b6fc79b52d211702022c2e605c92be99814f08cabfd439b1b63950d7a751b4cd4e7cd187b27da0b6a2cf37c0adb7382073d29a44492ccd0762eb662888a9d11db5da6b4a44151dec2dae7056db1e715528766301776bef9515b992225076393045812853d4a4442a7b444201cbf18c6b686b93007ed535d19a6d8117ce54730152a1ab5972301eff2e87e15768204f0b02f56525b255caf9df847c6fbd41d87792b8ab91cea6d743b271810bdc126f767c78a792bac9d064ff60413ce32bb78db2fb6ec325f62ac8c77da13f2b2c8a4abcea961f23c3b921e891ff580e81e2d7c85e52edaf1df676092f064c8af210ff477d996f07b8c4e1b23049a6e1d1c2e087454c300b75e4fdc63c8256640d35c04c761633a298458469a51004f32fefa0856b45ec59c868ee2fbf90a514f378e3724694afdb1df28106117d5dd02e033ce39d9d57261701d2ba6cac7f2560f5c2a6e8f1d6b7227eff0f8def51aa4913bcae4e4075fc85ab6bc199cd4c0783e917aebe0a2b98b5f2e7caf06faa25f12aa01c1a21279466fba5c401fa65720d0da2b160f1a6883bbbb15b1832c73d0cb6699584694b8eda85dd7eb8461526ceb673a6ce3389628063ca46864be4fc7ec89947399e9241a5e2b361ce1e1fc52f37f81f24dff0e584257f80d03433abbf1da44bd2a700b769991d3f6feb19b81fd58a25e292e7a781a732cfb0db4400d64b01f03cbded3b800ffb395ad9afa21edadd8afbcd3585ebcfad73512d04bd4279c363f8b82d9408a8f4ba9ca8fab48bcd08a73101fb59c844710b672acacfd4e96ef678dad280752182163f872246a31559d9f070bebe7b310630da8809bf2f45abbf1f9d1ef8cf24802b3eed4ce369e3940bb618ff4a363762a51270749ebc5137938046bca9386b94b602b11c615e129e73b65e6b54616d5d902b2a830f442ac37c1cab36bca627e95fcc6e0de5af62dedff986e1b77e709a9610da978b5ffffcf5ce21072da6abde0e888816d589ea3005db3a1c6776777d20e2e6ed7438308a9acb7e52210484540661279c53fbca1f99b0f75955816278a2bcdfa95b90976743d173608e7ec45aa451bbb7576f4dc87997ce77b60ce40e5b7b96bcdb59ac8cd8f9bff32bb0b4962b14905830478d36aef918dbf04d299186b9f4b67b97639667fa1eb019503f4ea012b3b4bde0d330ec8fe8e28a4457d3b260e569f309849c9f26207c34a378f743b230ec17f4f09122d55340b73d538d253b43e07bd30a690050a372c8b324672136b78568169fc37d272f22da9bb971a6345f814b659af53b100e8583553427c93caa4fe40407d0ab6df363583aa637774e1e1857f96b102c206f826662ea3133645de21b7476adbafffab9bd208d75cf7e32ad08002a064b2603ce82621c3b7f1b4858fa81dae2eb8c72078dddb5e06d382865a80a6460a402fc8634db5ee030e9d1057812043d35775ad5e1f1490be1ef35b8361f099502172a0f1d99bf45dd7a9b5bec1252cbb1b7eaa577512f34675f473c174eecd80956f9cf44896b690172d3acd550218878f9e2c632c1820efe7c56b48b09e1c46da97d23629a3f912d8c0f8788cde60e986d5ba6670351ec4970b6ee2f91b8538ada02e74860320e29cd35f86c49dcb19a014cfc3a0d242fce4c00865a5285953c58f9af97fb1dd0b02e56a52560bf73e5abcfcd01b45c640252466a7f29b0c6f0498ceb327cbbd275649a01823a8e77c74520bab99dc58f44a4d9fb9e6cac0a2e01bca3f228b54478809b940b1a9e9dbdaa91572fefc0ac66a99e579d254557ff96c22eadb4c614addb460e140be8435a2ae3b305a575f5f10b805c64770ef90b577f887b8cd0589369060b42214f0e713c3492869416e028c46710941c9ced962f090ca9fca536958efb9b37e26d858901b04f50a6020d25e01c2e3c6db86559ec5a7044f61c275fba34ad23d9d15b5c3b20343047a99b0dc448eae1345abe08576086571b9a7c00dac9e736bdc7674ca2b5f33572f1b9c71d84b18fcfe043abb8b2664d795bc5418200be662d837125243a84f4efced030969749afa9fd5e9a062803717aac9f17333f5e5f6fbbd39c438943298509e00db94516d58ca38fc86ab7e96ddd05e7c5fb2a41123e2f2a325d23973fac995c78d701e6f9a610d9aecc2f14ad641789e911f8835ca4f6f0c4f2fa1a6954ec3e63cbf49e07801b1464caad4a15efd7a95a4eed9bd0db24c8f905113ca809029fd6c6170e0b6c289a34740ab6f5a3d096fc701d62926eff8879083697e95edd136fbef4a4a59b4312888587e42aaf8733f6f6e5944040abeedcb4c13b628d01fd1794736bcd2c6fd373874b3ecdf08d8715a91f34fc33000b76f3fdd8d7875001db4816e0352295d0bd4672fa7da0dcf32c9bca5a02b158593d8e7ee427d0875a4298368cc748f2f01ba2489d1f3481fc5c401e201695b896ccf5ad9007c266f610ce216eef17c246ad9f2bd2a45c9333ae43b1b260b13e3e901567f1f6910dd333c681849498d36c822c0dbb925d7d4a8bce7d2747b81af5857d9931c909c91adb307b77ac0d6ae63951de2c96252662a3fecd77d996f7e25a848466e8db7e1b4e334a8c077ce552c9b6a904645e4d7a1f715a2329aa0ae645c6cc3aa6b54f373f9bc8ba88d7c6fe1e3c37e44cb0738aeeb6cc09af8ddf9d3d6b388d89a0a4793f76524a0b4f3ab7455b3c3cc832e695671d9fb58d1c3be00fa719d2d2e4d0b54b7db9b4519920973a80ffa6d47dbde590d7e44dc3a3a71ed16d96c2a17fad01d348ca06c7ba16b24597fec3db43f7e6157646596698a44f2b3cd678e5c9cf8fc0a52a00547154c1ee2c7b04aca13f66d0dab6572bb77f0ee96392604595165b5132f5408241f4e9f7427bb46a52574e563484e8b2170af990bdb001aa612dade122172cd04517b4fcae810aab76a9e04d1a8edae768e0072ac39507b2a005341be815a2037c25bf4d116df144edc2441678755dca37a718b0ed4de8b0febac551215754c93984b8b274da799ebe3f3948381e255e7ec88af11956a13838eed655e354d489cba24368eab64e7c614afec72c1123252f1733bd5798e546cad1bc5c7e2cab22b5b76f55195e0e75a37acc2668e04c2251219aa07117e904b1902da4857c89e906b62fa35952c17228b3a3f8b9dc0a4772a9f26606d36051dd410e7b88e21386d56b17d6777aa4687250e538e0da2733557ccab4eb04528bfca31bafe7bbeb79c1873d555b5d0f00218942f61b8cf7f2da9a32787627a384f2ad99e78cc04b30a407259bd85bd0362c5d8aed00422ec289dbe4a9a93e88cd116cbaaf6f897df2a9ae8da65596396445d3b477cd9b755341bbb5d5b403638351c0f50a98fc09f59ea32944bea8df452d484594ce489f0de42f0a364ca6a38367d81b69c4afca32c96402dccf45edc65f9a91d4225a2d6a81aefdc7ec519e29fb7c983212b919a00b82e1ea665bfc439344f12db6a155562c9bfc35225404c3c5dab967ef226823e85040d6d755639a783c7fe3708e2b17c8a4f39bdce7dc6216a1f21a4a03e85a8229ee4ea3439b933772a82c1b3d6f30c1b57bbfef4a4d8839289b62f2942cc154ecb74ab391d9d049e134f293357e8f21df59abeb1efe8fad225d8bc02254b2088ddfc9763902e77bd9c2102de627e4d4f333617250409906bb1e2f180097a0164ac91025aeea2a0c783d9465c6b53472b897f138b6dbcf7aa124e66d0e1db7482bb2f850686eb6dba016298f80af21ff9733e7f4c0534173db2a68abfb19e425982bb8b757511a2c482535f79f973312d08fc571d6f78dcc93b67aeac45eaa9041fb0e35de968beb409211a86f8351472333ce374f0bfafd599613850b6b8fdae54e71109bf2c203fe23f1861481e6ec7341592d798e9c894e9163384517f7ba0b0cde522a643dac15691f2b6e291771b6e746e688896665f4ce2759c75f24e8310b951dfebff003064e04433eb77de3ef8c28629d968b607785b96e1c1e85465183b3fdad902742511a1668cb69c65bfbf4e59dd78bdf288a544af2406dfc50eccaabdb17b9b2e9ebf4ff093f34ec1ce1feb514783ae6ce2727244f514076bcaf0df34f48b6fc58bd9840736400f8517aa32820f4ec60637587a3eadbb1542824330c42c5f67f9efdc92aabdabda2c00942d5f640246386e6f794bf749140e1a077e55cab3b3d61800b831560189f654516af129962e74ce14b2a0eb16522f47167f1771794394343ed655b24194fbee41b9a18b41f5a9a1e67e7a150"})
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000055f40)={{<r17=>0x0, 0x5, 0x400, 0x1b26, 0x0, 0x0, 0x1000, 0x2, 0x8, 0x5, 0xee, 0x62, 0x2, 0x0, 0x6}})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000056f40)={0x3, [{}, {}, {}, {}, {}, {r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r15}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8, r16}, {}, {r17}], 0x4, "6ac352d1b76f87"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000051000)={0x3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r18=>0x0}], 0xe6, "3a37394b57f404"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000052000)={0x43a2, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}, {r2, r6}, {r8, r18}], 0xcd, "0b9edd33e96dc3"})
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r19 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r19, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:34 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
dup2(r1, r0)
r2 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100))

01:01:34 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  667.875098][T20429] FAULT_INJECTION: forcing a failure.
[  667.875098][T20429] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  667.888341][T20429] CPU: 1 PID: 20429 Comm: syz-executor.3 Tainted: G        W         5.14.0-syzkaller #0
[  667.898238][T20429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  667.908283][T20429] Call Trace:
[  667.911561][T20429]  dump_stack_lvl+0xd6/0x122
[  667.916172][T20429]  dump_stack+0x11/0x1b
[  667.920356][T20429]  should_fail+0x23c/0x250
01:01:34 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000001740)}, 0xfffffffc}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={<r1=>0x0}, &(0x7f00000000c0)=0xc)
wait4(r1, &(0x7f0000000100), 0x1, &(0x7f0000000140))
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

[  667.924762][T20429]  __alloc_pages+0x102/0x320
[  667.929352][T20429]  alloc_pages+0x382/0x3d0
[  667.933758][T20429]  __get_free_pages+0x8/0x30
[  667.938376][T20429]  __tlb_remove_page_size+0xf6/0x180
[  667.943691][T20429]  zap_pte_range+0x772/0xe20
[  667.948266][T20429]  unmap_page_range+0x2dc/0x3d0
[  667.953116][T20429]  unmap_single_vma+0x157/0x210
[  667.957966][T20429]  unmap_vmas+0xd0/0x180
[  667.962206][T20429]  exit_mmap+0x23d/0x470
[  667.966472][T20429]  __mmput+0x27/0x1d0
[  667.970487][T20429]  mmput+0x3d/0x50
[  667.974185][T20429]  exit_mm+0x2ec/0x3e0
[  667.978234][T20429]  ? taskstats_exit+0x373/0x6d0
[  667.983068][T20429]  do_exit+0x3ef/0x14a0
[  667.987226][T20429]  do_group_exit+0xce/0x1a0
[  667.991718][T20429]  get_signal+0xf93/0x15d0
[  667.996165][T20429]  ? poll_select_finish+0x179/0x3f0
[  668.001388][T20429]  arch_do_signal_or_restart+0x8c/0x280
[  668.006915][T20429]  exit_to_user_mode_prepare+0x109/0x190
[  668.012529][T20429]  syscall_exit_to_user_mode+0x20/0x40
[  668.017970][T20429]  do_syscall_64+0x50/0xa0
[  668.022385][T20429]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  668.028275][T20429] RIP: 0033:0x4665f9
[  668.032145][T20429] Code: Unable to access opcode bytes at RIP 0x4665cf.
[  668.038965][T20429] RSP: 002b:00007f2a93988188 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  668.047363][T20429] RAX: fffffffffffffdfe RBX: 000000000056bf80 RCX: 00000000004665f9
[  668.055321][T20429] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000040
[  668.063289][T20429] RBP: 00007f2a939881d0 R08: 0000000000000000 R09: 0000000000000000
[  668.071250][T20429] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001
[  668.079249][T20429] R13: 00007ffea566292f R14: 00007f2a93988300 R15: 0000000000022000
[  668.109900][T20431] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
01:01:34 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:34 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:34 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0xca000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

[  668.117890][T20431] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  668.134419][T20431] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  668.142414][T20431] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:35 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:35 executing program 0 (fault-call:9 fault-nth:24):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:01:35 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x20000288}, 0x0, 0x0)

01:01:35 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x20000308}, 0x0, 0x0)

01:01:35 executing program 3:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYBLOB="0000a06dd7149b28c899000000ff07000b02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0ffffff8000000000000000000000efffffffffffffff00000000ffffffffffffffff00"/182])
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:35 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0x0, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x7fe, 0xffffffffffffffff}]})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0x20000008})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000040)={0x5, 0x10000, 0x1, 0xfffffffc, 0x19, "879b44214a49d5dc6c4497a4d7244a21934b35"})

[  668.895039][T20502] FAULT_INJECTION: forcing a failure.
[  668.895039][T20502] name failslab, interval 1, probability 0, space 0, times 0
[  668.907685][T20502] CPU: 0 PID: 20502 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  668.917481][T20502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  668.927533][T20502] Call Trace:
[  668.930808][T20502]  dump_stack_lvl+0xd6/0x122
[  668.935436][T20502]  dump_stack+0x11/0x1b
[  668.939586][T20502]  should_fail+0x23c/0x250
[  668.943990][T20502]  __should_failslab+0x81/0x90
[  668.948766][T20502]  ? register_for_each_vma+0x372/0x890
[  668.954213][T20502]  should_failslab+0x5/0x20
[  668.958713][T20502]  kmem_cache_alloc_trace+0x52/0x320
[  668.963987][T20502]  ? register_for_each_vma+0x372/0x890
[  668.969426][T20502]  ? vma_interval_tree_iter_next+0x24c/0x280
[  668.975430][T20502]  register_for_each_vma+0x372/0x890
[  668.980765][T20502]  __uprobe_register+0x404/0x8b0
[  668.985683][T20502]  uprobe_register_refctr+0x29/0x40
[  668.990887][T20502]  probe_event_enable+0x2be/0x7d0
[  668.995906][T20502]  ? __uprobe_trace_func+0x440/0x440
[  669.001234][T20502]  trace_uprobe_register+0x88/0x410
[  669.006431][T20502]  perf_trace_event_init+0x34e/0x790
[  669.011717][T20502]  perf_uprobe_init+0xf5/0x140
[  669.016496][T20502]  perf_uprobe_event_init+0xde/0x140
[  669.021789][T20502]  perf_try_init_event+0x21a/0x400
[  669.026891][T20502]  perf_event_alloc+0xa60/0x1790
[  669.031814][T20502]  __se_sys_perf_event_open+0x5db/0x2810
[  669.037498][T20502]  ? proc_fail_nth_read+0x150/0x150
[  669.042681][T20502]  __x64_sys_perf_event_open+0x63/0x70
[  669.048175][T20502]  do_syscall_64+0x44/0xa0
[  669.052573][T20502]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  669.058468][T20502] RIP: 0033:0x4665f9
[  669.062356][T20502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  669.081960][T20502] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:01:35 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x80003000, &(0x7f0000000000)="17644849daf522e5c87f5bed78f0d2", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="6c97c6713d4c79f2a654be77ed02e1fd28a40cf135d83fa1b962e3fbef4242c8df001a9669ace32e0cb30fd362f70b17e8a2ba751a405fd50a34e1a1685b4001811d3c9bdad371c76ee196afa5cdab2980bdc62e5b17dabfc9d2aee9d54858c004588d6245f244911d9a9503d7faf7130de405952798e816d8debc89c44badbe9d2617498929dca6a9ed82a7b6c8fd5feb913d3d270ff111465afbee9bc032201f36c74470bb9f9c673724659d1d5d39c8e1514b060b085141c34f00e0377d37a197f9b94abbba49565d9098f5f28eea3c6f4f8c2aa3caf23caae0085d5da80b0d6f440f729745595c3318f271a16cb17937f427")
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:35 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  669.090427][T20502] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  669.098400][T20502] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  669.106353][T20502] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  669.114619][T20502] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  669.122600][T20502] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:35 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x8})
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f00000001c0)="4cfd10208468c14ef7d69381657f16fef0c7b6f7a746224dd41305626a3ffdb6cde5f932ffbff5ebbc5783e3934fc25c3d9930f51361e337288fcb0a5474c0f2702ee85c328f19a9a5853aa7158567e72974b88a57d35b324db8736c3f30d9de9c4a6b56aa8c648d4f4f36fe530840aa8149c0e87590eec4b8f7dcf96b7a5ff722aa4eecb192f5e88443ac14df49fc18e090d8cdd10e56b85d608592711a14deb9a2266fe2d0048e9b0cd19507f4c17f6371cfa2d52d8a0ff1c354e6ee5cb8bae0d75201f271c4e623aa433e0e9cf0a3055c052b8adea41b2696214494185d3363ee4a4df6dc2d5566bbe0490c33ad8aaabea9f6988c479d245011e0ff706974")
r2 = syz_mount_image$iso9660(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x71b, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000380)="e71f275069f20c125160100d95824abc8c60697c34b4dbc40ff58338f4085af0223ee02462aa77942317d4052a7ef339a3ee8f3ac5c5eddfcd806f55d2eb3b2f16422af29e31816de02fe183b48fe7168fc87af42454aa5299d04c35306d1372980a59275d46c44d12216085f59efc0e7e045998397961010bcf79fda75b6bad45c35fe9", 0x84, 0x7fff}, {&(0x7f0000000440)="2b35c6715819278841e5f02b52c66e082f57b905a61183fcbcf9ccfbc288cf3ab69ae022bcf4c5c6d3654cff9038d2301805334ef57c5cc8a0cfa2bd2c8fcc48a73e966cfe4f18", 0x47, 0xd62}], 0x100000, &(0x7f00000005c0)=ANY=[@ANYBLOB='nojoliet,check=relaxed,session=0x000000000000001f,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c63727566742c6561703d61636f726e2c686964652c664f776e65723eca35ea32dc43b2a47e5ba271a26263688357ad2d2173cafcfc6d749a36be0059b8baed7f5449beb37d0775c5027cbc9525efce4469d74ea66f13f9f7d7", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000580)={0x0, 0x4, 0x6, 0xc88})
clone(0x4000, &(0x7f0000000000)="698f887437f1138423d933b652ed7046b006a50fbd4590ca873a1559453cd0f14d3519fa0f008e24a264c1136df977529e", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="0fa5e3b4f4171e7ea5383fba1847659fb04d47f453582e2c28f55adc1eb5192aa72abd50bc548a9b50c6e053ebad593f9ceaea28bdf444e8236677926c09557ae56d4f18f3c210a3a2c2ed3cf4f9c2bc90b5ae7892513941d3b50f972cfc78effcaf238ee45c5e15fe1ccd13a359bcba920827f535a7ae45ce997fcdaea92084e67cfc4c11f69c6ac83fa6f568772b11c9426bb6155fb4bdf6d7f65770370c7ca7f5147f82c85df296")
exit(0x7f)

[  669.273567][T20523] loop4: detected capacity change from 0 to 127
01:01:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:36 executing program 0 (fault-call:9 fault-nth:25):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  669.447701][T20488] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  669.455700][T20488] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  669.475027][T20488] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  669.483009][T20488] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:36 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)

01:01:36 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f0000000040)={0x1, 0x28, '\x00', 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0]})

01:01:36 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x4})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  669.830429][T20546] FAULT_INJECTION: forcing a failure.
[  669.830429][T20546] name failslab, interval 1, probability 0, space 0, times 0
[  669.843059][T20546] CPU: 1 PID: 20546 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  669.852855][T20546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  669.862894][T20546] Call Trace:
[  669.866165][T20546]  dump_stack_lvl+0xd6/0x122
[  669.870774][T20546]  dump_stack+0x11/0x1b
[  669.874928][T20546]  should_fail+0x23c/0x250
[  669.879329][T20546]  __should_failslab+0x81/0x90
[  669.884076][T20546]  ? register_for_each_vma+0x372/0x890
[  669.889532][T20546]  should_failslab+0x5/0x20
[  669.894035][T20546]  kmem_cache_alloc_trace+0x52/0x320
[  669.899392][T20546]  ? register_for_each_vma+0x372/0x890
[  669.904849][T20546]  ? vma_interval_tree_iter_next+0x263/0x280
[  669.910820][T20546]  register_for_each_vma+0x372/0x890
[  669.916097][T20546]  __uprobe_register+0x404/0x8b0
[  669.921021][T20546]  uprobe_register_refctr+0x29/0x40
[  669.926239][T20546]  probe_event_enable+0x2be/0x7d0
[  669.931247][T20546]  ? __uprobe_trace_func+0x440/0x440
[  669.936598][T20546]  trace_uprobe_register+0x88/0x410
[  669.941785][T20546]  perf_trace_event_init+0x34e/0x790
[  669.947065][T20546]  perf_uprobe_init+0xf5/0x140
[  669.951861][T20546]  perf_uprobe_event_init+0xde/0x140
[  669.957222][T20546]  perf_try_init_event+0x21a/0x400
[  669.962333][T20546]  perf_event_alloc+0xa60/0x1790
[  669.967262][T20546]  __se_sys_perf_event_open+0x5db/0x2810
[  669.972873][T20546]  ? proc_fail_nth_read+0x150/0x150
[  669.978051][T20546]  __x64_sys_perf_event_open+0x63/0x70
[  669.983490][T20546]  do_syscall_64+0x44/0xa0
[  669.987889][T20546]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  669.993792][T20546] RIP: 0033:0x4665f9
[  669.997680][T20546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  670.017285][T20546] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:01:36 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  670.025677][T20546] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  670.033662][T20546] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  670.041626][T20546] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  670.049592][T20546] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  670.057624][T20546] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:36 executing program 4:
keyctl$read(0xb, 0x0, &(0x7f0000000080)=""/229, 0xe5)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r0=>0x0)
wait4(r0, &(0x7f0000000180), 0x8, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
write$sndseq(r1, &(0x7f00000001c0)=[{0x4, 0x0, 0x1a, 0x1f, @tick=0x3ff, {}, {0x3f, 0x7}, @connect={{0x83, 0x5}, {0xe2, 0xfd}}}, {0xb4, 0x81, 0x7, 0x33, @tick=0xc1, {0x68, 0x5}, {0x8, 0x2}, @addr={0x0, 0x3}}, {0x4, 0x3f, 0x7, 0x9, @tick=0x7fffffff, {0x81, 0x1}, {0x1, 0x6}, @raw32={[0x4, 0x81, 0x105]}}, {0x20, 0x2, 0x1, 0x20, @time={0x3, 0x64a}, {0x7f, 0x3}, {0xc3, 0xf1}, @control={0xff, 0x3, 0x1}}], 0x70)
exit(0x0)
preadv(r1, &(0x7f0000000500), 0x37d, 0x0, 0x0)

[  670.099369][T20557] loop4: detected capacity change from 0 to 127
01:01:36 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001900)={<r1=>0x0}, &(0x7f0000001940)=0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
perf_event_open(&(0x7f0000001980)={0x5, 0x80, 0x5, 0xf7, 0x6f, 0x4, 0x0, 0x8, 0x24080, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000001700), 0x3}, 0x8000, 0xffffffffffffff83, 0x5, 0x7, 0x5f72, 0x7, 0x3f, 0x0, 0x4, 0x0, 0x8}, r1, 0x1, 0xffffffffffffffff, 0x9)
vmsplice(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)="ab0ff5497e83b80e4eb7a0ab05d454f0f09e63ef3bad4d5af92c8367c4ce7802560fe1ae9fa55506f36f7e324b24292904c1108f156897313400f5bda0319919a6271b67e320c7cdf9443d2b679136045e616ed68d9c02c01cf742199d7d4622cbbeeb63d79086b5848ea1944d74edacd30a3fe7a40963808408c1a2e2742835cc480117eff0792e158d4c4b8847b4ef35f924ae01cc993b2a7682e00da8a4", 0x9f}, {&(0x7f0000001a00)="4f1ca23b432ad18de7a9c1ed76165b4b26bf35c601ab9d1f0d98b456a7595ee08870f153f59ed33ecad6ab737d0db3845822a4eea2222e047a5b90f7c1078926ab0198baf0e700e776d891358cd021a11a8cc21bc53667a9f8b27b35a972ccfb7e7e408822ae8a390f1d61a0a0b786fd5d9cceb22f27c0d581e403f9a67f6682dabe6aac804efa1407003c86b8f02e0900000000e289befebcb695ad07ff1acc2872b6fb3d4f3336e873e67400499814c963f5f1756439484550", 0x4f}, {&(0x7f00000001c0)="0c7701347c38da4f413442144563e03d19ca57e2411de874e697c482cff221892f6a06c6ff526f7512079a0a0bb848410dddaa814c1204a42363797d808198b060a240c64f1ecbff4c63a38e0d2c8444f4b39cc57cddaa54ae4b3eac0171a14587b8f51d6c997b9882b02769ba09d8bc3960d301b02baab5db58a71f3c0804779154430f448a86ff4f6e4a57035e7996fbd8816aaa47e66a6cc164b470106e2d19f616581f4164a6af5b8e102abc924455f848c1da86e77059e8cc23b01327918a985bad9a35c977f06a1c005be77598f3df891d363a09b5ddf21cd7ca646b5867346836705e0df1c58166732919c20b838b099d92c28e7ad8", 0x11e}, {&(0x7f0000000000)="6707375d51534aeacb824617", 0xc}, {&(0x7f00000002c0)="c13e80ac44c8dbd16e9d95918f86f730c03332fd8605972acbaf1be4f625178d488138dc21ac4f1b4ec1d023a8b9cfdb4dfc5696364a1e1ed736ac0d0ba762b7b46b143beafa07c92fe2ebe2f7cc9cac8f0764ed51d180ae17b71398771324eae9bbf7ba1fc840c643d40d45816cd7a117071ef8136a86bacc2e33926e83535afe2f1db6a31de65b377fc3bdd22378984e1813ee8eff920ab66a9f04879b06db0bdc8b78524ee1c40f9d5c6ccc38e65fec7299921fe158b964b81ca085ed9f0a97e29c76ff22104edf3b3cc917ebde17f0", 0xd1}], 0x5, 0x2)
r3 = gettid()
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(r3, &(0x7f0000001880)='net/if_inet6\x00')
exit(0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
preadv(r5, &(0x7f0000001680)=[{&(0x7f0000000440)=""/195, 0xc3}, {&(0x7f0000000540)=""/149, 0x95}, {&(0x7f0000000600)=""/113, 0x71}, {&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000001780)=""/216, 0xd8}], 0x5, 0x0, 0xfff)
preadv(r4, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:36 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x1c1040, 0x90)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000080)={0x80, 0x10001, 0x80000001, 0x5, 0x9})
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r1, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:36 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0)
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:36 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000000)="7a41ee9b30284736c8a762bce35e5eeecd9687875cb93a679469a4dda26e8893b508cafb982a240746a413e33d61a8", 0x2f}, {&(0x7f0000000080)="1d2fdaf63b89da2c16f07f9097b84fdc64e4e50c9c025813513a640a708085018fe6ec7bbf35a63fab88cdff9ee6f8bac8780fb400234eab395e25e1150173ac0242dc8052a8487a1a82dff3a2540001c3c1db3829f63e13880f0a36295158f98732d440604cd744e856a65ef94f1cbc3566db33a6f4ff1af90340c77da842a065f8696097868f4e247f81dae06d99410faee203abfbb389a151a0ff133030e7d2f099b2e7d768a5a6ae98d10e82ace5c8112be0d8f7b709a9b5a40d14fac3743d9ecf5dbddae7bb65d89d3323d7adcfa81bf62983a24acc635cd7ec3a9601d4646ccac9bbeb491b219b4a0468e894c1ea", 0xf1}, {&(0x7f0000000180)="5460131e1e621c664196ce4189936f2e8addd2", 0x13}, {&(0x7f00000001c0)="0454b51050654382f24febc7c39500f624f52d3eca0463ed5fa6db28c685b24502b8aa08e8b157181d82aaf372a0628eaff8c26002bdf02f2207677c58f81d0659a45f558a955a8c7ceb9eb459e832a0803d907007302984965d1d2cefe592ef92e4f593fed947824640709cd38f3516608e97dff2ff45f36497ea3ca2061a13d0683a33a480ef992e52d47efb8f97bd934b3dd55f0ea649f628537f7aec9153bd1b5a7f8357475066b59612fd1a9dc50fb15e534a513ab9a68251ac750b", 0xbe}, {&(0x7f0000000280)="370ac4616efbf849412caeb4844b34ed3a814ef6ba4778a9f91671f15a0cc4bc2d3c32595e8fc30b7aec151e40e8e984311abb50f4a8443ecb8c2996878c6680d06eb3fea4eb", 0x46}, {&(0x7f0000000300)="e92aabab6e5c90dd1dbf2e0d688e39bcdcd447d29a3a02f024a87fb89f9315a6dca4cf294195a460a6789e7039b3d257e93e5d177e05fc388b7769cdb98959460fae216cdb5a6702020e47a8c53482b77478e06fd9b13018f6e04d6c140e91335f753f401ff7fa02657a948dc034fe057616dc7e170216fe758f99ba7855a865bb39e7db653ff4e569aedfa6c2cc1a81fa1cf8151277b036a03dd723cf8182201f929303fc9c8ae66db379", 0xab}, {&(0x7f00000003c0)="91c7016d57e570442309007b0f7fb816ed4c7650c66f0e455ec4e04d", 0x1c}], 0x7, 0x1)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:36 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
gettid()
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0xff})
syz_open_pts(r0, 0x0)
r1 = syz_open_pts(r0, 0x0)
readv(r1, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
preadv(r1, &(0x7f0000001180)=[{&(0x7f0000000000)=""/6, 0x6}, {&(0x7f0000000080)=""/4096, 0x1000}, {&(0x7f0000001080)=""/201, 0xc9}], 0x3, 0x0, 0x0)

01:01:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  670.380528][T20538] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  670.388553][T20538] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:37 executing program 0 (fault-call:9 fault-nth:26):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:01:37 executing program 3:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
read(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
io_pgetevents(0x0, 0x1ff, 0x5, &(0x7f0000000180)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000140)={&(0x7f0000000100)={[0x4]}, 0x8})

[  670.420804][T20538] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  670.428811][T20538] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x400040, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
dup3(r0, r0, 0x80000)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
pidfd_getfd(0xffffffffffffffff, r1, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001640)={0x53, 0x0, 0x4d, 0x0, @scatter={0x5, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000140)=""/218, 0xda}, {&(0x7f00000013c0)=""/57, 0x39}, {&(0x7f0000000240)=""/22, 0x16}, {&(0x7f0000000300)=""/186, 0xba}, {&(0x7f0000001580)=""/191, 0xbf}]}, &(0x7f00000000c0)="75689d2db59d502e99c5d5c3caa87e479e83968fd1eefb4ba6d941a22fb928f2f16a60e192ae2cb7afbf6e22e9fd0fe9f3f6c490df0b642685262142cd523b15e8a63a0243602599d5edb2df3f", 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001000)={0x0, ""/256, 0x0, <r3=>0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, <r4=>0x0})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r')
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
sendmsg$NLBL_CIPSOV4_C_REMOVE(r5, &(0x7f0000000240)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000003c40)=ANY=[@ANYBLOB="a676084547ef559e3b608b39e17e1d9f0e82de5f223294d7eeb16908925651d9944d36163cce9de0d5b22963bad7d29dabb4eb59bb331c5bb0d12259b041c8912938c958096ed965ccf6c6aa43b476bab7fe780982567193a54abf30df429ea5ae2d38fe074f50e957eb13d8c7f8da754691e46b02e20182a85a913572dd4b7eb4bbee44c37f898fe283bf190601e787d6d2003b5a0dded53b65d964f31684c31ab6834c43d9aa67c846d0c482e92f4c5dd6052ae838fd10e34afc44f3f7f5e16d36fff4f120c4382f0b4c6b57d7522e3c59f0d436edf65eef78229ad47cc8b83ee1faf2ae4aa9f730284996387ab992459e74db80ae53dd9c2949916759cccbcdc0dd5082e0055207257bbc6395a5dc597601f7aba686e04e16c0bdeccc129f1deac21905ec92be893fa308a69823e8f0217a30b8e2f3a688eecc49e5f2e5de2e4f4403ee579ac9599c6c54e9e0bdca620194ab15b9a85f2264a136ba8c25a2fee890b26233ea8922d702f6c402f44616a19ca821f3d889d1c3c7b9abcdfa22dca627136ae1360ae518d8ba58b9347b421b559c1d4d4f2033625c6866c7ae1b3b7329f238971b9e3d169fba1e7f88dbae9f09bcd18c7e13cd7ad7df100ce3b20705aa31cd9f6038a65f14c77fc01344018e928658f631d0ce4c42426ff3b8ea2b8cc5727da9cc1d13cfad7ca61fe04768878974a5ab18001988d16f23763483581683a168c8df1ec226d14e43cb0bd439be21e84ea5f2eef5284117a8febe17b10a042fce1ae79f0e5a5d88621be4c5f28b648be26ff95b35317866867f937ae366bd2d5b46b9c1375d74d81c8782f9f7c02bf64491ab92dafe730c64913bf911ce94e27c3203b27ce54c8f789c85267f64416b47dc9a6a58e4bfae9d82b4d82c3424dd47b2e5f60ad93b8ce0944c15dc88934db7d876bed4ae3bfa2781907d6aa5d6c800e246863ce7dc087289fb214a5eb40b745f0bf6b31b16f90d9f1cdd82651ab37cac49a92bc1e8fd477ffcbd243708e79d110c2176d5ffe1529fd8eb822944ec71ad13cf220892389586a4cb3fc800f0cf5606e18514548d664843567a8ebd2cc81f805c7f0783ed33a0922ae2fbfeebd4cc4d5013e047ea4c545952c3915a5d406bda65d9c369bf6ac54639ac780b39b2130913de1d0174ac6e7f51ed530afbd952d2bc517bddae7d447524ee6f5961792edd24db97e577f27e347acaa3124df708304dd55d553fd6f9055fc4de8e7232ff130904830bc74bdb312b02d8da4363f282204ba6fb7f6b8a4ec7784a1ee7f74c9f78b49419df94862c70fecca90e7d70bb69655c9c07440d74765c98f51bcbee39e0509583485d5369b9ecad6048b78919b455d580b72fc82c4280814eaa66dfdf34334e98ebf30b82f0033ad8a58fbf04e4aa4799c69afe6cd20d5ed06cffdb8e4ada08216bf2ed40d94782e3558deca45501b877b0f5cd10f272b602e71e00b79bfabc1e22a752201b06909a07a8a559cc64e05a1ec95d613c05ca97048f0e0b3a9e7f227d86ea865a7dae039ebf0a093ae4ad6a43b61c62373b18e0d06d56fc9ed9654a8b2a2363566c56f6e2d51fdaf624f51fb7e715f4c9eec5fa69fe22b995ef60d1106c9784278e19c41034fe9cb05b81a501ff2dc422704a9a49dc0cddf62728e50d850700000000000000ded19e7a71300635e2ef5f9955be8ae4d7e8319077687c955ba12db3d6068545f17b714ecfa1b5c69c25fbe4e279e91d2d19a72452f4719814831e3ae4a05976a45f955d4bd6ea0d6fda797f3f215e799787907e063f000000000000007bd778e426d04e4562cb31b61093f5ee0e8a38fb8e58b498e2577117b2854f12aa92588d6a7f9368aae35de3b965a1a30f44520f783718b4c7cfa163c1acbda149e3664ab608b2a3dd2d4331b7b8042ab5c5227d9ed2f4c6eb8f4f383ad08bfa72dcc6f944a8f0edb37ba65c527e2cbc4e45516a42cbaf236fedd66cdf6c0c4068b8fb5880fa01c9c5aad3d556efecd55271893f374fc36495831f00a17190ef9b879de707b648f9e43689638507afedebaeef99404bcd58950b9d1a5ae1ddcdd0882ef725e03ac1c43ddaea9a7726b836cb64d363ae7062d8a539d16471d7160d7bc1f8707c9aa77240189393eea889ac19a4958c56e2fdc38a7e264e6effacb0202a22a505003a6fe2352fee85cebca1d8706d00f2be8826b261b5fe6ee75fa8fa38984445e1cd4c382cf2cfe14d7c542b14a637d05e729cde31f6ceac712394137e2bb408f61d9972173b295bab2a74564236b6b6e441eeb835659caaa54404fd4706d32bbf981ced48c6e82f9e9cede593c8e063a9a789ae38c47ff9d14cd855d6eb72ea7009efd3ce318aa8c96d7d6e82925d10090c04642af652ddd9732fd01f8cddf759cc9f79308a43588df227d79f7db8750d4498be9cd4eeaf2b12435704e67c156aa74eba00bdd241f7d23652895ea54743a12ffeb606cfaae88d14400cd230d55e112891ebc96ac90183be301564d7d2fdf3d4bb7160ea889fee98a47fb4f816a2fe0cb66809ebf8763306c71203f86d6d85e7c4bd3694f71354367c69b7053ed75ca15cd441e6caebdf4ec15f3eec4f86b1e3506048c52851406897d63fe54db0100ac6eed6cad0733c941c345da94d0c6f4eec92820dab06bc330e74f52c5858fc71862701ec3b690605fb460d1f6e46f99299b4cf3df8d65f87c4a2ef8d05fa4b3841482f4572fe4773cb548ae691f12a219de1902a644f238a9f38d9913790de484a1251e3b8399a10b3e73a4895e2ae57088f38524ebd5fd2d3d29988bcf9210b5300cfedd1e326a862c0bf3e1bef531a6c7a5895c247b12b39d9952529de825f8a31282be28ede06b7a5062c4dfefee45c52a901504723c59983d8746e84c457f8fdd18f55379189b63e5b9baaadf9a117f98538c1015f5d1da113c74f63b59545658c1df48ff840a691efd84f835a92a0a6ba2d9a4fb09a0577bdb3f888fa5ddc0abe98cdda0f0a165878e19fb99372077a605cc91e91e0bfdbd09c7b6ffa9db203000000bc6d7e572b5b46decb2e28ff71593b5bc58d21f86ed46db4e0f142af07d53c1b405511da1c80d5db99b4957443ecaacfa6e66732bcdd609e9b4531f50f5619571aa738abf0cc61eb8973be69931a6fef7e52a19f70ad318d549b0c8c805922e81e6ada33a4b59a9af96b40e563b6b147d04fec6ef7029ae8246744cf2f803432223529ad6456b188f34c00ce0dc4863beb9be26ae19b590927712db57cde87f9aa13c23fca0d1ccdfb77eb2f987a8905627b294753124a4bd6c03df81bdf014d2ba8ad181e5ee6094635ec64f04d1932359bca717bf00101e06e23fd6aa73eecca651471d875b088b4fa5a4765a9ac30725ac4032cfa77ed55229d5efff09463913195d92c4956833f2c3132a9c08588882624839502b8e83b9f700fc95d38891c25cc0e47f5865005403907d75916a5b31694f627cd90dfa2878a6044b6283febda431180c84caf8b2dc73ea016124c668e9d650449c9d272b075aaa4fc2174ebc560c10db6a6c427086a498456b8a9adc05a67389e00d2dc429a865861fe241224d9d200e92dbb8605f76f347ea4bed15a0ebae4f434fad2069ee387465f96efd2d52affc44ab011b6aa8004393d59b7ef6fb0f13568eb20fb47d9007ca13267233b6862426565b75018d3bb63912d87053ed33ffd87c48ba6bf1d8c1c2fa7103b527077a83d00ffc5cb75a76bf8861090ff984a4de3354c0bf35719f5ffe3c2fb11035ec8a525e7f73997e337b195c2ef4f36ecf498b939d47297bec7b41480c8ccb6736e523c42ce4016caf7f7883ab62b44cbfbed0e4a621d44c67027f1b5be2cec6f086c4a73148f05c0a08046d1cb991fe11c43bbaa28e0746ff121cfbae5e6c9c04a2794019bafe704e058e6020dfdce967a6b86b569b8721fc172f9ffbe9a77e70e7a998772b6de720230a40b7a5796af6188c800b7fa06c54dd6be660a050781f8e03edae98532fef635dee9917145d831519e4b1e432ad926225bc4922214658cd0615760e1aa90b1c371811e475cbb69a3ee5392336afd2b8accfc204754ef95b362b0b2a229f1857a118c74cde213571b42f3a6340cd0b165712d7b47532e65a299d2d0c9a5661adfac383b8bd2a3fa625fec436516a9147be525f05577e485dd3d70076d94d2fddfee253963e4d7f9e9af4b3948a6757033ab65cbaabe09e4c2ee4e2803b97c84a109a4aa82ed72a1994c7ac159e7e6f5c26c11728ef65503127866a4c668379f82e8db5b8934f479aaf5df687bcc7933633471ab79443d69740cd880a5375e5ece1b05c41ccb70c7ef718fcb3667260f93b4c24478ed1c2112d3fa959b421c7e4e8bd75efc1014f6c8f69b1dd7993c4d04700a475118536de33b142f1f6b21a349527ffc7ef678a7b567c78192d0cf1c1ef95bb2665eaca4f2e63a0c8ed6d5955b26931d98b8b190c36b54c6f8ae670e706a97965dec5881b070fb1341aa47ee181da6f85681c21b1bad7f8191881d920983c2ff0e523adaf3123b0773d561859a54a6a77c0eccccfef8abb808120ce27c28476b1c978985ae42c680147f092502bbb1f0e37570f876db7215b68ff453eee673519cb1d0adfcfcc477ed5663955e7d20228d0bdcb9a5a855c6a7eac601c79d91ba01f1d8575b721951e908fa72c295dcea1eb57531748875713cc6a32b3712e701b22b15d3e53337fff2271ce43c8023cab1c26130b017949a16e213e8186e6df3a1b7ba3dd63c668c3fa6542133cd30546fe519ee1dcb40f487066d2e6118e8f96705abe25f288789f38bcf8eb695e16a2c00e61f5ad1593d3c33e150ecf1d6f5a561b9698bca30a19cb71572146ff2dc771b5ae9f0e26ef2491f93d8605df6d849f4cce05e4687a5a4ed4cafb51ee94ed070aa9bbc9ea3edcbe457b518cebfa3d206dac8ec464c9a4ebc74bd951e6c38f197a915fa7b25d9d82fc2fccc36c782a249e79d73be2fa17b5929c723b88cda6b7b5e09e988ce68714fb650d8c394ca3608f101a9fb203a4c85273609343264b8e0dffd91be57f04ad2b845ac0a3b525a5160dbfd1e467f55ffb4f2543acb63855434ba7e6721aaa18c7497a6966809c0732f72a23f0de99e285a798cdfd6a59324a0969860715a06e99b338aaf99aa88d2198b99970f7d5efb123c4a66dc05c4d8cc9a53eff3bdf01a1a3202e63fe4f79a634279d95a574921f9f25466f47f59b230dbc34fd205ba57815f26e7083bd90419e21eb643f5ca893e2405118d5d6ac3dc2bdf5974cec29c824826c8197674096aa911d04fad7d149d82f6aa32c4a07ab2dcaceb575c83969e34410c4448b6cae5282cb5ca2449185985f68f66831f1eda1a722e1d036565034bf340c02999eb334ae5b79b2ca556511c2490413dd3d551a47e6a10d802d4effa55b4284c5967a479509f4efc41668e40573e6b7054f8ba005efb1fc7ca4ad7b67034fd0e4a52a2d8c78b6814560231b643df0e010422d215c73af5159d2dd51bf805b5d3642a21161e99d7966b7cfb09b1b15a63005b5dc86799b860fd048e130f084c430127494e31678f31daacb2ce8befe6e50dffd7e466448a1db97ad21086ef7cd69241ca9e49b6f18ac0f72ebec5b326ae8ffa38e7137325290fb8a60964f99893cb9924f514d9c17a79a4fbaad0b0bca44502c0ff8b7bfd4f939c6e6edb33e765a6f066a4b2a191b815ed216864e2a9fb5d29de541a092ce67e32093cf3e8d88617f77e37104a7812d056c449d299e5ae7548a1513333870bd74012efbf125b269488ed1f64223d16b2cbc13646ef03e4c016fdc2e68990e6a657600a5730169b33da458a5d736b65bcef0513a5bcd5106a44d33f5c1367e51bfc11c89386c4e492707db87887e5b86c1dba5538fbf5391f5f450a9064b6dfb04f5e7a462277cbf6810e1adf7d64acba3d5e296f5c868cac1cfd76016ca31f52d1169826cf2b4dc548fa348c4c877f9ab4c5cd8fe90452d486d455f3312fa90d3cf031abb0c9ce4fe21496de73c4453770625096a76e7ec42de4e1d12074c68d26a2a143bc762209e77244fb62b8660a62251490e0e68ffc578d27c943632f5462ffe56a0811757d7a2a9ad5c690fd7a2118b5a9d0b266493cef716ef8308d61f4d4c8f2947599294b98f0664c7ba67d5080a67d01dd227e02ed92ac5e06a3a10fed4ea3ea109bf0f23ea44c108a31c56a82c27e522328198f30f528927b59a6b38a0738bc055559b83f5be231a9137f16d4fd49611fd0f205afaad2ebe2487abd230a3de428529e18bdf20c9fe6e856607cfa83e5ba0d3eed7f6ab508358604a8e762553a884e07ec2a3b60adf5434078cbe4622792cdf10057ea7c111a65cf0a90187963ff6796c38830a4ddd808cea10426cfeec1c8b9c4a22497c13079076138cb41ad1086341c012b1c117e4427b715317d5c3326f328252703ba0694e0e41f45da7c70bdd6b0a201a18b3882b69f9b18f9584d87f899bdf786009c23f05bb2034e6765529dad87acb78a146c899e5674c5b895ed3abbea59c6340d96c0a0aeddc6f3c06d46cb15152ae75671848e54c6079d217e533ccd75e38577b594b3b4563fe8b5a149a6bb958e2b9d09cb04656d490e1da5f71fa5fa00cd5ac34040f56ba1dcde78b732", @ANYRES64=r4, @ANYRESHEX, @ANYRES32=r3, @ANYRESOCT, @ANYRES64, @ANYRESHEX=r2], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025)
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000340)=r4)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000000)={"d89252548e17d0b3e38c28fea9e7a2c3", 0x0, r4, {0x260, 0x9}, {0x5, 0x1ff}, 0x400, [0x9, 0x40, 0xfffffffffffffffb, 0x7, 0x0, 0x0, 0x2, 0x8d6f, 0x7fff, 0x5, 0xfff, 0x7, 0x100000001, 0x6, 0x3f, 0x3]})

[  670.491769][    C0] sd 0:0:1:0: tag#1829 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  670.501631][    C0] sd 0:0:1:0: tag#1829 CDB: opcode=0x75 (reserved)
[  670.508180][    C0] sd 0:0:1:0: tag#1829 CDB[00]: 75 68 9d 2d b5 9d 50 2e 99 c5 d5 c3 ca a8 7e 47
[  670.517226][    C0] sd 0:0:1:0: tag#1829 CDB[10]: 9e 83 96 8f d1 ee fb 4b a6 d9 41 a2 2f b9 28 f2
[  670.526275][    C0] sd 0:0:1:0: tag#1829 CDB[20]: f1 6a 60 e1 92 ae 2c b7 af bf 6e 22 e9 fd 0f e9
[  670.535318][    C0] sd 0:0:1:0: tag#1829 CDB[30]: f3 f6 c4 90 df 0b 64 26 85 26 21 42 cd 52 3b 15
[  670.544345][    C0] sd 0:0:1:0: tag#1829 CDB[40]: e8 a6 3a 02 43 60 25 99 d5 ed b2 df 3f
[  670.604669][T20634] FAULT_INJECTION: forcing a failure.
[  670.604669][T20634] name failslab, interval 1, probability 0, space 0, times 0
[  670.617294][T20634] CPU: 1 PID: 20634 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  670.627104][T20634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  670.637137][T20634] Call Trace:
[  670.640405][T20634]  dump_stack_lvl+0xd6/0x122
[  670.644986][T20634]  dump_stack+0x11/0x1b
[  670.649128][T20634]  should_fail+0x23c/0x250
[  670.653526][T20634]  __should_failslab+0x81/0x90
[  670.658275][T20634]  ? register_for_each_vma+0x372/0x890
[  670.663770][T20634]  should_failslab+0x5/0x20
[  670.668324][T20634]  kmem_cache_alloc_trace+0x52/0x320
[  670.673595][T20634]  ? register_for_each_vma+0x372/0x890
[  670.679038][T20634]  ? vma_interval_tree_iter_next+0x24c/0x280
[  670.685009][T20634]  register_for_each_vma+0x372/0x890
[  670.690328][T20634]  __uprobe_register+0x404/0x8b0
[  670.695337][T20634]  uprobe_register_refctr+0x29/0x40
[  670.700566][T20634]  probe_event_enable+0x2be/0x7d0
[  670.705573][T20634]  ? __uprobe_trace_func+0x440/0x440
[  670.710956][T20634]  trace_uprobe_register+0x88/0x410
[  670.716207][T20634]  perf_trace_event_init+0x34e/0x790
[  670.721555][T20634]  perf_uprobe_init+0xf5/0x140
[  670.726343][T20634]  perf_uprobe_event_init+0xde/0x140
[  670.731613][T20634]  perf_try_init_event+0x21a/0x400
[  670.736789][T20634]  perf_event_alloc+0xa60/0x1790
[  670.741767][T20634]  __se_sys_perf_event_open+0x5db/0x2810
[  670.747537][T20634]  ? proc_fail_nth_read+0x150/0x150
[  670.752742][T20634]  __x64_sys_perf_event_open+0x63/0x70
[  670.758217][T20634]  do_syscall_64+0x44/0xa0
[  670.762726][T20634]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  670.768685][T20634] RIP: 0033:0x4665f9
[  670.772560][T20634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  670.792207][T20634] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  670.800607][T20634] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  670.808560][T20634] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  670.816516][T20634] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  670.824470][T20634] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  670.832422][T20634] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:37 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x8})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:37 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  671.060993][    C1] sd 0:0:1:0: tag#1830 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  671.070854][    C1] sd 0:0:1:0: tag#1830 CDB: opcode=0x75 (reserved)
[  671.077384][    C1] sd 0:0:1:0: tag#1830 CDB[00]: 75 68 9d 2d b5 9d 50 2e 99 c5 d5 c3 ca a8 7e 47
[  671.086411][    C1] sd 0:0:1:0: tag#1830 CDB[10]: 9e 83 96 8f d1 ee fb 4b a6 d9 41 a2 2f b9 28 f2
[  671.095450][    C1] sd 0:0:1:0: tag#1830 CDB[20]: f1 6a 60 e1 92 ae 2c b7 af bf 6e 22 e9 fd 0f e9
01:01:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0)

[  671.104465][    C1] sd 0:0:1:0: tag#1830 CDB[30]: f3 f6 c4 90 df 0b 64 26 85 26 21 42 cd 52 3b 15
[  671.113516][    C1] sd 0:0:1:0: tag#1830 CDB[40]: e8 a6 3a 02 43 60 25 99 d5 ed b2 df 3f
01:01:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0xfffffffffffffffc, 0x0, 0x3, 0x2, 0x0, 0x0, 0x6, 0x1000}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x4, 0x1}, 0x0, 0x0)

01:01:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x1f7a)

01:01:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x7000, 0x1}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x40000000000}, 0x0, 0x0)

01:01:37 executing program 4:
perf_event_open(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:37 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280), 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x10000, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:37 executing program 0 (fault-call:9 fault-nth:27):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:01:37 executing program 4:
perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740), 0x1}, 0x3}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:37 executing program 3:
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f0000000000))
r0 = openat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x8400, 0x89, 0x10}, 0x18)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100), 0x4)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x2040, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$RTC_UIE_ON(r2, 0x7003)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  671.330286][T20623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  671.338333][T20623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  671.355696][T20623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  671.363677][T20623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  671.513679][T20694] FAULT_INJECTION: forcing a failure.
[  671.513679][T20694] name failslab, interval 1, probability 0, space 0, times 0
[  671.526376][T20694] CPU: 1 PID: 20694 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  671.536194][T20694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  671.546232][T20694] Call Trace:
[  671.549498][T20694]  dump_stack_lvl+0xd6/0x122
[  671.554114][T20694]  dump_stack+0x11/0x1b
[  671.558254][T20694]  should_fail+0x23c/0x250
[  671.562654][T20694]  __should_failslab+0x81/0x90
[  671.567402][T20694]  ? register_for_each_vma+0x372/0x890
[  671.572985][T20694]  should_failslab+0x5/0x20
[  671.577477][T20694]  kmem_cache_alloc_trace+0x52/0x320
[  671.582821][T20694]  ? register_for_each_vma+0x372/0x890
[  671.588264][T20694]  ? vma_interval_tree_iter_next+0x263/0x280
[  671.594231][T20694]  register_for_each_vma+0x372/0x890
[  671.599502][T20694]  __uprobe_register+0x404/0x8b0
[  671.604423][T20694]  uprobe_register_refctr+0x29/0x40
[  671.609612][T20694]  probe_event_enable+0x2be/0x7d0
[  671.614638][T20694]  ? __uprobe_trace_func+0x440/0x440
[  671.619905][T20694]  trace_uprobe_register+0x88/0x410
[  671.625102][T20694]  perf_trace_event_init+0x34e/0x790
[  671.630380][T20694]  perf_uprobe_init+0xf5/0x140
[  671.635131][T20694]  perf_uprobe_event_init+0xde/0x140
[  671.640405][T20694]  perf_try_init_event+0x21a/0x400
[  671.645580][T20694]  perf_event_alloc+0xa60/0x1790
[  671.650504][T20694]  __se_sys_perf_event_open+0x5db/0x2810
[  671.656171][T20694]  ? plist_check_list+0xf9/0x160
[  671.661122][T20694]  ? finish_task_switch+0xce/0x290
[  671.666280][T20694]  __x64_sys_perf_event_open+0x63/0x70
[  671.671731][T20694]  do_syscall_64+0x44/0xa0
[  671.676207][T20694]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  671.682099][T20694] RIP: 0033:0x4665f9
[  671.685981][T20694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  671.705584][T20694] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  671.714128][T20694] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  671.722081][T20694] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  671.730037][T20694] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  671.737992][T20694] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  671.745944][T20694] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4001, 0x20)
fcntl$setpipe(r2, 0x407, 0xb478)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:38 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
preadv(r0, &(0x7f0000000400)=[{&(0x7f0000000080)=""/214, 0xd6}, {&(0x7f0000000180)=""/192, 0xc0}, {&(0x7f0000000000)=""/52, 0x34}, {&(0x7f0000000240)=""/138, 0x8a}, {&(0x7f0000000300)=""/200, 0xc8}], 0x5, 0x7ff, 0x3f)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000500)=[{0x0, 0x5f}], 0x1}}], 0x1, 0x122, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r1, &(0x7f0000000500), 0x37d, 0x0, 0x0)
rt_sigqueueinfo(0xffffffffffffffff, 0x36, &(0x7f0000000480)={0x3f, 0x401, 0xffffffff})

01:01:38 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:38 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x34)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x3f, 0x27, 0xf8, 0x0, 0x0, 0xffff, 0x48, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x400, 0x4, @perf_config_ext={0x3, 0x86}, 0x608a, 0x3, 0xea, 0x4, 0xf2, 0xe3, 0x6, 0x0, 0x5, 0x0, 0x3f}, r1, 0x0, r0, 0xf)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x34)
ptrace$cont(0x18, r2, 0x0, 0x0)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)
r3 = syz_open_procfs(r2, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r3, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:38 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpgid(0x0)
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/152, 0x98}, {&(0x7f0000000140)=""/243, 0xf3}, {&(0x7f0000000240)=""/237, 0xed}], 0x3, &(0x7f0000000380)=[{&(0x7f0000000340)=""/16, 0x10}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000700), 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000880)=""/163, 0xa3}, {&(0x7f0000000940)=""/209, 0xd1}, {&(0x7f0000000a40)=""/64, 0x40}, {&(0x7f0000000a80)=""/140, 0x8c}, {&(0x7f0000000b40)=""/186, 0xba}], 0x6, &(0x7f0000000d00)=ANY=[@ANYBLOB="1c00476baa55ec7436d20074000000004300000069e4ad59", @ANYRES32, @ANYRES32, @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00'], 0x20}, 0x0)
perf_event_open(&(0x7f0000000680)={0x3, 0x80, 0x8, 0x1, 0x3, 0xfc, 0x0, 0x4, 0x80112, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000640), 0x1}, 0x4001, 0x2, 0x2, 0x8, 0x7f1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x3ff}, r0, 0x3, r1, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
clone(0x21000, &(0x7f0000000440)="4d67373f3a54f566402a18b1e26d904e48a291002d84fe0ad9723951c345fe7e3f446bb9398dcc5d7453ca35440e1a118499a9044f5b33614fddd0cb6873bdb0eea048b3ccac764eb4c78214c7fd5e3b4c206b743294fa13f2d17c827c3f143daa254731269458e6f9bf1445bd77342a05c8d2b3b4b90a2e74d9f14a909fa1463334f87daa36955719bba5ff35ef2b30ec2c105c833ef8d1f69c", &(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580)="db2a1f92db7733acd86d0e1ecdab49a7d1c0988516bab4e0c998bf1d145fccb04bc5f2854527e43a774f5d71b52ae94dcd24be2b9c6452ae07b38117c945ebbea9df1b466023100e32d6e789e5528ee3d571c4b348f1a4e3b90df24725acf5c21660e0196e215cec02f44ef232e5dcc882f708785fb6e49e0cb0d816229b5cb1dce8c00cdaf32a9552a873095b07eea9bcce65ea81b013")
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)={0x77359400}, 0x1, 0x0, 0x0, {0x0, r3}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x77359400}, 0x1, 0x1, 0x0, {0x0, r3}}, 0xe1f)
preadv(r2, &(0x7f0000000500), 0x37d, 0x0, 0x0)
bind(r2, &(0x7f0000000d40)=@l2tp6={0xa, 0x0, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8}, 0x80)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$sock(r4, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000dc0)="ac35bc864e7adacbe09c883440bb366d1dfe94b512d2b050fb1d9820de472394b473d9f6f07f58ef3d6c331ef2d5587b313ac38533a75e713e158cac54b265c672c51744b0ed755890c4b6b3ed6b0e9df8a781ead42404f0b807041ef0425a5b4a0908f899ebe9b344876e03c7968cbf20df9a32953d89af78c1770e843e9b30524b34c1d5a9a1318127056ff16ddfa8b88e3330eb7438805ac2660c05a6489f5b43739378c4edc7ceb6b5f3f0b2ad2d3eddbcb657ab546298ebba0f", 0xbc}, {&(0x7f0000000c80)="9131c253a022552561bea022380f0ce60ae0e5be4eaca7aaf464822ffb970f83f1d2cd5be7e9d532e644290403b73fd34e2827c35bc91bb41a08", 0x3a}, {&(0x7f0000000e80)="43857513481d57fc35fb8e63e4c12f94aa3620f0e89337f56e7379dba135a5fb6b8d45c1155a55a61182958e8d78fbd65e771965", 0x34}, {&(0x7f0000000ec0)="db60a0d2d80b3232c6edb9c3f9101f647d8ecff15c60e2ac2f17bed1b6ad874fded789292f27b6122bc4ad924a1b4dd9392d03c33486e497590fa01a05b24af20ff1d244b8d9b2a12c39a86b15a6bd5235b7135109ea7ba2201743c2b68bc89637b67d26004bfd59e73140e37eeaead5be612cf9aa7a552dab35928cb60791e34003fa019ba1b44f5864598462cf7ef41243cb2a0ea3d60339d432b47b076aaab97106b88fd935775e8790a3b34c8893fd70656951f318c657488ce616393d77b1d34d0c04bf48c6acf8a178e5d6bd80228ae4887a28cec7876d74bbfb265f8c704c7929510a", 0xe6}, {&(0x7f0000000fc0)="26a6985d38e73ad2b36e512cbc40236e8cb63a9afb095d9f3db2193da842463786513ad5f642a3170866b477062fda797286c69d574fecab7df88e4b67815d2b5c677b7eeb690d9e58b15409ccafeb52e7fb1aaf49af02eb0cde53bf521e0576a032", 0x62}], 0x5, &(0x7f00000010c0)=[@timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x400}}, @mark={{0x14, 0x1, 0x24, 0x3ff}}, @txtime={{0x18, 0x1, 0x3d, 0x7}}], 0x78}, 0x840)

01:01:38 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x1, 0x8, 0x81, 0x96, 0x0, 0x1, 0x600, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1c00000, 0x4, @perf_config_ext={0x4, 0x3a4}, 0x40004, 0x10001, 0xffffffff, 0x8, 0x7f, 0xfffffeb1, 0xff, 0x0, 0x3, 0x0, 0x8}, 0x0, 0xf, r1, 0x9)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x34)
ptrace$cont(0x18, r2, 0x0, 0x0)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)
perf_event_open(&(0x7f0000000300)={0x7a0505a48848a36f, 0x80, 0x5, 0x20, 0x40, 0x81, 0x0, 0xe6, 0x80000, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x300, 0x2, @perf_bp={&(0x7f00000002c0), 0x4}, 0x2, 0x7f, 0x5, 0x3, 0xff, 0x100, 0xfea1, 0x0, 0x401, 0x0, 0x1}, r2, 0x0, 0xffffffffffffffff, 0x8)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r3, &(0x7f0000000500), 0x37d, 0x0, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/164, 0xa4}, {&(0x7f0000000140)=""/177, 0xb1}], 0x2)

01:01:38 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280), 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:38 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x200}, 0x0, 0x0)

01:01:38 executing program 0 (fault-call:9 fault-nth:28):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  672.269759][T20680] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  672.277921][T20680] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  672.298250][T20680] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  672.306251][T20680] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:38 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x537602, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x7, 0x810, r2, 0x9f593000)
r3 = syz_open_dev$vcsu(&(0x7f0000000000), 0x8000, 0x400140)
ioctl$RTC_IRQP_SET(r3, 0x4008700c, 0x13)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x1}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0xffffffffffffffff}, 0x0, 0x0)

[  672.453616][T20745] FAULT_INJECTION: forcing a failure.
[  672.453616][T20745] name failslab, interval 1, probability 0, space 0, times 0
[  672.466242][T20745] CPU: 1 PID: 20745 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  672.476062][T20745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  672.486120][T20745] Call Trace:
[  672.489386][T20745]  dump_stack_lvl+0xd6/0x122
[  672.494062][T20745]  dump_stack+0x11/0x1b
[  672.498261][T20745]  should_fail+0x23c/0x250
[  672.502663][T20745]  __should_failslab+0x81/0x90
[  672.507448][T20745]  ? register_for_each_vma+0x372/0x890
[  672.512899][T20745]  should_failslab+0x5/0x20
[  672.517419][T20745]  kmem_cache_alloc_trace+0x52/0x320
[  672.522692][T20745]  ? register_for_each_vma+0x372/0x890
[  672.528143][T20745]  ? vma_interval_tree_iter_next+0x24c/0x280
[  672.534176][T20745]  register_for_each_vma+0x372/0x890
[  672.539446][T20745]  __uprobe_register+0x404/0x8b0
[  672.544366][T20745]  uprobe_register_refctr+0x29/0x40
[  672.549594][T20745]  probe_event_enable+0x2be/0x7d0
[  672.554601][T20745]  ? __uprobe_trace_func+0x440/0x440
[  672.559883][T20745]  trace_uprobe_register+0x88/0x410
[  672.565135][T20745]  perf_trace_event_init+0x34e/0x790
[  672.570411][T20745]  perf_uprobe_init+0xf5/0x140
[  672.575162][T20745]  perf_uprobe_event_init+0xde/0x140
[  672.580439][T20745]  perf_try_init_event+0x21a/0x400
[  672.585567][T20745]  perf_event_alloc+0xa60/0x1790
[  672.590490][T20745]  __se_sys_perf_event_open+0x5db/0x2810
[  672.596113][T20745]  ? proc_fail_nth_read+0x150/0x150
[  672.601296][T20745]  __x64_sys_perf_event_open+0x63/0x70
[  672.606738][T20745]  do_syscall_64+0x44/0xa0
[  672.611143][T20745]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  672.617065][T20745] RIP: 0033:0x4665f9
[  672.620938][T20745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  672.640567][T20745] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  672.649053][T20745] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  672.657003][T20745] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  672.664953][T20745] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  672.672903][T20745] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  672.680854][T20745] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:39 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:39 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000000)={0x3f, 0x3, 0x9337, 0xffff, 0x4, "cb73eb7b51dcc667c345b16687a7d4a6204b31", 0x8000, 0x9})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:39 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280), 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:39 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
preadv(r0, &(0x7f0000000000)=[{&(0x7f0000001100)=""/96, 0x60}, {&(0x7f0000000100)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

01:01:39 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)
wait4(0x0, 0x0, 0x1, 0x0)

01:01:39 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x34)
ptrace$cont(0x18, r2, 0x0, 0x0)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)
wait4(r2, &(0x7f0000000080), 0x1, &(0x7f00000000c0))
ptrace$cont(0x18, 0x0, 0x80000000000000, 0x4)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)
tkill(0x0, 0x24)
ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f0000000000))
exit(0x0)
preadv(r0, &(0x7f0000000500), 0x37d, 0x0, 0x0)

01:01:39 executing program 0 (fault-call:9 fault-nth:29):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  673.204412][T20737] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  673.212546][T20737] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  673.230024][T20737] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  673.238045][T20737] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:39 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
io_setup(0x9, &(0x7f0000000000)=<r1=>0x0)
io_pgetevents(r1, 0x400, 0x2, &(0x7f0000000040)=[{}, {}], &(0x7f0000000080)={0x0, 0x989680}, &(0x7f0000000100)={&(0x7f00000000c0)={[0x1]}, 0x8})

[  673.396380][T20791] FAULT_INJECTION: forcing a failure.
[  673.396380][T20791] name failslab, interval 1, probability 0, space 0, times 0
[  673.409111][T20791] CPU: 0 PID: 20791 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  673.418960][T20791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  673.429076][T20791] Call Trace:
[  673.432341][T20791]  dump_stack_lvl+0xd6/0x122
[  673.436959][T20791]  dump_stack+0x11/0x1b
[  673.441097][T20791]  should_fail+0x23c/0x250
[  673.445500][T20791]  __should_failslab+0x81/0x90
[  673.450302][T20791]  ? register_for_each_vma+0x372/0x890
[  673.455843][T20791]  should_failslab+0x5/0x20
[  673.460408][T20791]  kmem_cache_alloc_trace+0x52/0x320
[  673.465694][T20791]  ? register_for_each_vma+0x372/0x890
[  673.471166][T20791]  ? vma_interval_tree_iter_next+0x263/0x280
[  673.477155][T20791]  register_for_each_vma+0x372/0x890
[  673.482429][T20791]  __uprobe_register+0x404/0x8b0
[  673.487356][T20791]  uprobe_register_refctr+0x29/0x40
[  673.492590][T20791]  probe_event_enable+0x2be/0x7d0
[  673.497681][T20791]  ? __uprobe_trace_func+0x440/0x440
[  673.503066][T20791]  trace_uprobe_register+0x88/0x410
[  673.508251][T20791]  perf_trace_event_init+0x34e/0x790
[  673.513541][T20791]  perf_uprobe_init+0xf5/0x140
[  673.518305][T20791]  perf_uprobe_event_init+0xde/0x140
[  673.523621][T20791]  perf_try_init_event+0x21a/0x400
[  673.528739][T20791]  perf_event_alloc+0xa60/0x1790
[  673.533675][T20791]  __se_sys_perf_event_open+0x5db/0x2810
[  673.539334][T20791]  ? plist_check_list+0xf9/0x160
[  673.544261][T20791]  ? finish_task_switch+0xce/0x290
[  673.549374][T20791]  __x64_sys_perf_event_open+0x63/0x70
[  673.554818][T20791]  do_syscall_64+0x44/0xa0
[  673.559312][T20791]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  673.565246][T20791] RIP: 0033:0x4665f9
[  673.569122][T20791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  673.588726][T20791] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  673.597121][T20791] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  673.605075][T20791] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  673.613082][T20791] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  673.621038][T20791] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  673.629002][T20791] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:40 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0)

01:01:40 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:40 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000000)={0x2f, 0x1a, 0xb, 0x1c, 0x9, 0x81, 0x6, 0x160, 0x1})

01:01:40 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:40 executing program 5:
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000000)={'erspan0\x00', 0x0, 0x700, 0x20, 0xffff, 0x200, {{0x6, 0x4, 0x0, 0x7, 0x18, 0x67, 0x0, 0x64, 0x4, 0x0, @rand_addr=0x64010101, @loopback, {[@end]}}}}})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x1a1100, 0x0)
ioctl$TCGETS(r2, 0x5401, &(0x7f0000000140))
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r3 = io_uring_setup(0x651d, &(0x7f0000000280)={0x0, 0x8e18, 0x10, 0x1, 0x154})
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xa, 0x12, r3, 0x80b77000)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:40 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x1000000000}, 0x0, &(0x7f0000000300)={0x8, 0xffffffffffffffff, 0x0, 0x1}, 0x0, 0x0)

01:01:40 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:40 executing program 3:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000002040)=ANY=[@ANYBLOB="0000000000ff07000b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000e9e455a4cc51ef89b58cd5e585cc493c5c554ffbcea148a60723744d1963474a735449f5a596e69a0d7726e71cccbe39706d1f2a6b3f82660049bb84cf83e600bb3d8737186029ef4e15460fad90268b5fa1aaf1aafaa84384a4085975b34eca417c0d6cf13e34efc66963306e46c24cc39f24719059d941762fd6e4602d5dee1b90b1fb6e7cd14441888554475d5a8310ce1fb95d05d31717cde50f221c7056a98609fa108f1b9e1bd7b562640dd3005d21730c61268974de4095ff"])
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000002000)={0x5, 0x2, 0x33b, 0x3, 0x9})
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r3, 0x8983, &(0x7f0000001f80))
preadv(r2, &(0x7f0000002200)=[{&(0x7f00000009c0)=""/19, 0x13}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/203, 0xcb}, {&(0x7f0000001b00)=""/202, 0xca}, {&(0x7f0000001c00)=""/237, 0xed}, {&(0x7f0000001d00)=""/8, 0x8}, {&(0x7f0000001d40)=""/243, 0xf3}, {&(0x7f0000001e40)=""/179, 0xb3}, {&(0x7f00000021c0)=""/6, 0x6}], 0x9, 0x9, 0x101)
sendmmsg(r0, &(0x7f00000002c0)=[{{&(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x4e20, @empty}, 0x2, 0x3, 0x2, 0x2}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000340)="1cee8f8ec00ad593599bef9ae4d826d949917f028d9bd5a4efaba2ab9e31f21fcc57b2a4813a2d0d0c51dcb70141ef0beefda48e313edc0892b15e7eb8d4708cdda4abc86b55565dd00a7c080243d4bf8031b96f7d4e308847", 0x59}, {&(0x7f00000003c0)="14c8129cc6b728012bd7b688e1bf68f5d3ef82568eef5440ff7521951db22476febc43228af01701c6b1412cf3ae7c15244e980af3635416817457af66d47a86e4e0f49905488e", 0x47}, {&(0x7f0000000440)="0ac3e20995e1e83ee5c3b631b54601e32442bd7dd72af7c2bcc4ae608d1fe6f21b064fdc4ff918db3481d6ac2f9b13a09be3246f4121ec1bd24a3a46278dc86305c65d0e1e1d588b8381491ced18bf0a93a426aa1d7a8b4a6e9e0085a66c", 0x5e}, {&(0x7f00000004c0)="f9d248f8d66640c84003f51b943553a8a38a4bb388781cdeeb79912c4534d8703d8ee7c2b1baafd25b676668c032be55356df5a72ff48e26e5f2986c28f45360a03056b58313c900430f17724ad1e18d46a2b2301046c68cc66b8ce795edf571a9a9f2d5b21f1da32149ef1f170129", 0x6f}, {&(0x7f0000000540)="e169a22ce1cdb6decc87338b5c2c8ed0e63e073f02ac07f43616cce3154cfa2f8f8780de7a63c109b07fecae9ea0a29c267e5dc2b5c62c9add6003a0fc948bcc4ec7af2f2b1a796d4a06da19707028da60d21f5b2f76a2b8a043c25da6f1329336968998fcbfec57073b7d7278391f384c1b03e0105d52f82f33667600b8925346948e2c370ff34832f270b9851e10d365a41ed923e11cd85d8d53005f4482417728652788ce72ea97df25a320ea68", 0xaf}, {&(0x7f0000000600)="b7f7f479a6974fc7cd103937562f274de7b5a4cf06adec689406ba65c8d678272d184e31aa25ba42a9a5aa8d0b9bcbf4eb4add231d329fa53354a774e6e2924d14e96c9fd658eb8f7531c29961554c9d74e3113d6f79fb94a1512e36cbd08c996be41becbbb4835bb9716864be402e64f7dcaf8f8aab9ffe82", 0x79}, {&(0x7f0000000680)="1c04ab978ac3b23ae4f2c21ffc3ade26e8b9976e9226d5528de4c25e8bdb5784764b34439a9fb281a969c18a06503b068ddaffd7d0db9e510192d0320a739ed3e4e00f4cbad83006b250ac1dbcf1ca28a0f4b3d3ffe3d5a9629a875309c480c39a9ce9277ccc12fbc524fe79f453dec8db8eaa", 0x73}, {&(0x7f0000000700)="96e78f7c657d73461b66945e917040415b09a41f1933f3c63e030fd7745c66d3c93fb4ecbfdc9031150094644d44a573382618229a04279e9a5f8b72f4f3b37787ed3230cc26fb5914a35f5493a15b2b121e26134d33db87fc4bfe31951ac531c85819678430c34da200284917fe5723b66ca4d6e1bbc75fa764a4c077bb8ef90b00df5320ac4f0cd2099415f5b277c0ddf29ea11eead063af8116ce34bcdd505079a670da580cf2ac88d0da8f498db0c9f69b7c04da60b59ad63458b5d7707c6c686075f0f516627cc9d673180616d288a64637a99d1520c0990274688f2a35", 0xe0}, {&(0x7f0000000140)="6200000000926dc5c6721195b5aa02", 0xf}, {&(0x7f0000000800)="8af305590c90e9639957a7e78c68102ad89365c306a33c60caebcb5738a0bfc028da1a374ef9caf51b083d004861ab5a97a56c005e3b5bf2773d76301b38e420255290e9a754dbf8db71dd822b6e4b150bbeadbcaa32f01712ccd659a3c58fbd1f275b9e97e4d67df9c8e3f98509bef273d6fb72647e3aab4c11baaa6ef0682f5240fd85f82f4f96ffb3fcf3bd19913e76c281c4703a1de8a5d4dd2bb6269996ca51f999dda4600ae1fd55e3fa243d46523e77d79663a81b49a64af026d191004f8acf8b0ddd1c78032d9fed396f9610a52c8eec66a7c0f120bb8b68281ce4d1aa677fc63b0a05d810e3c6611252e5362bbf4f93dc9eae0bf253", 0xfa}], 0xa, &(0x7f0000001fc0)=[{0x18, 0x107, 0x5f, "376a0737e6"}], 0x18}}], 0x1, 0x4010)
bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r1}, 0x14)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)="d7411bd30c2045666e98ddfdb48594c10a3b842a7c7fb63945e602c74111f7306f9da900c6d6c952ab1076eae09953238a4f7a4eb50bc72c0d1a0ab03ecc436ce4e5731bfdb02c00e0e00d1dafbb2677161316975f85cfa2251a325488cad1042fb0330b3019043a5b03c7e5b7ac19950aa2d011715bffa305e6992702b238a213e21d6bb35212fa54ed4d8aa1d1958ea2b76d11460718398925dfeed2caad938e8bf94df9dd8fd9fe3eb8279b8f2d5fb83267bf97b0adfdce234e7d5c454a29a85dafbd06a82bbcdbf860f4c99aecc3faab6fd958778c15c47170f1a3aba40a6f", 0xe1, 0x4c080, &(0x7f0000000100)={0x11, 0x8, r1, 0x1, 0xfb, 0x6, @local}, 0x14)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r4, 0x7005)
ioctl$RTC_PIE_ON(r2, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:40 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:40 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000080)=""/219, 0xdb}], 0x2}}], 0x1, 0x0, 0x0)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x7f, 0x2, 0x1, 0x4, 0x0, 0x3, 0x20, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, @perf_config_ext={0x0, 0x9}, 0x80, 0x3, 0xff, 0x5, 0x28e, 0x1, 0x7f, 0x0, 0x5, 0x0, 0x10000}, 0x0, 0x8, r0, 0x9)
exit(0x0)
preadv(r1, &(0x7f0000000500), 0x37d, 0x0, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300)="bac6f9fa2c20c03d2dae9e361a162cb049c7c2545f7d110159aed6c4ccc1307bd84a604288eaecc1874a47ff44b6f1f7f7d116d2a429836de4e1cf1018df4358a19f576cfd25d8d0313542d534a9b91ab54c6a902a022847931b2df9c66d4c7fbc7fae90b93a2f")

01:01:40 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:40 executing program 0 (fault-call:9 fault-nth:30):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  674.146929][T20785] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  674.154947][T20785] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  674.172292][T20785] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  674.180326][T20785] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  674.332281][T20836] FAULT_INJECTION: forcing a failure.
[  674.332281][T20836] name failslab, interval 1, probability 0, space 0, times 0
[  674.345001][T20836] CPU: 0 PID: 20836 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  674.354801][T20836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  674.364845][T20836] Call Trace:
[  674.368166][T20836]  dump_stack_lvl+0xd6/0x122
[  674.372749][T20836]  dump_stack+0x11/0x1b
[  674.376893][T20836]  should_fail+0x23c/0x250
[  674.381299][T20836]  __should_failslab+0x81/0x90
[  674.386050][T20836]  ? register_for_each_vma+0x372/0x890
[  674.391510][T20836]  should_failslab+0x5/0x20
[  674.396001][T20836]  kmem_cache_alloc_trace+0x52/0x320
[  674.401279][T20836]  ? register_for_each_vma+0x372/0x890
[  674.406756][T20836]  ? vma_interval_tree_iter_next+0x24c/0x280
[  674.412731][T20836]  register_for_each_vma+0x372/0x890
[  674.418003][T20836]  __uprobe_register+0x404/0x8b0
[  674.422925][T20836]  uprobe_register_refctr+0x29/0x40
[  674.428111][T20836]  probe_event_enable+0x2be/0x7d0
[  674.433211][T20836]  ? __uprobe_trace_func+0x440/0x440
[  674.438504][T20836]  trace_uprobe_register+0x88/0x410
[  674.443700][T20836]  perf_trace_event_init+0x34e/0x790
[  674.449059][T20836]  perf_uprobe_init+0xf5/0x140
[  674.453853][T20836]  perf_uprobe_event_init+0xde/0x140
[  674.459130][T20836]  perf_try_init_event+0x21a/0x400
[  674.464268][T20836]  perf_event_alloc+0xa60/0x1790
[  674.469228][T20836]  __se_sys_perf_event_open+0x5db/0x2810
[  674.474963][T20836]  ? proc_fail_nth_read+0x150/0x150
[  674.480152][T20836]  __x64_sys_perf_event_open+0x63/0x70
[  674.485629][T20836]  do_syscall_64+0x44/0xa0
[  674.490228][T20836]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  674.496147][T20836] RIP: 0033:0x4665f9
[  674.500033][T20836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  674.519629][T20836] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  674.528030][T20836] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  674.536011][T20836] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  674.544003][T20836] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  674.551964][T20836] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  674.560024][T20836] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:41 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0x0, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x7fe, 0xffffffffffffffff}]})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0x20000008})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000040)={0x5, 0x10000, 0x1, 0xfffffffc, 0x19, "879b44214a49d5dc6c4497a4d7244a21934b35"})

01:01:41 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0)

01:01:41 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:41 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:41 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200)={0x0, 0xfffffffe})
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
r2 = syz_open_pts(r1, 0x400)
fsetxattr$security_selinux(r2, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:shell_exec_t:s0\x00', 0x22, 0x2)
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0)
r3 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100))

01:01:41 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r2, 0xc038943b, &(0x7f00000000c0)={0x9, 0x8, '\x00', 0x0, &(0x7f0000000040)=[0x0]})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r3, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x7]}, 0x8, 0x800)
ioctl$BTRFS_IOC_TREE_SEARCH(r4, 0xd0009411, &(0x7f0000000340)={{0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x10000, 0x2, 0xd8, 0x40, 0xffffffff, 0x9fe9, 0x7, 0x3, 0x7fffffff, 0x400}})

[  674.936463][   T22] audit: type=1400 audit(1631322101.538:49): avc:  denied  { associate } for  pid=20851 comm="syz-executor.5" name="26" dev="devpts" ino=29 scontext=system_u:object_r:shell_exec_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=filesystem permissive=1
01:01:41 executing program 0 (fault-call:9 fault-nth:31):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  675.087465][T20830] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  675.095520][T20830] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  675.112953][T20830] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  675.120983][T20830] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  675.477674][T20863] FAULT_INJECTION: forcing a failure.
[  675.477674][T20863] name failslab, interval 1, probability 0, space 0, times 0
[  675.490373][T20863] CPU: 1 PID: 20863 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  675.500166][T20863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  675.510207][T20863] Call Trace:
[  675.513613][T20863]  dump_stack_lvl+0xd6/0x122
[  675.518193][T20863]  dump_stack+0x11/0x1b
[  675.522355][T20863]  should_fail+0x23c/0x250
[  675.526764][T20863]  __should_failslab+0x81/0x90
[  675.532129][T20863]  ? register_for_each_vma+0x372/0x890
[  675.537580][T20863]  should_failslab+0x5/0x20
[  675.542087][T20863]  kmem_cache_alloc_trace+0x52/0x320
[  675.547359][T20863]  ? register_for_each_vma+0x372/0x890
[  675.552811][T20863]  ? vma_interval_tree_iter_next+0x263/0x280
[  675.558896][T20863]  register_for_each_vma+0x372/0x890
[  675.564168][T20863]  __uprobe_register+0x404/0x8b0
[  675.569106][T20863]  uprobe_register_refctr+0x29/0x40
[  675.574422][T20863]  probe_event_enable+0x2be/0x7d0
[  675.579497][T20863]  ? __uprobe_trace_func+0x440/0x440
[  675.584782][T20863]  trace_uprobe_register+0x88/0x410
[  675.589986][T20863]  perf_trace_event_init+0x34e/0x790
[  675.595280][T20863]  perf_uprobe_init+0xf5/0x140
[  675.600086][T20863]  perf_uprobe_event_init+0xde/0x140
[  675.605493][T20863]  perf_try_init_event+0x21a/0x400
[  675.610613][T20863]  perf_event_alloc+0xa60/0x1790
[  675.615546][T20863]  __se_sys_perf_event_open+0x5db/0x2810
[  675.621183][T20863]  ? proc_fail_nth_read+0x150/0x150
[  675.626389][T20863]  __x64_sys_perf_event_open+0x63/0x70
[  675.631874][T20863]  do_syscall_64+0x44/0xa0
[  675.636291][T20863]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  675.642193][T20863] RIP: 0033:0x4665f9
[  675.646081][T20863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  675.665900][T20863] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:01:42 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0)

01:01:42 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1653a06745620929, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x34)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000001787ed03f6268f1d2dd47abaa6ff07000b0000910e232e1398811d89d716000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffffffffffff00000000000000000000000000000000000000000000000000000000000000001451d78dcc0d5e5baf0808ae439d5951b8532dad11bb90b560cb86b73f15cac895435843d8f08bbc6b5fa3ee6f1b781148a6002b4cce9cc54ed7d9655d39012f2d44bedce05d27c1f4cdd18c4c8ffa093caa7f0564a9725250d488c4ab0f23a29fa9175727515909bfd999f680620e42f93ebf6f2bc1e4a10c055d3a241fa03ae8060397f109fec8968c942c02629565a6c54422e548b3bcf794fbbac9898d56a7d6cef939a62b5a991afa3283e065cd62874d1789c5c42e862f6c97bac93261d1aaa3a239f02bd009eb60f47d8a0532646af1fba941828eb1b0a1aedf996cc1f9734176112755469b4c717c69926cea7746d6ea952a3eaed6a04075da"])
ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000180))
ptrace$cont(0x18, r3, 0x0, 0x0)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r3, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x4, 0x80, 0x3f, 0x0, 0x40, 0xa3, 0x0, 0x2, 0x51000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x1, @perf_bp={&(0x7f0000000080), 0x2}, 0x1048, 0xc00, 0x5, 0x5, 0x3, 0x6, 0x401, 0x0, 0x9, 0x0, 0x8}, r3, 0xd, r1, 0x3)
sendto$unix(r2, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffbd)

01:01:42 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  675.674299][T20863] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  675.682277][T20863] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  675.690296][T20863] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  675.698314][T20863] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  675.706283][T20863] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:42 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x11)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:42 executing program 4:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x18841, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x280000d, 0x12, r1, 0x45e23000)
preadv(r1, &(0x7f0000000140)=[{&(0x7f00000032c0)=""/4083, 0xff3}, {&(0x7f0000000440)=""/247, 0xf7}], 0x2, 0x3, 0x80)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x7fffffff, 0x0, 0x0, "a9c52809ba5ed5e9c1d95a3371e0b7d00cd7a5"})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200)={0x8, 0x0, 0x0, 0x0, 0x0, "000000000000ffffff00000000000000000002"})
syz_open_pts(r2, 0x0)
r3 = syz_open_pts(r2, 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x201, 0x0)
write(r4, &(0x7f0000000240)="5e5086220530393c049e6168efaf3555aa00ad6a4b87d2a1ffaa85f07728bf114c7c0c2f3594116baa67c347154b40b164d5712bd92b082becb0c9b8ba223bccda855f89f7ad80de76fccff8e3d9f39b20ec01e60f07c33da62a5be4d4cefe6c71c32ba9f79456f03276ce0b41770eac773a3347bfc7c400d1208cda80932f33966c8380bee15c4f3d7f015ca29c829fbbab0beee2dc4f03c4b51b3eab478a8f7d056f7d8d5636ba6f4e3a43f844c895a9f1645baf7425da7b150abc3ef727e523cb88a94d592fea1c00bc15ae204e77a10d3a7ab6b9c409fed602d8", 0xdc)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TCFLSH(r3, 0x540b, 0x1)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0x400, 0x800, 0x9feb, 0x1ff, 0x9, "9f3f5586a2b91b97157e1ff1c7fedc087f50f4", 0x80, 0x7})

01:01:42 executing program 4:
syz_io_uring_setup(0x3ede, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x5}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x6000, @fd_index=0x5, 0x4, &(0x7f0000000080)=""/102, 0x66, 0x1, 0x1}, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'sit0\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x34, r3, 0x1, 0x0, 0x0, {0x12}, [@ETHTOOL_A_COALESCE_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x0)

01:01:42 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000004a40)={0x0, 0x0, &(0x7f0000004a00)={&(0x7f00000046c0)=@acquire={0x178, 0x17, 0x1, 0x0, 0x0, {{@in=@local}, @in6=@empty, {@in=@private, @in=@private}, {{@in6=@mcast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@mark={0xc, 0x15, {0x0, 0x8e}}, @tmpl={0x44, 0x5, [{{@in6=@loopback, 0x0, 0x32}, 0x0, @in6=@loopback}]}]}, 0x178}}, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:42 executing program 4:
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)

01:01:42 executing program 4:
preadv(0xffffffffffffffff, &(0x7f0000000c40)=[{&(0x7f00000000c0)=""/74, 0x4a}, {&(0x7f0000000880)=""/220, 0xdc}, {&(0x7f0000000140)=""/137, 0x89}, {&(0x7f0000000a80)=""/250, 0xfa}, {0x0}, {&(0x7f0000000b80)=""/187, 0xbb}], 0x6, 0x9, 0xfff)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8992, &(0x7f0000009940))
r1 = dup(r0)
sendmsg$AUDIT_DEL_RULE(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000cc0)={0x440, 0x3f4, 0x20, 0x70bd26, 0x25dfdbfe, {0x0, 0x1, 0x17, [0x1, 0x5, 0xdca9, 0x9, 0x1, 0x1, 0xdd, 0x8, 0x1, 0x7, 0x9, 0x3f, 0x6, 0x5, 0x1, 0x2, 0x2, 0xb5e, 0x7, 0xfffffc3b, 0x400, 0x10001, 0x1, 0x8, 0xf457, 0x1, 0xfff, 0x81, 0x6, 0x8, 0x9, 0x9, 0x100, 0xffffffc1, 0xab31, 0x1, 0x8001, 0x20, 0x1, 0xffff53a4, 0x4, 0x3f, 0x2762, 0x8, 0x2, 0x1000, 0x9b06, 0x0, 0x7, 0x9, 0x7c33ceab, 0x1ff, 0x3, 0x2, 0x800, 0x965a, 0x8, 0xfffffff0, 0x2, 0x3, 0xff, 0x4, 0xeaaa, 0x35b], [0x40, 0x12bf09e1, 0x1ff, 0xfffffff7, 0x7ff, 0x3f, 0xec1f, 0x413, 0x5, 0x3, 0xbc, 0x5, 0x3, 0x4, 0x2, 0x401, 0x976, 0x8, 0x2, 0x3, 0x3, 0x5, 0x9045, 0x2, 0x7, 0x2, 0x5, 0x6, 0x2, 0x4, 0x8, 0x4, 0xc472, 0x4, 0x5, 0x7, 0x9, 0x2, 0x6, 0xcc, 0x76, 0x5, 0x2, 0x2, 0x6, 0x3a, 0x1, 0xfffffffe, 0x8, 0x692, 0x8, 0x8, 0x3, 0x9046, 0x7, 0x9, 0x3, 0x7f, 0x4, 0xa0000000, 0x101, 0x10001, 0x2, 0x8], [0x4, 0xbe, 0x200, 0x8001, 0x9, 0x7, 0x5, 0x0, 0x1, 0x1ff, 0x200, 0x0, 0xe9, 0x2, 0x3, 0x2, 0x784, 0x3f, 0x8, 0x7, 0x0, 0x2, 0x80, 0x9, 0x6, 0x1, 0x1, 0x8, 0x3, 0x2, 0x2, 0x80, 0x3, 0x1, 0x3, 0x133, 0x7, 0x7, 0x3, 0xfe000000, 0x5, 0x40, 0x3, 0x8bf, 0x0, 0x8a, 0x1, 0xffff52b3, 0x401, 0x5, 0x5, 0x89, 0x8, 0x0, 0x5, 0x0, 0x6, 0x9b, 0x0, 0x1, 0x7, 0x1000, 0x6, 0x8001], [0xe10, 0x8, 0x1, 0x8, 0x7fffffff, 0x7f, 0x100, 0xfffffff7, 0x2ab, 0x7, 0x7, 0x0, 0x9, 0x100, 0x8, 0x80000001, 0x3, 0xffff, 0x100, 0x0, 0x6, 0x666, 0x7, 0x8000, 0x2, 0x8, 0x2, 0x7fff, 0x8, 0x10ee, 0x101, 0x3, 0x3, 0x3e1, 0x0, 0x80000000, 0x80000001, 0xfffffffe, 0x2, 0x4, 0x68bb, 0x9, 0x2f84000, 0x5, 0x7, 0x16, 0x2, 0x0, 0x800, 0x10001, 0xb476, 0x80000001, 0x6, 0x6, 0x2, 0x1ff, 0x80000000, 0x3700, 0x1000, 0x0, 0x3, 0xff, 0x81, 0x800], 0x20, ['/dev/sg#\x00', '%[[/:&&H#\x00', 'mountinfo\x00', 'i*\x00']}, ["", "", "", "", ""]}, 0x440}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000041)
r2 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f00000012c0)={{r2}, 0x0, 0x2, @unused=[0x12800000, 0x3, 0xee9, 0x80000000000000], @devid})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000022c0)={0xb10, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE_PROBE_RESP={0x12a, 0x7f, [@ht={0x2d, 0x1a, {0x2, 0x0, 0x7, 0x0, {0x8001, 0x20, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1}, 0x800, 0x80000001, 0x8}}, @ibss={0x6, 0x2, 0x5}, @supported_rates, @challenge={0x10, 0x1, 0xc2}, @peer_mgmt={0x75, 0x6, {0x0, 0x100, @val=0x40, @void, @void}}, @tim={0x5, 0xb6, {0x0, 0xbe, 0xea, "9da8eb78316f628e36e37c48feb13c5220b0a36c5d8b04028cdcb1c03db7f2ab4c58a1f5aa5c8b759215b0b314dacb2c85e2198aa577adc1db12cb7354ed961a50e5591b8020add3ba98363a00391d72a4eba40d5b98240ea78fda9339834b13a85b6bfe148caa08871bff421f8faef1292356dd9c78ee38032542fa65aad46c1a150e7b4c692fdaf844c62fb45a68e523d6950d9fdd1077ed92cd7067e78f50820e4791c8c02ef676995752097c246443d89a"}}, @rann={0x7e, 0x15, {{0x0, 0x5}, 0x6, 0x3, @broadcast, 0xffffffff, 0x800, 0x8}}, @ssid={0x0, 0x6, @default_ap_ssid}, @ht={0x2d, 0x1a, {0x800, 0x0, 0x0, 0x0, {0xef70, 0xed2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x1, 0x7cb8, 0x7f}}, @chsw_timing={0x68, 0x4, {0x3f}}]}, @NL80211_ATTR_IE={0x10, 0x2a, [@ibss={0x6, 0x2}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x7, 0x80, [@challenge={0x10, 0x1, 0x88}]}, @NL80211_ATTR_FTM_RESPONDER={0x54, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x45, 0x2, "289673bf80867cc215d602044ee5e72d9fd873161b24e273738f8a0848cce07a045aafae7098043d167469361054b0ff3e2973589c0135739125cd4e84410a5cfe"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_TAIL={0x10e, 0xf, [@mesh_id={0x72, 0x6}, @peer_mgmt={0x75, 0x8, {0x0, 0x57ca, @val=0xde2e, @val=0xe, @void}}, @perr={0x84, 0xee, {0x1, 0xe, [@ext={{}, @broadcast, 0x100, @broadcast, 0x3}, @ext={{}, @device_a, 0x8, @broadcast, 0x1f}, @not_ext={{}, @device_a, 0x8000, "", 0x2a}, @ext={{}, @broadcast, 0x1, @device_a, 0x1}, @not_ext={{}, @device_b, 0x80, "", 0xf}, @ext={{}, @device_a, 0x7fffffff, @device_b, 0x37}, @ext={{}, @broadcast, 0x8, @broadcast, 0x3e}, @ext={{}, @broadcast, 0x8, @device_a, 0x36}, @not_ext={{}, @device_a, 0x46e, "", 0x3f}, @not_ext={{}, @device_a, 0x101, "", 0x3e}, @ext={{}, @device_b, 0x401, @broadcast, 0x38}, @ext={{}, @device_a, 0x577f, @device_b, 0x28}, @ext={{}, @device_a, 0x6, @broadcast, 0x23}, @not_ext={{}, @device_b, 0x37, "", 0x32}]}}, @cf={0x4, 0x6, {0x40, 0xa0, 0x7ff, 0x80}}]}, @NL80211_ATTR_PROBE_RESP={0x84c, 0x91, "5cb89863b6685b4dbcaae20607e6830f16c6b5f02ace9368e1562d4b515a880045cab5a64bb82e5e335d3b5e48b85706019081e67ac4a322667ef716f5e1a47bc2b5a868842d491745542f5b69f02349cfd90f1b7db3077de32efc0e1441591dd8a0e2bff5e2d00d48796db452181c81c9355fe02e069935c0cd807d43b8746394c25dd3c3e37290e06efc8c89e590bd38b6279252432a16ee07d7a60bbcd40e604698534b5ba7351a7d2b5eaeedad699548f78e1be12dae3b46f88be1522393521ffad19810b33553bc77b8fca5a10adc1f70fb495565cb34ce8dc50d8ee7f7612ac34117c6325515b0842f09b336a71ff37da0e861ee0d292335e4a638caa72ccad896aaca645b58dca2525fe908d85b3febcb94c2d95c9cc106b70607e17a134f1b442e8c2dc49c70c3e9b413ec4478993893d250930a6b985d77e7487913502b4f740b55420a25a339204f5458393d915e71e7c27206677eecaff7e9b767f0787215eeb89ee712d72d4e1af022e0fae4c6eda8963e37e54f33873dd1139f18c5764600c85db67abf6039eea49442441624fefa63dd14c3f228cf098eb0be54b2dca04f9134e5d2ac552af7b400b46fcb32a4204398ec407366d3ed263bdaa9f91a653b760bfa6e06afff99dc0e80d678e6a898ab65400e4bfcb088ef0a8a9e4c4362d4976f3e5b15ce33eaf2206bb6d1e6ddcde6c5367333a904235e83bddcb07da04a9d25245272fefde9930e0d6b6abff54c3e0a5de23f961e5df605a6c2dac62b5a5df3590379a1f5c68a52f01972f36ee7f999957cecff72c6ab846f291443830d7644a7eb9f3f57191b1ca7ebb16388b39a5f9a6b6ca624fde21cb5f2d6f414d9420f2eb14985f4967af9ce2ea6699ce382217f3e3f237fa9a2f168abb08a12a6d7f4729420ae7c4094d715309aacf00ba3eac43571d5551b921f57f7ed7ea92b437a2369f34e92c02dd8809763cd5a54570e1814cfbb696c50d2d854518a2887f150e065ad27b8ec0aa7051009d9496bd4abccc8ee83f2b70e3fa343344ca98c0a3b46ae0ad7859618ad4340c6df96a6ffae5e4632bbd9efbf0080b14f243139751ce0b49f9258f2d1c71806d33e9981784b606b4bfee04f0c26612d653c580500735d1a5af793c3ff00e1c532d60f81bf292727913eae83ae81b41adcb30a341a4faf45001b0926fd53a463a7b42ce5fb836eca2083e690e4c24871c3470d5318f5b7760dbf060d05bb77f4dea288d6b39fabf0b7018bfb77f40c1e4aea97291047bef00229d79395e66901e3435c6339e2600af29896c4baa828407f0eb8464dae10676f9224aa73cc5de8555e656b9d4ae2a156a2457c7895c8f80a78bc12f23e21ef421ed55a8f31cdbd1a3f33bec52835309935648affaac0cb864fd911c98b258b282872964c5084b96832460d6a1fff38d7d9e11447d701f51c672f27dbe5810b9b5db38def73704ce4f44574d1615c531b72807e2dac711120397a0f8c73ba661a4a98bc5d8dfdd9140ed4046a4081a8160b8083ce899e2d0995aaa6f1fe843df5c528a0a319388501ba81f1fa50c3e2ef043f67a9ba2f54e148fec90a1fd6e0c91d6d7a9ef12eb231b8944b5d76d7f60d2b1cfc13ab7d52bb0afce6c90ca32591adc8164d680d7e11b8d291c2a6c3aaef74f0831705107d456750d2a7e0cdff4a4ab2b1e06193d9a308c152a5e7197d0e938f07c729bf33dd6a38a87bccfb2c264a38c07546c36f62a65b3f33727d6113c1c7774bf7dc7d472ce50ab338bd56de1675f96114da5a77775a7dfb8dc197607e4304b6a4487137115e89888d89f2876a9a0eecc76f65c276bb8636f3f950c605ca0360c8c7c2d70c7b36c4b2c70a7ad45e8a2633bc7aea69a44fbb593ba8ea0d02a6fc00d03125be9adf40b0ef8b809ca1993011ca640d9f3caa544f44b7f8ceb4e8a124ca87a933f3f60eda05627547f6112ec1c103937ac977156b8b21deaa6c79a0ff1f93ee8abe94bfbb9131eea0ef1cfcf470b028ca8bbc0ff1343463403176970282ea321cedece171ecc3c6f89aedd6bb69b731714c4c5615abee8331da967429d25721b15cda475d5d263c14a194c23f1e9dd56540ec4726bdb32eb246b0b482640e5af9cf6c86f1627f8bea545d5eb4f9bfc1a48f1fed1342b0ef74da2fa18a545a6830bda82b0cf430298529b7d1138c9ecf9d7cfbd36a2edf95cce612a3b5c079dd7f89aec557e33b6f9c5f59342d86e2020acb415ffae2613fdf5e5e34e6fe43c9c47b6ddbe0e464d05ca44ef780b938646bcb04fe3fe9c76561b1e8703206e7cb3cc6178fd55adf15ab5ca45b1270ae7beea8c5586b2d20d4f5c524bd9fd3e13c0e8956eacfd1a56c7667ca069ed933a1c38e29d54064a73d6e23bda59b227946d3707dba942e29f98ce0d490d08784a5b30de73da454dbc8055f44a806104aff303a566c2df6750bf0ab7888a3dc0310b5fdb9501f536a525911b4403f91d9a7d24b0af8ea4c4e60f6c99418c20176c62c8b9212499b52f47b6d6c636e323e26127737ffba138dfaa126bb913563f8632a82638f458902c3b88cf0e090466a080846f7c8cf96552ace8d5b596724221f39bebd2043b8f6fd3713ab5110aacd0fe7157e791c50c177b5d8c0720f4176ba244177fa9c7845e213615af340f2f14ac2f5539288327031006f9dafdf97c95e87c3fd0a892621e5dfafbc6d23d447bbf7256d772075a8f43380eb587a1abe4be15d44af2677bbb26e1d64cbd7cffef13ca2cfd9c5cce444de0754ce70003019827dc5ccfe4b27f8ae7582f95a5831b799aa1bc24206ca22bf178e06690aa3c4c9a84fc1f74ed41f786a4c78a736ca8dce49bc75e151420b41750da9b0f0b9a3338e5bfc2c1fb08e916d61969bad3392b4196c04ff0c624a8f684427cc2663af725ecd4daba897bed4379be4638d84a9bf05cac0ed6cc617654d4f2ffe2d1ccf49f48e1e8582c408707e41debe757f1cefa544ae83c2"}]}, 0xb10}, 0x1, 0x0, 0x0, 0x44}, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00')
r8 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r8, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000200)="e5f432732f4e096d26e2c735d135121c921bda40b8585ba8d47d34f3904cf12dba", 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x28000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5}, 0x8648, 0x0, 0x9, 0x7, 0x7fffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r9, 0xd000943d, 0x0)
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840), 0x802, 0x0)
sendfile(r10, r7, 0x0, 0x7ffff000)

[  675.994836][    C1] sd 0:0:1:0: tag#1833 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  676.004667][    C1] sd 0:0:1:0: tag#1833 CDB: opcode=0xe5 (vendor)
[  676.010980][    C1] sd 0:0:1:0: tag#1833 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
[  676.020018][    C1] sd 0:0:1:0: tag#1833 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
[  676.029050][    C1] sd 0:0:1:0: tag#1833 CDB[20]: ba
01:01:42 executing program 0 (fault-call:9 fault-nth:32):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  676.058504][T20860] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  676.066510][T20860] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  676.083785][T20860] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  676.091787][T20860] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  676.238454][T20906] FAULT_INJECTION: forcing a failure.
[  676.238454][T20906] name failslab, interval 1, probability 0, space 0, times 0
[  676.251091][T20906] CPU: 1 PID: 20906 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  676.260886][T20906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  676.270927][T20906] Call Trace:
[  676.274193][T20906]  dump_stack_lvl+0xd6/0x122
[  676.278786][T20906]  dump_stack+0x11/0x1b
[  676.282953][T20906]  should_fail+0x23c/0x250
[  676.287354][T20906]  __should_failslab+0x81/0x90
[  676.292103][T20906]  ? register_for_each_vma+0x372/0x890
[  676.297550][T20906]  should_failslab+0x5/0x20
[  676.302115][T20906]  kmem_cache_alloc_trace+0x52/0x320
[  676.307481][T20906]  ? register_for_each_vma+0x372/0x890
[  676.312931][T20906]  ? vma_interval_tree_iter_next+0x24c/0x280
[  676.318980][T20906]  register_for_each_vma+0x372/0x890
[  676.324250][T20906]  __uprobe_register+0x404/0x8b0
[  676.329177][T20906]  uprobe_register_refctr+0x29/0x40
[  676.334363][T20906]  probe_event_enable+0x2be/0x7d0
[  676.339375][T20906]  ? __uprobe_trace_func+0x440/0x440
[  676.344653][T20906]  trace_uprobe_register+0x88/0x410
[  676.349851][T20906]  perf_trace_event_init+0x34e/0x790
[  676.355146][T20906]  perf_uprobe_init+0xf5/0x140
[  676.359934][T20906]  perf_uprobe_event_init+0xde/0x140
[  676.365213][T20906]  perf_try_init_event+0x21a/0x400
[  676.370319][T20906]  perf_event_alloc+0xa60/0x1790
[  676.375282][T20906]  __se_sys_perf_event_open+0x5db/0x2810
[  676.380908][T20906]  ? proc_fail_nth_read+0x150/0x150
[  676.386200][T20906]  __x64_sys_perf_event_open+0x63/0x70
[  676.391694][T20906]  do_syscall_64+0x44/0xa0
[  676.396105][T20906]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  676.402004][T20906] RIP: 0033:0x4665f9
[  676.405882][T20906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  676.425477][T20906] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  676.433956][T20906] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  676.441948][T20906] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  676.449906][T20906] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  676.457864][T20906] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  676.465822][T20906] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:43 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300), 0x0, 0x0)

01:01:43 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  676.626500][    C1] sd 0:0:1:0: tag#1834 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  676.636376][    C1] sd 0:0:1:0: tag#1834 CDB: opcode=0xe5 (vendor)
[  676.642704][    C1] sd 0:0:1:0: tag#1834 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
[  676.651754][    C1] sd 0:0:1:0: tag#1834 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
[  676.660785][    C1] sd 0:0:1:0: tag#1834 CDB[20]: ba
01:01:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, "00e700000000000000e3feffff000003008001"})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:43 executing program 4:
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b010000ff0700008e548fe282fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21ffc97ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae76ece37bdaac6da997fbc15f0c79f42155b99a280667b51fb8750fc3be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba891e6cc85f2f3158f0d200000000000070000000000000000701000040000000afbb1ec2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932642b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000280), 0x4)
recvmmsg(r1, &(0x7f0000005d40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000004ac0)=""/206, 0xce}}], 0x1, 0x0, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f0000002a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/233, 0xe9}}], 0x1, 0x122, 0x0)
r4 = accept$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r4, 0x8983, &(0x7f0000000380))
sendmsg(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
recvmmsg(r3, &(0x7f0000005840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000004500)=""/102, 0x66}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/172, 0xac}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000005040)=""/128, 0x80}, 0xfffffffd}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000005540)=""/112, 0x70}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000005740)=""/227, 0xe3}}], 0x5, 0x2002, 0x0)
socket(0x10, 0x803, 0x0)
socket$unix(0x1, 0x1, 0x0)

01:01:43 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_AIE_ON(r0, 0x7001)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:43 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xa, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket(0x10, 0x3, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)={0x0, <r4=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000001380))
r5 = gettid()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
tkill(r5, 0x34)
ptrace$cont(0x18, r5, 0x0, 0x0)
ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r5, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000004800)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)={0x11ec, 0x10, 0x300, 0x70bd2d, 0x25dfdbff, "", [@typed={0x14, 0x6, 0x0, 0x0, @ipv6=@private1}, @generic="9704df34", @nested={0xf8, 0x82, 0x0, 0x1, [@generic="9289f77ee9d606bda549c7e15d0d76b0aebfcdd429db5db20df1905a57fbabc2b4e9e6cad5be879855169196ca746c7a789278ae07a456cc0de4c2cdd1f08bf594c115be6805b2a1b81cf96b611304c513cc7808c43d4ad59ed86c5c79b1b055d7775af66011d3294134bf32b59376561d9fb55330dca496c249c3408311bff46ab2c4cb44ccd624fc98580f40d33c4f489896291093d0b9964f4f2a69eb0f48ba50cc1430ebd1e4cabdcd6db783cd8ba9fd43b80ada7d483b524ec7b2f25f58894ed6eb92bb5e991723fc947f39d97955dbdbef3c3a8ac24a17402df2b7c667", @typed={0xc, 0x76, 0x0, 0x0, @u64=0x3}, @generic, @typed={0x8, 0x2d, 0x0, 0x0, @pid=r4}]}, @generic="06f6386addb723b2663d089b19f8f2da3d32698cd9f39b4a1ed309f5a8a62ba9f0d0b930bf63dd0c1b191e02150c522aeff7af67544c53d98e51c514634450d5c50033b4c56b976e6df8524c50dc5ecc2fbd73f1d532c139a240a37827ac1e3033990621b529cf94900971d745c8e6e7af92e89d89b931925b5807097a67fbb2fa41054b04c83331a6b121aca1f6a5920d2c1b5d7849b86343df67a6e87ed09459eeba8956d1fa9571fc03c3332f09a3e3756a23521775a5269c26a3198387c9625d6e36", @generic="4efdf2e3e4785368b3c39d8d2910cf591e5f0563c77163a117424d191164a261c7c1ca0693feb0df9069b50790b9c7657b70b158d3da2664b85105fb678b1c24df916f14cb1937de1ddb2c8a2333a8b266d31bc473e9d937b241db6c10052fddafa3dcf2310f3535ec82c6bfd584acdd48e1fed5f006ac11325e2ba357e90dda9eae460f14d25b24e25ebd7f1d8bcc293db835d9af59c78c0c8bfc919ccd32e4ce2b329afb74d26fd31a1a64dbe03cc224aa22a03c4bb1435f7a2741f041df853e761d26d9f9055d90730fff6d50b769ec4d9f1d82c0a5bbb95f8635e09bc21f563cb03be15899d3a70bb3e51a9b29fa3bc9302eb956aa86274298c99a00f6ad38eeeadda9b5d977f17b2629b30221b93fe7550124b8b4a3b14b5ac69dbce089f06daf30cdb380ac5c670f624afd36872b858f37be16cb3c888ead6e126a370fa0cdbf780ac53a7fed0728f18d23eab63c028e049305f2b034f9b61cc75dbe6afc7e1348b72aaf41ac3e3748ef73f367190607dc8767d373b566fecf3d4bd4c676634572fe22a1dec346251b696b6fc4744bcf8c36a8b8202bd997275cd5af7f8f7ac1d1f3a84ba1ca3ff5896b8f687d03a1342842a29f7c5fa4d44a233fbd49de3ec925b5489ddb3256298f963c95b9148f3c32891d4adb2391a7c4c5d9e726d7e49feb6d5e1e71ea76d2770a125cfbc196e028628d77c9074012d59a446abd8b453b0874823d9135ba2b36525431880890f6f35711b18c723280722e7b36525ff10801a31b5d47b0dd67b83ee77543cccfd456184b8315054b2299b81bf7cbf92789526bee206f1ffef8d0c029e0dd363cf463928e4c04e14b755f3b226539b32ee6737ce76da574d187df2c97b6dcc902e2dbba1accc784fa5748ac92d4bb28e30c9bda374664dd6b6e8e8905b1503727bc184d25865a30c8418da786904e56e45f9aa56d86d6fb5764ba5a04871552aa3f34bacddffee3a6ab058e9a6d1821e094653778d88bfe2664a9cfcf1d062adc13b92b615ad0395efa8078a31633685a9f5104e5412d39e010c44f920225de0dbe4f4534ea2bfde7086e443df72b27f431db9d34fc4ae421a4eeb5d7068f68aee5775325c59c0c5dfb1c7731d970ff26b7cfec5c6e41008132eec2e5e5229fff0e8bc148d617a6361247530006cc807c0bb6aeb11f2b21b8303d34e2153395295642a8167447b2b8c793d1b6d718cb201a9d196b053e80087529615cdca42109300b2b318a1ef1ce97249c0c20a7497932af8f3bc6282f945da146e2190040b71bcbb1a673cff28ad981f9c114511ef7a0c7dd87a4746158b9ceb0923ccc51e5e8f39f981ebacfb1742b17186e849466f3f65f6a0e8c3c1aee9b798201871e29bc1ccc0bec8df2fcf5a2f4a496936a6f4f12dccd3f1d165f7964ebe7678b7e37e6d6f9bd056d06d1076c9afe11929f9fdeb1f791d6b56af27073feadbbfbcd5b1c747d3cb15cefb96cc82d7320e4ce32d39ac0f100f8f335ec92580debedff3c5840ed373792d2a745f7c8aa0bbd073eeb7be9e0bac18d79ae1d5ab0fcc76361a56e43257b266c338ecb819fa0a178d031cac5e6a8aa02ddee19e7033fe0a9c21371aecaf77770017aa3a598ae3c95290bd42689783bfc5886d60b1150ed761ecf4bfa1350cb73522d16bd3dae1227c90986b9d21593cdeb5b9aabda9e4a8e125a32552a8b86c0d7b7f5f116cbf0fb375865db0d3e928c5791a0c3cef538877741ad102b32938794639a2e4e3e296a2bc497541370c9f9618b7fa7a5f4cdba26889c3763276fe658ec21ea7b36be70ded18c44809400c46a8b62702114633dded4987ed790b95b16f8ff0d6cc6dddb61c154ec56c8af8253623c974a794bc1e1ebfffc1ac13a56eeb664356f4053489f8d5d252f647172e26c948acbcfeacac58e31b0d40bb8a895e8f25b51db23bc943c42a33f706048112144a2882f084f5e4785f08b82b408fefa664bc0733e06609200ce1d0bf7f9a2ef3d888abb4e3ca4b5cc1cfca01f720ea0dad712ddd16a82d47dfd1a3e7284a48f62f8d371433c7e0cb29c2e19c74b957e2c5182f36a6ba8af739e5b680b8e35001951cebaecf92c428396652b2f61247b2dade4753eb1b926d0e8d7546227e536a97d474e7fe185f6763dc8e26353d3e28440bbf713c45bed6523dcd789c8a0279db3264887a359d27125623b64b23996a37adfa6a8c930d533038d64cdd349b171820ef3e406987e8d5fd8e3baac78f557e12ddee3ba10f4c8cd3c38d89ad052a14c9cfbbf8a2e75871b2a9c6a427a4e06939b5e6f89a97685c2868975ab1908e6a0174ca97fd809ba7f549c5f19b5d94fb7c36dfd3a23f90876f08376e9f490537336ae737a5fa17f3806afdd9f3e9ab8e89448c38c271f9eadd7be2d98202cfa8ad3da40320ff018a37941aaa5127011019874ea136e49d29844d91ca539af652f90639c2c7e1a5e3d96d3d90c09d8a5b2000a50160400680d0fa12788e8fa873efdd1ec5d800521e339a2c7b455fbf4e72c5a7648eb0cb048535bb04eaf6d8d5fde0686251f8e4390af629760809519b37f1643befcbead7e63f4c7bb44d9597270172d1f0bdee65e3620eb6236e4dfbfc0385e10cb2fd2a1d0a2dc1c37f79cfdd5fb980942ad2b2bf4ac1e3187f23c1d825b6b9e5cbbb907af2b61d5cedcbf28a7ff9b4e5e42f55d533fe58ba318165366f4280a402cf51147031eb27cf2719a300e2fdf2623f523382bda649f59c5c2b48af61208bcc6ae9c7722c00cd32484b87e13881b58d072b88f66c38013874c66f796d56f52935713d989bcc756139930a1c4485bf3395d1bf8e11a9f9ffa26a3cf69fdbe7fe87c498ecc7bfc4761306e4e46f4cbd11d65ad2e133628c2d19a1ccf3b6e31fe023b22ab276c44b7f4c7586f96f4559da8df621ba645ccdbbe105248712fd5922c9ef8bbf1cc619ae7e76e6b106f01805512aa9355eb3771873ee7aec9e746dcc7bdb29848d198e062270d3f19e307426d9a8333f6afffbc3758f5e9c0f4f7a8d008027d74be5824a6636609ffc470cee01c4213de9a6b72579ecf50c9cb23914582c120132e3d159b24464bfbc089ce8ccef402b096a8d3d39e7814c83fd3eef0315b10c5abb741a662be731425888fd8f14a06ba9c0f1267c0e22708bcffa01b57fc2e3a80cc67b49f980f766ede2ad2e7f372f33f95170ed6072ddbe84264692ae191e2d6aaf21331d41649c99e3db7ee2c272d0b16b530f67931db6e14697ef423dbc63462224da5745c014b5e49a27b7ccd5139dd55b98c3c4283053e2736edb87ec0e0f4320b4f73ef74f04934d0c272d1c8fba5074ce8f2be811470698d64b4d11c3de5bfb0840fd40c4aed67c0005f7a4c9dcc8cc78e81838804efb78bc1f53381a51d8c1b165e7b0edf823b38806b9adef55471d72579a9c8fb831d4c43100ace2274c5e4c7b6fc70d5aa09f07ba3ad8249131dd45b5da45bc7f05b6f5c71d11fe78e44d0a99a111e0becff19e5de7a414c9df35f28bd291170e14297871dacdb8979ce3b0ec07d7666fef4fe6f96e2b9dd99e2bb1a94c01ab69bd43b19eb12256f3106b13ee4360c020c3787a255bbf6822f6fb5c7bbcb29518565ec54664ee739df3a39e8758db9f6c7e5dc36838a9f4747ea6eb39c0a31719ef2a1b55506891990f0efea2e008bdff9788552e599985f80ef58ae1edded337031b01a503e4dc5430737ba3639b34de58dcf3a92c7074400b759cc534b423e48efa3e2ac86e79055c05420fe1878dea29896eddc9c794e81dc9d6e5ecfaae472afda313c5d673f8f3b5845908919c97bd830f6d766f50694fb03cc767fe4b6b171c6a214eb7e1b2a7544e29b778862095ef5f29067811ea3c69cc6925a0615b4bd071c62523999704356c532bcee823fc15eda9bfc4647fbd06d0a5f8a4899f84477c08faa11f7f2340702658f81a38527a3301c9ba9cd4205a52a52ad76e0f0fc69e2b21a66adc4d5d1733bd0f1b2e15e57375b20ebf74c46fb1b107d49b997e33cd964be0a6baffb8907c31278109b70d9952848461f309ec7f6180ae9cd4363a266e4c86f435293202dc568a68c712720dd417e4a637a73feb1eb12a7c8b66481f21659fc6a674d5ccd295596a188eb6b20affdc0c4e60e4d9062811eb706d9854e6c9c7d6d818c2b115dd3c0f41843714c0304580d46db244b04129e8a33093ce4c8f3a4dbc5448012a082c9d11e7271261d60894ba8f104c666247b781a941feb26120d9eabbfdcfb41a1398851ed3e73b641488d0b4768d06ffab8719f8b056fe4691eba0cdf982307cf5ff3a3e8c01a6d12f32414c79064a7c15771fef48414013b83371213ae403c70b962df0ae1475cf46604a123fe8f9d4d41d2f478e575e337a964c68855bb9886e448ae9552d3bb1e9ca44d6a161dc8ddc913e4d789c5a84db77825e2ddab2d240cf505ca05f822da4a9fb2075bdcf9efba2cf15d7c862b29b82a9eb45b733ea5096eae939b057db5a14454d601f9d75bc6349329a0c027391651b5d5f87b91ed60172f8b2b6ae805fcfd5dd93b4aef4a063025c95dc28b51c99c147e965a84b85f84170243cfacd038a4931e11d45de3c012c1c2551dad05f1de0cfc1102dfdf021e10b182fb879f618e7b482d3bcbec85ac372b1f7ad01d80d7c9648df95a89c4334acf82dcd5da6fb2b50fac0ea3eb8611646a8bd406ec2d1d9a59aa2cdb2f2461cff4e7147c835926fdafd9409a42866d20e626449a958ed747f8e9304b8ccf8094525380712a7ea4353392b545e120dc8d2555e17dcc158fd8546c7cad4a814f3b8707a660511bfa7dcb0c3059a305fcf26eadb71389880e74847b96aceaa19b8a4995d7a61720057199cf6bf0885ea051eb6d00c38821503fdedec40b506b62a46dbfc9086d5846ef7dcc10857bbba37ad2f2103258484f917e0701b295d7785846a69e41d6b4440f122f826d2c8116e898f45a28a83a9ff2efeb3b29f48548fd2ce2051b6dcad7ec598d7484fd9608f89500ef98040de21ba65a8a0e8be09defa978227e292ac7b3edaf910cf913f73c86b34ad07ab634f736224c916cbca583d690a8358f38d60f9f20115057a83ff6efdf0e27892104e5d9aa1be2d4cad85b5e59dc85e223991fb0c9592b03fe6e0b99c137ea8fe48b84cd579a84a4d4c4c44d40c3f471f12a5668b9133e05bb8043bf9c09e2e4882d0d2c0b49a11206e406d4b609ac798d2932731318e3eebd951470be780e507be78dc65568f2d4d10d36a4be281e5f2c6ebb56fca7a1d56450392e336717c0e67e29cd29f9359270c06e7fcb14eb7df7fb56ec5a00f06cc2c9d5d4ccd2c8f90053f86a856d27769b2faa839e720fc9ec8f76f3e9c296f02819729eed0a3e32be7face5d51e62e515c6942400e8f595026abb57f149d515bc06674c6c037348c53f45494834496c7d2afa80565f1b081f4953090a8030517f7e67d8f33ead266d44d321a1fff05275b8f079eb67ae88179c4d12147607678002037ad92afa06baecfdacaa23e3f037483e8e7697115a429a9b30dbfa850bb6392e4f2246b0228f8b830194944362668b742bd4188c3b0a86dce76da68b288026cb2d18519f3a51d5221ca35fa4b36e51e867f030a28cf5b01a207b9a4913b05e328c853cf534ee04c328d2aaf123259fd740d493b932ba644a36fd829c3a8e622f1b37de9e738c6c7fd18307eb91084d126aab73e9e8fe71ecc8d676f58617ed1a178361fa301a2c6e55b7f4130252cd873267f6789679aefc78f65b991d89", @typed={0x8, 0x45, 0x0, 0x0, @u32=0x7fffffff}]}, 0x11ec}, {&(0x7f0000002700)={0x12b8, 0x31, 0x100, 0x70bd2c, 0x25dfdbfe, "", [@generic="aa4ade0fab77fe5a9d609526fd875b6e4ef068846cbc6a3343a89d2301e8056fab7c9c585325ce6ddaad3eb71df6e874cff2d94711c88f3ad0bd7d6c6742b03a0fbff857d6e8f89f2ba312e5ebeba15c7b5439fba1ae40f06087024f7a5600db85250a9e33c3d37086eb75cf63a3227aebaa9edbc087187a7e72ba00", @generic="74ac73507aaee65f456d7c3c11b0ada3685f7449b677425fc790557f9e95a31e9536e525e3572b9dbedf93ea67f5a8271cbdd1e3bac365d08c374230c94ac6934d91d940a2c1269fd5826bfc59ca77528bfbba9a7eb65e15a27b25722bed0addf70f649b1fb138393b8143c34910a27563e819e0b3a6da7c853fd8e3f32cfbfa2dea6261eb48f4e51f042201da249dcf0d1b98541c416af7ab3f737ff70b124eef924fd95e196f26268a34f17338bdef6cbb178010a1196514b722e187239a21e2f52552f44f3112e243da3eadbee6c0181303fda67e44", @typed={0x8, 0x56, 0x0, 0x0, @u32=0x9}, @generic="0374fd0ab6fa5904555f4f05a4eeafd11c310f59bf9aeb60086242b0350322b3aa596d400cf55706c4ceba009c3e72e34602117f7316391894348cd5f282c83caffefb0bc615c9eac34f36c41da901c0da83f28f1a64fa1083ae018647b916ebadb3dc7adcfb25c6da171536d7af2b63fd5515ed7cef172accd04e53b170c35fd878a80f667c6d0c12464239933da4b90d044baedb18ef88cd948cc99ca54b694e164ed87943e814456dc35b1c62205474bb1714dd766b563f828eccb3ba19f42435cf191594a2e776c7831a9cff030fe9e2d8d01fc6d23c7aa6c55a392eeeb78983d84252a601e5d1d0a45a4af8424b20870eb36359636b62f112a91d7d9eca2c55f3a18b93cff3823eea28a4eeec8e36a098fff3bc690580f2b7a32a735b897e5be82c4fa80fbb52e2a95479c53df27028c6d483bc2f66c5bc2690e994dd9d8659e7fc6b1573b46ccd302d83337228c3b24d7662c7f04f0fcded6a87f11987ab505255323cdee6ba228ac20d5f33945d68b41b99b370d1392a91c31d36f598e03966c59a1f58769e1587c695113854b558173db28512a4f2382a9a6531fb834df86b41570334ad5ab14e502f6c3283ab7edf999f0c917aee86108581bb38a3bf7015e28c2f026611da01452ac85c941a9661bc23f28cb24c11e73452d63a8453ac2ce8739529bb555a596b34b5b42e8f6c76043d4dd4eb4732bcec4e3017466e2262325033677e03b60d53141528de3dab4dffb3d98362435c9c0497cb1476c32813d0bde228251d000358bd8f8713ac60e20bc7718a05e1a4d6f9858ba780cdafd585bb43d44269c362a5d515609d6a2a5d1f5e10a7491a28b5b4e7cec2759dc0bc0470bbcb46af5fd2925937c236b8bba912f01e9ce748fdd3c0c52f12ddeecaa8c011f1b934a0f32b2d0290193c9af1b9dadcd338edab2aeb7a485d4de752b163de527c6fd5f329fd484366f2d6063f8886a55213b85c5b3796094557df3787f9bc95c5d26c9103bce835ac1f35f9d45d91d2a359ce375f2db2b5ed28350dc2a5c73991ff9ff98e4b7a71f78f48889f5a0700621df74fe124f5117f1f0244de45ef48266219580b8dd84f6f848b0286373fa9bb8aa7019282c10e2d0a4d140cc4629456c1fa29c67738039adafd599bf833968f1ea3cce25a3c87ab46109684a235b2c8575bd685fe21f1c7d7c808db6239df1eaf37347c6c802373e08cf35ecbe8b32d032a8805515aa2d35df81635bfb0c1dac14c386602fd05b4c14191a1e7f9ba00d9efc9f2514c8502228305b59f2c7d41577ff1c68414c2df2ea09681ed24f04f88a4bbdb586fadbb861199a027c6a543cb7ea3e19485395dee9d275995bac38438cedbe61e45f53cd9b447eba3927005960c9622c7d91e2a45ff6f5f9af8b12b1af8e4be25c2c4ee41dd8d2500574d4b35f2d72329b0ac6d7adc41f4e0b20a351078a89e3153614303ca802477e5fcdaa0509f69900f94871244fc1768c36fab229b8102d7ac8a6bc224e376c9e85520090d0b10fac90e3e1f2ea985846cc9bf4a73fd254e8ff23bdad67d0c89e08386b39e8d92724d51090e45eb6b0eb36d479cb2ed41d081954b521e38415d7fc136904687240ae925b64920212a067c92e9ffde4d3bbfc08c8cc86da174acaf6b4405ba93a0ebd6d82c83f032db3a5a6f5284c142536c592a237d98cbf3a04b359799a3cd718f3f3e703123d156a59782718a7add7574edbcfb94a759d16c86d9606b81cbaea6e375081ac77ff0abb5832a3a3700c150c9693867dff0283a77cce918c522d0386e2011d6948ef10353d3bc21291bd46b6c169e44811cc97b86041ded6cd3e0343a98b9223a5279e00daacf4632545c51c5bcb3bd0b195aa93b66c87a5afaafb58c9ab2a0d0e7893e037955c0029b568b6cc19e87a7ce048d85cee6b69a55221b5f0f113d1eb4c2fcd106e59f0ca91a6ac1bcd69510cb22aab76ef7ee9d456f03deaf9f98672bfca3f1d68330b90dfe5d0e8400b4a3bc195d9d0cb18dcbc0a878466bd39d5ef244aa5e78c2a0dc4092c1dd9eaff58bcc95151a781f89b83eafd48fcd0aaf71f796db547939c221a91fcb32139c6948599106667243bec3e1e07379a27e3d264841cb2686b24f35741cfb2ce5988b207c1e1c28f6dba92bfd85d612a997d9fd60dd4d2ac7548ed3a17b40e62aa7237034b6b7a9969f3bc40aaf59a5ca043c6bdab2843e0a3debc953f1262a77726d6a25f50c501241dcdd541c3570f001b22c6bb3525b6681c15e182071797bdc902ef5e7e08b4eaf479826c50738da3b7bc89caeb797badf5e5f3986767da312dcbe422ca7f9aca7363f763a2afe48ce1a912834e51a63919270a01c1c8d4a71c47cddf4e5f912df903cc908c86c4ca32e5e294186265d56248bf10f376b8245aa1a6a7b242ee42b602d6eb2df13e6acf5e0f7da48826115d276fa0e3169db2028e8b255159d8a09804946b308f0e85cbc8a72600e994f71210bffa1a0ff066aecdf9bf4f0366b8c6de3d560f2d4596888befcb7788c7a7a9dec7f6ade00352630a4f0012982c260f85c4531bb7e565bcaf4c6d94e391a201a193a7e9c16a15fab953d46385d9e76bfb678fad59c32913aec5ad1ab8f7a4d78dc9fa5e59fa957e1a254a52a1f457f47e32e518e928b51701f1ff93ab44870d8626c92311dd71ebc98921735bcb5a84c323f6ec10e36c64d2e38233a52c9f3d98a9bc700e7b205da34ebd2704ce3ddeb8d1f56a9b640ea42ab051bf85f4ed2e22c935574890bd44bfc62b6c6540d14f17aad0d6e467cc0645fdc674d2a1384380a48d9739bea7cbdc002a292b77a50b317e5fdede009748753e55646ec20bbc28d48a4c18df09d0079a4cffd1a4add3de2b377e70cd3a3c8de23465368f90b68ad75963d90834ef4545312d2f1ab0333db9c53f9ac0ae597283bcc56a2bb8482a17c1063ce1abfa42486cd3fc07cd8e4fcfaaef83e95de85f3d6086dbf10edab33d37326ba34beb2b60b77faa16b2479766175b78f3782544280a2d0f173d353e85f6e38b839aec1a4d5d7a2d1548335e212c638fc22138a974a16563ff9a1719f2466983981a430722444744d94a5d02ea6d138f0e8653245e73e2dd6cda43c04ad91d02493d0193893e6a7460e956a09f19a8d4ec5879de7ab1a4e81346c732a01238b1159597ea78c8460f9d249c4ae4572d8bc6a050ee6f5e7bcf6480cc05333028a3752cef06548ca4f59cbb1f88c9510110e301ffb29ba2af55a716f682ff1ebe36a527ebe335a477438945a39d76055a9243d782fec2f9b9534067d7a2deacdbdd4cc32cd4a7d506ae0ac3ccec85484004c2ad74a168494668f329ee4e39d9baeffa881be21e8c73fd94c7dd08093c6487f23bc7cae6e8403751c0810f8e04075edb567274544aa2492526c3098191aed8f1404a3887e2310bdf26e9d7061afddd95bcea9c7de8273f4b6b958e99af902cbcbbb918b44cfd4ee9a0c816fd38c70e148ca0886eb125d725614876b563c235b7603f03831ce9aefb7e6f8d79c23b8646d821f2fffe0d60329809fb398c332c1d8a687b7cbc6d729edacd46076455a8ac24539fab865349fd33499e0a9dcb8cb229479f68040299e2caedd8be10a9a1de27b1c5edf817e036f62e9153c60325f2ab7dd9b9aa77287bccc6481b0d4f094a0fa39318ec1520f85ba95602bd7aec7485486b2a0c33d8a9c6fc9166d1611f0e92b51eee582aeb16c6f81985a85a781a2715fe1673b2f38e5b42b4616d157cbce1811d0c04175af7950e3ad4cd9ec7fd34d8f62119a4de017d40daca87ce8084fb9282a56bde48d96d66a971e59ed72b7e1c17fd04b4284e261ec2b5dc1b436897d729c023f713f131382e3e58b1ba8649c0c8828bc04d146a9fce7da8ef55d0a38a8c50fd49fee72ecc90a9ed41fda77f71969455520cfa59b1fc41a30fcb3660819abfc3f136bcfbdda7b31ae3542eff58b2138e63c01431038477179014b9b3bcc0ddc2887373497b7cf266e595fa47f63c7782d02b36fe38cea39c7728bb9a85e691ffba145d1817baaf489915b99afe02f194ab89b1c450dc962b60f009539b9cf7df01d083c94fb5f277e244210e4540c18dbdc2020d49e72833deffaff61a4b929db74c4921e8c8b9bc0f59444fd04406b55757c2df37dce7a09aeb9b2a1970cb37b7bf91ce59d6131a9c813e099cfadbebc4c162c7bb90832cc5896f47502aa470f258e02b2e180f2a540d8f3052ce02006b48e47240c63235a78d10f8be150334d4e573d76421601c71e0961aec026e92092915d105d2ab97cad7ba821bef8ecb94ad688fe85babe1cfcc76ef7945d7ad02dad78502dae07a2907d0cf87b773396599315cb7b8f8394d5784f8b74fedb77173f1e2c6e54f2dfd3c6e1c3ae63a84e312b330f9724ad6b894a3240602930f7258ef1a6e1f2ef4e1453a0d2a998944de98bcfb626b7a61b8131950f2f390fa68e49b71a20dd69c19b06be2c42338d97df4c8209eadbd3b69d19b1ddfc3f619c633191f7a03d5f8c54968e7d2e9202be65fa36c253a9a629d1f70d395338d0f0061768e6fc0a77439ab23e3187b42f6d6db985ad13148dda4efb0853576ae677480a432df9f85149710ff005d6ed2196b62dde2bd1583d10da4c1f9fedf3ea802e652b4b22eb93e9d06dc38ad816e3cdae2968c8a77b84a7ef655d6aa18f442e3d2c37752ae27b72538545e194979dec1041c1fa341339234af41a1981a43338689f3d12b2551d78f2e0b0f75184d37a658a2ce7370d2812b94abefb2df4b9c81ed7c653d3b155aa1fef534beb5c684362f44ccc2112a1259103492cf3e17fd14f2c9c08fd9731a7671c6d611c0b6197dec2e06fe9474bc221408621f3ba618f4a4e2f0ef423a3454257c210471c3b02e135b20ca195c6f0e7ed466eac48ddba598140448bb55fb5296630c608d128eef843ac644523899c85aa96923d9f900c8d8e8e242097527dd54e5dac0d80465a3bdb29cfb994b947ddb50cf54541439713e3205cfa4c62ebc98dedb6aca06f657a4b4bc9ac54955bfcb006923797d330e3daa421d0da47dd3ee3db6015e89e69bc3fdf19f51c88bc4a478b72c1b49e517a5865cd5e576eb2f45a7ffc69b4f2818fa6167f28b31c3b82538f701d3ba4650cc39a8911f18ad58e626c7df319ae039fa6d54c0d91cd51728ee7e8a9662d96f1da457a7b29b531a29efcc5a32778d86464f81797802c071fb6a8e160f88279d6fcef4fc3dc261f89020335859b0993ba7d5ec633a28f2c907497223a77136091d3dc93ff90e3da4488c0ef074196c646293766fc31d0e0e7be765f001878b637b05dcd41aee525a343d6d9c6ca366f580f977800f34df097872b59ec6e1ca98bccd2c90c19200dde6b333b874800a8914aa67405a07533e2d6c641ee7d90757de23147d424972f0e3ae18e47670441ea6988b7365eb496d8473632cafb5fe774ff6dd8124765f9cb3b4c615fe34b547e588336259b6748fe14fa6df0543521e7bbf1396bbb9deda945de68870108538e748b42049699793bebcd0d0c3847ec2fd71cff2e880421d7b76f7b7f46523dd8b3d5798db54cff25bdb77d6ad65fe178a177aa6cb5f91ee7cfaefa663373e80302e4265debefe06947fe302a3e64276a81d03178894cae1ce3bf837fa3bb7654dd9ffda6a0b675de8db4b3d18713e5f3e23235fd2dd937fc5420936b62af5679171f47148d7106652965ca94285980be881e8c9ca3398f47599773762771fedf3ed9745ed20a08fb24dae08464", @nested={0xc1, 0x64, 0x0, 0x1, [@typed={0xc, 0x81, 0x0, 0x0, @u64=0x4}, @generic="2ec269f90c159274513cee65648d491752e7ef3d468824356fdb0f39beb8c3ce3a729007b1c2c990e8af3b51fc834347c66c21975bdc98d8f4c174fdcaa9d8bc8fbcae9e9b0a2dd08e41e0d60c7b41527d6487f14f3d4e266a67dc6f9b42d62b74f59e2e7a538ec262da87600614f3abf02f8f8bc3ba00170fabc1537b34f5bf52c2a9cd27e6a98c50fc3a041d84cb4e4dbb2a10e3e077dfc258dfdb37fc0b134ca30c79b93536acf8dce8674d30c7b2fb"]}, @nested={0x87, 0x70, 0x0, 0x1, [@typed={0x4, 0x2c}, @typed={0x8, 0x37, 0x0, 0x0, @pid=r5}, @generic="92e7f432db162389fc09484c637f35b38e932b3919d572751a914e7808e077877042809c546bf6b960554bf48daa5c2edcd820dab902ac3bc4039216e0a2820f48d13488effab250fb41a87f329d7b9ae7c751d35af27dc6b4de47e8e4c8a40d38b8e06ca1c3869cd39f28bcec6a4c1c5afa28ba6d7902"]}]}, 0x12b8}, {&(0x7f0000002600)={0xc8, 0x31, 0x400, 0x70bd2c, 0x25dfdbfd, "", [@generic="9d70507aa92cb9d3932c0614ff64f0e81dcbd6c18c8ecddd48b13c5b38e862e09ead63ae100a1ebd7983c9384f7d30daceca0ecc0c3e5b456c109fd774de4a670d02e73017e5344f91cf4c8d23cd0829eaf9d5c5684be650aeb3bd4ccf37c0238bfdc4c1ea7dc8eee4eb4eea795e0694a320fa62ef369bb14add33ee025a974c62e5b33f0ce2672defaabf8020afab422e023ceccf417eeb2464611f32b691ea3f45fc7c9e73f4219c9728c30e352d88a57a8972bac6"]}, 0xc8}], 0x3}, 0x4000040)
r6 = open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x101)
openat(r6, &(0x7f00000000c0)='./file0\x00', 0x10000, 0x20)
write$binfmt_misc(r2, &(0x7f00000001c0)=ANY=[], 0x1000000c8)
splice(r1, 0x0, r3, 0x0, 0x30000033fe0, 0x0)

01:01:43 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000100)={0x11, 0x34, 0xb, 0x11, 0x5, 0x5a, 0x4, 0x103, 0xffffffffffffffff})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
preadv(r0, &(0x7f0000002540)=[{&(0x7f00000001c0)=""/140, 0x8c}, {&(0x7f0000000140)=""/39, 0x27}, {&(0x7f0000000340)=""/215, 0xd7}, {&(0x7f0000000440)=""/187, 0xbb}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/51, 0x33}, {&(0x7f0000002500)=""/15, 0xf}], 0x8, 0xffff5217, 0x675244e8)
io_pgetevents(0x0, 0x8, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000040), &(0x7f00000000c0)={&(0x7f0000000080)={[0x5]}, 0x8})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x281)

01:01:43 executing program 4:
r0 = epoll_create(0x200007be)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
r2 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000002c0)={0x0, 0x7ff00, 0x3, 0x0, '\x00', [{0x0, 0x0, 0x0, 0xffffffffffffffff, 0x80000000000000}, {0xffffffff, 0x0, 0x0, 0x10000, 0xffffffffffffffff}], ['\x00', '\x00', '\x00']})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000100)={0x2, 0x0, {0x2, 0x0, 0x1, 0x2, 0x3}, 0x401})
r4 = syz_io_uring_complete(0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)={0x5c, 0x1, 0x8, 0x5, 0x0, 0x0, {0x3, 0x0, 0xa}, [@CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x67d}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x600}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4805)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r5, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000000580)={0x1, &(0x7f0000000540)=[{0xe22, 0xa6, &(0x7f0000000480)="4b8602e36d71be94c229077ac1a7549ca8804c1a23a24f72d2f75d0fb46f5db664391ad121f967d5264f805c81e28817fc94e3fba0e50162eec6ef2742e4595ac59e94e0a3a7511c9babdaa744811f074ff4ae38f8ce8ad4ff938508a55c1f5bfeb96632aa41d07c04e8102fc174f7583bcfa1138fca15dd4ce46250d885e13ba020e24ba0b19613282e732d13bd7850028e3ccead9f85009db70a8e1c91fa65979ae580f38e", 0x0, 0x1}]})
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000200))
r6 = syz_open_pts(r5, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x3)
readv(r6, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000040)={0x50002002})
io_submit(0x0, 0x5, &(0x7f0000000ac0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x2000, 0xffffffffffffffff, &(0x7f0000000640)="cd6d93682a3c2a3ab65bc43dd58f53e04fc4505c0a206f557ac06edcf53f7e43759b0b3d5e0c51ecb5e40dce59b397bc46a85ee59703818b84b0348fe5ae8c5cc45a1f933c73f16a7f966fbaf6bef3debf1a2fa5ee1583f9954e4a89d6ae59fbd9197f5f12309c474b7b81bbb15375223714e31e316eb62dd8035a6b3b1120d7aee8cc08df930fb1868f03", 0x8b, 0x1, 0x0, 0x2}, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, &(0x7f0000000780)="e5899c4e188f0f4c7ce72b74bb9ccbad7a1c3e3b05092f0ea7d537bf47f75193d3f11b310a8340976a74b9599d48b33170ff491000aa480cb641b85d40251d7c5ab15d5d4b5ecefc18cbadc5ec1d197a6639d7a3591997998f472abcb8da8cf5e62b3a58d59862f06dd1d617dd2455fc76cfdccc438e6e2e69c23ee1720641792dbac4a7e2e5693f138049e1cb98d2357cc3e70bc43a30b87aed8faa537159bfb6d9e2b520caef414c07dab09884ced5f175176667070ddf4cffb5d4bd806e1c08927cb76aeecbf48da9b185d6a67299836b89884fd16a30928b917d599170e40574760b516b906563c42ba7ea35a8", 0xef, 0x8, 0x0, 0x2}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x2, 0x5, r1, &(0x7f00000008c0)="6a516e818a72abe93f5f7c23741788391636effe53cee1694e", 0x19, 0x1f, 0x0, 0x2, r4}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x2, 0x9, r4, &(0x7f0000000940)="312717ee101b319d7896469a6eb109c725735b376dd56b9e06ebdef3fb13f944bedd5bd5cc41ee07", 0x28, 0x2, 0x0, 0x2}, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x7, 0x6, r3, &(0x7f00000009c0)="3bb9f70fc8bd044734e6bdf19cfdb6b577a432fae79a4448f5f10001132fb53c230aad7724921cb87f3f9751c8b285eb61dd59c9c36c7a18535ed851045531b9889df0a0a907f7a600cf48b05171561dbac0b1108e83eb90f0a29d0ece0953c001a6a9c171472cf401c9a5578816e9916364da0c5fac92b66ee47ab8a871c8e194cf9be5235a2fc02122738077cc27451e4d3762b365", 0x96, 0x2}])
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000))
dup3(r0, r2, 0x0)

01:01:43 executing program 3:
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000040)={{0x0, 0x5, 0x9, 0x6, 0x2, 0x6a, 0x100, 0x1, 0x0, 0x6, 0x7, 0x8001, 0x0, 0x4, 0x81}, 0x20, [0x0, 0x0, 0x0, 0x0]})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x18000000000000}, 0x0, 0x0)

[  676.994735][T20901] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  677.002868][T20901] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  677.020787][T20901] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  677.028809][T20901] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:43 executing program 0 (fault-call:9 fault-nth:33):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:01:43 executing program 4:
r0 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x33154, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90210, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x2000000000, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x3f, 0x1, 0xb1, 0x2, 0x0, 0x4, 0x1, 0x4, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xbff, 0x1, @perf_bp={&(0x7f0000000100), 0x4}, 0x0, 0x65d, 0x6, 0x0, 0xffff, 0xdcac, 0x8000, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x6, r1, 0x8)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/15, 0xf}], 0x1)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1)
syz_open_procfs(0x0, &(0x7f00000000c0)='projid_map\x00')

01:01:43 executing program 4:
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket(0x10, 0x3, 0x0)
r3 = eventfd(0xd2c)
ioctl$FIBMAP(r3, 0x1, &(0x7f0000000040)=0x17adbcf1)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r4, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000200))
syz_open_pts(r4, 0x0)
r5 = syz_open_pts(r4, 0x0)
readv(r5, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x1c, 0x31, 0x1, 0x70bd2b, 0x0, {0xa}, [@typed={0x8, 0x3f, 0x0, 0x0, @fd=r5}]}, 0x1c}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)
splice(r0, &(0x7f0000000100)=0xfffffffffffff800, r3, &(0x7f0000000140)=0xe, 0x101, 0x2)

[  677.222507][T20968] FAULT_INJECTION: forcing a failure.
[  677.222507][T20968] name failslab, interval 1, probability 0, space 0, times 0
[  677.235217][T20968] CPU: 1 PID: 20968 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  677.245042][T20968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  677.255091][T20968] Call Trace:
[  677.258367][T20968]  dump_stack_lvl+0xd6/0x122
[  677.262957][T20968]  dump_stack+0x11/0x1b
[  677.268988][T20968]  should_fail+0x23c/0x250
[  677.273398][T20968]  __should_failslab+0x81/0x90
[  677.278156][T20968]  ? register_for_each_vma+0x372/0x890
[  677.283614][T20968]  should_failslab+0x5/0x20
[  677.288121][T20968]  kmem_cache_alloc_trace+0x52/0x320
[  677.293413][T20968]  ? register_for_each_vma+0x372/0x890
[  677.298874][T20968]  ? vma_interval_tree_iter_next+0x263/0x280
[  677.304892][T20968]  register_for_each_vma+0x372/0x890
[  677.310172][T20968]  __uprobe_register+0x404/0x8b0
[  677.315129][T20968]  uprobe_register_refctr+0x29/0x40
[  677.320327][T20968]  probe_event_enable+0x2be/0x7d0
[  677.325471][T20968]  ? __uprobe_trace_func+0x440/0x440
[  677.330788][T20968]  trace_uprobe_register+0x88/0x410
[  677.335989][T20968]  perf_trace_event_init+0x34e/0x790
[  677.341314][T20968]  perf_uprobe_init+0xf5/0x140
[  677.346099][T20968]  perf_uprobe_event_init+0xde/0x140
[  677.351385][T20968]  perf_try_init_event+0x21a/0x400
[  677.356499][T20968]  perf_event_alloc+0xa60/0x1790
[  677.361430][T20968]  __se_sys_perf_event_open+0x5db/0x2810
[  677.367055][T20968]  ? proc_fail_nth_read+0x150/0x150
[  677.372278][T20968]  __x64_sys_perf_event_open+0x63/0x70
[  677.377728][T20968]  do_syscall_64+0x44/0xa0
[  677.382141][T20968]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  677.388047][T20968] RIP: 0033:0x4665f9
[  677.391931][T20968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  677.411593][T20968] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  677.420026][T20968] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  677.427995][T20968] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  677.435958][T20968] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  677.443919][T20968] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  677.451886][T20968] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:44 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300), 0x0, 0x0)

01:01:44 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x1, 0x0, 0x7})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000000), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
syz_open_pts(r1, 0x2)

01:01:44 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:44 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
clock_gettime(0x2, &(0x7f0000000000))

01:01:44 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000040)={0x8, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0)

01:01:44 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000000)={0x11, 0x25, 0x14, 0x9, 0x4, 0x4, 0x5, 0x11a, 0xffffffffffffffff})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)

01:01:44 executing program 3:
pipe2$9p(&(0x7f0000001340)={<r0=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x10490, &(0x7f0000001380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@cache_loose}, {@version_L}, {@msize={'msize', 0x3d, 0x4}}, {@cache_fscache}, {@uname={'uname', 0x3d, '+'}}, {@dfltgid={'dfltgid', 0x3d, 0xee00}}, {@version_u}, {@afid={'afid', 0x3d, 0xda63}}, {@dfltgid}], [{@uid_eq={'uid', 0x3d, 0xee00}}, {@hash}, {@fsname={'fsname', 0x3d, '\x00'}}]}})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = signalfd(r1, &(0x7f0000000100)={[0x7]}, 0x8)
ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000140)={0x0, 0x1, {0xf, 0x27, 0x0, 0x1, 0x2, 0x81, 0x0, 0x73, 0xffffffffffffffff}})
ioctl$RTC_ALM_READ(r2, 0x80247008, &(0x7f00000014c0))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r3, 0x4028700f, &(0x7f00000000c0)={0x1, 0x1, {0x23, 0x7, 0x4, 0x12, 0x4, 0x100, 0x2, 0x3b}})
ioctl$RTC_PIE_ON(r1, 0x7005)
io_setup(0x3f, &(0x7f0000000000)=<r4=>0x0)
io_cancel(r4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x7, r1, &(0x7f0000000340)="10d0446c7e27b950c4bd2d889a5fc3f1489d8e5db56692e557f92ba67c3734a945e9581b5f7563722ba7e39a02123596df0678c828a769a51735f085607de2bb227d413147c70fb6092115b700972b90f28212ded1522218d56303d5afc0049750f1560f60d92053f825fbf050185fa99b86d95f041d6d1567c756587dee3c94047e3def5cbfaf822d47dd62f2baacf7ce8fa0e38eaeff13890795083d64215c246c1f9c92f4fafb4bc02e59c2087480edaee17bf9ba1fcf7109e85020dafcc65c27e8ee73622e061f13063638de1a7514a608ed80b4808b29ec01d920b746dd15a80ad8df107580992957b60fee1746d16ff1c291115de778d55e3dd86a92f8ef680d2ce3bc2991bb1165673357feed0aaaf6ef1e138d35b3e5e3dc971b98ca00a37669da1ea596803d6c50eeeb1af47781d2ef849c393cbb36384fe6d91ef14da07c0d39153d1535dd12010ac40578a14cf0ffec80f0e9356d30ca3fe4fc5d87fc9a2cb5ef3df56da882f803d78258fdcd6f8fb22510435a0cc5be6e85ac2777a8650390c8a5f9fcb965378b2b4971d512656983812cdbe3561577e491107d18cca2a80b1678ef2d05b6e87f58e0c51f4d9ad60e5fde616078be073528009c9039200fd0e1411a8e19f728d89d8b42c4ae2ea5a08b7d21e2911ea3894a8f4b8fa05a836140bf3f04a1d0d44c9dad3d5d809941f30dd7cca52f48c44fa7cc0655d09f2d500bdaf0bef26a082dcb304a1c053d030c9759fdd8b858e02454aa404c89bdc2b59a6b3ba430a08c26e52a293f5d8812db0c9acb0cafd8239d9f2f12f2ad4ac5a85bb13a32aaf957af379383747d1db9759464609f91ec7fe3af741549e5b96e27a5d0b4a763f6cb2902d545fb165a509348d495ee984ffe303780c74156e8cf0415983cea3ea6c7d0a31b8c2df0708eabfa6ebd2fec3fc5b56de76bef1744ad31923835fdf90e160e102203002aab74fb2e2e4d5231da66a983ef31b6755cfab02fb2d6865b690e2095d29c226a98242d3df7a9e1e471751715318fc1029d8a654f0dab68c0f3115d35425dda2f83e832615348479aa90e396dfad1a97c1c2b35ed09238dd3890accc327b9b4364c98e86fdb4cfaa6438ae32a928c7204f3b1653b9e7810dfee91be3ec9bee655763e7635269428a609c1436dc240d249356722518c34f46366e811b4e50082e470dcd705432a0f91e7d2c1413083eb81a901759f25207104f820d7e29c7fc03fd5d881b4db849a8a3f8de7c2cdd6e8717f346e38de55d25be83dea4a2bf84914466d6b3d525372238e8da1ef95682da9fdaaa3e90fa39a42ed4989bae688b8df16302d217c6da32dc34dfb0b6da9ff9a57606339239cf6d429dd3d2bdcedff26050f20c0720de34b1ad793ccbc4944886d29edd236f362471cfda1618707a1266b200c912bf1027e37d8a26eb35a2a7cd88effaa50814dfd8229661a33191f44532b8a144f699c4bdbbe33cd60b8f3d4451c79298a6965f2cf1b276e6c573aa0aa943ce25c81092e8277db4e89595e40d9d87e35742b36f87a555ef1aa20c06b8a2875fa1e32633c28b58fddbb3ad12112c1e7b2f6011c799a149df28b4c882984b699ce9cfed8cae41d748122e9087d028a72edf080b43a16667211eb0c3370835b410904eb04ab7e85dc1a5d1ea594daeec91d7885fd6b7a3dc4347209e64b63723e0849ae3587c2d1f9fed0306e724e3dd6fdd523d199f8ed50d15068c05aebeaa937cf123545d35914bdf21d44e8f50a25b8fc5d4c8913ea7baf59e93ab51619235b9066dfa20cd26b88cd761ee5d39cb344c728eb109546e8c471b385d5f0d4bc2ef7a3b227632bad564be98f7c3f035a3debd6c50559fb53056983228bf9735971d26b4dd768e73059fe2d59d72a0fe34a8ec541fd3fe0ad1dac6388e1290b3ad27dbcc5df07b3c359c3549ddd96c0167e1eab05ec47f478b7976f711dbafa31c2fef1a860037d3f307efd517bdbe9f13746acddc75ba25c3e3f093e7fbc78bf99821826befb5ad33551bd5668d8a6adcd3df94f6a938f3ac21bdf021570b2f40c478717e43d3c7ef4b75e8a904dd8116428bbb32ea799b4957e916f444ad0f2b28270ae1027dfaf1da738da408e5a23888da16e1d83bda440b63c318b556148770c6f80da16b4da101787933760ba0333ff2aa8cdeb968d51118655341601bd30b26b56af5e9051566e714edd36530de0caed77db05a05789434b10948b60c4cd4bce21dfddedc8104fad0b90b5e646906435b26ad40948b860a054c5f836a10f3c904479d5e24e6078d6e0606f29b58a54cbb948096dcdf672e298f00820d565e7baf7e0ab7ac2d96f8a44b6393424bb2c64e4787b2bebac87b99efb1018cc4eb950db5f3f37f1e5979d4a17583bae34c4b810a0145a4b7d551129e1914da1cbffa1357820226df5fcec0115d65864eb0e6400b1f9db2e0a413f880f47e6a7ae620186974b1c1ad77f870f71cebdbee23237aac5769af19b2adaa95e9bcf632773914ceca35fd8025f5cd00c791e7ec0fd0adafa17dbe84c1afed2f6a99ec24ce234b26a9fe5955e817ff8a472edff935383044f9dae61a2be2fcb39c7df8bdcf2ff334a35195e49a68833059fb019c02a975735c9589c22f9896321a9d942d6f644d7bf3c4092152e7e862862ac7b683828a1d9bfbea7bf14fdacd1342c57ac2d06f21d74b6c419e0025fd8f3625ec03bacc051dcfe7f2b5c91163e2a93a5f6267a3c4c5fac84eadae191c90af3625a13fa4d1a3fec549d491f7e7422920d2bf18a981854d7b30ed2f2eebfa2a7ccbf77058d7d6c99d904656e09bb0f071b63ddb7c4042e390bad0892bb63f8381eee5a3fc8e23aa75a59e1bd06cbea8e5640fa58f5a61f4ad0425981438104499da120c3fce07cde21f3e1627141be6e2bc64714ef183796d0a0aaa58f1fcfbb02eb0895635903537a13eff1c3427464a0810301942c2f4ccc09da996f5a93ea68197e601db608d95a1486d8138867e7282530aa726ee9a469b4a98dc0c3dbac0c42019e11c356c992a39b84b39d2a20dc2dd38ed7ff6a1114163162dae325420c219aa5e2f7bdcb3f0765f197ea38b72fa98e5d8b9d3ea40eced96721cb257023092cd9e41156a864e48a2fa78900ac039feb587322fd8d4dcc742a80ee9dd81d62f6aad3a18622ce26f16be3f7e0770db37a6fe638f72e72498faa2443ef34c347c8c12f402f1ae59366a68ecb7cc587d73e369f08192b8df2f72bd55f0698c31bf90bf909006ac825548262d4cfa6159d42563b1c02e9d41edfe377489a2259392b48c6e9f466a011df33b4d605776965ec8e2dae761e2afa9afe6392003247d2b8aec60bc620e8f6e383f70b2af712dcabcb4dc116e0dbb97057e48ca7e6a725300ba58949d2f084b27b836a629ef9ef76b309b1a8eb2713239428268a29b430b0d8dd74adccb3d345fc9ca2c3b11fff21cef017111c15e68f98f6369b51785a41e59255f6dbc608573c89cba46746194e03992151e8bd9363105809367b143bc78c3232e1a44d61ca20fbb51bf4854b68e9c747584a3caf285043d6593e3749603ac0c237775acedaa5e84fd6952aeac1040e8eedb404bf75f76f99bfdf209bd18b51def56dc8d61275a0f8f114c4b4a592234ee1b4799a184342047c9b658da3d0d3a8b6dced398ce99f8650b58637f0ef4cf4220013a8a49a97ad0f2466c4a4b5716756d1770bb7a1c94d215773412bad54e655966241772605fc54c798339fa7abc99f38d3bd1be298a2fbd2acef3a1f23dd2019729b29419a5325648a0284d90d0c0423ff1605e7d79d8a2baab73244040cc17ad58e6db4562f8d2bca9e603f84f8f16b309cbfa2215d1ec377a804b3547cf9608f6f9518006578b1a948b860c6f0eae38c591716ad822912a8e8c99f8c9c44f6ba7ec3a50321f727161ff04be185139852a1a0bf3b7c8e89e8c5a7ecd8fe6746453336fc710dbff99e57c3a616643652998fee1c817045c27e0bf344ae4e6c423a3c0192643ed00f76bb5f7834a970b0da6a05fc3a227c894fe0fc8908cbd728267ce3b12c8eba13fc4ff820307c0f07947a4f3366137296fba4fa43be8a93e3c36e378d00d0e6e4726d4c25b755511dbcb7c4dafbd4a26a65da8adbc4aeb37356b3a1922b33c5550cd83700081843c12b51cede18a0ca8fc97691b188832a2f1d9a156979d7d0d1fd6366f94fcb2ca970b91264bf8027a0077569ad009ad9cd25a1f3a42fc844c6e9a7b3aa3d9d4eeae442ea1982620472a020fbc1116fdc12f7afed3f3d38abdd4258c1a7143a69f8caff7b6047c7d2172738eee063f3a1297ee13997f6d6ce07e329ab3a42cfd92d4f9d70bfc816750613ed5a5dc7674df4e5fc9f4625b7eb5afe4698257790f2b9a4045dfd487f33555adfa426c08cf3ac6002ba48d29461b4d3b01bbc4c404231f70122cc010324e5fdbe5306af1e3014c70972bfcc25f29331cc304c22b3f85cbad6e4d885f2e4aa9917ff70739809cab7d5fa06df777008f708aa5e837a8ba1ade39c40197ce84c8cfcc884f52a185669d0ec658b27c431546e2c0219de55a23ad53bdeb79a2e43132911badfa4628febe8df17601448bfd4a71d1477a0d2ad8b40848c472b9af0b524c7d7885db7c0850d84856da8c78e7425fa08ce1592db29fd96c4ddc7635595759dc6b3d5b43e8737b4d18fd5f29db5877772d9555fd2c53e845af5149a45afe8ddffb63c2f699ce4b5702540c71f4ecc4d214eb24bd94efd134dc94fca9443c7e524c2bc86ad3868aa611e3fa74a754b2a86acd424454d01c2f5c5611d49797a9cf3bbb38788652dfd93dac0fdc23dc1656a6be570c9a3b625f32f12e8719e2511df9a8ef63299bb69481656025b65f8903319e349e334bdd135285b01c0e8f392b3295ba3b11d9195c9cfd490e59b841df8010532acd1b9045379febdbfd54fb2ea8cacc2181172623caf9d7fa0b05f4ec80f30c21e47afc3dbec037eae995e82e2c32a1429602dd3afbf0c80a7c8ed24cfefcb1ee31254ec9c253838910405d7838cf944b0753e660f9cad9961b9fb6eec91e07f25f7999b7452b775f9121e34770db3228474b8e2b42339da83ed63931a9d052614ab87fe38d329b268404a8e5e912ac542883b3d5085742d0dec046ff95e2bb450adb3c8f228f157ce82632c8d794efda3278798b8cc9368017325b4dfc294e0d626d5edc6aa4fc611b0971f2dd1b8da56c643fc4bab1b6ce6b7374b896f8d489a37f6b8b1c74aac5d3b0a1f50bf0d90a9e6ee06a4c98910d47003b0dff46c8d9ab2405d96cdf3ba8ea4ef8bcc16311af9b64378d1786b91ef8c069bd49d85097ceff64ae72f944818b8b0d0c16119fa7af441b5a2525c0b76b644bd055d4ecbc10dfd6ded2ca7590da490721afa082288b4ffba77c3e9698cff3108f061e19c7f85b11d1daacaf1ad8acab64d91f3706a0dd7b0fc899b7649a02f33ab17df60aec5f84429e0be2a8fa8b43b1b7754c6ac21300c6be09ab7278d3a535c742306ee3f1e001a18e8cac2828aca23cf136a3c87628558c71b8e0c55f9d606e2d820c2e1ace28ecc66d918ea50256b1bf2fe7dbadb461207716f15ddfdb96ddf1d912854da90c59a76afafae9c5c0e45f53a8103e158d7f06f9421a86591cc24e452deaaa8e4cb06e7d3894f0df76b927bf4f2c8b0d43757cab6f74f0959f7b287fbbeb0dc37a8e361dc30149ee5356393b7a238583e613e31efae1148e3e9a5aafc2e37c577ddfe541cf46949f7e66000ffe952a3c63d", 0x1000, 0x4, 0x0, 0x2}, &(0x7f0000000080))
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:44 executing program 0 (fault-call:9 fault-nth:34):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  677.970124][T20954] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  677.978135][T20954] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  677.995990][T20954] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  678.003981][T20954] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  678.363254][T20997] FAULT_INJECTION: forcing a failure.
[  678.363254][T20997] name failslab, interval 1, probability 0, space 0, times 0
[  678.375902][T20997] CPU: 0 PID: 20997 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  678.385693][T20997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  678.395836][T20997] Call Trace:
[  678.399115][T20997]  dump_stack_lvl+0xd6/0x122
[  678.403871][T20997]  dump_stack+0x11/0x1b
[  678.408041][T20997]  should_fail+0x23c/0x250
[  678.412536][T20997]  __should_failslab+0x81/0x90
[  678.417346][T20997]  ? register_for_each_vma+0x372/0x890
[  678.422817][T20997]  should_failslab+0x5/0x20
[  678.427312][T20997]  kmem_cache_alloc_trace+0x52/0x320
[  678.432676][T20997]  ? register_for_each_vma+0x372/0x890
[  678.438132][T20997]  ? vma_interval_tree_iter_next+0x24c/0x280
[  678.444153][T20997]  register_for_each_vma+0x372/0x890
[  678.449454][T20997]  __uprobe_register+0x404/0x8b0
[  678.454399][T20997]  uprobe_register_refctr+0x29/0x40
[  678.459591][T20997]  probe_event_enable+0x2be/0x7d0
[  678.464793][T20997]  ? __uprobe_trace_func+0x440/0x440
[  678.470074][T20997]  trace_uprobe_register+0x88/0x410
[  678.475275][T20997]  perf_trace_event_init+0x34e/0x790
[  678.480695][T20997]  perf_uprobe_init+0xf5/0x140
[  678.485531][T20997]  perf_uprobe_event_init+0xde/0x140
[  678.490851][T20997]  perf_try_init_event+0x21a/0x400
[  678.495967][T20997]  perf_event_alloc+0xa60/0x1790
[  678.500907][T20997]  __se_sys_perf_event_open+0x5db/0x2810
[  678.506537][T20997]  ? proc_fail_nth_read+0x150/0x150
[  678.511753][T20997]  __x64_sys_perf_event_open+0x63/0x70
[  678.517211][T20997]  do_syscall_64+0x44/0xa0
[  678.521810][T20997]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  678.527707][T20997] RIP: 0033:0x4665f9
[  678.531599][T20997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  678.551371][T20997] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:01:45 executing program 4:
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
r1 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000180)="900000001d001f4d154a817393278bff0280a578020000000404840004000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

01:01:45 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:45 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300), 0x0, 0x0)

01:01:45 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ppoll(&(0x7f0000000180), 0x0, 0x0, &(0x7f0000000000), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  678.559783][T20997] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  678.567759][T20997] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  678.575738][T20997] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  678.583709][T20997] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  678.591686][T20997] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:45 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x6}, 0x4)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000180)={"2e73c276ebc95130b305f9d730ce959c", 0x0, 0x0, {0x7, 0x80000001}, {0x9, 0x80}, 0x7, [0x7fff, 0x1, 0x2, 0x1, 0xffffffffffffffff, 0x5, 0x7fffffff, 0x0, 0x85, 0x3, 0x3ff, 0xcaa, 0x9, 0xffffffffffffffc1, 0x9c, 0x4800000000000]})
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000140)={0x2, &(0x7f00000000c0)=[{0x30, 0x0, 0x0, 0xfffff01c}, {0x6}]}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000002, 0x4010, r0, 0x579a1000)
bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8983, &(0x7f0000000040))
sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14)

01:01:45 executing program 4:
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="0201a9ffffff0a000000ff45ac000000000063000000060000000000024000ffe6cb60953357e52900008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  678.774978][T21021] loop4: detected capacity change from 0 to 1
[  678.814558][T21023]  loop4: p1 p2 p3 p4
[  678.819014][T21023] loop4: p1 start 10 is beyond EOD, truncated
[  678.825167][T21023] loop4: p2 start 6 is beyond EOD, truncated
[  678.831151][T21023] loop4: p3 start 10725 is beyond EOD, truncated
[  678.837512][T21023] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  678.847095][T21021]  loop4: p1 p2 p3 p4
[  678.851460][T21021] loop4: p1 start 10 is beyond EOD, truncated
[  678.857574][T21021] loop4: p2 start 6 is beyond EOD, truncated
[  678.863769][T21021] loop4: p3 start 10725 is beyond EOD, truncated
[  678.870232][T21021] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:01:45 executing program 0 (fault-call:9 fault-nth:35):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  678.906427][T20994] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  678.914601][T20994] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  678.931627][T20994] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  678.939656][T20994] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:45 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)

[  678.984816][T21021] loop4: detected capacity change from 0 to 1
01:01:45 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
readv(r1, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl(r1, 0x40, &(0x7f0000000000)="84b6060a2298cc7c2613c089cdccabd9cfa25e3932767c9fd2d665cf5fd6a52bd878afdbffc19fbf60be8164f28c3bd751065ab7b248b6a4271ba6d271283128f2b498766386d9c01e9253921e6c5cf8647652427509aa02ac7784c5e8acc3845ede9f5353069fd1dbf3")
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000100)={0x8000, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x1, 0x100, 0x40}, 0x0, 0x0)

[  679.026996][T21021]  loop4: p1 p2 p3 p4
[  679.031413][T21021] loop4: p1 start 10 is beyond EOD, truncated
[  679.037545][T21021] loop4: p2 start 6 is beyond EOD, truncated
[  679.043532][T21021] loop4: p3 start 10725 is beyond EOD, truncated
[  679.050037][T21021] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  679.109160][T21050] FAULT_INJECTION: forcing a failure.
[  679.109160][T21050] name failslab, interval 1, probability 0, space 0, times 0
[  679.121818][T21050] CPU: 0 PID: 21050 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  679.131614][T21050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  679.141728][T21050] Call Trace:
[  679.145024][T21050]  dump_stack_lvl+0xd6/0x122
[  679.149605][T21050]  dump_stack+0x11/0x1b
[  679.153766][T21050]  should_fail+0x23c/0x250
[  679.158169][T21050]  __should_failslab+0x81/0x90
[  679.162922][T21050]  ? register_for_each_vma+0x372/0x890
[  679.168370][T21050]  should_failslab+0x5/0x20
[  679.172933][T21050]  kmem_cache_alloc_trace+0x52/0x320
[  679.178204][T21050]  ? register_for_each_vma+0x372/0x890
[  679.183649][T21050]  ? vma_interval_tree_iter_next+0x263/0x280
[  679.189735][T21050]  register_for_each_vma+0x372/0x890
[  679.195086][T21050]  __uprobe_register+0x404/0x8b0
[  679.200009][T21050]  uprobe_register_refctr+0x29/0x40
[  679.205192][T21050]  probe_event_enable+0x2be/0x7d0
[  679.210205][T21050]  ? __uprobe_trace_func+0x440/0x440
[  679.215479][T21050]  trace_uprobe_register+0x88/0x410
[  679.220683][T21050]  perf_trace_event_init+0x34e/0x790
[  679.225956][T21050]  perf_uprobe_init+0xf5/0x140
[  679.230713][T21050]  perf_uprobe_event_init+0xde/0x140
[  679.236013][T21050]  perf_try_init_event+0x21a/0x400
[  679.241140][T21050]  perf_event_alloc+0xa60/0x1790
[  679.246064][T21050]  __se_sys_perf_event_open+0x5db/0x2810
[  679.251685][T21050]  ? proc_fail_nth_read+0x150/0x150
[  679.256871][T21050]  __x64_sys_perf_event_open+0x63/0x70
[  679.262315][T21050]  do_syscall_64+0x44/0xa0
[  679.266782][T21050]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  679.272663][T21050] RIP: 0033:0x4665f9
[  679.276540][T21050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  679.296135][T21050] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  679.304545][T21050] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  679.312582][T21050] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  679.320547][T21050] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  679.328506][T21050] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  679.336468][T21050] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:46 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:46 executing program 1 (fault-call:2 fault-nth:0):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:46 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000001ec0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001e80)={&(0x7f0000001e40)={0x2c, 0x13, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="440400001d0000042bbd7000fddbdf251500000014007680041e87000c0010000900000000000000c3fcf2bfc6d6039437ca2b3844518c0599ef109ecf2908c101d5398bed46ee115bdba292e8c4cafa8f3dd3d673d5209d7148a0d521215ade3a409e7c0508e9c0fbf25a7142bb729fe948e30b3c7d55705825e4db9a163810627a8d1695a6513fc1f6a702a0b3622d52b964544b19c3b12cd5bf6e77b97e25cbf580196d93ae8be2e3a7488469a625c70cec63d2c40f4735b3dd8a3432f8180be9ab52e1ac6fc0cdba50cea395d75a32ee4098d02929db0f1bee80dfcadb8020a0016fdb48be03951da2e12c07df14a8b039caff85ecf887e66e0e59759096606cf8c69abddb22d44335c1813ef7f89384759af5a747d1ae4e91e2aab86aff660130809cee75c5331be8756af4583d902e63cd395302b907df9c7a5fd3577c9a3941cab938132287542365fc10d87e60b9114a999d0b691dfd85ac32ece8715d324ae0415251001fe9fd3d3b1da0f064ea64d8f3e790091f9946c6e8f891bfc0ca7a3c5b365ed576770705485cbec9debd3646bd79e0299559ee918fde2d02bf6e2d407228e82a25d4170e2b6437d56caee60019f9f93d8b1d0afb1bbe95aa6bfe5cf5e43febe9a64c4bfe652b3cb3694513ef2cf6ba46458c149277734fefbf7cd68a992828bb77dec0d16bb4fd5da4150483a0e07c8cf9b1d0f9d1e9bff8040efdfd48d39ff9aa76b63442317604b28f442bd6c4282f24a48578ec45f795d8be7fbc03a445f6e693d2cf271648adfe79389b6b2bc5913505cb435e88ac81586df2fcac7835e02624f208eea019d481409507664920782205c7b752d3a0d718e93b48affe5364f435a296adad05f53626acd4ea002d322636ff1a92b02ac1686d2bb2bc410000a15e90f382fd5d0b976164bdf616a338615cc78201414cb6b4ff092e0f2f0026ced8e18f871ead6986a72bdd01ce27579146ae69599f0342dc48c79b606c74e47a850615940546ba79003cf29c3d2622e3b609f9751c7faf1f9a90a5d843a3480e5d360800af651ea8d4e4726e5d4d97a4a6297faaa867ed69efcc75e040079c9d833840f61653bd4b4b8c2325f410ecc6544f0ddc0cc2326c6e94515900b4a0676c25c17159df20be72808eb4e928f07208424f8d1321e8d4352b4b7d2d8cb1b16de2211108ce5ef47213f2bb49f9363eb02157cc7ad31a7d013ec7c0f4b31548357d5942187603294c96a013ed347df091259c710805e9a39d1a8f3dabc014f8fabb70e5b99bddde4aa624fe83daa05badbb117f93eb84c9ba06ee22981a6d111c9f4db5d3b185b561fb1772840023c1d1da70ad8970a468191f6e18bb7caa865d40300c61758e8e8459fd34a544004270cb631c30f008413bf9fbf001a1ed50b6eefca94478892235b670a6087c8a76a87d988f437decf29ed3942303528d2998a4a2a47887fac8919ed6b2089cdf2d2435023d6497978a885130c3550c673f3ad2c70978f88326c9cc4fa360e342af5b9a819a979d3352000000"], 0x444}, 0x1, 0x0, 0x0, 0x880}, 0x80)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', <r4=>0x0})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440), 0xc000, 0x0)
writev(r5, &(0x7f0000001dc0)=[{&(0x7f0000000480)="5c7d5e845970bbc979ccd56e21491c6a6ea1774d6c22775ad48987", 0x1b}, {&(0x7f00000004c0)="d95d6c1fee", 0x5}, {&(0x7f00000005c0)="33a40da17d6258538ea0731d71694d5ecd10fa3b0d6f4037ced123fe9e67f4bc6d691d7e23e12cbda2cd794fd9fd8c2367d471ac2beb97d5649b61ba0b9f58357e2492aeb024d005b36eccca92a56697db519aadcc195124cc26bb18e378aaa5aab53c821d435976311876e119bb19a6d82c1f33de69b3f1c6e1ec99a1ac767f9c12287edba40dac5a88fc9822617fa0632434ddf3b4a333fad6dd740db702560fd9", 0xa2}, {&(0x7f0000000b80)="f5fb63aad382e168af2ed25b0e27e6354488f25657a8c5487366ce12c6dff676c0a00eeb99bea89a819663f792ddb87a0207fe29280b111c3e4409d7acd6db95c8c63499c92bfe5c3bafe6d6b19ded62c538e9198452341d1d16282bc86d0dcd334344aa54d0a4d34869057448e127db3520a78e61513efeeb11ae0d88fef3fc1ff19099174237fa9ecdec247bfd6a54529ac572fcf48000b9fc721f2d6efc56b628e22382218628e5d5b496574b83fa8179f6014c8eef5c6469bed4aabf8e780f360f2bae2520e2773bf6f8e545bf6a2a2fe6c079223956a5c67e72823db0062ce0b57f049d0937751d0bac17cfc14f193801934c4264330344117b44d5cb6d6fa31dbbac469fc87e08a4b7610ebab729c366acbce0760ee7035db5222ba61e0eca7af4806c1d1603989b4de294846e329a8b5e929c04ac24c88a1af928e9adf17e7aaeb3436af0f980cba662d277062598d04a4fcfac6262ee44ecf17058874f7d6f3e939e9604698381ba99686ed881a1aa5b00aa810835a31f57b32503392c21b6ca07ed1b659ee0d6f5061623d0082fababf695a0bc530f89b69d48d2d8759bb730e19e6ccd6cdb73ccf3b7f63916bb014090a210c010870958a4f9c9e552d408977569ff59aac337cecee6cdfeb94605e14facc388d633a95f166369a097e8d1b43ac8fc37e3c82e53e42e689b9e014551e1bfa8a890aa9b2f3ec67fe6201eeb6f6016d509999a206316f2a1e5be946f4477c42a187224b25af4e42bfe11a0f47f239df932288edc8ad4550910d100915ce1190dca8d8335ad75616f297bdef4145b2abe662cc52bae4ed61b9d512478508c275021f24f8fa53ab6216c028842a3cc30385b91354a5213d7a59c0f41d3c6e659e60a6a3796489a8fdf2f798f8d4419a945029f989bb1346ba005412a4bded618095aaaa8b782cce2abeb973cc875d6f4f1db6b39e53a538baa98115eb53c8215bb8ae394073c3a0184297c5a6655103575582916fc513accd4fe06f9636ae9b367eb6b58d1bfcdc2e2ecef49e01d2386a66256c358245d80b7bb3b5d5bcda8bac9b53356e85bc2e0841ec48025c77268e78e7d4441f37bc1c00060171f38fd50733a73586eca22a46ab11bcebf1e6998a6a153691d97a0b34f562df7616da25cf49ef8a7005ec8855c35f0878096faea5182e798304d7c37b089617c724157c05dc2aa3d4170831a448b416ee024972befce2a9707f0b3f46d4b2f6935fe84433f205feeeb6d7dbaf6b4668a3654330470eaa3068578dc1efe12c904ee1fe01e5569ca29b294da1d199183bbd9fe22400902da764f1a5543e8d18467871744835754caaf26d6aaab13fa16809d49da191a240d654fa0a5a9da05cb27b56700913eaafc486db0773d050120bdc46a57041906cb414ed8d5f092ea1b9bf4d6b2c442fa71df79f56c30582d57f28d3c6b14883690a723dc12b8199bdac6c0b6698328f816879de5ec44a712d568ae94a1fda91efdaa273db0efa323f721af0eca2c207dd5fcc833fb0953e63fffac9c369e94d76727fae58d3021fa3735d86255a393e12d83c76e14fc1ed0a74decd2582cc9f75ccba057622500021fb1b357e8c14362f3dcf1fbd5dff37fec23e8599c7d7668ae3b79bfc387cbc7b5f8e7186d40cefd6ed9b4fad94c477af0be19494a9f85812ff6d7016bf6bb6ab6fc0b65267262fc52691b89d077b0ea5ac60b53487ddfe88a15023aae5047233be94783a2c123855ca3aee93084d85395586ccf104594dd4398faa11b1743462c6c9b9a83605ec4ae83c41aba81dc2a27e410cbcba4a0ae34561acd8117c8698c0c2e0f52279e6bcb97e35ddd97e296f6411cd0ebdfdc520e12d8d7b2c043ad0c38d3984809e91476cf69f4ff93dc926cd73ed395718f76412d2125b3b3c58e439acd5456ff53c72e4f82bcc5124fe57b5dfd4bca3c3111256f764330d4fd7ee7c786ea22cb673d50cb96c3fccdd61cd1dfcf1cef8e6297cb107491ae243520774e918bb5911c6f0faf9a41451fbcbb4e368ee202bec3b6959e2631328ad6a9f762ff7009a86130bf70665b1caf81fdd99620a29115418c93595ace7e3ec3df5490c58f97889d3ed7758280f5a405aeae723d7a8813acc68ce11c8b072e96a15883784ced65af5e07f52cd4bf35a9c701056bbddb8d63393afd9d195da3536091aefb554f22f86b5e5a2dc5799511deea295509286d4cacd11a388907b89dadbeaca81c622a8ad99b7bc34f15b7c2646ad0a32a9c610fb456c4a73fe5927ef72e61aef098d86c0056ba238e550ce01c81d0d73969de36e46e512b9474dfae2aab3b1467cef3344898c3556287d7e7d3e7965c28e8cbe964e7770947b39ff1ce3d80ed9a49100c379494436f9b020b741f23eac8294968839609942771661af4f12798e485969ff13a5d0d3a2d505b7df7e335589dd3a0befb5fc8c9801cb2a1ae8cee0863d478346985552fad71bdaf033ce9620d0ef04b7a50354507c06bbba7968aabbb57101a9f40dcf6d74fa9876071ccc3eb72e7de54dff798ca7b9f5fc30d6b91303d89b5a255876e900d8ead279d0244d22f0a82806094db16c0b84dc831adf8ca4bf2a84f7f03680ddf0b32062a7bb962f607cd71951ddf6759fdeed0066b278bfb25be381adf62c1c1bca6db3e2d79953887a0577088a4a51e766d28afe02960084a017b52af092c5675a46cc70cff46ab45435b719b0723cb85f30cba2ea431d1e06034516c08da8f325da57b54830cd8864d64b5b9f72260904f0fed7741c87d1197d318c55a3ac14c9552ee726320b7a7c560b1a03d0f2bcf43457dcd57240410f0899123c497573883807ea9de97c66b4444de170354e39234fe95c89ff32a7dfffa14917a65c47bbaf136788d6a7f0ea6b9c6710f80aef9a0ea60e2d66b4da2a64fbb3a13484c7879f6e3affda771ca1c0ffc2405ac53ede23eec2d9acc6f6de1f802e1897f1b6f66bf06ac360b76127e8a6c0a0b97a48164b57f76691e12550ec39e6add141121fff43bc446b4ee355fbcd6343c0514224e55d7937d9c8da3e5fa84350139b7fd61977eb80897acb41c1bb3dbb6c1c904345015e46e29d184e0be1ec0b1bee630f0c4afe4cb0541863725dc90519a598760bf546ced5c78d9dc0888430f04037c111fe626e11ffe6180e8fead3a39e8ecf7d06655415655ff4089b5142814f6feb6daa1a5b5230d69f86792d8d664882576046e19f2eea3fd00d8884eb2056058b257e85df1e95cae13088f3b03e17fb86ce18a1afd230a704803c6019f5fdc2bf1831fb87faa0b0b9e051785bb30fbed2605e4ec13d11fa534a2642cd1776903f11f274e3ba8bdbae8322d48e949ebd616fc4ab1678d1c91b2bf6662e25b402be1d5824262dc06f1aaedbb363558b470e40c60cdf5843da3d7b54344c54a94c249eb571b65aca61024468f604cc2f204c692447683548a55049c1f1ce995cdfb0a5eccce4765319ef576dcfd280abcd400f62fd66fc72bffbe52043e521357ff629fedcd0125e318304d902de92e7b71a5c1001086e96affddd29708da90af8c58bfdd669cec9c985ab124bd38f49aea0a710845d787046e9d49d39bb36596e6cbf259f126cb74f062b59280711296af679fcf29256ffaf3812ccee975c52d140a5b54ed3bb5cbcfd1faa40310ca2f1f716e5176dc84bbfb952f28dc1c12697f6da5afc283d93d63ea12b96780b5099e0186e7c7416525bcb5fcc4a8adadc5a5c84c75d71ce69cc24a793076e29055e01541b859aeb07fac416528cf7f81d02d67c8bc5d74664e5ab2d3d949f0183876003618f2e8d51a8809272718e0673259c4cc3f7b82fa6708e070a72ab38d1731b189d535ed5abb406293e0b911392bbbc83cbb768a5efc8bbb948641446736a5543a336a698fc9c813b5839266a02bdc08237a08a7339e871b91ae4dc9a394e3dd6ea44c8f6d717c577972d57b1e248aaeba56d44b180d3b947ada25360cecf7a51f5e464e9ea451f8ebf9a185758fa8cf4ec5b04923d17adb80da08235db125e570b0954490b40c58870ecd1807c8e5f91214079aeaedb3632807ff40a437df84dbbfa2b027d73d3b72606b6de00dbcf5eae3d9b09d1339c54437c7892d663187526773fb2657e5c6107acfd5bfbc466434f93803b9bc1db258eae3ff7a6ff7334bb4cf2e930c83fc1600abc05a1c29952884549aa58f02bb366f1162cb3e48560e7ea6099e8b19c846d28986f3b8f80734cc3812f34b652e1dca1511c5aa10c8280ab0fac801d440ffd94b8cd8297f90ac56981610a0ed0fa216cf5459a5f16f4d9afe5d3188a2233aad97e3969f9f42a93cecb1c10c66f233769be038f22581dd91c59c7718cb8d98b82c398d0c4f9692ed606c31b7d59e8918e3d000e6346acf5e4c9ab423ae4d7288b499d2ea0ae5c2d64d82e0290fbe7d4446c2b2f1d3560258eb8e9e588bfc37c4ba65d78a03d1decde56d25173af3cdf3d27e0390755bc5140948ab909465942ead8db741718ddb3fa228c7f529df6b138b9904de2db5b5abd6bcbfb5514cdb3506f669fadc9ce20e38a96cf7f695b57e8060caf81eb07cefc6b9c06245fe7fde1dbe27710795cbe69a8da561d592f8bcb51adbd3ce3abf8d7ae8919f8cca56ed4997e2f311d984857e174922b4a81948c964c54e2ab5a99e3e6e3099a91436bbf63787b269beaec81cf8c43a6913ca656024fac8512918df2a466d016ef9d3ed88d50bf4ba623c531c249902d46014dafd936f326189c9fc57f035facb8a221b7f83fbddee58e4d8067f383b3e3ffcc052572eb6c8788a0e66baf35d80883052c064e63da08dacd7a4049bdaec06d75cfac752ce302230241b8412761025ed6f78470dac5fc321755d2d19266c143f9d510b3edc27e23d708432ddd34eb0ed382c9362ead840c9bd45c0aa72197a54da75ab2e487eb85c84bf5f81aa3369f620eb616e86ee089355a064ccf9288a3647684a2458f859fc3ee2c0e58a27e50dc89274d721380334f89134a5ae52e5b53aecc406d9265d8e54b41223cc1ecba8c5092481eee4533afd39e4fe3254e084471dc276d009783c55d1bb83de02afe654eb54ddf3cf85f550f11d92d2308cc4e9fe4e7f1cbce36ced4ee4256d42d3395f66d5bdefc30ee06213679123096da1f170d829ed4d3cf2e3363808db5e79ed93a3e9f7cef971b576c028c65a4fb4ffcc32f8570cbe7e1f72731b1c676785be039588d4a164c31091914d3be7159a3dd040792d42162e226d101150c873df9cf33624f649c2e9b98bf3645cec91cbf533fadf843641db98b54be419366f503f0f3f4c35311a5c8641f2e477bb9e015cc99eeff1e3e2b41c9d9e4bf5615ebcb8e4d41f8c96e6d3999f66a9b60e6992f99862975304d6edaf0ab550eaf6fb2d1abc3055bee376096bc6fe20091962d3492925d41d9f9e604201b7f9464331d3bfa10644347d65d45ed7e3771c5871fb6c9b6fc728ac2d8f12703983bd1e9d87790d81e14191f54168eb049706da155c1c03c42b24e7a56dad1ed043013a3840289728f88b92acfb040fdbfb7371ef29de4db89db148f71151dfbd2d2a355423a187a13eec116ffbd23b960c1df1c77c5fbc9705bb352b2ebf6782c748077237b6bc543c561c9bfb0728ed484c8f086f9fee4b65dbbec14cf82045e7c1dc75c21eb598e11c25c4edb33cbae7be063c46ac3ad6911b66544a81a2c5045b88e18b71d410ac9c50a6032a7acab87161769d5909ef13fcb37824441dd2447d05bf57cb252bc4822c45a0", 0x1000}, {&(0x7f0000001b80)="60c30371500790675f9e3c9cd28d2b267fcb3d8259f4358a945b0ca832b6e26683f36ecd671b27ec2b9d2cd662134098c801433d7ec3ff1046e860af6287a4a4de320f0452c166d187ba67ee83961cfd276425a5bd212528451a083ae06be603ce76551abc88465a9ec8940be951d6ca5ed97621d57dcaa2969181ceed6243fd4f005ac2180ca0d5205aa9f4dbe8201fbc7960c400dcc69155f47f440b90d3cf13ea5275132827957d29a3588dde3d61f524ab09f50342d74333d43076c3b9480c411190758f50aeefeeda", 0xcb}, {&(0x7f0000000500)="2658d74e268cfb4a42c2ab33802965dc12ef01eb71231f5cb14d3eefb27fc8713a8c1b80e5411391902ee65cbe9c31af38822e310fd1b58bc605b0fbc308dd56f6d8e4973254b05f47dd9d91b89822147f0f9e3b693ede2293257c773dc0c5d0", 0x60}, {&(0x7f0000001c80)="e5512b854bef4778c1830070017aea4fd76bd637172597634bbf4e5e6d3df58fd52d3d1e0ef2bc8f6b30705a4a943d0741c7f8eee647f945e5b9697de122e04912a729da5e8f8a8e1c2d696ac0344de6b74b718e71ec91ca42bf10", 0x5b}, {&(0x7f0000001d00)="c6bb6e9de13c258d8117b250ea5dc6edb826968fbde004a0f2b63c99ecf12a6116d04e22929eab511f2110d69f5d9db938d46713d4e843bbe0898c2be6815580e77242963432fc308f9a015dd5751ef73376c816a2ecb7e1477ee15faee9cc5ed938095ea8d9dcb0eda45a8aad86f15e82d9ab8855e002ddf509a41e0a9551f420430aa6d2ef6a23a821d5bfb1bb1a10de97ebd37901ea36d9f803e5", 0x9c}], 0x8)
bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r4}, 0x14)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x124, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [{{0x8}, {0x108, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffff2e6b}}, {0x8}}}]}}]}, 0x124}}, 0x0)
recvmmsg(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="18336b00005fc0b82a6f7b0fa1af4800003d4c42ed79a887b0b7bd1e65c72a36e17b69cac0089dcd961ea8685eedc657416d66edb81c5eef7b04033dae129f9caf219b43c277c8b364a7ce82bd41f639f286fb58e8fdb427167aea0392c52089f55ae87daf5aaeb6a2cb9e183921c9e601000000f2ec4ec660615a05429f9235388240cdd7fb7d95aefe57df315d4cc824ee9203a5b0a94ea7995136dd3e7ee90c129555e78a33c8af74147a5f06dd5bba"], 0x78}}, 0x0)
preadv(r2, &(0x7f00000032c0)=[{&(0x7f0000001f00)=""/133, 0x85}, {&(0x7f0000001fc0)=""/254, 0xfe}, {&(0x7f00000020c0)=""/227, 0xe3}, {&(0x7f00000021c0)=""/215, 0xd7}, {&(0x7f00000022c0)=""/4096, 0x1000}], 0x5, 0x9, 0xe63)

[  679.625327][T21057] FAULT_INJECTION: forcing a failure.
[  679.625327][T21057] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.638441][T21057] CPU: 1 PID: 21057 Comm: syz-executor.1 Tainted: G        W         5.14.0-syzkaller #0
[  679.648251][T21057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  679.658310][T21057] Call Trace:
[  679.661591][T21057]  dump_stack_lvl+0xd6/0x122
[  679.666192][T21057]  dump_stack+0x11/0x1b
[  679.670354][T21057]  should_fail+0x23c/0x250
01:01:46 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180), 0x0, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x9, 0x2, 0x2fb})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
syz_open_pts(r2, 0x0)
syz_open_pts(r2, 0x0)
sendfile(r1, r2, &(0x7f0000000040)=0x9, 0x1000)

[  679.674815][T21057]  should_fail_usercopy+0x16/0x20
[  679.679848][T21057]  _copy_from_user+0x1c/0xd0
[  679.684450][T21057]  core_sys_select+0x207/0x6c0
[  679.689224][T21057]  ? set_user_sigmask+0x7d/0x130
[  679.694181][T21057]  __do_sys_pselect6+0x1ea/0x250
[  679.699128][T21057]  ? __cond_resched+0x11/0x40
[  679.703810][T21057]  ? perf_trace_sys_exit+0x6e/0x180
[  679.709059][T21057]  __x64_sys_pselect6+0x74/0x80
[  679.713920][T21057]  do_syscall_64+0x44/0xa0
[  679.718347][T21057]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  679.724294][T21057] RIP: 0033:0x4665f9
[  679.728189][T21057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  679.747796][T21057] RSP: 002b:00007ff263a1c188 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  679.756209][T21057] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[  679.764184][T21057] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000040
01:01:46 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r1, 0x7005)

01:01:46 executing program 1 (fault-call:2 fault-nth:1):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  679.772155][T21057] RBP: 00007ff263a1c1d0 R08: 0000000000000000 R09: 0000000000000000
[  679.780128][T21057] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001
[  679.788122][T21057] R13: 00007fff361f2d3f R14: 00007ff263a1c300 R15: 0000000000022000
[  679.852393][T21034] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  679.860412][T21034] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  679.889866][T21034] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  679.897892][T21034] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  679.916520][T21076] FAULT_INJECTION: forcing a failure.
[  679.916520][T21076] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.929611][T21076] CPU: 0 PID: 21076 Comm: syz-executor.1 Tainted: G        W         5.14.0-syzkaller #0
[  679.939593][T21076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  679.949665][T21076] Call Trace:
01:01:46 executing program 0 (fault-call:9 fault-nth:36):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  679.953002][T21076]  dump_stack_lvl+0xd6/0x122
[  679.957596][T21076]  dump_stack+0x11/0x1b
[  679.961790][T21076]  should_fail+0x23c/0x250
[  679.966239][T21076]  should_fail_usercopy+0x16/0x20
[  679.971258][T21076]  _copy_from_user+0x1c/0xd0
[  679.975953][T21076]  core_sys_select+0x353/0x6c0
[  679.980731][T21076]  ? set_user_sigmask+0x7d/0x130
[  679.985668][T21076]  __do_sys_pselect6+0x1ea/0x250
[  679.990786][T21076]  ? __cond_resched+0x11/0x40
[  679.995465][T21076]  ? perf_trace_sys_exit+0x6e/0x180
[  680.000755][T21076]  __x64_sys_pselect6+0x74/0x80
[  680.005660][T21076]  do_syscall_64+0x44/0xa0
[  680.010161][T21076]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  680.016067][T21076] RIP: 0033:0x4665f9
[  680.019947][T21076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  680.039615][T21076] RSP: 002b:00007ff263a1c188 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
01:01:46 executing program 1 (fault-call:2 fault-nth:2):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  680.048034][T21076] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[  680.056009][T21076] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000040
[  680.063982][T21076] RBP: 00007ff263a1c1d0 R08: 0000000000000000 R09: 0000000000000000
[  680.071957][T21076] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001
[  680.079937][T21076] R13: 00007fff361f2d3f R14: 00007ff263a1c300 R15: 0000000000022000
[  680.191406][T21084] FAULT_INJECTION: forcing a failure.
[  680.191406][T21084] name failslab, interval 1, probability 0, space 0, times 0
[  680.204047][T21084] CPU: 1 PID: 21084 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  680.213962][T21084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  680.224110][T21084] Call Trace:
[  680.227380][T21084]  dump_stack_lvl+0xd6/0x122
[  680.232039][T21084]  dump_stack+0x11/0x1b
[  680.236187][T21084]  should_fail+0x23c/0x250
[  680.240719][T21084]  __should_failslab+0x81/0x90
[  680.245471][T21084]  ? register_for_each_vma+0x372/0x890
[  680.250923][T21084]  should_failslab+0x5/0x20
[  680.255443][T21084]  kmem_cache_alloc_trace+0x52/0x320
[  680.260717][T21084]  ? register_for_each_vma+0x372/0x890
[  680.266167][T21084]  ? vma_interval_tree_iter_next+0x24c/0x280
[  680.272140][T21084]  register_for_each_vma+0x372/0x890
[  680.277412][T21084]  __uprobe_register+0x404/0x8b0
[  680.282394][T21084]  uprobe_register_refctr+0x29/0x40
[  680.287580][T21084]  probe_event_enable+0x2be/0x7d0
[  680.292592][T21084]  ? __uprobe_trace_func+0x440/0x440
[  680.297893][T21084]  trace_uprobe_register+0x88/0x410
[  680.303089][T21084]  perf_trace_event_init+0x34e/0x790
[  680.308417][T21084]  perf_uprobe_init+0xf5/0x140
[  680.313272][T21084]  perf_uprobe_event_init+0xde/0x140
[  680.318620][T21084]  perf_try_init_event+0x21a/0x400
[  680.323760][T21084]  perf_event_alloc+0xa60/0x1790
[  680.328695][T21084]  __se_sys_perf_event_open+0x5db/0x2810
[  680.334400][T21084]  ? proc_fail_nth_read+0x150/0x150
[  680.339614][T21084]  __x64_sys_perf_event_open+0x63/0x70
[  680.345069][T21084]  do_syscall_64+0x44/0xa0
[  680.349526][T21084]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  680.355421][T21084] RIP: 0033:0x4665f9
[  680.359303][T21084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  680.378898][T21084] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  680.387296][T21084] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  680.395328][T21084] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  680.403289][T21084] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  680.411253][T21084] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  680.419209][T21084] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:47 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:47 executing program 3:
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0x800000)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:47 executing program 4:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r1, 0x7005)

01:01:47 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r1, 0x0, 0xca, &(0x7f0000000000)=0x40000, 0x10)
r2 = socket(0x11, 0x800000003, 0x0)
r3 = socket(0x11, 0x2, 0x0)
bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r4, 0x1, 0x6, @broadcast}, 0x10)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r3, 0x89f6, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', <r7=>r6, 0x0, 0x8, 0x0, 0x3, 0x2e, @private1, @mcast1, 0x10, 0x10, 0x7fffffff}})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000180)={r7, 0x1, 0x3, @multicast}, 0x10)
r8 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r8, 0x0, 0xcb, &(0x7f0000000000), 0x10)

01:01:47 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000140)={0x8, 0xfa, 0xbd2, 0x1, 0x1b, "833cc1587f2e49d8cad2d7ed5de45a53c1c986"})
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/20, 0x14}], 0x1)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x0, '\x00', [{0x8, 0x2, 0x5, 0x5, 0x62, 0x8}, {0x5, 0x4, 0x3, 0x4, 0x4f53, 0x9}], ['\x00']})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:01:47 executing program 0 (fault-call:9 fault-nth:37):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  680.873799][T21078] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  680.881955][T21078] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  680.899846][T21078] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  680.907912][T21078] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  680.949509][T21082] FAULT_INJECTION: forcing a failure.
[  680.949509][T21082] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  680.962781][T21082] CPU: 1 PID: 21082 Comm: syz-executor.1 Tainted: G        W         5.14.0-syzkaller #0
[  680.972632][T21082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  680.982779][T21082] Call Trace:
[  680.986093][T21082]  dump_stack_lvl+0xd6/0x122
[  680.990703][T21082]  dump_stack+0x11/0x1b
[  680.994868][T21082]  should_fail+0x23c/0x250
01:01:47 executing program 4:
openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000300)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xdc14}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x24, "ed005400000000003ec13e20000000eb00df0000000000001f00"})
r1 = fork()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
r3 = perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0xff, 0x5a, 0x7, 0x20, 0x0, 0x25, 0x2, 0xf, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x8, 0x4, @perf_config_ext={0x0, 0x5}, 0x838, 0x5, 0x6c68ac27, 0x1, 0x13, 0x20, 0x2, 0x0, 0x6, 0x0, 0x7}, r1, 0x7, r2, 0x2)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x2100)
r5 = syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x1, 0x2, &(0x7f00000013c0)=[{&(0x7f0000000380)="734bbad3e3e50fb55a99341dfe3bfdc6facf", 0x12, 0x5}, {&(0x7f00000003c0)="b9c5369aefc86826e7084da5781e771e070b166e456504452daf9e2a704870103f5d3e5a05f4b7327c9513432a8642404566084a05f23d8a3ebe582ec93ca25ad7f8f694b28bac238bae7d68c55f9a5eeaed55f9d6efbe976d44c9bff8d6dedefbd4dc3a4e1e5be182082ae5d78d26b177649b6546112fba4be96f9d939fd956e91f5c87df3f7c0514ef5c46dfe6435f8b7b01fd910f503aeb2bbdcde7ef0dd3bd8e77e1c6ca52681ba1db5152d45de4c93bd7bff9457444254ab45e3e0688fd47f3bae796dc6e8ef3af86c91119544e7fccccf5d80bab214b61f8eb57f25eedcba22c6f9c0cbcd96147b62de7151ac7d1e919010e2669d857ab06489c575d8410b02c636c168701db4e9de7915b6e27886ba4a38aa63eef7a1472dd2445946d03d087409f4d4da33310bce4a4941a9d53481b8b253ba3f48c184bfcd0443896cdb10387065e754accce803f238c2a9291c7a697255715df06d7b7784edc5b6d8118b6b97ce42652503e575794f18c1d89f88ef4ab23b6636e677583f50f3b912ed3faae3c4daeca91d184a99c8308bd1291f6f7e11b37a460d63fe5e20ca3b98b02866097fd884606ac974a5af30a72373ee031aa95ec1ae8fdcbe9ec7b782899288d6bda9fc60582bf1510c80c9f2e5257358afe7d3116cde4154a8e7f43a6ca784e03f3b69b48f4669027f678c23f18c9adf1faa9a7e0a3dc8ffadd4f28972f74d908d3cc1c441a36c7c33f9dba5112889701bdcc4a25721493553dfab0d5fd28295999a16b97722181fd87473d12e1c01024e4527adc0ad0d6791711a65f026d7c305837aeeeae5ffb300c859ed2caeaaf3e84cc58443ed9aaaa2b9708e358c762955f8e7efce8537c3097c6fa63789787fc1f81295302ee69c8a00401cc7ac85294e9625533f881ab9f09375080f8361e00a079d8ec89e9ff4de53edde0b50826a8828d3fc353de3e05447d6a8ea6e0fb5c505694f58ad06c902039d1064614782e5005766e2313e2a276132cf08c348ed47c0a5a11eff15da9afa262894eafde14c97b8345052a2af430d1dfce21cb75e01344f08774b2337717044c7fcd90ab73bc4c12c3827f2de1cf3b33f2d30734d24e4711428ece9505cac89b0145cc6f2ddd2c5b3ed4f8dea46e92492fa2ca1d016444c3b7f96b0cd8f0e53509b40d30ad31a12bdb23c1fdbe8f31d878481c6f8b57c2100699b5a89888690aaf82f64d1c550ccd3393dbc03b0699bf914ffd6aed3c9e7df8115b30a0762c34fe3300d827496d245d64bed20d5cbba25514965377cf8d57e14b447d7be442ce1e32fbbe245e16c4a4bb092823d910d16fa75ca04b00976d459a0b568de1a0eaeca65d9a784076a9e534e2280081ad565afed50924520669e4d69896d7b2b1a45bc387e2ca212bd4ebe3739bf92cb85f751a44a6bf300120e31b450f0d01d48a6ad0a72c0ddd9b8af7340bfc8e6a217684bdaec15509a967fac04d681a5c4763cc1a61720e72144d9402a4df5d1269f7ee597a566eaa0e422922ea436c24b13813a8f0ce11b7008db71d89920351b2254dd261ff2a57d981cfb7b2bbda0eb7c908ed2125425873062a3d6179e73542ba1c3719f70be8a03140482630fe36b76fbdb97856038ea836ef1a9258b8e7b33e15be4424bd79c3492f2d3a38ea1e031aa5c391c7acaf7e7c05414675890182149808e23a42f0b65a027d65b454bae2f429360af200da7e945598163bee54dc0463842d59baf96ac9abd39daac804837ad1225069f286a73962668238a00f03329d91e2878344f9185ed4e3c081380a98157e41ec294d6fc474c25a4b548a6c62314bcc047c63729115c8a09c1dc73c27bd9836dd115b7f188a0da3f0de2d8937f001a835ef19cc263c865f4d8e0074f2459d378f20ea2e5448534dde743e038059df1ed0e155a88701695000aa089d32f2de7dd5bb77699c044fe5938a1542a99c0f21f473896ab695f9d26643b0d04400e8a746d53843de063927ca9e907fe61187d77abb48515f2f5a276b489e1cbcf223eff2565ea59f6df02bf9c71cf77b63c1321c1e6ebf8516bbe9dffdf30b32978f56fe8f4ebeeaeedd3ea1baee7a734326a1f72f9f5777a6b0c8b7b11a88da37635d54a2271ec82d6aa6aa0683a7d98e6776c83980dd8984a6e4fe1de2de2165984f06e599089ed367fd06999109793f721e8decc1bbb45f7f19e72df47558098ee54445f30d57c5f7f0a01dcb1e972692a15a2f17c464ee23a37aa390d2e4fb78e473571aedb709af21597a475fea0d8943f7c0220a126f8e625be048c96d51010c2bae7de09fbc0d66df6bcb7e21f0a19fd3df64df645c51b7fff0d2790ec3fd82306688d6feb839d83078ada7be9d7b3f15f1e47a6d01f07c93ee50c8938e0255e831bcd6097cb9ed2bbcfbc36a8f532219492fe074571fac06077ee5006885e674749174eac37734d1153fae2869b08762e72f7ffe33140d3cd8725d372cbc7da585d7d547923909819e65589e997c881ace66714df668a390c90a9e4c9c202e2277b8fce3cbcb1c6dff9ff7762a47d392f69cf40a1b391b51c17b8533b04a641f676b55104c76ba073b09f8d8dd37e89f3eafbdb82b62a2b9a5a145efba77fc94e1d75126ca715c438aa6c36f76ddff67b751334b8cec6fa29185df75684e766c452fe77ed4c9d9b6e54cabfab81d05898f210ef5675ca983a7a8f33cb9267eb12e5e7c6972ff42962c7a096a106c32724932ae138417876631ed9fec5cd50b60002038c3c04ecff0d2f1d02273acd2373eda44d773cdba98335a2db6490c29dd91b3cbe4c43cb3371c492881108a795afede480ae396de7881e584ae1010f75d9a2b0e86375adeaccc58586fbe043639edd73705a2b9a4521fbb214ac1896ede787305de3d21626badc185010ecf3c4c90373d139eb4ab1a610bd18e06814663e0b587e2e859dbd6403befc95a514193bebee3fcc1152d6c21c4e4303c3a8c8ac75c77eb23d10da93d4c7bd457303f3514be61d6cdae6f792668c82808c6e3e501c0ef06b389f309349afe1fe786dc632d00e446fdedb106ab5aa5b5899d624b7c9c79d4ed58fdc74fc53f1ace5b81adc9f3c36b8d167ae527ff5e05e2f4e0898d37eab8c2a67002ad91d7ad769fcccb820b32a85122a9af399b5e222480d881b51e7900e5d9ad2564b27b1e57e9e00842701828367b3ca4099658ec7f93bbe0e2d4dd0044bbc6572529a421295026e94115980f76b4eecdfc95ece77114ed68f5c3e0b4be90e5614ee326b09ee3a3b70d58e85cfee92769ea92c1ee87f443b1de0521008ad386c0590f333b3e8de32d9260b3bbf6f595b4489d721c85d7f7c66b94067535cb96ccd179627eacc4545af138a96e54c662d6b3db9918f48552b7ed11a22ca1ea1c6f191ddff270db58da82f5cb0a40cfdbb485bacdaf694ca643cf831130bcb8f4ec10a43382ec713da0fa3a55a4368f12a36994b5fa91cbef62841a1a8edcea5a058ceb6ed4e2e25b98dac08376a5324802878d0640fced0c12fb6a8906722bd98ffce59617402a0967a2c414e15d8f5d54cd57ee3544d59a0e67bfda8a277812691e13006858b205051390e76118cc21f745c51501f635b126097ad8585e45a5c0bfcdb86094434b2b423a9b5482782818bb7b996fbdc8c1346bd93dac99b22044b21214d278004f4190260f0496694b08a6ddbd444c36ea7d58a1e6eb15d5a1620da10c3120bc11e59ea299a82fda1db687f2c424071aa3cdcdf616e68fb6320f9838dda7e731d2e3ee2b2441e14c047d7aebace673b63e398f09d8b3641ba51bf074832700aadf6402b280d246e92416b1f5d470bd79fc04fc7225787643384fefe4690c2bd1000321e5f1e73d4b63816e5414779bc6c75d58cac73700983c7d9c86aceec7d8503a12dfb087f4233185eaa29b1fb4a27586041b98013a5a57ac190d71bd90c58364022b2b67a1a25e3a687c18e35d393b933cfd49aa0789cecf881d728ca1c30033323b222a7b08f5df5c1eefdce06dc5014abc3a812d2f9e8cca379af1589dd004a583017328d5562ada0bfe936534e131166d2753bf5dc070314affe795721f2c93f0b05da003a29ef8fa897d450d2407a97f565838143c6b99ada36207abd2b026b55315d0b71f1ca25a27649b2ae3b1e8102caf15670c5d8cae27ea7356e3d19a43c4cfa9fad0eeb9629109fff8714bf80827b59dddb6f5901374813411d3ed3ca6e0793fd91aeb2b88fd5d927d88ee15c31292d15aba7d9e4e468452f3a14a5223d50706db4dc1376a35163a6d1b20be23106d40e91042291e258791f24370c059c0ce904cfdc041ce0802888027087f1cb90852fca7ea25d751fbc5b8d11653c073eedc508b565d8f5d6f79add5fb9ebc4294555497f2c4f3352f06ead467c55e9e97108b836ce4b86cdec7f2ac38c37f0e29ec3a3e753dda7457456b39f4c2fecf3f1fe1550536464cf51c469928a66c480ea345c4626bb05a1dc19139674144d3d8d1602cf7e7331d602ac8df3d8a6362ecc7f1fbd22eb62c9f65eb6c73d8f714c3186070b23b4af273205ed43b72812fdaa44b5ddd8fc694b1c511dd0fed92b05690bb933de854377b9cd8dfa1e3538d702f71e9b224092fe48f646077193905f3dfd6d835694b34ba3a912d31542ad73923abf73d36bb9236c019d11ed23ef6565765ffc137fe8ee2018df640e2e6d23712c99ceda5aada33d4888349ed7004f754b67d163f394eecc28d162ae11af7738718ce28dc097d2447cae8e7db4e4336b787d981945f12ead27c71d9835d60d9f267379c7a5575fda44a57ae63efe7afcb4b75a6f256bed19081fe76f10ba8d7c8eeb1de22a8d3edb91d7acc63c896c316992421805b8d3b8b869283237bc6000870edf72e812475fefbcc84c18bd78ac11d1bd5dd2d4991d4461c83e1ff4bd420d9d1a1fd3b3288e6408a672b23decfde47e955d71844dabfea18868e44ebe96acc262deb8cb63f266f89055737685d274e8d8b0c4b6ecb0f7215498745e81a5bec3365e39035a7111d63c77519fa8034f399b09fc7c4922e3264ca26faf494340d5a8fd5ac7fc3f4d57b33e6c35f12102db5c876a2076cb05c77980c0003d6510e331c6485bea0e063d7684eb622fd4fd4da0592121fb79163eaa70bebbc8420c8ca039fb9e7a4dc16ec3233442bf125f027786b8258fd7dcc52d6ca1df739ab73359a7d4351838a6298513664fa852853450e6d80174c9b8e191888a65dec18ae8be914b58b942560ee57e2c213d68c8bdcd1af9b60eb68aa339004cfb5c3c5009359b051848efd0d3bde81b13e6bb576df07e849314ece806830d374318215a3a955063236066cf85159cb611dbc4a97c40e6009ece10806ac1369b9232f4f2321bc4139ebd4b67be5ed419c09017acb9f6fafd6035606e559d648a4f39ecb91d1297734798aa30c41525dd650844fc84b43e30d271c9bd3765f8774338e83f9dfd9d2a68696d111d490d211f3e2ac2a449c679840f8320d952b9325f045a9461111c02548e0d16381bce5014213e91f8901012e9be932d356ce18057b3ebac2ddcd2246b52c8600154046cf154bef298975d4cb301310a08c796c2ed8819ef67b2118eba45f168376f467cbdd1473f22f2049279f5d10963972b5429b053ec327562725980436bf589780eb7f800e3aa685af6e221410fb832cea2a88065a665402b0bb37ea6c494cccf96a37481b39c429b0936dc18dff7c75d59162252c378ef290857eebdcd58b6e9f4044e54d6bf9fee98bcbbf1b", 0x1000, 0x9}], 0x140400, &(0x7f0000001400)={[], [{@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@smackfstransmute}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\\.('}}, {@fowner_gt={'fowner>', 0xee00}}, {@subj_role={'subj_role', 0x3d, '-&]\'{'}}, {@fowner_eq}]})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r4, 0x50009418, &(0x7f0000001540)={{r5}, 0x0, 0x1e, @inherit={0x68, &(0x7f00000014c0)={0x0, 0x4, 0x198, 0x100000001, {0x20, 0x1, 0x7ff, 0x8, 0x40}, [0x3, 0xa590, 0x800, 0x9]}}, @devid})
ioctl$F2FS_IOC_SET_PIN_FILE(r3, 0x4004f50d, &(0x7f0000002540))
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000080), &(0x7f0000000140)={'enc=', 'pkcs1', ' hash=', {'ghash-ce\x00'}}, 0x0, 0x0)

[  680.999326][T21082]  __alloc_pages+0x102/0x320
[  681.003942][T21082]  alloc_pages+0x382/0x3d0
[  681.008372][T21082]  __get_free_pages+0x8/0x30
[  681.012981][T21082]  __tlb_remove_page_size+0xf6/0x180
[  681.018317][T21082]  zap_pte_range+0x772/0xe20
[  681.023201][T21082]  unmap_page_range+0x2dc/0x3d0
[  681.028059][T21082]  unmap_single_vma+0x157/0x210
[  681.032731][T21125] loop4: detected capacity change from 0 to 8
[  681.032913][T21082]  unmap_vmas+0xd0/0x180
[  681.043376][T21082]  exit_mmap+0x23d/0x470
[  681.047648][T21082]  __mmput+0x27/0x1d0
[  681.051660][T21082]  mmput+0x3d/0x50
[  681.055376][T21082]  exit_mm+0x2ec/0x3e0
[  681.059799][T21082]  ? taskstats_exit+0x373/0x6d0
[  681.064634][T21082]  do_exit+0x3ef/0x14a0
[  681.068825][T21082]  do_group_exit+0xce/0x1a0
[  681.073333][T21082]  get_signal+0xf93/0x15d0
[  681.077753][T21082]  ? poll_select_finish+0x179/0x3f0
[  681.082951][T21082]  arch_do_signal_or_restart+0x8c/0x280
[  681.088574][T21082]  exit_to_user_mode_prepare+0x109/0x190
[  681.094411][T21082]  syscall_exit_to_user_mode+0x20/0x40
[  681.099861][T21082]  do_syscall_64+0x50/0xa0
[  681.104374][T21082]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  681.110275][T21082] RIP: 0033:0x4665f9
[  681.114163][T21082] Code: Unable to access opcode bytes at RIP 0x4665cf.
[  681.121003][T21082] RSP: 002b:00007ff263a1c188 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  681.129470][T21082] RAX: fffffffffffffdfe RBX: 000000000056bf80 RCX: 00000000004665f9
[  681.137574][T21082] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000040
01:01:47 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  681.145541][T21082] RBP: 00007ff263a1c1d0 R08: 0000000000000000 R09: 0000000000000000
[  681.153539][T21082] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001
[  681.161508][T21082] R13: 00007fff361f2d3f R14: 00007ff263a1c300 R15: 0000000000022000
01:01:47 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x20000288}, 0x0, 0x0)

[  681.225561][T21125] loop4: detected capacity change from 0 to 8
[  681.271750][T21141] FAULT_INJECTION: forcing a failure.
[  681.271750][T21141] name failslab, interval 1, probability 0, space 0, times 0
[  681.284420][T21141] CPU: 0 PID: 21141 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  681.294398][T21141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  681.304442][T21141] Call Trace:
[  681.307709][T21141]  dump_stack_lvl+0xd6/0x122
[  681.312295][T21141]  dump_stack+0x11/0x1b
[  681.316455][T21141]  should_fail+0x23c/0x250
[  681.320857][T21141]  __should_failslab+0x81/0x90
[  681.325611][T21141]  ? register_for_each_vma+0x372/0x890
[  681.331096][T21141]  should_failslab+0x5/0x20
[  681.335640][T21141]  kmem_cache_alloc_trace+0x52/0x320
[  681.341074][T21141]  ? register_for_each_vma+0x372/0x890
[  681.346600][T21141]  ? vma_interval_tree_iter_next+0x263/0x280
[  681.352574][T21141]  register_for_each_vma+0x372/0x890
[  681.357849][T21141]  __uprobe_register+0x404/0x8b0
[  681.362837][T21141]  uprobe_register_refctr+0x29/0x40
[  681.368029][T21141]  probe_event_enable+0x2be/0x7d0
[  681.373046][T21141]  ? __uprobe_trace_func+0x440/0x440
[  681.378320][T21141]  trace_uprobe_register+0x88/0x410
[  681.383535][T21141]  perf_trace_event_init+0x34e/0x790
[  681.388822][T21141]  perf_uprobe_init+0xf5/0x140
[  681.393685][T21141]  perf_uprobe_event_init+0xde/0x140
[  681.398964][T21141]  perf_try_init_event+0x21a/0x400
[  681.404123][T21141]  perf_event_alloc+0xa60/0x1790
[  681.409055][T21141]  __se_sys_perf_event_open+0x5db/0x2810
[  681.414681][T21141]  ? proc_fail_nth_read+0x150/0x150
[  681.419868][T21141]  __x64_sys_perf_event_open+0x63/0x70
[  681.425321][T21141]  do_syscall_64+0x44/0xa0
[  681.429775][T21141]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  681.435736][T21141] RIP: 0033:0x4665f9
[  681.439620][T21141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  681.459288][T21141] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  681.467695][T21141] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  681.475663][T21141] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  681.483623][T21141] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  681.491595][T21141] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  681.499560][T21141] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:48 executing program 4:
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x400, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x700)
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001600), 0x0, &(0x7f0000001680)=ANY=[@ANYBLOB='map=acorn,iocharset=iso8859-13,cruft,nocompress,sbsector=0xfffffffffffffff9,nocompress,utf8'])

01:01:48 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:48 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000340)={0x0, 0x4, {0x93, @struct={0x3, 0x9}, <r2=>0x0, 0xa0a4, 0x1ea, 0x800, 0x8, 0x6, 0xe1, @usage=0x9, 0x0, 0x0, [0x80000001, 0x8, 0x40, 0x80, 0x9, 0x6]}, {0x6, @struct={0x7, 0xd87}, 0x0, 0x5ae6, 0x4, 0x3ff, 0xfffffffffffffffe, 0x2b, 0x40, @struct={0x90000, 0x1}, 0x9, 0x2, [0x4, 0x9e, 0x3, 0x2, 0xfee, 0x2]}, {0x3, @usage=0xcd, 0x0, 0x4, 0x3, 0x1, 0x4, 0xd6f9, 0x401, @struct={0xd7, 0x20}, 0x9, 0xff, [0x6, 0x7, 0xe9, 0x7, 0x0, 0x6]}, {0x81, 0xffffffffffff3111, 0x9}})
ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000740)={0x0, 0x3, @start={r2, 0x0, "18e644a5492ea7723cf6478148574f529782006b9f1a1197c4453479a216721542ac40c78d89d0d388bc51eee05eb72318cdea3fbabaa5d52ed3b62860ce0b333ef73c36dcf8de1cf1b22d320f8614f674fa9c8cd55ad90d460f4d208d8ba5a8c2b8627c1bc35f60c3a739197bf06e9857d71654d9efc2f9c5c23d612704f564cec6437226b01acda5834d24123d803f31342ecc842f01aaf2cfa7ea5f13ce2c1578405408420389b03b419155d2bf384862ee71f6b544d62bac4d8f6e2dda12e45936cf85369fd7024f6be2b519a164eb9f405e38ebd671ff73e3be8b051f8be9e2c0a983b46005695bbcb126d70850c2471f4cf9907bbb3bd8731b095a14befbfc040998a2763d42d2954d5b201983dd803578a8209b6d0c0f6f210bd8bd3d3e3d0a7f354542114fe5105a3b0c48e5db21fcf79b73dfdecf28d8c0573b20de8b33efcc5f271983c1a2818e9db7ca42b5624ce8b097fb109a0816ff9430557f140c9ef3e6c5cfc113d659203b07f8972830f11b0ba2056e234cbb325a4842f912b7bcf332a7bc2c1bd0a64889d775cd0a5a883bb3f26d9150c54c5501e6ba1ca00bd3e27e4593e95efcce043ceb3ab911c8a01d8520a6e1f4cc4190a178f3c4fa8593502e7aae5440370e52e0e71bcba96f7d93932fd6479132b20034990967d317c3da52f30700136aada1887c53f79c3b17cf0850ece81fa547eff1b0f371c61182369335e817f343dd5716f736a280f2c4676c5074a6dda64a2258b0da0d93e98a027cc7e6b5c8acb4c3578ba18ad4903809f15c9602457935817adc50aab1c70920b6ad24da1e57aa9894e508e940abebb1eeb9f0d995ef80a271ca80e329f908951757093806e18a5e57e383ed0115783d0df75c9406474ffb36ad1c3b4469f77ea5dc758e2a743b9b91116b5bc6fdf777add87dea00d1f80716940bb4c447916533920f5e437ef75bdc16dd2f173d97a93d5753daf8ab1d5c90e294fc717445bbe0e48169882de5bd810f114b9c11d96d3ff07374177d983557d54be991ece2a344adfd7ccadf56c43db5d93b9b01e34709539df9d0bb540cb457a9686fdc901f110cd99d2361369dc1b1e83bd4b58378ebd80c14c340d34c85f0091afbb6c1499d0c2777f54989ff3bfa14c5add348c3ee5339e628ab6a40c977168a6d9439bcbe5262005e012a5c59822d12f2d01303b132695fb39272b4f3a8a304e645b5835365f733ab2b3ddcc28a4d5e645e72b1b6b3c41547750295371420c12a0b94ad834f09ab7916a18b077f93f85c406092f185ba45b6023592d7b1f0f78fb6ca579ec65c3f8d816095bfe1d6c017102f42fc2fa3a967597d8b8c3195f23cb5307d6e0d1866b051cb58648979bc2c628f505de652a4b6435f3f05c408240358040c14fc1c8e44bdc6210ccda256441a289696b23e4d41163458abf8d27a46", "8d9d3dfbf69ec091f8ef10ba310ff91540b8edcd6965f1d715b576e3c06805b1f39a2c4c4bd193b333a0bbb38a784a54787453b9a9a749be994561e7dc70ae9ab7f5534d50d64cf2bd1d6eb2c58463420caa3a82a5a5f01c0c4cf4f3247406a6389a495ca391ea88ab294b23f6aaac22d3c80bd4daf64d968c9d98e147ee61ef799d688dc2fc395a20d89ff5526315860a19524e24ae981b67582944bf666117401560d99c619bc977df9b30a37a67b8118ea0f12f0d24d15f3fc400ba1fa6479a0668a98af1b8d56f0f1e9607b5f33d75cba11fae004d010581c4be2624e1352cd3747d19f2dff050711fcf21facfb1e492e61c603dc5dcb61781679ed67f5b29a51082cc3972116e8828e9b7dd1822b9e07736a713fb51738cec812e76cbd9fac12275fb4e2272e6260112f49ad545a2660f43cae406ea897f8a4da06c1c8e0275f11e98006c87747280fde9c0b7b8ee54ef2308a4e3004a6685de8f55a4754fe6475ee3db43b2cdf588c9a9a8edf27f44ae0c9d76dd6f79b44446dab8f44a2efb3f011d63f68990a16245b590b24f42b28390382c3c03d237620d898c1fd4d96d1ab0504f0bf19e946a1b15d2691249aa75136b0f158e721ae4827658febb1e08c14c1c6ce9e65cad9d285e2cd05dfa5f1cb01f8d87efea90d149a29c62768d7e761b364f8b5581987920fe86b7d3bbe6192b7f4e84b6a24068af86eb526d7841d1739ec0d384be8dd89878ce197c8bcc4e78dc4ac5fe42037a649fe75b872fd2472888726b5fdaed4919e4bec629c04c66d9b95a8e2836ef4a056bf9a6ea41bff55401900613b72bd5cf67c802b24041c33235cd58188046edc76cce2245552c50e5c2c835dbf05a21b6ee896be42d3db4b1c3d4b2586844d94931af5ae08dab91f9dd312a11103468cebf240d6dbf82b5e9a967218fcef2883fb6632b69459500d367841ff92040ea2891edce2c7f14efbf56416b173e92888f901c79a2ac920619a55597c0b8bd3edb2c237ad1832add9c426a037684f58fe517bf1b4afa62ecdeac59e8a7c7898523adb8236d90dfcd9bcace6bf3adaadd3886609df8e81bc0b58d1b18fc963e710c29eea463fc19320081c29232c3828d92b71f15b383f475d969941f350d619a82199325d052d1f1f529d57471e19eab6f3ec6f4f2fc34ca80cb984bde9a56bf6c003aab8b7c28dc5691c66dbc2b399373a5e7242c5851c3906ca7dec6a0a830a4a485f0db26cd62f7f9bd19a968dcdc502db96265a64fb2afffe647987f6956cee306f5fc469cef5bdee41bb3919a81083bdbb30fe3b0a04de916ee96024fef72ff6e1c1abe34b908784a856960a61f797e35621e13c772d29a99f4390dc65b32377e0ef8e75a9ea49083c51175fd031893216ea8cdc22bfbff38f39417e63b4476c90f5efc7ef3250ae85cbade2a960fafcd8cfcda"}, [0x40, 0x5, 0x8, 0x3, 0x4, 0x8, 0x5, 0x4, 0x40, 0xffffffffffffffff, 0x16c, 0x8, 0x4, 0x401, 0x81, 0x200000, 0x1, 0x80, 0x1, 0x1ff, 0x5, 0x6, 0x4, 0x100000000, 0xc15, 0x400, 0x6, 0x9, 0xc2d9, 0x4, 0xe50, 0xad0, 0x2, 0xf2e, 0x7f, 0x9, 0x17, 0x6, 0x3, 0x8, 0x1ecd, 0x5a7d, 0x4, 0x9546, 0xab35e26, 0x4, 0xfffffffffffffffe, 0x401, 0x6, 0x4, 0x1, 0x2, 0x8, 0x101, 0xfffffffffffffffa, 0x80000000, 0xffffffffffff0001, 0x8, 0x700000000, 0x3d, 0x7, 0x6, 0x101, 0x8]})
r3 = syz_io_uring_complete(0x0)
ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0], 0x2, 0x4})
ioctl$RTC_PIE_ON(r0, 0x7005)
readv(r3, &(0x7f00000000c0)=[{&(0x7f0000001180)=""/4096, 0x1000}], 0x1)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:48 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x20000308}, 0x0, 0x0)

01:01:48 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101002, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3024}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x100, 0x0, 0x0, 0x8000000}, 0x0, 0x0)

01:01:48 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x2)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x2, 0x9, 0x200, 0x5, 0x2, "437ce8b1d4b7e28c0fcea304448e43e92a83fd"})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  681.786790][T21157] ISOFS: Unable to identify CD-ROM format.
[  681.819315][T21118] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  681.827342][T21118] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:48 executing program 0 (fault-call:9 fault-nth:38):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:01:48 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
open(&(0x7f0000000040)='./file0\x00', 0x480a01, 0x44)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={<r3=>r0, 0x5, 0x80, 0x7})
ioctl$RTC_PIE_ON(r3, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  681.860755][T21118] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  681.868787][T21118] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:48 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000140)={0x8, 0xfa, 0xbd2, 0x1, 0x1b, "833cc1587f2e49d8cad2d7ed5de45a53c1c986"})
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/20, 0x14}], 0x1)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x0, '\x00', [{0x8, 0x2, 0x5, 0x5, 0x62, 0x8}, {0x5, 0x4, 0x3, 0x4, 0x4f53, 0x9}], ['\x00']})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

[  681.919491][T21166] ISOFS: Unable to identify CD-ROM format.
[  682.046576][T21186] FAULT_INJECTION: forcing a failure.
[  682.046576][T21186] name failslab, interval 1, probability 0, space 0, times 0
[  682.059247][T21186] CPU: 1 PID: 21186 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  682.069047][T21186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  682.079124][T21186] Call Trace:
[  682.082393][T21186]  dump_stack_lvl+0xd6/0x122
[  682.086984][T21186]  dump_stack+0x11/0x1b
[  682.091194][T21186]  should_fail+0x23c/0x250
[  682.095654][T21186]  __should_failslab+0x81/0x90
[  682.100425][T21186]  ? register_for_each_vma+0x372/0x890
[  682.105875][T21186]  should_failslab+0x5/0x20
[  682.110489][T21186]  kmem_cache_alloc_trace+0x52/0x320
[  682.115771][T21186]  ? register_for_each_vma+0x372/0x890
[  682.121248][T21186]  ? vma_interval_tree_iter_next+0x24c/0x280
[  682.127224][T21186]  register_for_each_vma+0x372/0x890
[  682.132503][T21186]  __uprobe_register+0x404/0x8b0
[  682.137453][T21186]  uprobe_register_refctr+0x29/0x40
[  682.142656][T21186]  probe_event_enable+0x2be/0x7d0
[  682.147668][T21186]  ? __uprobe_trace_func+0x440/0x440
[  682.153029][T21186]  trace_uprobe_register+0x88/0x410
[  682.158217][T21186]  perf_trace_event_init+0x34e/0x790
[  682.163555][T21186]  perf_uprobe_init+0xf5/0x140
[  682.168312][T21186]  perf_uprobe_event_init+0xde/0x140
[  682.173650][T21186]  perf_try_init_event+0x21a/0x400
[  682.178831][T21186]  perf_event_alloc+0xa60/0x1790
[  682.183840][T21186]  __se_sys_perf_event_open+0x5db/0x2810
[  682.189470][T21186]  ? proc_fail_nth_read+0x150/0x150
[  682.194657][T21186]  __x64_sys_perf_event_open+0x63/0x70
[  682.200109][T21186]  do_syscall_64+0x44/0xa0
[  682.204519][T21186]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  682.210426][T21186] RIP: 0033:0x4665f9
[  682.214313][T21186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  682.234007][T21186] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  682.242458][T21186] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  682.250416][T21186] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  682.258378][T21186] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  682.266336][T21186] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  682.274489][T21186] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:49 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:49 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x400a00, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x400000000010001, 0x11fd24de, 0x0, 0x4, 0x0, 0x9187}, 0x0, &(0x7f0000000300)={0x2, 0x0, 0x0, 0x1, 0x0, 0x4}, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={<r1=>0x0, <r2=>0x0})
nanosleep(&(0x7f0000000040)={r1, r2+10000000}, &(0x7f0000000080))

01:01:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000001a050000004800"})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:49 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_AIE_OFF(r0, 0x7002)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:49 executing program 4:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x20000288}, 0x0, 0x0)

01:01:49 executing program 0 (fault-call:9 fault-nth:39):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  682.802974][T21176] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  682.811018][T21176] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  682.828308][T21176] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  682.836384][T21176] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:49 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a03, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
dup(r0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0)
syz_open_pts(r2, 0x40400)
syz_open_pts(r1, 0x0)
r3 = syz_open_pts(r1, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
fsetxattr$trusted_overlay_origin(r3, &(0x7f0000000000), &(0x7f0000000040), 0x2, 0x2)
ioctl$RTC_PIE_ON(r0, 0x7005)
r4 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x80100, 0x90)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x2)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r5 = syz_open_pts(0xffffffffffffffff, 0x0)
readv(r5, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TIOCMIWAIT(r5, 0x545c, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:49 executing program 4:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x20000288}, 0x0, 0x0)

01:01:49 executing program 4:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x20000288}, 0x0, 0x0)

[  683.014158][T21228] FAULT_INJECTION: forcing a failure.
[  683.014158][T21228] name failslab, interval 1, probability 0, space 0, times 0
[  683.026786][T21228] CPU: 1 PID: 21228 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  683.036597][T21228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  683.046816][T21228] Call Trace:
[  683.050088][T21228]  dump_stack_lvl+0xd6/0x122
[  683.054672][T21228]  dump_stack+0x11/0x1b
[  683.058814][T21228]  should_fail+0x23c/0x250
[  683.063353][T21228]  __should_failslab+0x81/0x90
[  683.068106][T21228]  ? register_for_each_vma+0x372/0x890
[  683.073555][T21228]  should_failslab+0x5/0x20
[  683.078079][T21228]  kmem_cache_alloc_trace+0x52/0x320
[  683.083351][T21228]  ? register_for_each_vma+0x372/0x890
[  683.088891][T21228]  ? vma_interval_tree_iter_next+0x263/0x280
[  683.094862][T21228]  register_for_each_vma+0x372/0x890
[  683.100168][T21228]  __uprobe_register+0x404/0x8b0
[  683.105168][T21228]  uprobe_register_refctr+0x29/0x40
[  683.110351][T21228]  probe_event_enable+0x2be/0x7d0
[  683.115402][T21228]  ? __uprobe_trace_func+0x440/0x440
[  683.120674][T21228]  trace_uprobe_register+0x88/0x410
[  683.125859][T21228]  perf_trace_event_init+0x34e/0x790
[  683.131134][T21228]  perf_uprobe_init+0xf5/0x140
[  683.135886][T21228]  perf_uprobe_event_init+0xde/0x140
[  683.141174][T21228]  perf_try_init_event+0x21a/0x400
[  683.146272][T21228]  perf_event_alloc+0xa60/0x1790
[  683.151330][T21228]  __se_sys_perf_event_open+0x5db/0x2810
[  683.156950][T21228]  ? proc_fail_nth_read+0x150/0x150
[  683.162165][T21228]  ? asm_sysvec_call_function_single+0x12/0x20
[  683.168424][T21228]  __x64_sys_perf_event_open+0x63/0x70
[  683.173874][T21228]  do_syscall_64+0x44/0xa0
[  683.178281][T21228]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  683.184165][T21228] RIP: 0033:0x4665f9
[  683.188044][T21228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  683.207667][T21228] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  683.216099][T21228] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  683.224056][T21228] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  683.232012][T21228] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  683.239970][T21228] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  683.247954][T21228] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:49 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x130012, r0, 0x0)

01:01:50 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:50 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
io_setup(0x7, &(0x7f0000000000)=<r1=>0x0)
io_pgetevents(r1, 0xfffffffffffffdb9, 0x1, &(0x7f0000000040)=[{}], &(0x7f0000000080)={0x77359400}, &(0x7f0000000100)={&(0x7f00000000c0)={[0x53]}, 0x8})

01:01:50 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0x8001, 0x4, 0x40, 0x3ff, 0x8, "fb0b0c6c7f2cc3f9bf44eeb8ee19cce9f9b40b"})
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x6]}, 0x8, 0x0)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000040)={0x8, 0x1, 0x7, 0x5600, 0x6, "cd8b3f3a7301c017d5951a2d03fdece708216e"})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:50 executing program 0 (fault-call:9 fault-nth:40):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  683.771131][T21208] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  683.779205][T21208] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  683.796759][T21208] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  683.804810][T21208] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:50 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x31, 0x25, 0x6, 0x11, 0x1, 0x5, 0x0, 0xee, 0x1}})
ioctl$RTC_PIE_ON(r0, 0x7005)
preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x1ff, 0x7fffffff)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x4, 0x2, 0x3}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x200000000000008}, 0x0, 0x0)

01:01:50 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x270702, 0x0)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x15da)

[  683.975980][T21258] FAULT_INJECTION: forcing a failure.
[  683.975980][T21258] name failslab, interval 1, probability 0, space 0, times 0
[  683.988719][T21258] CPU: 1 PID: 21258 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  683.998584][T21258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  684.008625][T21258] Call Trace:
[  684.011895][T21258]  dump_stack_lvl+0xd6/0x122
[  684.016484][T21258]  dump_stack+0x11/0x1b
[  684.020631][T21258]  should_fail+0x23c/0x250
[  684.025039][T21258]  __should_failslab+0x81/0x90
[  684.029813][T21258]  ? register_for_each_vma+0x372/0x890
[  684.035264][T21258]  should_failslab+0x5/0x20
[  684.039823][T21258]  kmem_cache_alloc_trace+0x52/0x320
[  684.045093][T21258]  ? register_for_each_vma+0x372/0x890
[  684.050643][T21258]  ? vma_interval_tree_iter_next+0x24c/0x280
[  684.056675][T21258]  register_for_each_vma+0x372/0x890
[  684.062031][T21258]  __uprobe_register+0x404/0x8b0
[  684.066959][T21258]  uprobe_register_refctr+0x29/0x40
[  684.072193][T21258]  probe_event_enable+0x2be/0x7d0
[  684.077208][T21258]  ? __uprobe_trace_func+0x440/0x440
[  684.082480][T21258]  trace_uprobe_register+0x88/0x410
[  684.087668][T21258]  perf_trace_event_init+0x34e/0x790
[  684.092956][T21258]  perf_uprobe_init+0xf5/0x140
[  684.097712][T21258]  perf_uprobe_event_init+0xde/0x140
[  684.103064][T21258]  perf_try_init_event+0x21a/0x400
[  684.108169][T21258]  perf_event_alloc+0xa60/0x1790
[  684.113098][T21258]  __se_sys_perf_event_open+0x5db/0x2810
[  684.118722][T21258]  ? proc_fail_nth_read+0x150/0x150
[  684.123910][T21258]  ? kcsan_setup_watchpoint+0x94/0x3f0
[  684.129360][T21258]  __x64_sys_perf_event_open+0x63/0x70
[  684.134905][T21258]  do_syscall_64+0x44/0xa0
[  684.139324][T21258]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  684.145215][T21258] RIP: 0033:0x4665f9
[  684.149166][T21258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  684.168830][T21258] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  684.177234][T21258] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  684.185190][T21258] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  684.193149][T21258] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  684.201211][T21258] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  684.209210][T21258] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:50 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:51 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x15, 0x6, 0x2, 0x4, 0x2, 0xffffffff, 0x1, 0xf1, 0xffffffffffffffff}})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r2 = accept$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @local}, &(0x7f0000000140)=0x1c)
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f00000001c0)={{r2}, {@val, @max}})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
getsockopt$inet6_int(r3, 0x29, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0x4)

01:01:51 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x4000000000000000, 0x80000000009, 0x4, 0x0, 0x0, 0x0, 0x0, 0x800000000}, 0x0, &(0x7f0000000000)={0x140000000000000, 0x0, 0x80000000, 0x0, 0x6, 0xfffffffffffffffd, 0xfffffffffffffffc}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f00000000c0)={0x34, 0x14, 0x4, 0x14, 0xb, 0x7fff, 0x3, 0x25})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000ff07000b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a06f04942bc608ebffffff0000000101000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000c00"/192])
ioctl$RTC_UIE_ON(r2, 0x7003)
openat$cgroup_ro(r2, &(0x7f0000000040)='memory.swap.current\x00', 0x0, 0x0)
nanosleep(&(0x7f0000000100)={0x77359400}, &(0x7f0000000140))

01:01:51 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x123980)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x420}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:51 executing program 0 (fault-call:9 fault-nth:41):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  684.731284][T21250] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  684.739359][T21250] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  684.757653][T21250] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  684.765699][T21250] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  684.912452][T21282] FAULT_INJECTION: forcing a failure.
[  684.912452][T21282] name failslab, interval 1, probability 0, space 0, times 0
[  684.925208][T21282] CPU: 1 PID: 21282 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  684.935015][T21282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  684.945089][T21282] Call Trace:
[  684.948359][T21282]  dump_stack_lvl+0xd6/0x122
[  684.952945][T21282]  dump_stack+0x11/0x1b
[  684.957095][T21282]  should_fail+0x23c/0x250
[  684.961509][T21282]  __should_failslab+0x81/0x90
[  684.966261][T21282]  ? register_for_each_vma+0x372/0x890
[  684.971740][T21282]  should_failslab+0x5/0x20
[  684.976235][T21282]  kmem_cache_alloc_trace+0x52/0x320
[  684.981621][T21282]  ? register_for_each_vma+0x372/0x890
[  684.987154][T21282]  ? vma_interval_tree_iter_next+0x263/0x280
[  684.993190][T21282]  register_for_each_vma+0x372/0x890
[  684.998464][T21282]  __uprobe_register+0x404/0x8b0
[  685.003387][T21282]  uprobe_register_refctr+0x29/0x40
[  685.009009][T21282]  probe_event_enable+0x2be/0x7d0
[  685.014081][T21282]  ? __uprobe_trace_func+0x440/0x440
[  685.019426][T21282]  trace_uprobe_register+0x88/0x410
[  685.024645][T21282]  perf_trace_event_init+0x34e/0x790
[  685.029920][T21282]  perf_uprobe_init+0xf5/0x140
[  685.034719][T21282]  perf_uprobe_event_init+0xde/0x140
[  685.040000][T21282]  perf_try_init_event+0x21a/0x400
[  685.045130][T21282]  perf_event_alloc+0xa60/0x1790
[  685.050100][T21282]  __se_sys_perf_event_open+0x5db/0x2810
[  685.055827][T21282]  ? proc_fail_nth_read+0x150/0x150
[  685.061018][T21282]  __x64_sys_perf_event_open+0x63/0x70
[  685.066480][T21282]  do_syscall_64+0x44/0xa0
[  685.070884][T21282]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  685.076820][T21282] RIP: 0033:0x4665f9
[  685.080722][T21282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  685.100321][T21282] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  685.108721][T21282] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  685.116700][T21282] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  685.124662][T21282] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  685.132707][T21282] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  685.140680][T21282] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  685.669796][T21276] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  685.677871][T21276] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  685.695083][T21276] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  685.703084][T21276] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:54 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x130012, r0, 0x0)

01:01:54 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:54 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:54 executing program 3:
r0 = syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8001, 0x1, &(0x7f0000000140)=[{&(0x7f0000000080)="8e85fc4cf370200cdc64a260da6ce0f22109c69ad4dc38f1342af454c3c7c6a7b1da2750ab53cc5ee0225645e046860d2b17ed3c12db424e33f1ab46f570e3f85f0f35499cdb7066d77e6f5877746393a892beb0d6b22db03caf541bc28b90a2dfd1e188f111153dd52e0147988cb0367421a7b418762fd11cd0e0d41b44c1bf27ee55ade772463d671ffd4962a8510d410c6b3aa43019d7f25a150853d463159c5ea43fdaceee", 0xa7, 0xfffffffffffffff8}], 0x4000, &(0x7f00000001c0)={[{'/dev/rtc0\x00'}], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]})
mmap(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x0, 0x10, r0, 0x39e56000)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
ioctl$RTC_PIE_ON(r1, 0x7005)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000200)}, {&(0x7f0000000340)=""/148, 0x94}, {&(0x7f0000000400)=""/4096, 0x1000}], 0x3, 0x6, 0x100)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='memory.low\x00', 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x8})
r3 = syz_open_pts(r0, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000300)={{r3}, 0x0, 0x14, @unused=[0x7, 0x70000, 0x1, 0x20], @subvolid=0x1})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000140)={0xef, 0x100, 0x8, 0x5, 0xf, "b2477e4ea378358f79f00103ac8effc31d4225"})
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
syz_open_pts(r4, 0x402)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r5 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
fremovexattr(r3, &(0x7f0000000040)=@random={'trusted.', 'memory.low\x00'})
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100))

01:01:54 executing program 0 (fault-call:9 fault-nth:42):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  687.589389][T21293] loop3: detected capacity change from 0 to 16383
[  687.608967][T21293] nfs4: Unknown parameter '/dev/rtc0'
[  687.658701][T21293] loop3: detected capacity change from 0 to 16383
[  687.677903][T21293] nfs4: Unknown parameter '/dev/rtc0'
[  687.744978][T21315] FAULT_INJECTION: forcing a failure.
[  687.744978][T21315] name failslab, interval 1, probability 0, space 0, times 0
[  687.757691][T21315] CPU: 0 PID: 21315 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  687.767523][T21315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  687.777563][T21315] Call Trace:
[  687.780830][T21315]  dump_stack_lvl+0xd6/0x122
[  687.785432][T21315]  dump_stack+0x11/0x1b
[  687.789575][T21315]  should_fail+0x23c/0x250
[  687.793993][T21315]  __should_failslab+0x81/0x90
[  687.798795][T21315]  ? register_for_each_vma+0x372/0x890
[  687.804251][T21315]  should_failslab+0x5/0x20
[  687.808762][T21315]  kmem_cache_alloc_trace+0x52/0x320
[  687.814030][T21315]  ? register_for_each_vma+0x372/0x890
[  687.819523][T21315]  ? vma_interval_tree_iter_next+0x24c/0x280
[  687.825550][T21315]  register_for_each_vma+0x372/0x890
[  687.830823][T21315]  __uprobe_register+0x404/0x8b0
[  687.835770][T21315]  uprobe_register_refctr+0x29/0x40
[  687.841017][T21315]  probe_event_enable+0x2be/0x7d0
[  687.846027][T21315]  ? __uprobe_trace_func+0x440/0x440
[  687.851309][T21315]  trace_uprobe_register+0x88/0x410
[  687.856500][T21315]  perf_trace_event_init+0x34e/0x790
[  687.861835][T21315]  perf_uprobe_init+0xf5/0x140
[  687.866593][T21315]  perf_uprobe_event_init+0xde/0x140
[  687.871902][T21315]  perf_try_init_event+0x21a/0x400
[  687.877042][T21315]  perf_event_alloc+0xa60/0x1790
[  687.881992][T21315]  __se_sys_perf_event_open+0x5db/0x2810
[  687.887613][T21315]  ? plist_check_list+0xf9/0x160
[  687.892542][T21315]  ? finish_task_switch+0xce/0x290
[  687.897640][T21315]  __x64_sys_perf_event_open+0x63/0x70
[  687.903176][T21315]  do_syscall_64+0x44/0xa0
[  687.907585][T21315]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  687.913473][T21315] RIP: 0033:0x4665f9
[  687.917353][T21315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  687.936988][T21315] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  687.945477][T21315] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  687.953433][T21315] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  687.961389][T21315] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  687.969690][T21315] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  687.977643][T21315] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:54 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x3c1800, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0xa450, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x11d}, 0x0, &(0x7f0000000300)={0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x9}, 0x0, 0x0)

01:01:55 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:55 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000000)={0x2, 0x10, 0x11, 0x12, 0x4, 0x18bb, 0x5, 0xdc})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000040)={0x80000002})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0xffffffffffff8001, 0xffaffffffffffffd, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000300)={0x8, 0x3}, 0x0, 0x0)

01:01:55 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x130012, r0, 0x0)

01:01:55 executing program 0 (fault-call:9 fault-nth:43):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:01:55 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r2 = semget$private(0x0, 0x6, 0x0)
semop(r2, &(0x7f0000000300)=[{0x0, 0xffff, 0x496f41e741add76c}, {0x0, 0x2000}], 0x2)
semop(r2, &(0x7f0000000000)=[{0x0, 0x7d5f}], 0x1)
clock_gettime(0x0, &(0x7f0000000040)={<r3=>0x0, <r4=>0x0})
semtimedop(r2, &(0x7f0000000000)=[{0x2, 0x2, 0x1000}, {0x1, 0x7, 0x1800}, {0x4, 0x40, 0x1000}, {0x0, 0x400, 0xc00}, {0x2, 0x6, 0x1000}, {0x5, 0x101, 0x1000}, {0x1, 0xf69}], 0x7, &(0x7f00000000c0)={r3, r4+60000000})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  688.494279][T21294] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  688.502333][T21294] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  688.523795][T21294] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  688.531820][T21294] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  688.688098][T21342] FAULT_INJECTION: forcing a failure.
[  688.688098][T21342] name failslab, interval 1, probability 0, space 0, times 0
[  688.700760][T21342] CPU: 1 PID: 21342 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  688.710552][T21342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  688.720652][T21342] Call Trace:
[  688.723918][T21342]  dump_stack_lvl+0xd6/0x122
[  688.728497][T21342]  dump_stack+0x11/0x1b
[  688.732641][T21342]  should_fail+0x23c/0x250
[  688.737094][T21342]  __should_failslab+0x81/0x90
[  688.741852][T21342]  ? register_for_each_vma+0x372/0x890
[  688.747376][T21342]  should_failslab+0x5/0x20
[  688.751875][T21342]  kmem_cache_alloc_trace+0x52/0x320
[  688.757243][T21342]  ? register_for_each_vma+0x372/0x890
[  688.762759][T21342]  ? vma_interval_tree_iter_next+0x263/0x280
[  688.768814][T21342]  register_for_each_vma+0x372/0x890
[  688.774143][T21342]  __uprobe_register+0x404/0x8b0
[  688.779073][T21342]  uprobe_register_refctr+0x29/0x40
[  688.784308][T21342]  probe_event_enable+0x2be/0x7d0
[  688.789318][T21342]  ? __uprobe_trace_func+0x440/0x440
[  688.794589][T21342]  trace_uprobe_register+0x88/0x410
[  688.799804][T21342]  perf_trace_event_init+0x34e/0x790
[  688.805137][T21342]  perf_uprobe_init+0xf5/0x140
[  688.809890][T21342]  perf_uprobe_event_init+0xde/0x140
[  688.815229][T21342]  perf_try_init_event+0x21a/0x400
[  688.820329][T21342]  perf_event_alloc+0xa60/0x1790
[  688.825269][T21342]  __se_sys_perf_event_open+0x5db/0x2810
[  688.830888][T21342]  ? proc_fail_nth_read+0x150/0x150
[  688.836071][T21342]  __x64_sys_perf_event_open+0x63/0x70
[  688.841545][T21342]  do_syscall_64+0x44/0xa0
[  688.845973][T21342]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  688.851860][T21342] RIP: 0033:0x4665f9
[  688.855748][T21342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  688.875351][T21342] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  688.883745][T21342] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  688.891717][T21342] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  688.899675][T21342] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  688.907630][T21342] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  688.915600][T21342] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:55 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0xfffffffffffffff7, 0x0, 0x0, 0x2, 0x4}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x3b5, 0x0, 0x40000000000000}, 0x0, 0x0)

01:01:55 executing program 3:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:55 executing program 3:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffff, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="f724c2ced475fe45443b7676e7a6aab37efb4201918856ffac59219e56e0cc2f0f06bedf024fa19c67375956a562f8dbab5fea30870ffc2a548988b5f2fdfce3a9178ec9c9f327c00aeb3c4236e2a0393f3347c66617f530beab5ac18af419f34c85df5ca3a09f9a4b736aa73e", 0x6d, 0x3d8}], 0x4000, &(0x7f00000003c0)=ANY=[@ANYBLOB="726e695f786c6174653d6266c515695f786c6174655a302c73686f72746e616d653d6d697865642c756e695f786c617465000000000000e12e3958e9f9c18301acff495cda785672768927802ce4e31d84f6889de8632c7355cd5070a940e80c22", @ANYRESDEC=0x0, @ANYBLOB=',func=PATH_CHECK,fsname=/dev/rtc0\x00,permit_directio,dont_hash,obj_user=/dev/rtc0\x00,\x00'])
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x11, r0, 0xcfbb7000)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x6, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x4000000000, 0x1}, 0x0, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x80, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x20)
ioctl$RTC_IRQP_SET(r2, 0x4008700c, 0x235)

[  689.223829][T21358] loop3: detected capacity change from 0 to 127
[  689.233017][T21358] FAT-fs (loop3): Unrecognized mount option "rni_xlate=bfÅi_xlateZ0" or missing value
[  689.302284][T21358] loop3: detected capacity change from 0 to 127
[  689.314827][T21358] FAT-fs (loop3): Unrecognized mount option "rni_xlate=bfÅi_xlateZ0" or missing value
01:01:55 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:56 executing program 3:
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0xff)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:56 executing program 0 (fault-call:9 fault-nth:44):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  689.446560][T21332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  689.454609][T21332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  689.472140][T21332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  689.480157][T21332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:56 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x8400, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x33, 0x7, 0x7, 0x13, 0x6, 0x10000, 0x3, 0x105, 0x1})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000005, 0x13, r2, 0x2439000)
clock_gettime(0x6, &(0x7f0000000000))
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x80040, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22, 0xfffffffa, @remote}, 0x1c)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x2, 0x4, 0x3, 0x6, 0x1, "0221096a7aca5213"})
socket$inet6(0xa, 0x80000, 0x6)

01:01:56 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x130012, r0, 0x0)

[  689.613399][T21391] FAULT_INJECTION: forcing a failure.
[  689.613399][T21391] name failslab, interval 1, probability 0, space 0, times 0
[  689.626153][T21391] CPU: 1 PID: 21391 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  689.635947][T21391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  689.645988][T21391] Call Trace:
[  689.649298][T21391]  dump_stack_lvl+0xd6/0x122
[  689.653873][T21391]  dump_stack+0x11/0x1b
[  689.658012][T21391]  should_fail+0x23c/0x250
[  689.662411][T21391]  __should_failslab+0x81/0x90
[  689.667191][T21391]  ? register_for_each_vma+0x372/0x890
[  689.672650][T21391]  should_failslab+0x5/0x20
[  689.677213][T21391]  kmem_cache_alloc_trace+0x52/0x320
[  689.682479][T21391]  ? register_for_each_vma+0x372/0x890
[  689.687991][T21391]  ? vma_interval_tree_iter_next+0x24c/0x280
[  689.694004][T21391]  register_for_each_vma+0x372/0x890
[  689.699276][T21391]  __uprobe_register+0x404/0x8b0
[  689.704233][T21391]  uprobe_register_refctr+0x29/0x40
[  689.709413][T21391]  probe_event_enable+0x2be/0x7d0
[  689.714462][T21391]  ? __uprobe_trace_func+0x440/0x440
[  689.719730][T21391]  trace_uprobe_register+0x88/0x410
[  689.724910][T21391]  perf_trace_event_init+0x34e/0x790
[  689.730191][T21391]  perf_uprobe_init+0xf5/0x140
[  689.734950][T21391]  perf_uprobe_event_init+0xde/0x140
[  689.740224][T21391]  perf_try_init_event+0x21a/0x400
[  689.745321][T21391]  perf_event_alloc+0xa60/0x1790
[  689.750252][T21391]  __se_sys_perf_event_open+0x5db/0x2810
[  689.755868][T21391]  ? proc_fail_nth_read+0x150/0x150
[  689.761049][T21391]  __x64_sys_perf_event_open+0x63/0x70
[  689.766507][T21391]  do_syscall_64+0x44/0xa0
[  689.770924][T21391]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  689.776816][T21391] RIP: 0033:0x4665f9
[  689.780694][T21391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  689.800283][T21391] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  689.808741][T21391] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  689.816691][T21391] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  689.824644][T21391] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  689.832633][T21391] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  689.840586][T21391] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:56 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x0, 0x4, 0x93, 0x4, 0x4, "2caf8c955ebe8d0b3e9f82708e07e4fe44bb76"})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000000))
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:56 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:56 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x78d381, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0)
pselect6(0x40, &(0x7f0000000280)={0xfffffffffffffffc}, 0x0, &(0x7f0000000000)={0x8}, 0x0, 0x0)

01:01:56 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)

01:01:57 executing program 1:
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x3, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4880}, 0x1)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0xfffffffffffffff7, 0x0, 0x8}, 0x0, &(0x7f0000000300)={0x40100000000, 0x0, 0x800000000, 0x0, 0x9, 0x0, 0x0, 0x2}, 0x0, 0x0)
clock_gettime(0x1, &(0x7f0000000000))
ioctl$RTC_PLL_GET(r0, 0x80207011, &(0x7f0000000140))

01:01:57 executing program 0 (fault-call:9 fault-nth:45):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  690.375547][T21382] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  690.383567][T21382] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  690.401474][T21382] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  690.409577][T21382] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:57 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x2, 0x1, 0x2})
ioctl$RTC_PIE_ON(r0, 0x7005)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)
ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:57 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r1=>r0, 0x3, 0x9, 0x4})
ioctl$RTC_AIE_ON(r1, 0x7001)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
r3 = accept$inet(r1, 0x0, &(0x7f0000000080))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000340)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, <r4=>0x0})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r2, 0x50009417, &(0x7f0000000540)={{r3}, r4, 0x12, @unused=[0x100000000, 0xff, 0x5, 0x24304aef], @subvolid})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  690.565016][T21432] FAULT_INJECTION: forcing a failure.
[  690.565016][T21432] name failslab, interval 1, probability 0, space 0, times 0
[  690.577663][T21432] CPU: 0 PID: 21432 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  690.587539][T21432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  690.597579][T21432] Call Trace:
[  690.600858][T21432]  dump_stack_lvl+0xd6/0x122
[  690.605435][T21432]  dump_stack+0x11/0x1b
[  690.609631][T21432]  should_fail+0x23c/0x250
[  690.614079][T21432]  __should_failslab+0x81/0x90
[  690.618827][T21432]  ? register_for_each_vma+0x372/0x890
[  690.624273][T21432]  should_failslab+0x5/0x20
[  690.628761][T21432]  kmem_cache_alloc_trace+0x52/0x320
[  690.634030][T21432]  ? register_for_each_vma+0x372/0x890
[  690.639473][T21432]  ? vma_interval_tree_iter_next+0x263/0x280
[  690.645445][T21432]  register_for_each_vma+0x372/0x890
[  690.650715][T21432]  __uprobe_register+0x404/0x8b0
[  690.655636][T21432]  uprobe_register_refctr+0x29/0x40
[  690.660917][T21432]  probe_event_enable+0x2be/0x7d0
[  690.665925][T21432]  ? __uprobe_trace_func+0x440/0x440
[  690.671197][T21432]  trace_uprobe_register+0x88/0x410
[  690.676440][T21432]  perf_trace_event_init+0x34e/0x790
[  690.681714][T21432]  perf_uprobe_init+0xf5/0x140
[  690.686500][T21432]  perf_uprobe_event_init+0xde/0x140
[  690.691773][T21432]  perf_try_init_event+0x21a/0x400
[  690.696871][T21432]  perf_event_alloc+0xa60/0x1790
[  690.701793][T21432]  __se_sys_perf_event_open+0x5db/0x2810
[  690.707413][T21432]  ? plist_check_list+0xf9/0x160
[  690.712418][T21432]  ? finish_task_switch+0xce/0x290
[  690.717514][T21432]  __x64_sys_perf_event_open+0x63/0x70
[  690.723000][T21432]  do_syscall_64+0x44/0xa0
[  690.727482][T21432]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  690.733471][T21432] RIP: 0033:0x4665f9
[  690.737377][T21432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  690.756966][T21432] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  690.765432][T21432] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  690.773467][T21432] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  690.781424][T21432] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  690.789378][T21432] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  690.797333][T21432] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:57 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x100)
openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x101000, 0x1a0)
ppoll(&(0x7f0000000040), 0x0, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:57 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)

01:01:57 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:57 executing program 3:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000002c0)={r1})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000000)={r1, 0x1, 0xffffffffffffffff, 0x1})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x3, 0x1, 0x5})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000300)={<r4=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000002c0)={r4})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000100)={r4, 0x2, 0x100})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000080)={r1, 0xfff, 0x7fffffff})
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r5, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:57 executing program 0 (fault-call:9 fault-nth:46):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  691.318699][T21420] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  691.326789][T21420] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  691.344701][T21420] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  691.352750][T21420] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:58 executing program 1:
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x65)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  691.517170][T21459] FAULT_INJECTION: forcing a failure.
[  691.517170][T21459] name failslab, interval 1, probability 0, space 0, times 0
[  691.529901][T21459] CPU: 0 PID: 21459 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  691.539767][T21459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  691.549805][T21459] Call Trace:
[  691.553075][T21459]  dump_stack_lvl+0xd6/0x122
[  691.557656][T21459]  dump_stack+0x11/0x1b
[  691.561795][T21459]  should_fail+0x23c/0x250
[  691.566217][T21459]  __should_failslab+0x81/0x90
[  691.570967][T21459]  ? register_for_each_vma+0x372/0x890
[  691.576426][T21459]  should_failslab+0x5/0x20
[  691.580917][T21459]  kmem_cache_alloc_trace+0x52/0x320
[  691.586232][T21459]  ? register_for_each_vma+0x372/0x890
[  691.591702][T21459]  ? vma_interval_tree_iter_next+0x24c/0x280
[  691.597671][T21459]  register_for_each_vma+0x372/0x890
[  691.603007][T21459]  __uprobe_register+0x404/0x8b0
[  691.607934][T21459]  uprobe_register_refctr+0x29/0x40
[  691.613125][T21459]  probe_event_enable+0x2be/0x7d0
[  691.618132][T21459]  ? __uprobe_trace_func+0x440/0x440
[  691.623429][T21459]  trace_uprobe_register+0x88/0x410
[  691.628615][T21459]  perf_trace_event_init+0x34e/0x790
[  691.633889][T21459]  perf_uprobe_init+0xf5/0x140
[  691.638640][T21459]  perf_uprobe_event_init+0xde/0x140
[  691.643968][T21459]  perf_try_init_event+0x21a/0x400
[  691.649163][T21459]  perf_event_alloc+0xa60/0x1790
[  691.654227][T21459]  __se_sys_perf_event_open+0x5db/0x2810
[  691.659905][T21459]  ? proc_fail_nth_read+0x150/0x150
[  691.665086][T21459]  __x64_sys_perf_event_open+0x63/0x70
[  691.670943][T21459]  do_syscall_64+0x44/0xa0
[  691.675352][T21459]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  691.681266][T21459] RIP: 0033:0x4665f9
[  691.685143][T21459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  691.704731][T21459] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  691.713128][T21459] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  691.721177][T21459] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  691.729134][T21459] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  691.737158][T21459] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  691.745157][T21459] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:01:58 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0xffffffae, 0x0, 0x100085a7, 0x0, 0x12, "f4ffffffffffff1d0100000000000100"})
r1 = syz_open_pts(r0, 0x28001)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)

01:01:58 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  692.124616][   T22] audit: type=1326 audit(1631322118.709:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.148617][   T22] audit: type=1326 audit(1631322118.709:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=16 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.173299][   T22] audit: type=1326 audit(1631322118.709:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.198113][   T22] audit: type=1326 audit(1631322118.709:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.222871][   T22] audit: type=1326 audit(1631322118.709:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
01:01:58 executing program 0 (fault-call:9 fault-nth:47):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  692.275622][T21452] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  692.283623][T21452] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  692.301503][T21452] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  692.309511][T21452] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:01:59 executing program 1:
r0 = io_uring_setup(0x6d80, &(0x7f0000000080)={0x0, 0x6889, 0x10, 0x2, 0x142})
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000100))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$RTC_UIE_ON(r2, 0x7003)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x9010, r1, 0xe0ba6000)
ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000000)={0x23, 0x3b, 0x4, 0x8, 0x0, 0xbdf5, 0x1, 0x7c})

[  692.370693][   T22] audit: type=1326 audit(1631322118.709:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.394930][   T22] audit: type=1326 audit(1631322118.709:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.420445][   T22] audit: type=1326 audit(1631322118.709:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.446892][   T22] audit: type=1326 audit(1631322118.709:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  692.472094][T21485] FAULT_INJECTION: forcing a failure.
[  692.472094][T21485] name failslab, interval 1, probability 0, space 0, times 0
[  692.484740][T21485] CPU: 0 PID: 21485 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  692.494598][T21485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  692.504640][T21485] Call Trace:
[  692.507910][T21485]  dump_stack_lvl+0xd6/0x122
[  692.512562][T21485]  dump_stack+0x11/0x1b
[  692.516766][T21485]  should_fail+0x23c/0x250
[  692.521171][T21485]  __should_failslab+0x81/0x90
[  692.525948][T21485]  ? register_for_each_vma+0x372/0x890
[  692.531455][T21485]  should_failslab+0x5/0x20
[  692.535952][T21485]  kmem_cache_alloc_trace+0x52/0x320
[  692.541238][T21485]  ? register_for_each_vma+0x372/0x890
[  692.546769][T21485]  ? vma_interval_tree_iter_next+0x263/0x280
[  692.552744][T21485]  register_for_each_vma+0x372/0x890
[  692.558021][T21485]  __uprobe_register+0x404/0x8b0
[  692.562946][T21485]  uprobe_register_refctr+0x29/0x40
[  692.568129][T21485]  probe_event_enable+0x2be/0x7d0
[  692.573168][T21485]  ? __uprobe_trace_func+0x440/0x440
[  692.578438][T21485]  trace_uprobe_register+0x88/0x410
[  692.583624][T21485]  perf_trace_event_init+0x34e/0x790
[  692.588899][T21485]  perf_uprobe_init+0xf5/0x140
[  692.593650][T21485]  perf_uprobe_event_init+0xde/0x140
[  692.598925][T21485]  perf_try_init_event+0x21a/0x400
[  692.604147][T21485]  perf_event_alloc+0xa60/0x1790
[  692.609073][T21485]  __se_sys_perf_event_open+0x5db/0x2810
[  692.614729][T21485]  ? proc_fail_nth_read+0x150/0x150
[  692.619914][T21485]  __x64_sys_perf_event_open+0x63/0x70
[  692.625363][T21485]  do_syscall_64+0x44/0xa0
[  692.629767][T21485]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  692.635714][T21485] RIP: 0033:0x4665f9
[  692.639591][T21485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  692.659182][T21485] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  692.667579][T21485] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  692.675537][T21485] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  692.683494][T21485] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  692.691448][T21485] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  692.699402][T21485] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  692.755720][   T22] audit: type=1326 audit(1631322118.709:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
01:01:59 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:01:59 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:01:59 executing program 3:
setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)='system_u:system_r:kernel_t:s0\x00', 0x1e, 0x4)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:01:59 executing program 5:
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x1, 0x9, 0x80, 0x8}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x400c095)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:01:59 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
creat(&(0x7f0000000340)='./file0\x00', 0x185)
r2 = open(&(0x7f0000000200)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r2, &(0x7f00000000c0)='./file0\x00')
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x101000, 0x0)
dup(r3)
mkdirat(r1, &(0x7f0000000180)='./file0/file0\x00', 0x0)
r4 = open(&(0x7f0000000140)='./file0/file0\x00', 0x0, 0x0)
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r7, 0x0)
preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
renameat2(r6, &(0x7f0000000100)='./file0\x00', r5, &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2)
symlinkat(&(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r2, &(0x7f00000001c0)='./file0/file0\x00')
renameat2(r4, &(0x7f0000000bc0)='./file0\x00', r1, &(0x7f0000007580)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0xffffffffffff8004}, 0x0, 0x0)

01:01:59 executing program 0 (fault-call:9 fault-nth:48):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  693.219877][T21480] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  693.227894][T21480] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  693.245118][T21480] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  693.253141][T21480] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  693.395617][T21516] FAULT_INJECTION: forcing a failure.
[  693.395617][T21516] name failslab, interval 1, probability 0, space 0, times 0
[  693.408266][T21516] CPU: 1 PID: 21516 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  693.418118][T21516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  693.428155][T21516] Call Trace:
[  693.431460][T21516]  dump_stack_lvl+0xd6/0x122
[  693.436039][T21516]  dump_stack+0x11/0x1b
[  693.440181][T21516]  should_fail+0x23c/0x250
[  693.444586][T21516]  __should_failslab+0x81/0x90
[  693.449393][T21516]  ? register_for_each_vma+0x372/0x890
[  693.454835][T21516]  should_failslab+0x5/0x20
[  693.459324][T21516]  kmem_cache_alloc_trace+0x52/0x320
[  693.464593][T21516]  ? register_for_each_vma+0x372/0x890
[  693.470039][T21516]  ? vma_interval_tree_iter_next+0x24c/0x280
[  693.476053][T21516]  register_for_each_vma+0x372/0x890
[  693.481335][T21516]  __uprobe_register+0x404/0x8b0
[  693.486258][T21516]  uprobe_register_refctr+0x29/0x40
[  693.491441][T21516]  probe_event_enable+0x2be/0x7d0
[  693.496455][T21516]  ? __uprobe_trace_func+0x440/0x440
[  693.501744][T21516]  trace_uprobe_register+0x88/0x410
[  693.506941][T21516]  perf_trace_event_init+0x34e/0x790
[  693.512312][T21516]  perf_uprobe_init+0xf5/0x140
[  693.517138][T21516]  perf_uprobe_event_init+0xde/0x140
[  693.522415][T21516]  perf_try_init_event+0x21a/0x400
[  693.527517][T21516]  perf_event_alloc+0xa60/0x1790
[  693.532499][T21516]  __se_sys_perf_event_open+0x5db/0x2810
[  693.538121][T21516]  ? plist_check_list+0xf9/0x160
[  693.543050][T21516]  ? finish_task_switch+0xce/0x290
[  693.548148][T21516]  __x64_sys_perf_event_open+0x63/0x70
[  693.553669][T21516]  do_syscall_64+0x44/0xa0
[  693.558081][T21516]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  693.564012][T21516] RIP: 0033:0x4665f9
[  693.567895][T21516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  693.587529][T21516] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  693.595924][T21516] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  693.603879][T21516] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  693.611916][T21516] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  693.619870][T21516] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  693.627823][T21516] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:00 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)

01:02:00 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00')
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)={0x0, 0x0, {0x28, 0x21, 0xe, 0x18, 0x3, 0x9, 0x5, 0xc4}})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:00 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:00 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = fsopen(&(0x7f00000001c0)='afs\x00', 0x1)
syncfs(r1)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x2}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x1f, 0x40000000000}, 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x220103, 0x0)
io_setup(0x3, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000240)='V', 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}])
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x468600, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r8, 0xc0c0583b, &(0x7f0000001e00)=ANY=[@ANYBLOB="0000000000ff07000b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f9ff01e1ffffff0000000000290e0000000000000000000000000000b42b471160d2ff1be5dd0c014c3f7200000000000000200000000000000000000000ffffffff0000000000000000000000000000000000000000fbffffffffd129a8242388ffffff00000000000000000000000000000000c5000000000000000000000100000000"])
io_submit(0x0, 0x9, &(0x7f0000001d80)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x7, 0x4, r2, &(0x7f00000005c0)="fc2d8e0dfac625ac89999b40dd780016277cd3f8fe24cb40a14945a58869e6e4bbf8c0078b0f5a4a2857878d2456d55cb9b57c8b6d4754fbe36c36afe4f636e5218a96bc5a26647c6786e3cdcaaaedd911e91d11dd530ea982968a5799702f04ccbdbb2c8465e24018070f282a06ae072058a3b0fcb8b6b6b39dcd16e30fef1a3de22a10ec0b5b11daeb2d", 0x8b, 0x2, 0x0, 0x1, r5}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x2, 0x7, r2, &(0x7f0000000680)="1555401b1158e14b33d030cad70bdc56fce246863746208f85a090193dbd2e39bb87c09b00218ae6c4d624579b8282f9bcb4661455e2cdf2c167d1a2c760d33f7f3cf2b542ea2094ea0d40dbbc02a23ba6488a15455a0c13fc4ea020502df785", 0x60, 0x7, 0x0, 0x1}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffffff, &(0x7f0000000740)="1700acc4a5e86a2a50e70e79ec66b8ef8cabfefc5e100f3d3585676b2cd75007f3b20bde04db4f9612137fd2086b84e662c0a75fb79227a28d013c456ce25f0fe9c042a507d1ed3a8f43c5d3d6c4e2c26ac017bb2de11e161c6a267485a2a1ede1764b45ce0fccaa2ac84a06d2f4bb12765e162d32fc356731a2d13b309e400782f08915", 0x84, 0x80000001, 0x0, 0x1, r3}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x8, 0x6, r1, &(0x7f0000000840)="63516e941786b7c95f1e63c3b8be00e7ec43f442fe58f805012958740f599d9e0fa6d26d8dbdaeeaf6d06b0ce37df328de2f9677b2017fbe989fb41e977dce08ffff54a814921d8587ce27f5dcbe33cb4dc3270b76", 0x55}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x2, 0x1, r5, &(0x7f0000000900)="c0b36ae1fbd181c145ab7a8018ce91d429220e243326603f88a41d00332c29db69677b37f1567eb8797f91886e4622915e6256e9b414bae4742aba36007f40d7ca2a361f089f205c220e5eb501399932761ea7f2446f145b7fab59d42f", 0x5d, 0x1, 0x0, 0x3}, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x7, 0x6, 0xffffffffffffffff, &(0x7f00000009c0)="298dd37011d03ba83e322bb76c2ef5f06b0ed683608ebafd04007ff2277dcc8bcbaef6c4b74d6ca6d968d5409d96efa893c76a3d9983b55855e9f8c563fce61ef0d2d4ac2d413d8bebe9ae006f14388d6e33ed44d9a6aa9b2154094b5743cabcfbcbabbc9cf1bc51b9946168f577020b5e25eb242dc94dba6628119b237a60345c9f33c8a02e29d94d", 0x89, 0x5, 0x0, 0x1, r5}, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x3, 0x0, r6, &(0x7f0000000ac0)="d35197b311c5036b64122fd1cb9a54c4875a07c936bc836efed655cb1a6a7edc346613c42180e7567452a77ec54162a5c6248b711ce50d8278302a4d000f31407b771960fa59c66aa4cb7ea265249f5a461aa10cf6e0556425e65e452255995dca953d1a713e245027b8570e1b3520140384bcef6177ce42d88da52e9bfc9bf11e591ae6840115f5da24f4dd9e3437a5c9553c139fc4b4df8095aa0a9da424878ad185ddd775a0db51442b82dbc6f430561e473606f3dccc71218440e97c1e28d152464354d7b4192d8b6165c59d470893c416ac5cff48f2e94dd239cad6f78c600cf345c2e638cd5b7dceef06051180a6f585adba7bd45b0c02d17d", 0xfc, 0x9, 0x0, 0x1}, &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x2, 0xb34, r5, &(0x7f0000000c00)="2524709ee2616631578c97d76bb384254693389e243e1b975927e0d8231bbac8d9465d221bb046a38803f72b0cbf02ba13679a715956bbacea1bafa5f8f00ab96fc5673a422aac6a33b35687be95407e0b5ffc7c8ab9b2778ba933e27cb54f55c606ffd40f1e21cbb737444c0503edfbe137bd8080a499ecfa98d9cf4de2d045df4cf56c9a02434a96d3614226cdb25afae256197fb4d30609b05977cc320206d97fd5f003f8dd4b6449010c7548cc1e950a94affab01cee6e28f8556d300f73d15e9a61b55532ebaeb0ce1fe8c7c9600c3a34824dd2227b5cede2279473456debcf2b57559c2965585a154738e421bcaa85618c81df3b86222e101a286fe9b66b83e42e0e8f14099d1118f7ed9c2f9924c6529a78304840dc9b0587972309f628c6e4f601214ac93c39483df1df5b9f90b1ec313d2e8455b19a969af508925351c6796074c4bbcedbbce649fabd7864c039fb23beb02983c0ffcdc0059bc9a692cf807d63e12e041e096e7545217b73e13723e4e2929752f60437537d467f651442311747ea49646a9dfdfe6ea828ebe6ec43d5c2ff2829a8dbf6b7db839847981454943ed0dc8c5e18cc8e98e13586c3c9e04dbf45d06af192e5fea8666725397c8e95c5ef8b41e34bc72c8c12fa64b0e5fd5f1694d5c895b94d72446f519be6ea11aa23292367a7dec8a81bc5ca64b421d51f34220e4bea9843916560b57403edd938419a0dc7e787f3ad613002aecc18e0e376007861dbd6dcefee79fd3c8d698838d3468cc60ecba20b9917cafe7bd6805fcb5d2d4d9bbab5329402cd440e60e112d862e9bdeec9b7a75ec050e86d321ba14c6cc6a96c737426d95f189e8830d8dd8524e2800f58d6387489c0103aca6ea5bc7f78882cffe2929000ea55b93e5a3e9528352056ed2f4412800092cdafb38a6d039734801a42f6ee786198b04e2785006e6a5bdcfe62b44c1b02a3a79591df4ef047683591fa4943e737fb8cc29eef6ce11187a135deea019661495cf7fc0f3a5edc85d9bd1a140f5d58dab1a551986159de6b9bf6fb743ff6ca4c7e3c03915ef62f2d17005694da1ecba4e38a12d917116d7395eca5b8da327f4b7e979dd4e95e897bf0dfdc61de70a3d40c677a9538a9eb2712a9f5c4b6b8d90976c1ecd60af5c2e8b3f0f3377ede85b5cea72ed6fcf4c385a7b001ed17b6be77c970ed62f213e80becffe3e0164776bc6b51602931617564bb846b61c309f93c64daca510ecd65be1b15df6e5b7d80e8d71ec06fc60648b5c2753cd472eb9f7a06a670986d197ee6bbed88254da5d35259460f284f28d173f066633cb367dc21d2ac72e5362af12a5aaabf675016c294732813f4c07cf46571a407406abf5a1833afa780810434078bd9895c3080fc758b8e0e43fa84c34722d7bb89bc38483fc6f57b14978a83874691aed7f8d83d6361d2d041613b838e45e48fee750fa48e6dc4d8d21ee87c5f067aea4e1f4157b9c80d2d62c4749f6cc7b70c6974d9d553b909c6902a0e7180e0601b3a340854bff4876b0fff2e5c69c67b990ffc49433ad7a4c662f80b40ad1eea42674ecd2ac164a3a82efcffdbcf93dfad451119f543d44b35d72aaac2513a97735adbc04586a6ed139d979a94748abe207886267cfcbf577e8bcdf354e46f77a7d1d6402faedae7b848fa56d76db07294e6e59d8d418475e85b9416d23de7658c3d9ccb056552aa89f70a18aa008231e333f11026fc5ee1cdd0733905216454379740551414578eee3ca9b7248af5bb1d9cdd3113c9253e187c4691b8436165cdaa011ed0f88eee7b7c8202e66085a946faf3fb7be5f8f2b21f31a8a3b81f402dd3d6ac0b31500bb444b3306f1d94e465ece4818ab4b0c41c68c1a1f97929e2cb1cc6ccb487f90ba228ea08790d77dcd45b30fe54d2fcf819ca062f5b74691c10732dc7ed27c5e97ddd74667ed599c3a31c99ce19a8590178918c857bcbaf70408cb6b5ed01aa4ee16d8015d1d5fa305c2a13b4cabb4892c41e93598247657ef59e560bdb4aa3ed2d7a809079fb947164be8794b7f91ec749ab5ce262c36d9453ab2d5c59f993e49e19bc0a7a8ec252c7504696086a401dfb97c56fd7c615629f3fb172f9fe1b1f5193d7bceec796a128a983dfcf1abac7265b56289edf787de06a41b1836d0f346768a51705a9aac5a28011de3fa3a400d3b1a6742d410b45119610b58fee0d0be6729c260e155c2780989231c43fe1f78c3649e737fbf61e41966ce1f71642bf0817ec85e81c50e46b88540f0b7b7c74203ab26e8fc09f25b3cd336e61b5a5cc397b068abda158f90b8583d2565aeb9dbb9cc5f0c584508411c35ef187e1b587643d062cf24282bcdab4658c09a70b70df0b7bf196b235166a90326774be43b4a2c44cefc248c3fe8df1e79a46b3ee6a502586c03d97e6d6d8b28bb2561c9dc7f646aa37b2f6a31ada64c4239f2e45c8bcc8c37f5cb42636aca2108b1cae5854bb923159e3618435da26652d6eb85599aa1e872ba05e3e3d73fee9b28eaa02731020b22d954e520c63c508cff207e2f890fc7e7855ec0e36023e4c1744924d2ef8ddca5074b072ee7803a737b2eed0dadb5aaba147736993bec0eda6451bcdd03436ed6d722cb714ba1fc780aa1c545b3b4ea9a4c94a811d8e6da625089a69f7f0a23c99cf156ae51fa7c8af535aa757eb6b23a942dde186cce1328f03a6669fe26fcc350e5a69b570f644e9a537a5d2ef26de00a51c254ed8a181191302b3ad99ca14f5ff0d8f0a729b8f863a70b65c7ea9f4a8632c64d472bab8d5c10b9c6b47c58b0595d65a8af37181a45bb01e155983cb26026266e3a6901ab2254a7d26363cde955456e58260bf57db4765411c724eecb4a148df79d43132417712a683142aae002634cfa3fcfb93a1acac724b1e6c0314f103e3a5b7902162c885ec81114c06f906173ed68748d5558184af49c6bd4ca1178a12122e2975a035cd0d216eb2169a68dd15923d41a0bcc1ffe3f32b8a5e8b4ceba9977ffbd04aeeba50bbc4e166ae4e730f239ea04be6c8ad9a3ca9961769dada5a7b7c305c589e61668eca889232be9f04621e5e12f7cee59ef3d52b5703310578ab4bddd73bffe8f7ade9dcabc61cf50091d72db08d958f77d3e74b39a4b69e3342d7a50af13cdf3df0d88533b249bc256f59f58d0e2faca958080db65189e55a6c4d52620886103883525fafbe68851e41980c1c235a30bb5c32b22e74488a6d4f139227cc998a19e4e0be3eaefc65476d6abccb78f4667cf7a99aebeb970c0ba75688adeabe4a736891c8a4b60a941dbd0a7cb3c1900e4ea849d5cc63ae2c4deb7897d4f203dad86bdcf81730039bc0ec389357e3588b66b740f5deb6f8a71b889127f42e67c372f314deb8f4da9ef70c5c87cac252d0b2e0b84359bb9a5caa1262ebb78f7916dc921a73e78c194dc9d37e23680f466e3b42e87629d9a52833c3220b0557129bb5d229c299ca30e81932ca125d8158544432fc938175119d138ffe7e52b927fe87687624e408b9208353e9a0555d4ce337295cfb2e768f2b43f1518c8591b5964b8bc8d442c4abf39bcb63913c08402be328a9315f55da8ed3f7e21a2630260ede542746a82d82d794dfeba219613d50e7988ed467a2db6139b92723918c8491d2c4bc359f81c2f296ff19d72d089adc5fccec5deea7187178c44d242ed80c0d3584e5286b21b993afadabd0721b5745f64bb9c8acb879e315951d6ad5cff6ff0f7be2eef604ebc74a178324c8a1dad90f906017f2a9f7bd44af9d7eea93483e51c42dbe3c5fd3d933315b37403914295fa2506715fe162b60f7fdf3c39edc5390a9f4fe1091b7bbba7005c3c8c656f68ee15d874ee5b5d97f982e9a5c4b3ca91008136241cfe820c1b2304a651b66c13a30ff8d8dbfe2149c008346f8f3beb27201b1ee2eec15948d615063835376548920b720d874c9249fe6a83acd3bf137d9cd0455f87c4bdb1faa2493a7bbc09ee1c5a060ea5ecbb51a6c85f59455417a40bf1dc286b15f00d193afb532c1382eeadad1728629671d5ee4517bdfb319d35fb22c9c1b572c36b210d16a478809c76a6736149db3ac27e3c240d29c0ca57029d70af777a91dc0508051e9e3c93572f6b816cdda8d11f66ea1a0300f87eb4e42a15905cefd3e157a4e2b51407ba197e79b9afa21ea8c20c4abc92f294413ed943c9b6797189ad718998b54d71c2a430ad09fd2b50838d3434c98f9f12f8ac9e9a3bf157b2984ade6dc20f95daf1cee89c84b6d1edb2c9233239de7dade31425455a3e719a70cace81b23ec553e62faf45b77dac8d4144858b06d55ba96ee2c26b2e350ea085ce25769f806bc2690356ad56085ca09195e6b1e29774cceb9470658e98568a47f4f08040cdb53e03978a49cbb4b3816dca2f2221f3446e85884b9b2ae1436321d02e8c1768d8420defcfb09e48cf1f6e6002e952af89b6e96e71c92aede421f8a4006ce655933d95c8d08b7ac719a520a577978a4e375685b0836b2edb64e9d7fa8f68778cd39aa634b1b2ffe48ace66fb6d9c8725a2a4c88d61bcdc3051bdb7e3cce6f7c3c4a81890a394d04482011fcaf6c36046023cd1b39bfedbf95d7a0d083eac671619bcc0999594abbb2bf73e7c95c835b0b8da6ed6eb3b78788cdf1b55fc48e5bdd21ef0791e5a5bcb9e530d36ca3e50fe78b3291f3a4e959886c7f8fcfb95d73351c118c7d0d833a3236a0e2dc7b86045552f8cfa03e7e38a154b329db109b688e92b290f47706e677444bb91c4f8c4a04ce1292ab7a568aea384eab6a034285a287bc3ce1a471d28789ff57bce891fc43c97557b8caff5edc083cd105ab5228d2b35b0c78adbcf2983d0ed5a4ac8cc3faae75549c4d257a3322f952dbea292dd6a5ad9645e2082474dfb5bade8c48035880527dc3fe48cb1aa0d91d22c7ab33bae33313f33e52e261b8c70361fe0e421848f0f1b3e143457bf13dd14c2fbd1fe72a594011f2d5ba9923e9973f248bf780e8861b4c3ab34f89b0fd88621788d59b862f3dd50a4db1a9735911790b8dbd852134dc9bcd810c54d28007eb052f3ae703b5769cc343bc0e90a552d31b52576565a6da7621cd99b65cbb4dc8b89c7f61046ee758698aeb567d81455cfeae83426cc3f4e54a1bed001e51f7a1377379a042310c8706f23052be4c96031b7197403876e8639488c1bd8fe5e2ae25e197b96a59abc28d2a8529e5229b3c24d4c974a06da213d197425b3dbd5edea8b96716dae7edf8390871b24aff9b45fd095d73bffd3250f7911d5ba7fdb8a3a002d688795f4f78cce2d4bd1086d94bb7f2a3ce297a1b3085ec31248143080a30646876f2a57ef96b8eb4dfcefc944ac5d4a19450856277c4e08b0936a3918dc79d58302a4cd2377b39fbfb6f1fb3622a8ae3ffe70f0559a3ce53cd85f195e0e987c90806ab3f15e9d1c92c65ce2f74210a8f5eb41fee358982d993af60293d998cb3f2316f4034c0dc7f58294384aa4c14a70c07f2dd9b10f012b84732e009eb5a8ca4317454da8a06d4d330f2be9b87475a04d3d424b170607a9dd24e1c50618fa6b451c5f4f6e6cebbf85d72c25e342a37e9b139fae940c6ccdadc0ffdacd78c635b273162191ab80e87a6f6d9ae6bf3bd36296d93684ec3f2a900f56a9f8783ace530fcded7c1ca19a65bfeb9a1359d46a0fdd01719782bbedcf9e28c859ee0c4562935f3c8ed78856f3356e8b596f45e16eb4641cb1fe5c1d7d921d87f74f2ab4642e6ca4480e8546bbff1821dd6caf6d883a70fd0", 0x1000, 0x7111, 0x0, 0x1, r7}, &(0x7f0000001d40)={0x0, 0x0, 0x0, 0x8, 0x1bc, r0, &(0x7f0000001c40)="e201a3e1a1f05a95b8e8155a8d0f634df33a480be27ca4f038fa98d74d51b4a06d8d550c3330ccb3023cbb80848e730c6d6d717d3141614856a1635915685a975647d71cd5ce9a1c57a6bd56a6566344687bf0af2bfc58e888701e2a796902d4df8a6ce86db9a1c2474b19f0d4e724f5bbd94a833d609d57f286a47fa5e3cde4b77986a1ccf95b5abf58d999ab5240849a2d73fff7abad7d02d87f1c7928430a372ed011a596b11ac98982417734adb6068c3921c7ddca6e6275e334e764e9cb964e415c0deba4a7c35a", 0xca, 0xf, 0x0, 0x3, r8}])
io_cancel(r4, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x3, 0x0, r1, &(0x7f0000000380)="6e5db1f247b0c2c023835228b632d655e9502c733e3b24528a489a5c5cd144be19d794db59134b60d33e280fe506ea16a9e9dc7f0b125bb8f41c1f7943c8ea35e79a20bd7755a07b5c493830635f88496909b203c77205b7dd666a111e059e5fc1a91796b2ec9f4600603ffc4022d05727b7b2d0d1cbc4c4a9789d7428e8c575849b897b9e794eec2ab6f9054b47812ca79245b24d3c294cc31ae0", 0x9b, 0x4, 0x0, 0x1, r5}, &(0x7f00000004c0))
io_pgetevents(r4, 0x2, 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f0000000080), &(0x7f0000000100)={&(0x7f00000000c0)={[0xb418]}, 0x8})

01:02:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
r1 = perf_event_open(&(0x7f0000000280)={0x3, 0x80, 0x8, 0x0, 0x0, 0x3f, 0x0, 0x0, 0xc0, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7fff, 0x3, @perf_bp={&(0x7f0000000000), 0x8}, 0x810, 0x6f, 0x1, 0x4, 0x70, 0x400, 0x4, 0x0, 0x2, 0x0, 0x6}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100))

01:02:00 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000ff07000b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000004be0889d245f32498cfbbb2983710000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffffffffffff00"/192])
r2 = openat(r1, &(0x7f00000000c0)='./file0\x00', 0x0, 0x110)
ioctl$RTC_PIE_ON(r2, 0x7005)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000ff07000b0000000000000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000000000000000062b654c6655f36376f5bd10f8105e8691b4be73a6d1df60acf6fc61150"])
ioctl$RTC_WKALM_SET(r3, 0x4028700f, &(0x7f0000000040)={0x0, 0x1, {0x9, 0x1a, 0x7, 0x8, 0xa, 0x8edf, 0x1, 0x13e, 0x1}})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x24480, 0x0)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r5, 0xf50f, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000ff07000b0000000041b66875a3e8fca500000000000000000000000000000042c115c2ff661d7f00000000000000000000000000000000000000000000000000000000000000000000001c000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000e1d997f0b9542b45677707bbe00000000000000000000ffffffff0000000000000000000000001000000000008000ffffffffffffffff0000000000000000000000da578f3e589a027f72e44a0ca85ac5daefe9e2de042dff4af68f1a77709187c271b5c0e14dbd2fa3896b071a687084e3c9cc4315d5b5ce18ddda3c76b3640b96b09da45eafac1102c01613b79d276ddb50a6efe05835c25abca10a6766b89fe6f1b9a37f7b64c5d04b2d597c3ace0368355cb1cb4ae696b020c2cd4b9a268e24c657"])
ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0x1cf9)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:00 executing program 0 (fault-call:9 fault-nth:49):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  694.155668][T21511] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  694.163703][T21511] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  694.181672][T21511] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  694.189697][T21511] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  694.325684][T21550] FAULT_INJECTION: forcing a failure.
[  694.325684][T21550] name failslab, interval 1, probability 0, space 0, times 0
[  694.338341][T21550] CPU: 1 PID: 21550 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  694.348140][T21550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  694.358188][T21550] Call Trace:
[  694.361491][T21550]  dump_stack_lvl+0xd6/0x122
[  694.366073][T21550]  dump_stack+0x11/0x1b
[  694.370564][T21550]  should_fail+0x23c/0x250
[  694.374964][T21550]  __should_failslab+0x81/0x90
[  694.379716][T21550]  ? register_for_each_vma+0x372/0x890
[  694.385177][T21550]  should_failslab+0x5/0x20
[  694.389667][T21550]  kmem_cache_alloc_trace+0x52/0x320
[  694.394938][T21550]  ? register_for_each_vma+0x372/0x890
[  694.400398][T21550]  ? vma_interval_tree_iter_next+0x263/0x280
[  694.406394][T21550]  register_for_each_vma+0x372/0x890
[  694.411688][T21550]  __uprobe_register+0x404/0x8b0
[  694.416627][T21550]  uprobe_register_refctr+0x29/0x40
[  694.421871][T21550]  probe_event_enable+0x2be/0x7d0
[  694.426881][T21550]  ? __uprobe_trace_func+0x440/0x440
[  694.432151][T21550]  trace_uprobe_register+0x88/0x410
[  694.437333][T21550]  perf_trace_event_init+0x34e/0x790
[  694.442604][T21550]  perf_uprobe_init+0xf5/0x140
[  694.447355][T21550]  perf_uprobe_event_init+0xde/0x140
[  694.452627][T21550]  perf_try_init_event+0x21a/0x400
[  694.457814][T21550]  perf_event_alloc+0xa60/0x1790
[  694.462740][T21550]  __se_sys_perf_event_open+0x5db/0x2810
[  694.468365][T21550]  ? proc_fail_nth_read+0x150/0x150
[  694.473548][T21550]  __x64_sys_perf_event_open+0x63/0x70
[  694.478994][T21550]  do_syscall_64+0x44/0xa0
[  694.483443][T21550]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  694.489357][T21550] RIP: 0033:0x4665f9
[  694.493232][T21550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  694.512824][T21550] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  694.521244][T21550] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  694.529227][T21550] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  694.537204][T21550] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  694.545164][T21550] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  694.553122][T21550] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:01 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)

01:02:01 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:01 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0x0, 0x0, '\x00', [{}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000000)={0x3, 0x1, {0x12, 0x5, 0x8, 0xc, 0x2, 0x3, 0x1, 0x106, 0xffffffffffffffff}})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:01 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x4})
syz_open_pts(r3, 0x0)
syz_open_pts(r3, 0x0)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={0xc000, 0x0, 0x10}, 0x18)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
r5 = dup3(r3, r4, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r5, 0x2, r2)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
readv(r4, &(0x7f0000000140)=[{&(0x7f0000000280)=""/220, 0xdc}, {&(0x7f0000000380)=""/163, 0xa3}], 0x2)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:01 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffffd, 0x3ff}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x100000000000000}, 0x0, 0x0)

01:02:01 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x4000000000000}, 0x0, &(0x7f0000000300)={0x8, 0x4, 0x0, 0x9, 0x3}, 0x0, 0x0)
r1 = syz_io_uring_complete(0x0)
ioctl$RTC_AIE_OFF(r1, 0x7002)

01:02:01 executing program 0 (fault-call:9 fault-nth:50):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  695.083656][T21545] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  695.091668][T21545] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  695.109307][T21545] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  695.117310][T21545] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:01 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x2d, 0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000740)={0x0, 0xfffffffffffffffe, 0x62, 0xa8, @scatter={0x5, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/179, 0xb3}, {&(0x7f0000000340)=""/252, 0xfc}, {&(0x7f00000001c0)=""/135, 0x87}, {&(0x7f0000000440)=""/247, 0xf7}, {&(0x7f0000000540)=""/136, 0x88}]}, &(0x7f0000000600)="6f140a0905f8f48af61d80441a56acf216132a3f71d8822ec4738d84cc51aea9b3fcfacd0ffd723930853a6648e9f83c9cea8d799bb441f2fedb796140182407c192b8bc49749cc2a7bbd52162328f8111c4139a76a937fd9854d1472f98ade31d6e", &(0x7f0000000680)=""/141, 0xfffffffd, 0x6, 0x1, &(0x7f00000002c0)})

01:02:01 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000000)={0x35, 0xe, 0x10, 0x17, 0x7, 0x4, 0x3, 0xab, 0x1})
clock_gettime(0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
pselect6(0x40, &(0x7f0000000080)={0x3, 0x3, 0x3, 0x63f9, 0x8000, 0x4, 0x7fffffff, 0x10}, &(0x7f00000000c0)={0x9, 0x81, 0x7, 0x1, 0x9000000, 0x0, 0x5, 0x4}, &(0x7f0000000100)={0x100000000, 0x1, 0x16d, 0x6, 0x6, 0x5, 0x25, 0x101}, &(0x7f00000001c0)={r1, r2+60000000}, &(0x7f0000000240)={&(0x7f0000000200)={[0x1]}, 0x8})
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000040)={0x2, 0x1c, 0xf, 0x1c, 0x1, 0x6, 0x3, 0x10f})

[  695.284604][T21593] FAULT_INJECTION: forcing a failure.
[  695.284604][T21593] name failslab, interval 1, probability 0, space 0, times 0
[  695.297238][T21593] CPU: 0 PID: 21593 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  695.307032][T21593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  695.317069][T21593] Call Trace:
[  695.320332][T21593]  dump_stack_lvl+0xd6/0x122
[  695.324912][T21593]  dump_stack+0x11/0x1b
[  695.329051][T21593]  should_fail+0x23c/0x250
[  695.333447][T21593]  __should_failslab+0x81/0x90
[  695.338196][T21593]  ? register_for_each_vma+0x372/0x890
[  695.343686][T21593]  should_failslab+0x5/0x20
[  695.348170][T21593]  kmem_cache_alloc_trace+0x52/0x320
[  695.353626][T21593]  ? register_for_each_vma+0x372/0x890
[  695.359133][T21593]  ? vma_interval_tree_iter_next+0x24c/0x280
[  695.365184][T21593]  register_for_each_vma+0x372/0x890
[  695.370458][T21593]  __uprobe_register+0x404/0x8b0
[  695.375407][T21593]  uprobe_register_refctr+0x29/0x40
[  695.380590][T21593]  probe_event_enable+0x2be/0x7d0
[  695.385600][T21593]  ? __uprobe_trace_func+0x440/0x440
[  695.390867][T21593]  trace_uprobe_register+0x88/0x410
[  695.396052][T21593]  perf_trace_event_init+0x34e/0x790
[  695.401342][T21593]  perf_uprobe_init+0xf5/0x140
[  695.406155][T21593]  perf_uprobe_event_init+0xde/0x140
[  695.411426][T21593]  perf_try_init_event+0x21a/0x400
[  695.416601][T21593]  perf_event_alloc+0xa60/0x1790
[  695.421531][T21593]  __se_sys_perf_event_open+0x5db/0x2810
[  695.427156][T21593]  ? plist_check_list+0xf9/0x160
[  695.432081][T21593]  ? finish_task_switch+0xce/0x290
[  695.437188][T21593]  __x64_sys_perf_event_open+0x63/0x70
[  695.442662][T21593]  do_syscall_64+0x44/0xa0
[  695.447078][T21593]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  695.453017][T21593] RIP: 0033:0x4665f9
[  695.456894][T21593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  695.476483][T21593] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  695.484884][T21593] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  695.492846][T21593] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  695.500828][T21593] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  695.508781][T21593] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  695.516747][T21593] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:02 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)

01:02:02 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:02 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x80400, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x632)
r2 = socket(0x23, 0x800, 0x10001)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
sync_file_range(r4, 0x0, 0x1000, 0x3)
syncfs(r2)
read(r4, &(0x7f0000000340)=""/143, 0x8f)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r5, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:02 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
preadv(r2, &(0x7f0000000500)=[{&(0x7f0000000040)=""/53, 0x35}, {&(0x7f0000000080)=""/173, 0xad}, {&(0x7f0000000140)=""/7, 0x7}, {&(0x7f00000001c0)=""/151, 0x97}, {&(0x7f0000000340)=""/130, 0x82}, {&(0x7f0000000400)=""/246, 0xf6}], 0x6, 0xed2, 0x5)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000000)=0x2)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:02 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000000)={0xebe, 0x4924, 0x8, 0x8, 0x2, "03c0d2a492d4098814db8f70ae23d2c59a3405", 0x8, 0x3})
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x15)
syz_open_pts(r3, 0x22c0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:02 executing program 0 (fault-call:9 fault-nth:51):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  696.037134][T21580] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  696.045166][T21580] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  696.063029][T21580] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  696.071037][T21580] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  696.239703][T21624] FAULT_INJECTION: forcing a failure.
[  696.239703][T21624] name failslab, interval 1, probability 0, space 0, times 0
[  696.252341][T21624] CPU: 1 PID: 21624 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  696.262161][T21624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  696.272196][T21624] Call Trace:
[  696.275456][T21624]  dump_stack_lvl+0xd6/0x122
[  696.280034][T21624]  dump_stack+0x11/0x1b
[  696.284170][T21624]  should_fail+0x23c/0x250
[  696.288568][T21624]  __should_failslab+0x81/0x90
[  696.293402][T21624]  ? register_for_each_vma+0x372/0x890
[  696.298852][T21624]  should_failslab+0x5/0x20
[  696.303384][T21624]  kmem_cache_alloc_trace+0x52/0x320
[  696.308651][T21624]  ? register_for_each_vma+0x372/0x890
[  696.314097][T21624]  ? vma_interval_tree_iter_next+0x263/0x280
[  696.320150][T21624]  register_for_each_vma+0x372/0x890
[  696.325488][T21624]  __uprobe_register+0x404/0x8b0
[  696.330412][T21624]  uprobe_register_refctr+0x29/0x40
[  696.335601][T21624]  probe_event_enable+0x2be/0x7d0
[  696.340608][T21624]  ? __uprobe_trace_func+0x440/0x440
[  696.345876][T21624]  trace_uprobe_register+0x88/0x410
[  696.351059][T21624]  perf_trace_event_init+0x34e/0x790
[  696.356387][T21624]  perf_uprobe_init+0xf5/0x140
[  696.361142][T21624]  perf_uprobe_event_init+0xde/0x140
[  696.366464][T21624]  perf_try_init_event+0x21a/0x400
[  696.372003][T21624]  perf_event_alloc+0xa60/0x1790
[  696.376928][T21624]  __se_sys_perf_event_open+0x5db/0x2810
[  696.382569][T21624]  ? plist_check_list+0xf9/0x160
[  696.387544][T21624]  ? finish_task_switch+0xce/0x290
[  696.392636][T21624]  __x64_sys_perf_event_open+0x63/0x70
[  696.398099][T21624]  do_syscall_64+0x44/0xa0
[  696.402500][T21624]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  696.408433][T21624] RIP: 0033:0x4665f9
[  696.412314][T21624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  696.431947][T21624] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  696.440412][T21624] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  696.448367][T21624] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  696.456321][T21624] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  696.464273][T21624] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  696.472224][T21624] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:03 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)

01:02:03 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:03 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x3}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:03 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000000)={0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff}, 0x0, 0x0)

01:02:03 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x400800, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:03 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
preadv(r2, &(0x7f00000006c0)=[{&(0x7f0000000280)=""/154, 0x9a}, {&(0x7f0000000000)=""/42, 0x2a}, {&(0x7f0000000340)=""/167, 0xa7}, {&(0x7f0000000040)=""/62, 0x3e}, {&(0x7f0000000400)=""/158, 0x9e}, {&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f0000000540)=""/221, 0xdd}, {&(0x7f0000000640)=""/122, 0x7a}, {&(0x7f0000000140)=""/2, 0x2}, {&(0x7f00000001c0)=""/34, 0x22}], 0xa, 0xca, 0x6)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
close(r2)

01:02:03 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0xfe)

01:02:03 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x100, 0x26)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:03 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x1e, 0x18, 0x7, 0x8, 0x8, 0xe2a, 0x4, 0xe6, 0x1}})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  696.987270][T21620] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  696.995321][T21620] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  697.024057][T21620] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
01:02:03 executing program 0 (fault-call:9 fault-nth:52):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  697.032097][T21620] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  697.336869][T21673] FAULT_INJECTION: forcing a failure.
[  697.336869][T21673] name failslab, interval 1, probability 0, space 0, times 0
[  697.349566][T21673] CPU: 0 PID: 21673 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  697.359382][T21673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  697.369499][T21673] Call Trace:
[  697.372768][T21673]  dump_stack_lvl+0xd6/0x122
[  697.377442][T21673]  dump_stack+0x11/0x1b
[  697.381609][T21673]  should_fail+0x23c/0x250
[  697.386017][T21673]  __should_failslab+0x81/0x90
[  697.390823][T21673]  ? register_for_each_vma+0x372/0x890
[  697.396272][T21673]  should_failslab+0x5/0x20
[  697.400767][T21673]  kmem_cache_alloc_trace+0x52/0x320
[  697.406049][T21673]  ? register_for_each_vma+0x372/0x890
[  697.411564][T21673]  ? vma_interval_tree_iter_next+0x24c/0x280
[  697.417559][T21673]  register_for_each_vma+0x372/0x890
[  697.422834][T21673]  __uprobe_register+0x404/0x8b0
[  697.427769][T21673]  uprobe_register_refctr+0x29/0x40
[  697.432988][T21673]  probe_event_enable+0x2be/0x7d0
[  697.438019][T21673]  ? __uprobe_trace_func+0x440/0x440
[  697.443304][T21673]  trace_uprobe_register+0x88/0x410
[  697.448528][T21673]  perf_trace_event_init+0x34e/0x790
[  697.453809][T21673]  perf_uprobe_init+0xf5/0x140
[  697.458569][T21673]  perf_uprobe_event_init+0xde/0x140
[  697.463851][T21673]  perf_try_init_event+0x21a/0x400
[  697.468967][T21673]  perf_event_alloc+0xa60/0x1790
[  697.473908][T21673]  __se_sys_perf_event_open+0x5db/0x2810
[  697.479618][T21673]  ? proc_fail_nth_read+0x150/0x150
[  697.484815][T21673]  __x64_sys_perf_event_open+0x63/0x70
[  697.490272][T21673]  do_syscall_64+0x44/0xa0
[  697.494771][T21673]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  697.500692][T21673] RIP: 0033:0x4665f9
[  697.504576][T21673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  697.524287][T21673] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:02:04 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)

01:02:04 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = syz_open_dev$vcsu(&(0x7f00000000c0), 0xc66, 0x84200)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0x0, 0x0, '\x00', [{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x8, 0x5, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)={0x0, 0x1, {0x2e, 0x2d, 0x0, 0x3, 0x4, 0x6, 0x0, 0x1}})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:04 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  697.532779][T21673] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  697.540745][T21673] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  697.548709][T21673] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  697.556676][T21673] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  697.564683][T21673] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:04 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:04 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:04 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:04 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = syz_open_pts(r0, 0x20000)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x4c, 0x3, 0xfffffffb, 0x101, 0xc, "ef47f76de599e0a682e84a08ef9abeb0a9fe53"})
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100))

01:02:04 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x8, &(0x7f0000001380)=0x6, 0x4)
r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000002780)=""/102380, &(0x7f0000000040)=0x18fec)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x5d, 0x7, 0x0, 0x0, 0x0, 0x81}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x9647, 0x4, 0x9, 0xffffffff}, 0x0, 0x0)

[  697.924879][T21668] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  697.932910][T21668] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000080f6eff6
[  697.954792][T21668] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  697.962789][T21668] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:04 executing program 0 (fault-call:9 fault-nth:53):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  697.980115][T21668] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  697.988142][T21668] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000080f6eff6
[  698.000724][T21668] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  698.008729][T21668] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  698.153750][T21711] FAULT_INJECTION: forcing a failure.
[  698.153750][T21711] name failslab, interval 1, probability 0, space 0, times 0
[  698.166401][T21711] CPU: 1 PID: 21711 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  698.176197][T21711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  698.186234][T21711] Call Trace:
[  698.189496][T21711]  dump_stack_lvl+0xd6/0x122
[  698.194073][T21711]  dump_stack+0x11/0x1b
[  698.198213][T21711]  should_fail+0x23c/0x250
[  698.202614][T21711]  __should_failslab+0x81/0x90
[  698.207363][T21711]  ? register_for_each_vma+0x372/0x890
[  698.212806][T21711]  should_failslab+0x5/0x20
[  698.217309][T21711]  kmem_cache_alloc_trace+0x52/0x320
[  698.222580][T21711]  ? register_for_each_vma+0x372/0x890
[  698.228021][T21711]  ? vma_interval_tree_iter_next+0x263/0x280
[  698.234048][T21711]  register_for_each_vma+0x372/0x890
[  698.239330][T21711]  __uprobe_register+0x404/0x8b0
[  698.244252][T21711]  uprobe_register_refctr+0x29/0x40
[  698.249433][T21711]  probe_event_enable+0x2be/0x7d0
[  698.254517][T21711]  ? __uprobe_trace_func+0x440/0x440
[  698.259783][T21711]  trace_uprobe_register+0x88/0x410
[  698.264964][T21711]  perf_trace_event_init+0x34e/0x790
[  698.270245][T21711]  perf_uprobe_init+0xf5/0x140
[  698.275056][T21711]  perf_uprobe_event_init+0xde/0x140
[  698.280428][T21711]  perf_try_init_event+0x21a/0x400
[  698.285524][T21711]  perf_event_alloc+0xa60/0x1790
[  698.290492][T21711]  __se_sys_perf_event_open+0x5db/0x2810
[  698.296116][T21711]  ? proc_fail_nth_read+0x150/0x150
[  698.301297][T21711]  __x64_sys_perf_event_open+0x63/0x70
[  698.306745][T21711]  do_syscall_64+0x44/0xa0
[  698.311153][T21711]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  698.317091][T21711] RIP: 0033:0x4665f9
[  698.320965][T21711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  698.340553][T21711] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  698.349012][T21711] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  698.357015][T21711] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  698.364966][T21711] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  698.372924][T21711] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  698.380878][T21711] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:05 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)

01:02:05 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000000), 0xffffffff, 0x101000)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x1d10)
ioctl$RTC_AIE_ON(r0, 0x7001)

01:02:05 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000000)={0x80, 0x1f, 0x4b71, 0x1, 0x2, "a7836454999098997011848dcb3536a5e1aad2"})
r3 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100))

01:02:05 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x9, 0x1, &(0x7f0000000100)=[{&(0x7f0000000080)="ad7b8d4a72dcd59afa409b5f49e53dcc8c8201712d300d5367663f0e521a9da7e4bb7d188b08968e8a383a2354c30e6d2b6aac1fcab61aff492c8345858faae143c4e62f83fa4c7bc56eb73e90754dcb00502b043710a702d3fcf820ea22f36796930d3b241048a2888ae934c2ddc4f97135a864af5e783a604b249685eca8e0", 0x80}], 0x8, &(0x7f0000000140)={[{@noacl}], [{@smackfsroot={'smackfsroot', 0x3d, 'I^-'}}, {@hash}]})
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x9, 0x30, r1, 0xd53a9000)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f00000003c0)='./file0\x00')
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
io_setup(0x3, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000240)='V', 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}])
clock_gettime(0x0, &(0x7f00000002c0))
io_pgetevents(r4, 0x7d, 0x5, &(0x7f00000001c0)=[{}, {}, {}, {}, {}], &(0x7f0000000340)={0x0, 0x989680}, &(0x7f0000000400)={&(0x7f0000000380)={[0x1f]}, 0xfffffffffffffe9c})

[  698.864252][T21729] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
01:02:05 executing program 0 (fault-call:9 fault-nth:54):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  698.905094][T21706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  698.913110][T21706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  698.930742][T21706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  698.938766][T21706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  699.076600][T21745] FAULT_INJECTION: forcing a failure.
[  699.076600][T21745] name failslab, interval 1, probability 0, space 0, times 0
[  699.089229][T21745] CPU: 1 PID: 21745 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  699.099021][T21745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  699.109056][T21745] Call Trace:
[  699.112328][T21745]  dump_stack_lvl+0xd6/0x122
[  699.116920][T21745]  dump_stack+0x11/0x1b
[  699.121057][T21745]  should_fail+0x23c/0x250
[  699.125483][T21745]  __should_failslab+0x81/0x90
[  699.130228][T21745]  ? register_for_each_vma+0x372/0x890
[  699.135673][T21745]  should_failslab+0x5/0x20
[  699.140237][T21745]  kmem_cache_alloc_trace+0x52/0x320
[  699.145508][T21745]  ? register_for_each_vma+0x372/0x890
[  699.150967][T21745]  ? vma_interval_tree_iter_next+0x24c/0x280
[  699.156975][T21745]  register_for_each_vma+0x372/0x890
[  699.162285][T21745]  __uprobe_register+0x404/0x8b0
[  699.167211][T21745]  uprobe_register_refctr+0x29/0x40
[  699.172404][T21745]  probe_event_enable+0x2be/0x7d0
[  699.177454][T21745]  ? __uprobe_trace_func+0x440/0x440
[  699.182722][T21745]  trace_uprobe_register+0x88/0x410
[  699.187903][T21745]  perf_trace_event_init+0x34e/0x790
[  699.193217][T21745]  perf_uprobe_init+0xf5/0x140
[  699.197964][T21745]  perf_uprobe_event_init+0xde/0x140
[  699.203236][T21745]  perf_try_init_event+0x21a/0x400
[  699.208400][T21745]  perf_event_alloc+0xa60/0x1790
[  699.213419][T21745]  __se_sys_perf_event_open+0x5db/0x2810
[  699.219174][T21745]  ? proc_fail_nth_read+0x150/0x150
[  699.224358][T21745]  __x64_sys_perf_event_open+0x63/0x70
[  699.229863][T21745]  do_syscall_64+0x44/0xa0
[  699.234317][T21745]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  699.240201][T21745] RIP: 0033:0x4665f9
[  699.244077][T21745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  699.263668][T21745] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  699.272092][T21745] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  699.280046][T21745] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  699.287999][T21745] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  699.295949][T21745] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  699.303901][T21745] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:06 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00')
ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000040))
ioctl$RTC_PIE_ON(r0, 0x7005)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000080)=0x10001, 0x4)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:06 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0x1, 0x4)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  699.837338][T21737] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  699.845385][T21737] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  699.863691][T21737] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  699.871773][T21737] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:08 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:08 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000002c0)={r1})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000000)={r1, 0x1, 0xffffffffffffffff, 0x1})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x3, 0x1, 0x5})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000300)={<r4=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000002c0)={r4})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000100)={r4, 0x2, 0x100})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000080)={r1, 0xfff, 0x7fffffff})
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r5, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:08 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x6ce003, 0x0)
ioctl$TIOCSIG(r2, 0x40045436, 0x3d)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0)

01:02:08 executing program 0 (fault-call:9 fault-nth:55):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:08 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x240040, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:08 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000000c0)={0x2, 0x8f, "3d897dc70a2b68e4b5989858a638b8a8eaa64bdb0c1f429e36e2c1f919184f4d9914276c58632274dee41f70784675839951b9d027386a6ba7645800b7a73531a518025b2dcfbe108ea6f25c6bdfb121ab44ff6a4eee1e36dd5556d191c6772e2d712223d08322aad94624bdaabef07b5b13ada915088ae0eadeceb19b65a54b8e923ee77d43f1526fab67ba0ddc2c"})
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x1f65)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
ioctl$RTC_UIE_ON(r0, 0x7003)
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r4 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r5=>0x0, ""/256, <r6=>0x0, <r7=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r7}, {0x0, r7}, {r6}, {r6}, {}, {}, {}, {}, {}, {r6, r7}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {}, {r6, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r6}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {}, {}, {r5, r7}, {}, {}, {0x0, r7}, {0x0, r7}, {}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {r6}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {r5}, {}, {r6}, {r5}, {}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r5}, {r5}, {r5}, {0x0, r7}, {}, {0x0, r7}, {}, {r6}, {}, {}, {}, {}, {0x0, r7}, {r6}, {}, {}, {0x0, r7}, {r5}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {r5}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {r6, r7}, {r5}, {r6}, {}, {r5}, {r5}, {r6, r7}, {}, {r5}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {r5, r7}, {0x0, r7}, {r6, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {}, {r6, r7}, {r6}, {}, {0x0, r7}, {r5}, {0x0, r7}, {r6}, {r5}, {}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {0x0, r7}, {r6}, {r5}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {r5}, {0x0, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r5, r7}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {r5}, {}, {r5}, {}, {}, {r6}, {0x0, r7}, {r6, r7}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r6, r7}, {}, {}, {r5}, {}, {r5}, {}, {}, {0x0, r7}, {}, {}, {}, {r6}, {0x0, r7}, {r5}, {r6}, {r6}, {}, {}, {r6}, {0x0, r7}, {}, {r5}, {r5}, {}, {}, {0x0, r7}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {r5}, {r6, r7}, {r5}, {r6, r7}, {r6}, {r5, r7}, {}, {}, {}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r6}, {r5}, {0x0, r7}, {0x0, r7}, {r6}, {}, {}, {}, {}, {0x0, r7}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f0000000340)={r7, 0x0, "737fb8801548934e30292c6590c869ccfef47cc2a3a8227c2f9dea8f755b051bd92cff82087c56d1163c1117a815ae27195f732af44d9b9698ea3d53df10a906fc57379327657b583ffe2883333a944cb4d2cb690c92689354ff087b3f071ad4a63e732ced837fa3261b6c7b44d0fbb16daaa8f83c470ef8d9b46084bf84ee533885867e2083ec5c05b0142f75f2b6e585e3cb78e04200c669e12443c4bc896b8b668704e50b38a29cda99f7fe115424bcf616680a6da0a2b136141e13a97e8d64c79d95fca4b939301b3538806b6f361edb0d517c75aaefd5086463771f3ac353561a22ab18925ca4c3bce608982b0811248b1c896862a9eaac32fb7f3de05e", "13db17828be5775d3fd91da27650890cf0b08723cb1719da2e36cc145e1d16bb3eaec154c781bf2b9f1ca9ed506ca8898cb9ee035fadad299a1f29892cd5521bd37f9f622a52a294d5a6eb534d92e041ceb748e27c4be4c036741a20f62d8cdd51f3a035292842faf57db676603ad56a3306ffb9cfb8f8189d3c061db608c8b926ca8bc8ece00c1e0b13dd60e7382c288612b7e3812cf60d9970e28629ac4934fdb5981a4d5f86e7f33ca5db195487c5890c7d208468826110d8a40f07b2024610bf1a0e230c1199c7fd7cbef2c4ecf075b588073b5b86c9e889434458d2c8751b0c74ac648879610f71242549f8d12cf52bff62c32ef5d8ef414d05a70a465244b59981fbc95198d2d5c3c79680a3536c0ccc3152254d3fcfbb4187035f10449da570c917b032cbc81e9af581819891d4e0cc8858f59808a18ffb1d08af488702e67c50a390746c2d7c4441ebbc93c694210141618002d7f457d225c7cd4a6157174b9612a6784a51fedde71febaa4e81f9151d64c712d2705083d1508c395773b05dd0d00cca10c0b2eb2d37157cf3ae73652260d61d60fd1cbce35c3f70c04fec8d0f237f547940d4042f3afc77b341901e2b6f4d680126fb567a8257c8b4b30c8b21479fd5fea5e1d4557cb15afa8257ce13e7d86d96584cebcff7784a6a10f8a1e40ceb70b53edb3f28c93c9e40565d0d3a1545acbc25cbfb8fb1b07fd6120163a2fe9dc8edd7009672c19e20ae5db1563b3332de70ac7c54502b5e1d384f11c605616e5b86c03b2a78a5de6d62c1134f5f9e20159642e7585e48d79cba3cec73282c1bb17f103abb032e2d3b65106b48253a4fc26feb6a5ca3855bcea7a1aba38c27d8de41b011f9487550d93b12df3b17ae2c80a6801d133b0436a6e8fc434ddd9e24f2b1ee193ed43df916c61061b4bc7e7d35642fea3c1702893050724dd58f75036af306e8700a763d803f7897ce0a5a07408bee5bf5fb5cc7dac9a6e2c54754b1475d7fdc72b6b557c2fbbab2c65bda40b8723aacff8a5d456b80c40e1fbbf3f4f679a936acd30823a1d17cc8dc231103f90a25216268d513719cf5ee785b9a9b2da0f9cba714e3387509e29022e80a80fed9c57b0f9d24c3e4306e77bf794845cba66d283a4715174e93eed7180160e737440f0380834b6d54886f35bfb3e818812407660da2561a0491e53c4f365722f4a0c05d3f620d75807f1aa9ec44ef8ce89545ae32f32328ae3ab36ddcf5b27518aefdf198fda8869576e082a853c7e0f749c41a1295bd9cc77ac9c9cba5d2372c9341e9374684868018ac8db1574cf2e962e1732b28d39650c571748e361077da5f4ad90d37d7c09ed756c32ee1b0d251928acc4214e606155cc2bbff2a0f6683b7ae03aec243efaf35ab17829767a450792525da36a0da3819f4293080921154f3966619091278e4f0bd0ad7ffa2667d39df2a509d654dc6b22c131ae7a8029c539b4f452a6babec28166db16a88e07fa4ba9ad08b4f7fbe67883d8aa751b6db24f359f832bf5f815f8c90bc25edd19c76204f2c4abfe9adaae67c70d4f995d5a7ef03f5bf52d6f0169349de4dd41f10cba056d001012e24dd3070e52076cefc951199ff5e514161fd4b79733e630efbd8e928693ddb15e9568930e24773dc7639311d785b6d595704673cf2f8c183b73ccefced6674bfec9183f5b3eca70f61d5cd3d17b084a13ef1701501b50feeb98b7043218388b1fcb0b791dbdc0d3179d1b09e08474a8def129f10989e4e021772d1ecd7ebbc59b5c0965fd401159c097f63613cddc0d12bab66c9b9a584fd055bdb0770904693b75c888c143206e3f26b95d425ad643f166c94f25b6e99ef601b300d06fa812da7a6daddc98baa4052b951b9252ed1bb008275a8f87e9c4730855a9f2c01556030fe2768b3cd28e6dbc29882b8015d3085a3985ed70a6f2635ce739718d8f7c7e0d2a6b631e9ced3f9d647aff4f5c5e65f9355f0ea2e6541746abe4ce014759fd450d5647bd4259b530bdc69abb4ab309d588b49e3ca5ff5007e9f3fc0cf7571eb3c40b7724a1bb623779a0d5ffbdcf43e063b7039a3798fa4a783ff303ad932dcf25f4d0bb42a279cb67c0840c90a1d28dc335fe4a2bc047b3eecc333c5e31208b8db6ab66ad67b95595c08335c723d72614d48b720f3ffffeaf38f8a0f7410969c1ff500c91c5f5c4f34e93e4750e46b0e20b66ec50558757c37d8e90bb37a9bd927941c6ad41da70e1fded049e9306353be5d743130fbb977de2cefc60909d4f4aca5288a90f03bc6eb74a93f793a51ee08ff685634a520bbece9201d4f23e3b2b7b246800d0c7ad11eb9c18484e4eff6405820b9c94d78b370183b4474834de7d1df983ce4406567c3b67ea074f7ff61e0918969a5c212735a08b36b9e58da83d5fb1ddd60349df08294fe12a565887f851e04476a2b82c4ce6a0e602901d26f772091af717524b540835d827b3b30286cd28b6fc2260085dfe6461cdef373b20c16a6587f333eac5c641ea01f3a1670f4ce6378ee8db86455496fa81b5ecef65601355e3055d4cc280a400eb1b20207b220aa0fb7d5eacc93566dc7f84d9422a0fb927bf77e29251b3f1f3498a38c3be9c0326b6cec8f79fbf7ca8da39ef1fab2925e89cd3a7a1cd91a09b09734b43bbe654aad88954c16cd5b04efd23196da7b1c316f3a2611b68f1196855d658f78a41320df6f6e28aadf24b443b22b8bcad309e4cbfa1b06c96d96470cff7406c290c95e348414c6bf07f0b7d401a5f526c9935fb2508184abf6120a109b23fc73e2ac068d04950310889a6df6da85372f35b707d31a6301c974c260d44788942760624ef6f0e6dfe2022098d322508b068ce8a7b10b1632dcee8b9bf14c7c4bfffbf0e1064e80b2ddec1c3393120a77572767187e2e12045271b4454b9c5a65096790a4aeedd5fc58cc594419408ea56154bdd4d537548c66d5d41f77e42029c881859e4f8072bc15e84e050346a15b68a5a02a08e60245ec822e533cca15003e426ab35289cc256eac632a7dc02dd1d330be2e660ce4e581000ca255d33d3fb791e9e237c7afa3498e791d4afff93fb70cc07df5fc177d4788b06e9e74157e4928483a15c6b393e5f55d5c5016d369b267b854ef25c0dbb133b02f310e5293fe2632ea9357713c7094173059337fd5b326282c14997f6721ca4a1ef1daca7c77885670d021931672e2b006d45794706507f99f3337554da39980c10ccb21b16b9716514c731e898ce4a2f6394a27ff21fa18ce413beb703472ea2fd9f99a8afd752caf82a9b0d6d2bd80156e4c6ecadd2af83f1524128a3cdb29dbc05571b61134e02c97fb37d96b4d1cf0fe6b58d236de28dd1d83be1f197a07ef243d5d115036081818959e679a35f1d66e9a990b573f78c8e3a75d994d78ec71dc30c23583f4dbcee63bf6b078d76dd39ba2685fdfb32464d9b6f1d5be89adadb6ed8c3429773e2beae18c91783e523d123d650f31db86d2084f41d06d00ff0df385ca0f2718b266dc8471d6a80c38a00162a52d0f1b58a124ba6927cc822a9c8dbfc3f77ac647089c82c12947467e8dd01d659450816c216aec275c830829bd05495d57002f652d2448fd1555935154c2b2c0487bfff6c8a1cef7c9809feeb2925d469be2ce01a5d3d73efcf9cedfe0095f31cabfb47dffcae6ab7a4b951d545df7e1962a4079ef2ffb04f58d5d73fdfd10e07742f9db9138ad2d14c8f6e80d3d7ab657ce26bf2e2c9d359c0b35ae9a012fb5b438b84f87462b9af1d84f7b3c73c900a373e7e426b6b8a4b565a7bd06b26ad5248a40c9b0063ac85d864cf7e4b8bccc30e1645173e54c7307be0c8fb0f45748f4dac9a14711ed267813a7918f08283da4529b8fd85bd574af7cd02a7dcd21569e3fe5471872c06af3d7b5af8d733fa25cbef8fd8f69d45db3b5459f749b87fe7a033a443c04b40009b2f7b41c02e59bafbc98bc81e81e800d52e06479d3d9b210bfb9835452e423ae4906c382631546bf6eade98a20130a685d97cf48e61133fac10afa163e523e5fc743edd1bbd3dba95215254e205dfc1d5cfb9cf2acf268469d23dfac268549a78f0d1f80c81ec14b0f594a28055637baf86aec2158647ad852e6f50069180e6a0ef66487939cb9b22a6467d230f7016daf5965e989e293ddcd6b26f94bc943e0918f827d5b2420e7596a6d61ac3e1433aaa23cf64f108f020f09426ef7a46b8c81c5fcb3ee5168992be3e1badcb055c1ae047d002aa13395e4ca647280b86ec228694207ad9056d9931ab42d546871e2ca44884a30dc9e820fe25dd7455aa91b3c63f3556127bb27f142662f1d914578470535c75a67f5cd8b436bc4d12aefed0d51ed58ff9de9d929711f60d9c4bbccbb81a6c5e5084255dac64f0e44893ad7eb88335d07a909adc108129799007c86a645d1bdee20682b2abf37903a48b9802585b8a23b0a496976025103f5249a9e3be062e13289673d4b0521ecf6fd1fb75ae71d7f7e9fff5ca6538cc8d7a8150739edd66ee6c5667967a76431b8dc714c02cdaec2e16a78be1d475a56f54fbed03e048c7f8e3b9c63e035fca50ed952dd2992b07a7006675d29ce386f0b2c4076c12f60fde3a306a0517b6a28e577a12d102941f1c92a44a67cc8f11a2b246ed369e56ff57183b4e01a5ccbba681cc6f82ec2294107fc0d80e760564223b9626828cb13e7acaa1c96f19389781d4409581fd9943def970c47691a1cc69946da6bbe38cfbb79553c28bf708a922143b892816a0f1a048765014dd756b8e2a13cf01d8afdcfe405240ce70645174c99092e7e5a62d3a38ad025c4e64020afba560c618aff8b7cee1a0923fa57a4e718d3e3a5fe62c5f77848d6ea348f410001667d4e292f0390b299c167a069ca1b1607dc4b26bf9142c26eb98f8cf5858eb5f9ce489ebf5ab44ab115e2fdf481db3ef74ede5d85549e5087abbc2b5e01fc46944b4716b408deebdeba431ecfa18719974f6c26b7f4999d563005b84d9b20e7e450877613cbd35d071212a3c23ce36f05ff62ec63ca1a926a0e4b87bd77f87c50719b6bb8795196ff1c8a29cf4de78e45e42d257f023915434879d34e66287205b85d9dd9bedf222cf111cd8d9c7f080802d4003f7c4cd02fcf43739edefb932583d709b53ff6a30974e3aaae9c138cbd795310df5ff7a02d164f4e3662a992115034b321bc3b99575b6830ab124a9ea7635e4fe2fe2965c8437a435a3169a3e48e654bc448cd39cd229d3a43d4ca3ad95106828736ac9a5f5bc97a3802cb979cad211de4adb2aaee9878c71d30cd48351f540040fb65feb327183300e9a576dd332e403fb7de068dd2b1dd1855ff1cfdee32659533a7de48840dd0e7a64a9c21d03c43959eb90016bdd8"})

[  701.715793][T21781] FAULT_INJECTION: forcing a failure.
[  701.715793][T21781] name failslab, interval 1, probability 0, space 0, times 0
[  701.728505][T21781] CPU: 1 PID: 21781 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  701.738295][T21781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  701.748327][T21781] Call Trace:
[  701.751590][T21781]  dump_stack_lvl+0xd6/0x122
[  701.756226][T21781]  dump_stack+0x11/0x1b
[  701.760443][T21781]  should_fail+0x23c/0x250
[  701.764904][T21781]  __should_failslab+0x81/0x90
[  701.769667][T21781]  ? register_for_each_vma+0x372/0x890
[  701.775109][T21781]  should_failslab+0x5/0x20
[  701.779641][T21781]  kmem_cache_alloc_trace+0x52/0x320
[  701.784911][T21781]  ? register_for_each_vma+0x372/0x890
[  701.790449][T21781]  ? vma_interval_tree_iter_next+0x263/0x280
[  701.796435][T21781]  register_for_each_vma+0x372/0x890
[  701.801698][T21781]  __uprobe_register+0x404/0x8b0
[  701.806619][T21781]  uprobe_register_refctr+0x29/0x40
[  701.811848][T21781]  probe_event_enable+0x2be/0x7d0
[  701.816869][T21781]  ? __uprobe_trace_func+0x440/0x440
[  701.822276][T21781]  trace_uprobe_register+0x88/0x410
[  701.827465][T21781]  perf_trace_event_init+0x34e/0x790
[  701.832745][T21781]  perf_uprobe_init+0xf5/0x140
[  701.837488][T21781]  perf_uprobe_event_init+0xde/0x140
[  701.842754][T21781]  perf_try_init_event+0x21a/0x400
[  701.847846][T21781]  perf_event_alloc+0xa60/0x1790
[  701.852761][T21781]  __se_sys_perf_event_open+0x5db/0x2810
[  701.858374][T21781]  ? proc_fail_nth_read+0x150/0x150
[  701.863557][T21781]  __x64_sys_perf_event_open+0x63/0x70
[  701.868995][T21781]  do_syscall_64+0x44/0xa0
[  701.873434][T21781]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  701.879322][T21781] RIP: 0033:0x4665f9
[  701.883196][T21781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  701.902780][T21781] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  701.911168][T21781] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  701.919215][T21781] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  701.927172][T21781] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  701.935129][T21781] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  701.943079][T21781] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:09 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00')
ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000040))
ioctl$RTC_PIE_ON(r0, 0x7005)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000080)=0x10001, 0x4)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  702.427345][   T22] kauditd_printk_skb: 60 callbacks suppressed
[  702.427357][   T22] audit: type=1326 audit(1631322129.019:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21764 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
01:02:09 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x4000000, 0xa})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:09 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x9d5)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  702.482752][T21767] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  702.490746][T21767] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  702.495869][   T22] audit: type=1326 audit(1631322129.019:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21764 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
01:02:09 executing program 0 (fault-call:9 fault-nth:56):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:09 executing program 3:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  702.536703][T21767] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  702.544726][T21767] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:09 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f00000002c0)={0x0, 0xfffffffc, 0x0, 0x0, 0x0, "00000600"})
r4 = syz_open_pts(r3, 0x0)
signalfd4(r4, &(0x7f00000001c0)={[0x3]}, 0x8, 0x80000)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TCSETSF2(r4, 0x402c542d, &(0x7f0000000000)={0x100, 0xed4, 0x9, 0x0, 0x35, "10682c555580bb9745867ffb673a5bd157f925", 0x0, 0x80})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000040)={0x5437, 0x0, 0x13b0})
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
preadv(r2, &(0x7f00000003c0)=[{&(0x7f00000022c0)=""/176, 0xb0}, {&(0x7f0000002380)=""/231, 0xe7}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/236, 0xec}, {&(0x7f00000000c0)=""/129, 0x81}, {&(0x7f0000000340)=""/123, 0x7b}, {&(0x7f0000000240)=""/14, 0xe}, {&(0x7f0000001540)=""/111, 0x6f}], 0x8, 0x3, 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r5, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000300)={0x8, 0x4}, 0x0, 0x0)

[  702.937077][T21808] FAULT_INJECTION: forcing a failure.
[  702.937077][T21808] name failslab, interval 1, probability 0, space 0, times 0
[  702.949721][T21808] CPU: 0 PID: 21808 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  702.959591][T21808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  702.969635][T21808] Call Trace:
[  702.972903][T21808]  dump_stack_lvl+0xd6/0x122
[  702.977493][T21808]  dump_stack+0x11/0x1b
[  702.981648][T21808]  should_fail+0x23c/0x250
[  702.986059][T21808]  __should_failslab+0x81/0x90
[  702.990817][T21808]  ? register_for_each_vma+0x372/0x890
[  702.996328][T21808]  should_failslab+0x5/0x20
[  703.000831][T21808]  kmem_cache_alloc_trace+0x52/0x320
[  703.006112][T21808]  ? register_for_each_vma+0x372/0x890
[  703.011597][T21808]  ? vma_interval_tree_iter_next+0x24c/0x280
[  703.017578][T21808]  register_for_each_vma+0x372/0x890
[  703.022858][T21808]  __uprobe_register+0x404/0x8b0
[  703.027785][T21808]  uprobe_register_refctr+0x29/0x40
[  703.032979][T21808]  probe_event_enable+0x2be/0x7d0
[  703.037999][T21808]  ? __uprobe_trace_func+0x440/0x440
[  703.043271][T21808]  trace_uprobe_register+0x88/0x410
[  703.048456][T21808]  perf_trace_event_init+0x34e/0x790
[  703.053797][T21808]  perf_uprobe_init+0xf5/0x140
[  703.058556][T21808]  perf_uprobe_event_init+0xde/0x140
[  703.063871][T21808]  perf_try_init_event+0x21a/0x400
[  703.068990][T21808]  perf_event_alloc+0xa60/0x1790
[  703.073923][T21808]  __se_sys_perf_event_open+0x5db/0x2810
[  703.079555][T21808]  ? proc_fail_nth_read+0x150/0x150
[  703.084748][T21808]  __x64_sys_perf_event_open+0x63/0x70
[  703.090224][T21808]  do_syscall_64+0x44/0xa0
[  703.094637][T21808]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  703.100539][T21808] RIP: 0033:0x4665f9
[  703.104419][T21808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  703.124008][T21808] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  703.132407][T21808] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  703.140368][T21808] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  703.148331][T21808] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  703.156287][T21808] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  703.164251][T21808] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  703.491360][T21795] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  703.499382][T21795] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  703.516839][T21795] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  703.524863][T21795] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:11 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:11 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000000)={0x1b, 0x1, 0x16, 0xf, 0x9, 0x9, 0x4, 0xe1, 0xffffffffffffffff})

01:02:11 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000000c0)={0x2, 0x8f, "3d897dc70a2b68e4b5989858a638b8a8eaa64bdb0c1f429e36e2c1f919184f4d9914276c58632274dee41f70784675839951b9d027386a6ba7645800b7a73531a518025b2dcfbe108ea6f25c6bdfb121ab44ff6a4eee1e36dd5556d191c6772e2d712223d08322aad94624bdaabef07b5b13ada915088ae0eadeceb19b65a54b8e923ee77d43f1526fab67ba0ddc2c"})
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x1f65)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
ioctl$RTC_UIE_ON(r0, 0x7003)
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r4 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r5=>0x0, ""/256, <r6=>0x0, <r7=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r7}, {0x0, r7}, {r6}, {r6}, {}, {}, {}, {}, {}, {r6, r7}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {}, {r6, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r6}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {}, {}, {r5, r7}, {}, {}, {0x0, r7}, {0x0, r7}, {}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {r6}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {r5}, {}, {r6}, {r5}, {}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r5}, {r5}, {r5}, {0x0, r7}, {}, {0x0, r7}, {}, {r6}, {}, {}, {}, {}, {0x0, r7}, {r6}, {}, {}, {0x0, r7}, {r5}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {r5}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {r6, r7}, {r5}, {r6}, {}, {r5}, {r5}, {r6, r7}, {}, {r5}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {r5, r7}, {0x0, r7}, {r6, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {}, {r6, r7}, {r6}, {}, {0x0, r7}, {r5}, {0x0, r7}, {r6}, {r5}, {}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {0x0, r7}, {r6}, {r5}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {r5}, {0x0, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r5, r7}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {r5}, {}, {r5}, {}, {}, {r6}, {0x0, r7}, {r6, r7}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r6, r7}, {}, {}, {r5}, {}, {r5}, {}, {}, {0x0, r7}, {}, {}, {}, {r6}, {0x0, r7}, {r5}, {r6}, {r6}, {}, {}, {r6}, {0x0, r7}, {}, {r5}, {r5}, {}, {}, {0x0, r7}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {r5}, {r6, r7}, {r5}, {r6, r7}, {r6}, {r5, r7}, {}, {}, {}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r6}, {r5}, {0x0, r7}, {0x0, r7}, {r6}, {}, {}, {}, {}, {0x0, r7}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f0000000340)={r7, 0x0, "737fb8801548934e30292c6590c869ccfef47cc2a3a8227c2f9dea8f755b051bd92cff82087c56d1163c1117a815ae27195f732af44d9b9698ea3d53df10a906fc57379327657b583ffe2883333a944cb4d2cb690c92689354ff087b3f071ad4a63e732ced837fa3261b6c7b44d0fbb16daaa8f83c470ef8d9b46084bf84ee533885867e2083ec5c05b0142f75f2b6e585e3cb78e04200c669e12443c4bc896b8b668704e50b38a29cda99f7fe115424bcf616680a6da0a2b136141e13a97e8d64c79d95fca4b939301b3538806b6f361edb0d517c75aaefd5086463771f3ac353561a22ab18925ca4c3bce608982b0811248b1c896862a9eaac32fb7f3de05e", "13db17828be5775d3fd91da27650890cf0b08723cb1719da2e36cc145e1d16bb3eaec154c781bf2b9f1ca9ed506ca8898cb9ee035fadad299a1f29892cd5521bd37f9f622a52a294d5a6eb534d92e041ceb748e27c4be4c036741a20f62d8cdd51f3a035292842faf57db676603ad56a3306ffb9cfb8f8189d3c061db608c8b926ca8bc8ece00c1e0b13dd60e7382c288612b7e3812cf60d9970e28629ac4934fdb5981a4d5f86e7f33ca5db195487c5890c7d208468826110d8a40f07b2024610bf1a0e230c1199c7fd7cbef2c4ecf075b588073b5b86c9e889434458d2c8751b0c74ac648879610f71242549f8d12cf52bff62c32ef5d8ef414d05a70a465244b59981fbc95198d2d5c3c79680a3536c0ccc3152254d3fcfbb4187035f10449da570c917b032cbc81e9af581819891d4e0cc8858f59808a18ffb1d08af488702e67c50a390746c2d7c4441ebbc93c694210141618002d7f457d225c7cd4a6157174b9612a6784a51fedde71febaa4e81f9151d64c712d2705083d1508c395773b05dd0d00cca10c0b2eb2d37157cf3ae73652260d61d60fd1cbce35c3f70c04fec8d0f237f547940d4042f3afc77b341901e2b6f4d680126fb567a8257c8b4b30c8b21479fd5fea5e1d4557cb15afa8257ce13e7d86d96584cebcff7784a6a10f8a1e40ceb70b53edb3f28c93c9e40565d0d3a1545acbc25cbfb8fb1b07fd6120163a2fe9dc8edd7009672c19e20ae5db1563b3332de70ac7c54502b5e1d384f11c605616e5b86c03b2a78a5de6d62c1134f5f9e20159642e7585e48d79cba3cec73282c1bb17f103abb032e2d3b65106b48253a4fc26feb6a5ca3855bcea7a1aba38c27d8de41b011f9487550d93b12df3b17ae2c80a6801d133b0436a6e8fc434ddd9e24f2b1ee193ed43df916c61061b4bc7e7d35642fea3c1702893050724dd58f75036af306e8700a763d803f7897ce0a5a07408bee5bf5fb5cc7dac9a6e2c54754b1475d7fdc72b6b557c2fbbab2c65bda40b8723aacff8a5d456b80c40e1fbbf3f4f679a936acd30823a1d17cc8dc231103f90a25216268d513719cf5ee785b9a9b2da0f9cba714e3387509e29022e80a80fed9c57b0f9d24c3e4306e77bf794845cba66d283a4715174e93eed7180160e737440f0380834b6d54886f35bfb3e818812407660da2561a0491e53c4f365722f4a0c05d3f620d75807f1aa9ec44ef8ce89545ae32f32328ae3ab36ddcf5b27518aefdf198fda8869576e082a853c7e0f749c41a1295bd9cc77ac9c9cba5d2372c9341e9374684868018ac8db1574cf2e962e1732b28d39650c571748e361077da5f4ad90d37d7c09ed756c32ee1b0d251928acc4214e606155cc2bbff2a0f6683b7ae03aec243efaf35ab17829767a450792525da36a0da3819f4293080921154f3966619091278e4f0bd0ad7ffa2667d39df2a509d654dc6b22c131ae7a8029c539b4f452a6babec28166db16a88e07fa4ba9ad08b4f7fbe67883d8aa751b6db24f359f832bf5f815f8c90bc25edd19c76204f2c4abfe9adaae67c70d4f995d5a7ef03f5bf52d6f0169349de4dd41f10cba056d001012e24dd3070e52076cefc951199ff5e514161fd4b79733e630efbd8e928693ddb15e9568930e24773dc7639311d785b6d595704673cf2f8c183b73ccefced6674bfec9183f5b3eca70f61d5cd3d17b084a13ef1701501b50feeb98b7043218388b1fcb0b791dbdc0d3179d1b09e08474a8def129f10989e4e021772d1ecd7ebbc59b5c0965fd401159c097f63613cddc0d12bab66c9b9a584fd055bdb0770904693b75c888c143206e3f26b95d425ad643f166c94f25b6e99ef601b300d06fa812da7a6daddc98baa4052b951b9252ed1bb008275a8f87e9c4730855a9f2c01556030fe2768b3cd28e6dbc29882b8015d3085a3985ed70a6f2635ce739718d8f7c7e0d2a6b631e9ced3f9d647aff4f5c5e65f9355f0ea2e6541746abe4ce014759fd450d5647bd4259b530bdc69abb4ab309d588b49e3ca5ff5007e9f3fc0cf7571eb3c40b7724a1bb623779a0d5ffbdcf43e063b7039a3798fa4a783ff303ad932dcf25f4d0bb42a279cb67c0840c90a1d28dc335fe4a2bc047b3eecc333c5e31208b8db6ab66ad67b95595c08335c723d72614d48b720f3ffffeaf38f8a0f7410969c1ff500c91c5f5c4f34e93e4750e46b0e20b66ec50558757c37d8e90bb37a9bd927941c6ad41da70e1fded049e9306353be5d743130fbb977de2cefc60909d4f4aca5288a90f03bc6eb74a93f793a51ee08ff685634a520bbece9201d4f23e3b2b7b246800d0c7ad11eb9c18484e4eff6405820b9c94d78b370183b4474834de7d1df983ce4406567c3b67ea074f7ff61e0918969a5c212735a08b36b9e58da83d5fb1ddd60349df08294fe12a565887f851e04476a2b82c4ce6a0e602901d26f772091af717524b540835d827b3b30286cd28b6fc2260085dfe6461cdef373b20c16a6587f333eac5c641ea01f3a1670f4ce6378ee8db86455496fa81b5ecef65601355e3055d4cc280a400eb1b20207b220aa0fb7d5eacc93566dc7f84d9422a0fb927bf77e29251b3f1f3498a38c3be9c0326b6cec8f79fbf7ca8da39ef1fab2925e89cd3a7a1cd91a09b09734b43bbe654aad88954c16cd5b04efd23196da7b1c316f3a2611b68f1196855d658f78a41320df6f6e28aadf24b443b22b8bcad309e4cbfa1b06c96d96470cff7406c290c95e348414c6bf07f0b7d401a5f526c9935fb2508184abf6120a109b23fc73e2ac068d04950310889a6df6da85372f35b707d31a6301c974c260d44788942760624ef6f0e6dfe2022098d322508b068ce8a7b10b1632dcee8b9bf14c7c4bfffbf0e1064e80b2ddec1c3393120a77572767187e2e12045271b4454b9c5a65096790a4aeedd5fc58cc594419408ea56154bdd4d537548c66d5d41f77e42029c881859e4f8072bc15e84e050346a15b68a5a02a08e60245ec822e533cca15003e426ab35289cc256eac632a7dc02dd1d330be2e660ce4e581000ca255d33d3fb791e9e237c7afa3498e791d4afff93fb70cc07df5fc177d4788b06e9e74157e4928483a15c6b393e5f55d5c5016d369b267b854ef25c0dbb133b02f310e5293fe2632ea9357713c7094173059337fd5b326282c14997f6721ca4a1ef1daca7c77885670d021931672e2b006d45794706507f99f3337554da39980c10ccb21b16b9716514c731e898ce4a2f6394a27ff21fa18ce413beb703472ea2fd9f99a8afd752caf82a9b0d6d2bd80156e4c6ecadd2af83f1524128a3cdb29dbc05571b61134e02c97fb37d96b4d1cf0fe6b58d236de28dd1d83be1f197a07ef243d5d115036081818959e679a35f1d66e9a990b573f78c8e3a75d994d78ec71dc30c23583f4dbcee63bf6b078d76dd39ba2685fdfb32464d9b6f1d5be89adadb6ed8c3429773e2beae18c91783e523d123d650f31db86d2084f41d06d00ff0df385ca0f2718b266dc8471d6a80c38a00162a52d0f1b58a124ba6927cc822a9c8dbfc3f77ac647089c82c12947467e8dd01d659450816c216aec275c830829bd05495d57002f652d2448fd1555935154c2b2c0487bfff6c8a1cef7c9809feeb2925d469be2ce01a5d3d73efcf9cedfe0095f31cabfb47dffcae6ab7a4b951d545df7e1962a4079ef2ffb04f58d5d73fdfd10e07742f9db9138ad2d14c8f6e80d3d7ab657ce26bf2e2c9d359c0b35ae9a012fb5b438b84f87462b9af1d84f7b3c73c900a373e7e426b6b8a4b565a7bd06b26ad5248a40c9b0063ac85d864cf7e4b8bccc30e1645173e54c7307be0c8fb0f45748f4dac9a14711ed267813a7918f08283da4529b8fd85bd574af7cd02a7dcd21569e3fe5471872c06af3d7b5af8d733fa25cbef8fd8f69d45db3b5459f749b87fe7a033a443c04b40009b2f7b41c02e59bafbc98bc81e81e800d52e06479d3d9b210bfb9835452e423ae4906c382631546bf6eade98a20130a685d97cf48e61133fac10afa163e523e5fc743edd1bbd3dba95215254e205dfc1d5cfb9cf2acf268469d23dfac268549a78f0d1f80c81ec14b0f594a28055637baf86aec2158647ad852e6f50069180e6a0ef66487939cb9b22a6467d230f7016daf5965e989e293ddcd6b26f94bc943e0918f827d5b2420e7596a6d61ac3e1433aaa23cf64f108f020f09426ef7a46b8c81c5fcb3ee5168992be3e1badcb055c1ae047d002aa13395e4ca647280b86ec228694207ad9056d9931ab42d546871e2ca44884a30dc9e820fe25dd7455aa91b3c63f3556127bb27f142662f1d914578470535c75a67f5cd8b436bc4d12aefed0d51ed58ff9de9d929711f60d9c4bbccbb81a6c5e5084255dac64f0e44893ad7eb88335d07a909adc108129799007c86a645d1bdee20682b2abf37903a48b9802585b8a23b0a496976025103f5249a9e3be062e13289673d4b0521ecf6fd1fb75ae71d7f7e9fff5ca6538cc8d7a8150739edd66ee6c5667967a76431b8dc714c02cdaec2e16a78be1d475a56f54fbed03e048c7f8e3b9c63e035fca50ed952dd2992b07a7006675d29ce386f0b2c4076c12f60fde3a306a0517b6a28e577a12d102941f1c92a44a67cc8f11a2b246ed369e56ff57183b4e01a5ccbba681cc6f82ec2294107fc0d80e760564223b9626828cb13e7acaa1c96f19389781d4409581fd9943def970c47691a1cc69946da6bbe38cfbb79553c28bf708a922143b892816a0f1a048765014dd756b8e2a13cf01d8afdcfe405240ce70645174c99092e7e5a62d3a38ad025c4e64020afba560c618aff8b7cee1a0923fa57a4e718d3e3a5fe62c5f77848d6ea348f410001667d4e292f0390b299c167a069ca1b1607dc4b26bf9142c26eb98f8cf5858eb5f9ce489ebf5ab44ab115e2fdf481db3ef74ede5d85549e5087abbc2b5e01fc46944b4716b408deebdeba431ecfa18719974f6c26b7f4999d563005b84d9b20e7e450877613cbd35d071212a3c23ce36f05ff62ec63ca1a926a0e4b87bd77f87c50719b6bb8795196ff1c8a29cf4de78e45e42d257f023915434879d34e66287205b85d9dd9bedf222cf111cd8d9c7f080802d4003f7c4cd02fcf43739edefb932583d709b53ff6a30974e3aaae9c138cbd795310df5ff7a02d164f4e3662a992115034b321bc3b99575b6830ab124a9ea7635e4fe2fe2965c8437a435a3169a3e48e654bc448cd39cd229d3a43d4ca3ad95106828736ac9a5f5bc97a3802cb979cad211de4adb2aaee9878c71d30cd48351f540040fb65feb327183300e9a576dd332e403fb7de068dd2b1dd1855ff1cfdee32659533a7de48840dd0e7a64a9c21d03c43959eb90016bdd8"})

01:02:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r4, 0xd000943e, &(0x7f0000000280)={0x0, 0x0, "ea5d4cd3b7c38489bc5895e3ef16f90c9b228ee436fb4b3c6bcd52a30a84b0593e2917df17f5fa3ad8413a58fcc8c5e3179e895b090266ccf09e7621cd9ea9dd35db501cec5e4cf76de8d1171534c52e8e06919cbfb90c364eeec9c1b03234f9d8507541fe6e3696fa9c0b10af6ef1aa3ef44292c01e395cd6792861d2d34d5cb323f4b91e72fb1622417ea7218aa132111d6a113ba444a5d102810f5d26c913cb79dd2ae7df264b976e6737f55d268f11f8239daf3f237b019afbfa4977d02c967fa634d384d4a6df3669625d7ace39b48ea95927a39145c9e42ae488451729930a350c72f2430abde08de79bc1311798f54acc79043fdd269c86ae5e8e84c2", "160efe9964cb02d05940ad8181f1249d070d38cee14ea8cf544378bb13364ddb87a11d47a6603aadd91f6ab8fa0a1a65bc504476dea63a987ad71787dc7a0992c81ae2a44cf6c07cb1379661d0edb8f902e9d88df723f829d66f101877e15892c814683704188637d5650b06094d168ab0d88a94fb9936b80727c3bfa003e11b2f2910e3dd79481192aaf20dc5d7533d7493bce9798daa8ab21b45f67e3ab1766c43232fbe1fadc04b42e9b6fde95f160366cf9db54ab3bfb850836fa993de7d1d06b974862608b32aff33679f294560b063296d242734113bbf424f30f9cac4ce9fb4eefe829cc31695e98b4ad0f8c7e70383f5a9f978123f5d64685d6d2d3efa429cb32625fb2bd4e101726376be8d517968aeff507353b937523f6c1ec60e069a4c6eaf5f14671f1ec76ab02eb55e6ce68a5f974f74bb228b8ff071acf68a942134990d91df8784890db1bcf1c45fab0fa4021e47bb01ae6275214b2d3a8bb1c56d614950b8dc19ed681cb49a703dc8c35fa4a2d16a2a425a1665443264f5a1a5d3c46c3cd48eb4d0eda7d73e8c3c243290ddd47bf069df3054cf42a1287029d3dfb356625ec1a0e7e1748485cb4e3625505a7eace96f717e77e28f4d5ea114719d65985156c46e26412ead9dd6703d3c3f164b004f6985fe4d8f1bc21efe7f225f408f65a6db33c66074614d64dc0073e359c00004ac203d5efd57c3ae22afc729cf8d1761b0089c83f4795591caed396517b4c021f5744bb22d08e21cf360d64d0f8d35bad6b034068bf4fbc81f35a92c92389389f9f06536f0feba63c1d05e2a941d78dd5b57e4bca68867f6c303986012c0a9188ee5130ed09320a4db6da9a908ce211715425ce3f71270cb4199e9944eb0f21f0d1f92a87b530176f8dee60a0605dc7f4349ac1310705f982146e61bb26ba7d54f66cc57ca21e0d1555607d6ddd395f8a1a1759124bdfa9a2a590260d7d74f8c3531b0005955dc1793629e5c547204e4bed57c84812fa5d80e7a9e0698ffcf0a5dec31e6e1328fb9059a4e201c909311e214770b12666fff92913b0cd9cd39f059f779bcdfaf12c4d02023a3a1786dc14fef0af45ce6b7d9b1897e65de1941d719008c0c2c8758d3afd0a7aeec3ebd744cf4a8b352574d42cc578a437136c147f695f2833685bfbf97bfe9972b14d556a08ed9f080c1f6824bc45453d48e968a1cb8bc4c1914b5a5f1059f4c8738bbd5ec6fe685714652aef654d658a8594274d14d949b5015d97ed1dce55843aec5593f2ce6fc58a9085fe2de6946a1567998a2ced89c84bc67e92c427b8029434b2e5ad8747d14bbe63f7d65fb09f4248f96a7031697dd52f7864cf0c764aa27902ba52299cdb4f3c519e057c243ff26dd2e2619ebe2c9b4949b79b44e6373d5d35ebf2edad8bd20bfcbde382a2cf49880fdf11268474eb48fdf296571ef633b2cfb9040d9ed40657b61faf6707d214e61dd32cd66ec83a94558ee2326e4fe306f05464041bbbaca5dc911eb10bdfaec8d27f94a4237ce15754bc1efb6cad2d7dc9d7bbcf667e484e99bbf0aa243572b188176ddedd747446f183213ed23e0ecef4693b93bb0c66fa680932b6bb700475ab04a3722148e5363450ecca2e5e5de1418240553208f4bddf9b47a087790d637be4aa462d7fa130dc9304009fd631933d5ef868b7f25ebb32becc5a38d40d25bd9146de74411355fc1ad270e04d8163ba5d803e70daa4d1d3820358415149c479d4a37cb1420b569bdf8c661c849dba62077d22cfc53284cb5e160cf00cf1baa22c48b85a4fa9ef21522e50e08008990219e66a48d04494eb9382bc549c6b2c7612c414132421d7c0fc39953c5f0263220b2af52e81c298154d38d2abfe3cd3acdf2772623ed49846363600c2c4d8efe6f3b7155559e3d1507ddfdfb8f980cc73594f479d517f648babbe2ad44bcc5ec687181d249beff1d21a2b178cc3d21c309461fc568381e4355503ada58f5bebca6a5f2ea746bdb96309c9810141ba7250aad17888aa64e0a74b89e12338c652dd84d2395e398f096588e8494dd8cfaa4508dabd3a593db91a5318c112ac6fca84749faf3588b63e35516837fb65e1a8a0df36d9e372383ccef14058ec8c3daf586c9313423be29154c9c610c031ec37448ef506fb0b8bb1279f85ce0f8431a4a05fb38089a5fe0dd6f7a1eee032c8f203825b5fe81dffbcf9baaff906f7056de6c83c50ef52508375d6686dd52eccd5559399d911b9cb1c4fb0821f09e95b72bfafbcc50e444ad14629b8e8c00c5ce8bef82a4b9a4092d1d3e6d4eec5fcbc50858766de1ba3b925843b02c60cf921ea21e35d76d55f303570c45c99576fdac27094a88da803396e7544160f8d44482e5b5f0e72ab989e027571f5363e3ebf844a0c7a37f6c0f90eaca7e5ae16a5fa5e7a4b53afadd280809c86b7ca775c97b403709c95c9915395b24d09c43127221adf27f6b0e81abefa9f222b86865947232af12478e2e82007d81691d7d1e9ffb993f2b2c092e37cbf3458ca55f701d529863cf7acf949c6ce6fe3e9bea21cb9ff35e72e27d19cfbfa28b978822c7196835f93b0cc3a8cffd34efd02f15a50bb8f429a34fda2fab8fc62f24c74f262e92eecd2c6599e544e966a65bd822c0b93fd9f08581704b8236c23747aa968c8a55ef29552631bded58e7556a3297b3119226349ab79f24d7b8a11cdd04f150f5c53e54cd87c08a7e75582b9970897944377a198170abc8c9b7f94bb54d8d456242f22027463cc9f79ee804551be3fcefb32ed99541799663574ba6ad2c9f9d2f4b0d58258883b8dc4629ac7ae449e5968d858757cf3194b8588fac5faaf438d02ec852e46ae07a5c411f468b32cc840dba7de0c69ad1357d8d75351f7b500a84ccd3e663c110a21fce2481c92083eb6ac1a3260fa21f626f2e11178b4fc6b11d73e73c58653a097db215b80e173f80e1a3752867d943e62c9cec48f55ef7d97f013fbe5ad7739958c1db629031cb6de9a2dadd1d9b1652a056625f023cd166da0444d5288e1bd02c60a63c5536adc31cab8d14de53a811b9bcf39155faa2080aefffaafaa9adc52d0e1507a2ba57dd1d4b1f78f25fa35c3b4370614d8a0e1e306f3275e6d155ef75de1a95da414e5213ed3175c5e0ea46f714dd5652417baec2f70ca44777fbb429bb9bfcd20dfc31bbd26a433093dd77bc34526f76105b4691be96cf0f314f652aa0add00d577f39bbb5e4b93a0f23695b84993f9aef15b87c525b45844607e0c56758f39000e6b0af6b7189215e9e38aa299690fd71954c67abf9acef6b3c359ccb53e2b4ce6139d2ca6666a867e6e6f827a43771767cd4f31452876ff508c6e6a91d5565737d97d418406beb6406aa644b066708efa1e8c08206aa58ec30b2be8755a1fbed5d9d05ce62b7b7a6a7ea8fceeb3dc578fdc62b51a4c920a1fc780eedacc3c06ba0aec1fe18a3f9d5d95954f33e39cff1e085700b184bde8c45e746a2e9cc396f4ac85d0a5fb7f6561cd7263815613f70ced9a80317879bf79ed79edf6a4889eaf58c40e92ca65ce79bd36ccbd77800c45ef2f7fa2738caf01d5bec1560ebdfff899f7e0bd81740bafa191c24ec621e9a9de17caed50cff77d81b084488ef5b7deb056bab2bf087fddd6a38100e05202f9e16fcbdc39611a5177b7ed4d5117446562cd9ec33507c21fff58d2b77b28ca90731679b1d4ad188e24328186d2f6a3efa898e71f51922412a85545bde3cd1b67d0164a8ffa42cfb06267888cdd0888bdb0caa63a9154c784fa0e1d09ee0f1c19f7a11ed0abb1cf2af259da587f95404f9df6aa17a0ba264882814fb36a122b84420af00bd737b6c6e311a2f55ce6a9b5fca284ae935e7f4dee53da901ec080bd524cca2df884512274838cc756a98ed34ea843618f5db440858949170bf432bf2ff7c3f9326500aacc8e281d37a3357a27b3d16721a986e4d599f5d76ad76ed1dba0fb081bee995aa70f736b9c6a46cedb1cfad239beceabdcf2fe69ada31d62baefd7850736783b20626d40ce0131c6159e86600f429ef1cd4afd0434b21cf8ce8eb70bc4281cc862a953afc840a0ce2c3e74c54575af5f23dc7c257071f80f677dbeab679602922f0edac4f6f3db7672d6cd5322002ca34b04f0f18cb421ed842b8a310988089adeb6b34b252af53fb72457754b32303d9a84c41dcf870d1d9ecf3bd29e901ab2b6ed132509c15a0501938f06ba8d78117d37d21975dbe0c831f4d2ff4412118a79c6c934afdd965a8daf32e59962fedfcb617230a3ae295b35f3b29ff3997d7bc17464055312ae3d9b3fe95e38dfc296301bb20bba26b13dd1287556251a6dd5593fb8829af1cc1b67bc46f677815066dd0a80c98f936724596b5e635be928ac25bae992e23c526636c97291eac5a03561fd1fe4c0da5710e5954109ecbe4474b08e910bc224bab6f0af4c388fcfd7ce5a34e829d1a1fa8ed5e71bc5854ce3210fb824fb1b2850a86612207db3e773d945a01fbb1709edbce63ea306c43c51a46b28525218d12994bb22febf38dba807f3b17e3e63ffcb785630d62c2253b054602c0ba7147366b5b675de9d74b2b2c307fcab06f225392a1b4c1389597a3dda8905b4bf120e99a192d83f64441ba70b8886d0b733bbf79e0bac7fdea7689de139a5b9e1d5f3fdb751e01b634a29d1f00d1127ce277ea6f0389b4bb095efa6a5b7d3011ef263dcade065d708a494584c3933cfd7432bbf1e6821ea3f7ad8a3c4fa59d1d7730e66a5cc9cdcddb11039ae256ec1f59714fb726dfac2b506fb707cc38a1a4787f6547ed4c6fc72a373931a0ea655fbd331068667ebb75827192a7ecdcda084842860d59bc0c9458453e8b023fe11c2ae288b0b983d9737b43c12a44bb2f0edcc58d0035b6c9eb249632e2eef683c971435d9e813722ec2d755940aa15761468f14bde7a6caf61b91c1a2d430ec417c290c82de33751146237754d1d1e2b1a1facdabac00e89f4599862d88ef8a07416333ec1ddd1d0948fc5cb675c24bc1f5e238ebaeb25311cb00d79628760dc38978e3118c868dc2a9f364ec88ed1046319f7183a883c791f64e0e0123dd89ec76eae33c1ea2c3551b2ac61ed21302687fa4e9763ccd9b1783a269b87f366c9a75859c69aca98f3cd0672e8bfb1289741518455286b24758fb94c981a0888595c47e493425a74a1d118d0148fc59c728f0fd9f4c6e32aed22ee9778ff7895e872027fb4cca30ea24253ead000e6b1d9103fef09eb1c50adf81fd646174916ba7c1b81379c5989c768b609dd7debd70640ebbceecca975faaae82bf13ee4f997132e8799383deb2808b5884f2a28c55d76ca489b4e8e053f2d52da740aa81e19dd8bbe88a81eab3ff5371fb2a88a141dc10228cc"})
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r2, 0x942e, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:11 executing program 0 (fault-call:9 fault-nth:57):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:11 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/1, 0x1}, {&(0x7f0000000340)=""/4096, 0x1000}], 0x2, &(0x7f00000001c0)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=<r1=>0xffffffffffffffff, @ANYRES32, @ANYRES32=r0, @ANYBLOB="aecdd0b53fea00"/19, @ANYRES32=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x68}, 0x40000001)
ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f0000000140))
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  705.343532][T21835] FAULT_INJECTION: forcing a failure.
[  705.343532][T21835] name failslab, interval 1, probability 0, space 0, times 0
[  705.356158][T21835] CPU: 1 PID: 21835 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  705.365947][T21835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  705.375983][T21835] Call Trace:
[  705.379246][T21835]  dump_stack_lvl+0xd6/0x122
[  705.383828][T21835]  dump_stack+0x11/0x1b
[  705.388001][T21835]  should_fail+0x23c/0x250
[  705.392403][T21835]  __should_failslab+0x81/0x90
[  705.397159][T21835]  ? register_for_each_vma+0x372/0x890
[  705.402611][T21835]  should_failslab+0x5/0x20
[  705.407108][T21835]  kmem_cache_alloc_trace+0x52/0x320
[  705.412401][T21835]  ? register_for_each_vma+0x372/0x890
[  705.417848][T21835]  ? vma_interval_tree_iter_next+0x263/0x280
[  705.423818][T21835]  register_for_each_vma+0x372/0x890
[  705.429089][T21835]  __uprobe_register+0x404/0x8b0
[  705.434013][T21835]  uprobe_register_refctr+0x29/0x40
[  705.439195][T21835]  probe_event_enable+0x2be/0x7d0
[  705.444205][T21835]  ? __uprobe_trace_func+0x440/0x440
[  705.449472][T21835]  trace_uprobe_register+0x88/0x410
[  705.454658][T21835]  perf_trace_event_init+0x34e/0x790
[  705.459954][T21835]  perf_uprobe_init+0xf5/0x140
[  705.464784][T21835]  perf_uprobe_event_init+0xde/0x140
[  705.470122][T21835]  perf_try_init_event+0x21a/0x400
[  705.475230][T21835]  perf_event_alloc+0xa60/0x1790
[  705.480232][T21835]  __se_sys_perf_event_open+0x5db/0x2810
[  705.485909][T21835]  ? proc_fail_nth_read+0x150/0x150
[  705.491098][T21835]  __x64_sys_perf_event_open+0x63/0x70
[  705.496558][T21835]  do_syscall_64+0x44/0xa0
[  705.500969][T21835]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  705.506858][T21835] RIP: 0033:0x4665f9
[  705.510741][T21835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  705.530338][T21835] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:02:12 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x301003, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000340)={0x0, ""/256, 0x0, <r2=>0x0})
r3 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r4=>0x0, ""/256, <r5=>0x0, <r6=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r3, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r6}, {0x0, r6}, {r5}, {<r7=>r5}, {}, {}, {}, {}, {}, {r5, r6}, {0x0, r6}, {}, {r4, r6}, {0x0, r6}, {}, {r5, r6}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {<r8=>r5}, {0x0, r6}, {r4}, {}, {r4}, {0x0, r6}, {}, {}, {r4, r6}, {}, {}, {0x0, r6}, {0x0, r6}, {}, {r4, r6}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {r5}, {0x0, r6}, {}, {r4, r6}, {0x0, r6}, {r4}, {}, {r5}, {r4}, {}, {0x0, r6}, {}, {0x0, r6}, {0x0, r6}, {}, {0x0, r6}, {r5, r6}, {}, {0x0, r6}, {0x0, r6}, {r5}, {r4}, {r4}, {r4}, {0x0, r6}, {}, {0x0, r6}, {}, {r5}, {}, {}, {}, {}, {0x0, r6}, {r5}, {}, {}, {0x0, r6}, {r4}, {}, {}, {0x0, r6}, {r4, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {r4}, {0x0, r6}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {r4, r6}, {}, {r5, r6}, {r4}, {r5}, {}, {r4}, {r4}, {r5, r6}, {}, {r4}, {r4, r6}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {r4, r6}, {0x0, r6}, {r5, r6}, {r4, r6}, {r5, r6}, {0x0, r6}, {}, {r5, r6}, {r5}, {}, {0x0, r6}, {r4}, {0x0, r6}, {r5}, {r4}, {}, {0x0, r6}, {0x0, r6}, {}, {}, {}, {}, {0x0, r6}, {r5}, {r4}, {}, {}, {}, {0x0, r6}, {r4, r6}, {}, {}, {}, {0x0, <r9=>0x0}, {}, {}, {}, {}, {r4}, {r4}, {0x0, r6}, {r4, r6}, {r5, r6}, {<r10=>0x0, r6}, {r4}, {}, {r4}, {0x0, r6}, {r5}, {r4, r6}, {0x0, r6}, {0x0, r6}, {}, {}, {}, {}, {}, {r4}, {}, {r4}, {}, {}, {r5}, {0x0, r6}, {r5, r6}, {0x0, r6}, {}, {0x0, r6}, {0x0, r6}, {r5}, {r5, r6}, {}, {}, {r4}, {}, {r4}, {}, {}, {0x0, r6}, {}, {}, {}, {r5}, {0x0, r6}, {r4}, {r5}, {r5}, {}, {}, {r5}, {0x0, r6}, {}, {r4}, {r4, <r11=>0x0}, {}, {}, {0x0, r6}, {0x0, r6}, {r5, r6}, {}, {0x0, r6}, {r4}, {r5, r6}, {r4}, {r5, r6}, {r5}, {r4, r6}, {}, {}, {}, {r4}, {}, {r4}, {0x0, r6}, {r5}, {r5}, {r4}, {0x0, r6}, {0x0, r6}, {r5}, {}, {}, {}, {}, {0x0, r6}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000054f40)={<r12=>0x0, 0x0, "a4b80581d94dab801cfc847d02f8c1a8a1e6cbe4d99932132c7dcc9f267b05d6a44067675dd4824df3d794c2082f60b1b1443256ff59aa915738608926836ea5ff291bb3805bbbd611bba5b6a208d655fe011485fe83653615483ae418da8dfed2366007ccc83714ccaa5b550fc86a546dc1420899ca93b7ab77c15df133ea13d175d9919830e8b88f600b1b7a894540fa837b1c828fc3fefbf0c8ef0cd1503a3dcb92ce45a43cdc8579a9356bb02fe84df2ffbd25cbe83ebbc0a5936b387c09baf5bf9d6cad9ba5955b5ea8a2092c88883026b6d928f733aa78e6ff75d1508f3ce80ce50260122e4144fbc7efe0463adc96baeb79bb98f20635127097805b33", "d0a139cead4d23c7fc6b805915acd692aba4398c72e16ea6999e361170a3de112795f4f511458641c803bdd2c0227fce9b0366b85846f593c660752464290b61ae77513a06bb760feeed4a78b823b34f1884539e2d9f09b2a4b9cd6204dc4410fa08b28ed2dc419ed3983730a7054bcddfb85d3095bb99eb4481fba777a58bc9cb6006da05cabb25beabc089df727368b963e2d583aacfe4609d25f446991bb5e906f6c3c4650a9849a955aa724b2f576d119b280c0c6a0bf08216b6ab249a4a0bff1bb16a2b8c04b0a4f6c23ea476be24549397ce99db9d530e2a7a5cd5532b964b824f14fa39beea929397391f3c7b73c0fbc577dffdabba3cf41bef23a21b146c30388ab2925dd97e0485856ce6a70c498ddd821fd0e6fa1858c67379be513f2df28e9bc9b240c24358e986e6818a83471076eab546601ae88eaefca1fe322a4eb18fe37711dc650ef5eb32b308205ee8632778663f105d779b101c702835296530d4bb2a2487b59d7a7504eba728e9933ac5bb4fa9e0c44f9e0dd5e86db32bb33baa236c505cf373e1ac58bbd8e2c8250b97323e2a454b421a6688088e27e9141eb9e63f50868669737af247aea0b36c6b2cd90ca0efb02437547da8ac37243648b0f4b668c01ab9ed6a236c67a2e3d592d35de1eceaf5e38f0994b47d0857543c4c262fa5f718dd536a74e0506fae250f814b04c229cbbce2ced505b20ac118fdd84bf08832176b6cdd68e1236041e0546ef44b5826c911fb0d407b2c8313bae53373de7e79880344e14ea3a0752a6724253913b0b2b69493e8256ff3678de45a3eb82eb00e4ffa2ec88b925be9abe5e6a395198a8273e569282f1285d8c298b610749b2e3b7bddd0b1bdf303d3d962f1a2b52ad0bd25ebaeea19e2fdcfbede894c0b419171e482225e2f54b709b6916b93f0190016bc699745d6641d86591a601153a84e193395bad28a3c58a6ac3db34c58f0f1f53f53cc78573758a8a865fb3d091aaa7487e855df5ac9768bf08266de6c8ea2ac4116606510af363203eab0989d1906ab95b66d6e7b081d376b392abff6f61306943dd19a038f953975a4e9d3e7569c0cd320675419055d201b5d4009e4b6fc79b52d211702022c2e605c92be99814f08cabfd439b1b63950d7a751b4cd4e7cd187b27da0b6a2cf37c0adb7382073d29a44492ccd0762eb662888a9d11db5da6b4a44151dec2dae7056db1e715528766301776bef9515b992225076393045812853d4a4442a7b444201cbf18c6b686b93007ed535d19a6d8117ce54730152a1ab5972301eff2e87e15768204f0b02f56525b255caf9df847c6fbd41d87792b8ab91cea6d743b271810bdc126f767c78a792bac9d064ff60413ce32bb78db2fb6ec325f62ac8c77da13f2b2c8a4abcea961f23c3b921e891ff580e81e2d7c85e52edaf1df676092f064c8af210ff477d996f07b8c4e1b23049a6e1d1c2e087454c300b75e4fdc63c8256640d35c04c761633a298458469a51004f32fefa0856b45ec59c868ee2fbf90a514f378e3724694afdb1df28106117d5dd02e033ce39d9d57261701d2ba6cac7f2560f5c2a6e8f1d6b7227eff0f8def51aa4913bcae4e4075fc85ab6bc199cd4c0783e917aebe0a2b98b5f2e7caf06faa25f12aa01c1a21279466fba5c401fa65720d0da2b160f1a6883bbbb15b1832c73d0cb6699584694b8eda85dd7eb8461526ceb673a6ce3389628063ca46864be4fc7ec89947399e9241a5e2b361ce1e1fc52f37f81f24dff0e584257f80d03433abbf1da44bd2a700b769991d3f6feb19b81fd58a25e292e7a781a732cfb0db4400d64b01f03cbded3b800ffb395ad9afa21edadd8afbcd3585ebcfad73512d04bd4279c363f8b82d9408a8f4ba9ca8fab48bcd08a73101fb59c844710b672acacfd4e96ef678dad280752182163f872246a31559d9f070bebe7b310630da8809bf2f45abbf1f9d1ef8cf24802b3eed4ce369e3940bb618ff4a363762a51270749ebc5137938046bca9386b94b602b11c615e129e73b65e6b54616d5d902b2a830f442ac37c1cab36bca627e95fcc6e0de5af62dedff986e1b77e709a9610da978b5ffffcf5ce21072da6abde0e888816d589ea3005db3a1c6776777d20e2e6ed7438308a9acb7e52210484540661279c53fbca1f99b0f75955816278a2bcdfa95b90976743d173608e7ec45aa451bbb7576f4dc87997ce77b60ce40e5b7b96bcdb59ac8cd8f9bff32bb0b4962b14905830478d36aef918dbf04d299186b9f4b67b97639667fa1eb019503f4ea012b3b4bde0d330ec8fe8e28a4457d3b260e569f309849c9f26207c34a378f743b230ec17f4f09122d55340b73d538d253b43e07bd30a690050a372c8b324672136b78568169fc37d272f22da9bb971a6345f814b659af53b100e8583553427c93caa4fe40407d0ab6df363583aa637774e1e1857f96b102c206f826662ea3133645de21b7476adbafffab9bd208d75cf7e32ad08002a064b2603ce82621c3b7f1b4858fa81dae2eb8c72078dddb5e06d382865a80a6460a402fc8634db5ee030e9d1057812043d35775ad5e1f1490be1ef35b8361f099502172a0f1d99bf45dd7a9b5bec1252cbb1b7eaa577512f34675f473c174eecd80956f9cf44896b690172d3acd550218878f9e2c632c1820efe7c56b48b09e1c46da97d23629a3f912d8c0f8788cde60e986d5ba6670351ec4970b6ee2f91b8538ada02e74860320e29cd35f86c49dcb19a014cfc3a0d242fce4c00865a5285953c58f9af97fb1dd0b02e56a52560bf73e5abcfcd01b45c640252466a7f29b0c6f0498ceb327cbbd275649a01823a8e77c74520bab99dc58f44a4d9fb9e6cac0a2e01bca3f228b54478809b940b1a9e9dbdaa91572fefc0ac66a99e579d254557ff96c22eadb4c614addb460e140be8435a2ae3b305a575f5f10b805c64770ef90b577f887b8cd0589369060b42214f0e713c3492869416e028c46710941c9ced962f090ca9fca536958efb9b37e26d858901b04f50a6020d25e01c2e3c6db86559ec5a7044f61c275fba34ad23d9d15b5c3b20343047a99b0dc448eae1345abe08576086571b9a7c00dac9e736bdc7674ca2b5f33572f1b9c71d84b18fcfe043abb8b2664d795bc5418200be662d837125243a84f4efced030969749afa9fd5e9a062803717aac9f17333f5e5f6fbbd39c438943298509e00db94516d58ca38fc86ab7e96ddd05e7c5fb2a41123e2f2a325d23973fac995c78d701e6f9a610d9aecc2f14ad641789e911f8835ca4f6f0c4f2fa1a6954ec3e63cbf49e07801b1464caad4a15efd7a95a4eed9bd0db24c8f905113ca809029fd6c6170e0b6c289a34740ab6f5a3d096fc701d62926eff8879083697e95edd136fbef4a4a59b4312888587e42aaf8733f6f6e5944040abeedcb4c13b628d01fd1794736bcd2c6fd373874b3ecdf08d8715a91f34fc33000b76f3fdd8d7875001db4816e0352295d0bd4672fa7da0dcf32c9bca5a02b158593d8e7ee427d0875a4298368cc748f2f01ba2489d1f3481fc5c401e201695b896ccf5ad9007c266f610ce216eef17c246ad9f2bd2a45c9333ae43b1b260b13e3e901567f1f6910dd333c681849498d36c822c0dbb925d7d4a8bce7d2747b81af5857d9931c909c91adb307b77ac0d6ae63951de2c96252662a3fecd77d996f7e25a848466e8db7e1b4e334a8c077ce552c9b6a904645e4d7a1f715a2329aa0ae645c6cc3aa6b54f373f9bc8ba88d7c6fe1e3c37e44cb0738aeeb6cc09af8ddf9d3d6b388d89a0a4793f76524a0b4f3ab7455b3c3cc832e695671d9fb58d1c3be00fa719d2d2e4d0b54b7db9b4519920973a80ffa6d47dbde590d7e44dc3a3a71ed16d96c2a17fad01d348ca06c7ba16b24597fec3db43f7e6157646596698a44f2b3cd678e5c9cf8fc0a52a00547154c1ee2c7b04aca13f66d0dab6572bb77f0ee96392604595165b5132f5408241f4e9f7427bb46a52574e563484e8b2170af990bdb001aa612dade122172cd04517b4fcae810aab76a9e04d1a8edae768e0072ac39507b2a005341be815a2037c25bf4d116df144edc2441678755dca37a718b0ed4de8b0febac551215754c93984b8b274da799ebe3f3948381e255e7ec88af11956a13838eed655e354d489cba24368eab64e7c614afec72c1123252f1733bd5798e546cad1bc5c7e2cab22b5b76f55195e0e75a37acc2668e04c2251219aa07117e904b1902da4857c89e906b62fa35952c17228b3a3f8b9dc0a4772a9f26606d36051dd410e7b88e21386d56b17d6777aa4687250e538e0da2733557ccab4eb04528bfca31bafe7bbeb79c1873d555b5d0f00218942f61b8cf7f2da9a32787627a384f2ad99e78cc04b30a407259bd85bd0362c5d8aed00422ec289dbe4a9a93e88cd116cbaaf6f897df2a9ae8da65596396445d3b477cd9b755341bbb5d5b403638351c0f50a98fc09f59ea32944bea8df452d484594ce489f0de42f0a364ca6a38367d81b69c4afca32c96402dccf45edc65f9a91d4225a2d6a81aefdc7ec519e29fb7c983212b919a00b82e1ea665bfc439344f12db6a155562c9bfc35225404c3c5dab967ef226823e85040d6d755639a783c7fe3708e2b17c8a4f39bdce7dc6216a1f21a4a03e85a8229ee4ea3439b933772a82c1b3d6f30c1b57bbfef4a4d8839289b62f2942cc154ecb74ab391d9d049e134f293357e8f21df59abeb1efe8fad225d8bc02254b2088ddfc9763902e77bd9c2102de627e4d4f333617250409906bb1e2f180097a0164ac91025aeea2a0c783d9465c6b53472b897f138b6dbcf7aa124e66d0e1db7482bb2f850686eb6dba016298f80af21ff9733e7f4c0534173db2a68abfb19e425982bb8b757511a2c482535f79f973312d08fc571d6f78dcc93b67aeac45eaa9041fb0e35de968beb409211a86f8351472333ce374f0bfafd599613850b6b8fdae54e71109bf2c203fe23f1861481e6ec7341592d798e9c894e9163384517f7ba0b0cde522a643dac15691f2b6e291771b6e746e688896665f4ce2759c75f24e8310b951dfebff003064e04433eb77de3ef8c28629d968b607785b96e1c1e85465183b3fdad902742511a1668cb69c65bfbf4e59dd78bdf288a544af2406dfc50eccaabdb17b9b2e9ebf4ff093f34ec1ce1feb514783ae6ce2727244f514076bcaf0df34f48b6fc58bd9840736400f8517aa32820f4ec60637587a3eadbb1542824330c42c5f67f9efdc92aabdabda2c00942d5f640246386e6f794bf749140e1a077e55cab3b3d61800b831560189f654516af129962e74ce14b2a0eb16522f47167f1771794394343ed655b24194fbee41b9a18b41f5a9a1e67e7a150"})
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000055f40)={{<r13=>0x0, 0x5, 0x400, 0x1b26, 0x0, 0x0, 0x1000, 0x2, 0x8, 0x5, 0xee, 0x62, 0x2, 0x0, 0x6}})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000056f40)={0x3, [{}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4, r12}, {}, {r13}], 0x4, "6ac352d1b76f87"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000000540)={r2, r4, "b63f19e4f809f968c0bec8cbcd5b7492b5a08e3c231b0e344e9763883822140d6c88c2d3772a2bd27c15277ae653320f99d75f80256c2dfe0554eda0432f5e4bdaa42121fa39a0a91cefc8a2274711efe32586ab4b3eb755d0d1ae06fdcfcc8c10f36c80a4c58258cf69caf86d2daf86682bc55e93b5d8dc3d6c21d988666464829264220f07b17c3b38a6167449bcfd8b51ac3e99ba8c1f3f6f4b6908724d4a1e68e01f3687de7b3398fa7cb212f0ed3c6850e0cb4b20eb6ecee59c6e0d9d9b43263e962e49cc4b656e2565b84833a9fea95adb486a078ef1183ca7a0fb1078baf5af01a7f54b59f14fb038d7bb1996c256bb742b6bdf1ca2be2664b0ae0856", "162e573ee534c60065a753bac7c39c4359abb76ee4870544a17b276bab9ea7a2cdb2d0e398b023f05b12cda8a3dd5fdcf3644d5cceb1d5c82b3325fc61d6873eb235cd581864fcb9ee0ed585576a00e1e8a1b2d6ab953620390663a09b4324b972de0508510ddd5960640067335e28200b54fa192052cf778eecc8af849a38d7c154a035a9668db3eccd1839523a5c3d5b463498f5f3f060ce4a9fd046a272479950cfabee21c26c6cd721d433b97aeaec3cbf8fd5b653b05493bbb995cdc1a6db0c757a77a1be72597647430393d7746320124693c05f9cd09c34d4791a8eadf613b1d4273b953a9a06958e14e4d4c5cb5fb3d0560b0e15464b6db5dcf281549aac77df603bc781aec4b2fcd3bbe42ed764a4663c5c45ac1ddce9b217e1db02a1abc002217f1058eedf685a1d906677815fb1343d192f97a6dea424189f183763a66425e9f9e23e7b853d43e4265989945f7deba10297de7bee72f83b9783e5d9f19a1a96695d01ee957af6553cd160dd8eec3a57e871659282780ed3bc20fc97367fcc95357a495ee11fd7485cfab8fc2e829f3afe542df61b2c6313f75b7d3795e7ddb5e5bb9388165b8fb36c281d93d707247bc0cfc86a3ca4aee52626fb8eb2bf185e3f814b1d82434122c1921f3991e451b8e4c297fbc0dbacc695f7f9846ad28f82cb6675101a583260cbc7cc46b0a0d0149686fe430d53dfac7dc4f3fc533e2f04ef068ac8583b5af144436120e5cc634e2e2163efbc624e40f9f97a5c2030efcbab82ab65650f92b0c03cb74a0cb34ef43abbb8f8eaefe1151240681f77aa0b268cc9686f62f73be76e5a8c62ce8681c8a81f47ef298d93e53afa6fb7eb9e62206703fd85cea839bcd8dadd9091607ea29baefe7d15002694fddf9e13ae7285eb7ad9cc785f2b1ceb33981460e5924e7e6bfea57c84dd80aed09aadeeca869a0337b8423ccba084ce14d8431fe96b9272ec05f599ecb6f6d2d7259bfc99e05932581a2f2d6ba3d70c0d47314f89cbdf6b2db60f38e531c8dc5b995473dac68eb84597ae6413fa2de622d25340b803c882732c35c0b0ea9fd5d212611d165b8ef1d602f3d664e286992767b130bce214e6579f5a1e8312d127b3ea1f6d955f44040ca17bda370065e1186d5d9b6e67c4af2b475247993989ad3f6d32cafce0da8a897555be8e7804c5e9d70cc8d348011634a110b3dc17d32d68c3f439daaee6bc8f29ce0ca126604fca68d2d45c52dabf661420d96f81bf1b97da7c88509481feb2f39cdde56f1db6fa7561fec4e3af9e1a1280ab1c8444bb046afbbac50b7b4761a9792bbac8c1a607592e0d6cb5289d9b153431aec4dc1b51f9b235ba0401fcd0edf38a14e20c33a3380329e8d43841a3beadb2a67976932d09de67cf566115e57714f158bd7a24d7139582f579018c0c738eca90770e2541a009e82796b9ad3e06b44b1b3f9d0bfdf0a639253bd64fc19f6d2f7a12c8adbf22f664efd5415367a3bddd62c53593bad223b052e71728c6a39c3cb5e3c6fad811f1c86efee98f16a1576da0cc9a54750cb4e26accf5711187b863126e25818adcd45f06024cf01dbf6a68ef37091870cae3da063efc15ddf3188b6eef66594944c5f2054c1e8641117985e9013280574e25883b9f88bbb96bec87ccc6852ff66394d8a8cf093c688282e2a2576bb31691cdca4046d32367a899a3b84eadfca1761119abced68fa0989b02d9e880b5f62f89439539a69daace6a088b3a760912424bb29b6dbfb21b6f360cdec265a92c416ac4fa1dd4cd138bf498cfd86b4abf84026008907d38454eaf596b154522fd85c0f354b909a5b3339fa0011212753099ec3f1a7e6d2f69f0cdd8d3511fd5f4f1728030ce406f0a77dca30e2aa2902c0e46fe77e09f5cc07507af36e3c9e9cc2c52aacb37805cbc4b6108573fa16c67d629cb3df9becb74045d1d4599074ce93c0c91421be8a49077dded7bc15ebc03903879394a4208b659cd508bd4d07ec7a6e0345ac9fc49cd945913bf72af71ee89192169162911300f2a7b00d08c6e07022b6820aae63ddd78365ef97685d4760bcba8782703624c36b53ac9199d7765734b6e6c868e3ca4c1720a849903189072b7dad71637599147ab5078a9f0717e73400f954b0cd9c49b1a5291227d6a1428fc2fcf766535778db6ae60917f72a4ed926e15312d194e79805e1e4830961bb0ba7af856b5d993a6beb3820d45b5ad34c3d51352c010ed16a3735149e54cdfd35842d791e326e61f683560884e79a4c2913c78796dabcf4e3f982644080b8ad615794085e4bf6370967c47f54a9f5d0d104f061448806be134d82f0d46c76fe0a0fc66836e50474d543fb3b054188f27418a60517309ac5395833452cfa990b96e4e32435912ea2501f9df5ac7247ea36b83ee5e873a98e9723ce92552174bdc62326a6c9a03fc47e12596028ff69e5ae5d1e6753ce15565c1242a3073e6bc2a6650ba8a0ccf4e1e475b0cb61a5b67b5fbf3795fd2f0c47dce7816fdd9e7d5134be9df9e87755c477ebdaafdd694fbe1f23c76a299ccde10316ffd0e8d20e9b5073d3debc0ceb1e97c59479efd27c6a5f450b39ef360a8feaf4aeef91757f8f8e65f42d305db8024238136b6f3128e4998535fab5ff7b1dbb8380dccd30efea6229accf5b2b2fa7fa8abad6c6606904aca69334a2b98f30310988f596a7b38494d2acd7344b17138b9072a4ee33bb8e260d0caa6f379c724f0636956408127d525b96affae347eb402cb66fd3c9cd6e2633a85b3a0155e4b2d593981c62ffaa86ea97cad2afb3ff606b8d5f0723b53586da54d53102a7bda355de6f4bf9286d7d31e1c287ef33a23b64cf8fbaf3a8c9d5ec01ab6d3da63a73107cebb2809e480d66509a37103ffeff8ce49a36ce0ea007b6b93c6dc65ee92a678342fd14c9fc68a6b647905e603944bfb889a86f394342374c4cb28659023f401f34bb78d9a7d80cb67ebf884a7544e27f3de6a96ca39087baa4facca779b76b5a4b420073a8a7967c9c4e1d684688a19c98d3e77fc901538cbf90e002c7adec6f3de0282b74bc5c2c0e923bf3eb1b693a6d50f18affc1f617d8d8332c814ac0a510f9bc30f11243762aeccd998305951ecb8d0e444b9119d32d8ab7e82be4d29106f09c672eb5ca4bf6a720385f5c7754f8320233d0bf774bec42d96dd74ce35c51cb8e11bf454d328bca35878d01ae90d3b0d4eb9c76134708f322b46cfa6ea9ec8a53ff3fbeb910474c9bdff65a1116196dfa6ac5004c4c491de09ec722be2f39bbab7bc4c33e6d72ecad9adcfb73c7ac32570a7849870e1a15a5b4cc4b8762bfb81431dfa85ddfed09b7683d77f00b80da61e429571fa2b39dbbd0275cc6525ccc640aa1522e81a32c50811f65821b27a481ce92cc7ef0a6391c0e7b6d7872757ae282c04ce52248cc8c0eaa9d42565f005c828ab9b7960b449ccbdeefca48cbd2c0810965b613483680456ec96e2c044222a0ca76484e3c2a57eb55069671dbfc7ce8b6753de92e48aa5fd2b6afa9577759a113c558feeeb036506968e57cfbafe596d8b36c4e803769ece967bf984a95870c47cc51f791b366b7c6834833f4ebd3523de80cc331ec4b0df499b0de8db647b2257357144a48927082cbfda9228c5da4f1bfa8071ef8d1d00f22a01d366d70e1029f1813ae75945b3e32d9e303956ab477aa3b4995f94957e0210b171da360ee07cba9f94d1aaff1db4df4dbbe0178a9e19fb7a9d9c3ddbacfb44160991adb0402681b6aef797b39bb76e8c5084c7e7e373982b690f49945432b16022ae4a425d5078921e4cf158e4deaac7701c7e9f46a87702645938f1200c15f083f754f742191205b1e14de09fcda13a97e14c5cb4860f2d49c5982ae73f6932f45c37c35fa0a01ed8a1e5b720dbf25dd998f92ce6d7fe167912aa4117bd29342cdfd2ae558cecb3516b353fb27ba1cd08206c6781e8b428cd46f5ce9cd6b9203c0f3301ee357bb3a4df9c466f2c73ab7cf1a2d6667ffbf4dcb6a80f1cd0a20e5db34c02e54690b8459f856a91cf28f01e8b48f30264fd1a3ede3fd116cecc3ada3e880f73a9ae1344cb8adb6425ecaf79161a2a09cc0dbf145d8faa64bfc640e39a87c3dba2debf0c7ba62a4dd8dd37b1c3496afd740c58e478d0458353f3e95076f46e6c7be379cdc46a96590da8dc5ca3f1683de22e7663b9c3753064de62d5163ac135b7a2a23c3f173b67ed723abc4937fe0d64012c3876ea5ed6f7ee53b5dffd35897c761990da857fe0bfc7918aa38464c72ef3c4aba062cf61f401574edf6122d881505fcac3de68301362b5f259e7e345b0ee2136ba708b2b485d61112b4a790fe66c98ea73c5ab1f053ed7e003debe6841140e982f849a72da270922f28bb413bc0eeae0df1cafa6aa2871c85c0dba8e1b0a78bbbc3d54010dc8ad9976fb0c6fc78476367449bc3a4a510c899773aceef376e231087c6a24ff32d48bde923d823e3d52649d8598d623995968a875d6dfd5234fae9a99a71d77dab09e88d25993eff547403dbe8428b0f22423a6213ce90f2f7dd96159e9986abf1ab793b1d2e5f882c2480eb8e1290fb19a43eda1d9da3032403f791bc336ab037bcb6afa78248e1baf23d02a851644843ed87cc7e0a922a8e028da6fdab2921fe93fd4e6e1b43fc111119df947ae0cbc7173cc7ea8ca4f84b4b902b4fe744503e6ad465129fc57b6a002849b0f58cd83f5435e87ff001e14b55d839eaceb8837333317c63e5f0960ecb07de7a575643701a21c1f728b12d288fd8a21336dcfdf54509b0b63467acf5ce4f1fcf0cfa2dad1ce06de7df424f052bd2c43e593f46a8e1cbc9861e26aa71bc1ce4fec9697aaafc62db4f9bc7d321a090cada2687932f70cb5ab5a1c6f8e69ef33042a764567f83be67cd4be900a3425800fd452f5ebcc62abb695e698237348643cbe0e851a3831d2bdba9ef3b79620d7b91da0f0509435cbb07c7cb8ef3fbce5a4689c13e3b43f14d4f7ec31e7ff28f415add8092dd5b4cceb345c8d9b75a49371c9e85b6e7c8d313d23c4e3b625cbd51229ab8d6e9288ae8eb4606df1c1f4d03d1bebe680c030e4455e8efd83ef17ece37107462138d54094117b7638a490e3037f6bb21ac2d6b77c8e6d52cd0c8d134d489a76bb86e0033ef7f4db729c4bdbf25147d085d1ae387e5013359c0617547c28382d04ecfc197fee6361bcdac582d762ebd1cb4b92fb7a01a3f6793f4b4668c1c6bea1cda152e1c8b5cb6812f925bc544d90eafb53196f397527e74a252c8706373ff3016f37f2eb9c420740a86e3d491ea4017463d557a4895d7b547bc4ce61be415aa516c30f3ff8db451b34a56f8f413949b93daaa190519f089ed9558cc1e076c3813d116e67e6e278"})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  705.538738][T21835] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  705.546701][T21835] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  705.554655][T21835] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  705.562611][T21835] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  705.570572][T21835] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:12 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000000c0)={0x2, 0x8f, "3d897dc70a2b68e4b5989858a638b8a8eaa64bdb0c1f429e36e2c1f919184f4d9914276c58632274dee41f70784675839951b9d027386a6ba7645800b7a73531a518025b2dcfbe108ea6f25c6bdfb121ab44ff6a4eee1e36dd5556d191c6772e2d712223d08322aad94624bdaabef07b5b13ada915088ae0eadeceb19b65a54b8e923ee77d43f1526fab67ba0ddc2c"})
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x1f65)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
ioctl$RTC_UIE_ON(r0, 0x7003)
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r4 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r5=>0x0, ""/256, <r6=>0x0, <r7=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r7}, {0x0, r7}, {r6}, {r6}, {}, {}, {}, {}, {}, {r6, r7}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {}, {r6, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r6}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {}, {}, {r5, r7}, {}, {}, {0x0, r7}, {0x0, r7}, {}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {r6}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {r5}, {}, {r6}, {r5}, {}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r5}, {r5}, {r5}, {0x0, r7}, {}, {0x0, r7}, {}, {r6}, {}, {}, {}, {}, {0x0, r7}, {r6}, {}, {}, {0x0, r7}, {r5}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {r5}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {r6, r7}, {r5}, {r6}, {}, {r5}, {r5}, {r6, r7}, {}, {r5}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {r5, r7}, {0x0, r7}, {r6, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {}, {r6, r7}, {r6}, {}, {0x0, r7}, {r5}, {0x0, r7}, {r6}, {r5}, {}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {0x0, r7}, {r6}, {r5}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {r5}, {0x0, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r5, r7}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {r5}, {}, {r5}, {}, {}, {r6}, {0x0, r7}, {r6, r7}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r6, r7}, {}, {}, {r5}, {}, {r5}, {}, {}, {0x0, r7}, {}, {}, {}, {r6}, {0x0, r7}, {r5}, {r6}, {r6}, {}, {}, {r6}, {0x0, r7}, {}, {r5}, {r5}, {}, {}, {0x0, r7}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {r5}, {r6, r7}, {r5}, {r6, r7}, {r6}, {r5, r7}, {}, {}, {}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r6}, {r5}, {0x0, r7}, {0x0, r7}, {r6}, {}, {}, {}, {}, {0x0, r7}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f0000000340)={r7, 0x0, "737fb8801548934e30292c6590c869ccfef47cc2a3a8227c2f9dea8f755b051bd92cff82087c56d1163c1117a815ae27195f732af44d9b9698ea3d53df10a906fc57379327657b583ffe2883333a944cb4d2cb690c92689354ff087b3f071ad4a63e732ced837fa3261b6c7b44d0fbb16daaa8f83c470ef8d9b46084bf84ee533885867e2083ec5c05b0142f75f2b6e585e3cb78e04200c669e12443c4bc896b8b668704e50b38a29cda99f7fe115424bcf616680a6da0a2b136141e13a97e8d64c79d95fca4b939301b3538806b6f361edb0d517c75aaefd5086463771f3ac353561a22ab18925ca4c3bce608982b0811248b1c896862a9eaac32fb7f3de05e", "13db17828be5775d3fd91da27650890cf0b08723cb1719da2e36cc145e1d16bb3eaec154c781bf2b9f1ca9ed506ca8898cb9ee035fadad299a1f29892cd5521bd37f9f622a52a294d5a6eb534d92e041ceb748e27c4be4c036741a20f62d8cdd51f3a035292842faf57db676603ad56a3306ffb9cfb8f8189d3c061db608c8b926ca8bc8ece00c1e0b13dd60e7382c288612b7e3812cf60d9970e28629ac4934fdb5981a4d5f86e7f33ca5db195487c5890c7d208468826110d8a40f07b2024610bf1a0e230c1199c7fd7cbef2c4ecf075b588073b5b86c9e889434458d2c8751b0c74ac648879610f71242549f8d12cf52bff62c32ef5d8ef414d05a70a465244b59981fbc95198d2d5c3c79680a3536c0ccc3152254d3fcfbb4187035f10449da570c917b032cbc81e9af581819891d4e0cc8858f59808a18ffb1d08af488702e67c50a390746c2d7c4441ebbc93c694210141618002d7f457d225c7cd4a6157174b9612a6784a51fedde71febaa4e81f9151d64c712d2705083d1508c395773b05dd0d00cca10c0b2eb2d37157cf3ae73652260d61d60fd1cbce35c3f70c04fec8d0f237f547940d4042f3afc77b341901e2b6f4d680126fb567a8257c8b4b30c8b21479fd5fea5e1d4557cb15afa8257ce13e7d86d96584cebcff7784a6a10f8a1e40ceb70b53edb3f28c93c9e40565d0d3a1545acbc25cbfb8fb1b07fd6120163a2fe9dc8edd7009672c19e20ae5db1563b3332de70ac7c54502b5e1d384f11c605616e5b86c03b2a78a5de6d62c1134f5f9e20159642e7585e48d79cba3cec73282c1bb17f103abb032e2d3b65106b48253a4fc26feb6a5ca3855bcea7a1aba38c27d8de41b011f9487550d93b12df3b17ae2c80a6801d133b0436a6e8fc434ddd9e24f2b1ee193ed43df916c61061b4bc7e7d35642fea3c1702893050724dd58f75036af306e8700a763d803f7897ce0a5a07408bee5bf5fb5cc7dac9a6e2c54754b1475d7fdc72b6b557c2fbbab2c65bda40b8723aacff8a5d456b80c40e1fbbf3f4f679a936acd30823a1d17cc8dc231103f90a25216268d513719cf5ee785b9a9b2da0f9cba714e3387509e29022e80a80fed9c57b0f9d24c3e4306e77bf794845cba66d283a4715174e93eed7180160e737440f0380834b6d54886f35bfb3e818812407660da2561a0491e53c4f365722f4a0c05d3f620d75807f1aa9ec44ef8ce89545ae32f32328ae3ab36ddcf5b27518aefdf198fda8869576e082a853c7e0f749c41a1295bd9cc77ac9c9cba5d2372c9341e9374684868018ac8db1574cf2e962e1732b28d39650c571748e361077da5f4ad90d37d7c09ed756c32ee1b0d251928acc4214e606155cc2bbff2a0f6683b7ae03aec243efaf35ab17829767a450792525da36a0da3819f4293080921154f3966619091278e4f0bd0ad7ffa2667d39df2a509d654dc6b22c131ae7a8029c539b4f452a6babec28166db16a88e07fa4ba9ad08b4f7fbe67883d8aa751b6db24f359f832bf5f815f8c90bc25edd19c76204f2c4abfe9adaae67c70d4f995d5a7ef03f5bf52d6f0169349de4dd41f10cba056d001012e24dd3070e52076cefc951199ff5e514161fd4b79733e630efbd8e928693ddb15e9568930e24773dc7639311d785b6d595704673cf2f8c183b73ccefced6674bfec9183f5b3eca70f61d5cd3d17b084a13ef1701501b50feeb98b7043218388b1fcb0b791dbdc0d3179d1b09e08474a8def129f10989e4e021772d1ecd7ebbc59b5c0965fd401159c097f63613cddc0d12bab66c9b9a584fd055bdb0770904693b75c888c143206e3f26b95d425ad643f166c94f25b6e99ef601b300d06fa812da7a6daddc98baa4052b951b9252ed1bb008275a8f87e9c4730855a9f2c01556030fe2768b3cd28e6dbc29882b8015d3085a3985ed70a6f2635ce739718d8f7c7e0d2a6b631e9ced3f9d647aff4f5c5e65f9355f0ea2e6541746abe4ce014759fd450d5647bd4259b530bdc69abb4ab309d588b49e3ca5ff5007e9f3fc0cf7571eb3c40b7724a1bb623779a0d5ffbdcf43e063b7039a3798fa4a783ff303ad932dcf25f4d0bb42a279cb67c0840c90a1d28dc335fe4a2bc047b3eecc333c5e31208b8db6ab66ad67b95595c08335c723d72614d48b720f3ffffeaf38f8a0f7410969c1ff500c91c5f5c4f34e93e4750e46b0e20b66ec50558757c37d8e90bb37a9bd927941c6ad41da70e1fded049e9306353be5d743130fbb977de2cefc60909d4f4aca5288a90f03bc6eb74a93f793a51ee08ff685634a520bbece9201d4f23e3b2b7b246800d0c7ad11eb9c18484e4eff6405820b9c94d78b370183b4474834de7d1df983ce4406567c3b67ea074f7ff61e0918969a5c212735a08b36b9e58da83d5fb1ddd60349df08294fe12a565887f851e04476a2b82c4ce6a0e602901d26f772091af717524b540835d827b3b30286cd28b6fc2260085dfe6461cdef373b20c16a6587f333eac5c641ea01f3a1670f4ce6378ee8db86455496fa81b5ecef65601355e3055d4cc280a400eb1b20207b220aa0fb7d5eacc93566dc7f84d9422a0fb927bf77e29251b3f1f3498a38c3be9c0326b6cec8f79fbf7ca8da39ef1fab2925e89cd3a7a1cd91a09b09734b43bbe654aad88954c16cd5b04efd23196da7b1c316f3a2611b68f1196855d658f78a41320df6f6e28aadf24b443b22b8bcad309e4cbfa1b06c96d96470cff7406c290c95e348414c6bf07f0b7d401a5f526c9935fb2508184abf6120a109b23fc73e2ac068d04950310889a6df6da85372f35b707d31a6301c974c260d44788942760624ef6f0e6dfe2022098d322508b068ce8a7b10b1632dcee8b9bf14c7c4bfffbf0e1064e80b2ddec1c3393120a77572767187e2e12045271b4454b9c5a65096790a4aeedd5fc58cc594419408ea56154bdd4d537548c66d5d41f77e42029c881859e4f8072bc15e84e050346a15b68a5a02a08e60245ec822e533cca15003e426ab35289cc256eac632a7dc02dd1d330be2e660ce4e581000ca255d33d3fb791e9e237c7afa3498e791d4afff93fb70cc07df5fc177d4788b06e9e74157e4928483a15c6b393e5f55d5c5016d369b267b854ef25c0dbb133b02f310e5293fe2632ea9357713c7094173059337fd5b326282c14997f6721ca4a1ef1daca7c77885670d021931672e2b006d45794706507f99f3337554da39980c10ccb21b16b9716514c731e898ce4a2f6394a27ff21fa18ce413beb703472ea2fd9f99a8afd752caf82a9b0d6d2bd80156e4c6ecadd2af83f1524128a3cdb29dbc05571b61134e02c97fb37d96b4d1cf0fe6b58d236de28dd1d83be1f197a07ef243d5d115036081818959e679a35f1d66e9a990b573f78c8e3a75d994d78ec71dc30c23583f4dbcee63bf6b078d76dd39ba2685fdfb32464d9b6f1d5be89adadb6ed8c3429773e2beae18c91783e523d123d650f31db86d2084f41d06d00ff0df385ca0f2718b266dc8471d6a80c38a00162a52d0f1b58a124ba6927cc822a9c8dbfc3f77ac647089c82c12947467e8dd01d659450816c216aec275c830829bd05495d57002f652d2448fd1555935154c2b2c0487bfff6c8a1cef7c9809feeb2925d469be2ce01a5d3d73efcf9cedfe0095f31cabfb47dffcae6ab7a4b951d545df7e1962a4079ef2ffb04f58d5d73fdfd10e07742f9db9138ad2d14c8f6e80d3d7ab657ce26bf2e2c9d359c0b35ae9a012fb5b438b84f87462b9af1d84f7b3c73c900a373e7e426b6b8a4b565a7bd06b26ad5248a40c9b0063ac85d864cf7e4b8bccc30e1645173e54c7307be0c8fb0f45748f4dac9a14711ed267813a7918f08283da4529b8fd85bd574af7cd02a7dcd21569e3fe5471872c06af3d7b5af8d733fa25cbef8fd8f69d45db3b5459f749b87fe7a033a443c04b40009b2f7b41c02e59bafbc98bc81e81e800d52e06479d3d9b210bfb9835452e423ae4906c382631546bf6eade98a20130a685d97cf48e61133fac10afa163e523e5fc743edd1bbd3dba95215254e205dfc1d5cfb9cf2acf268469d23dfac268549a78f0d1f80c81ec14b0f594a28055637baf86aec2158647ad852e6f50069180e6a0ef66487939cb9b22a6467d230f7016daf5965e989e293ddcd6b26f94bc943e0918f827d5b2420e7596a6d61ac3e1433aaa23cf64f108f020f09426ef7a46b8c81c5fcb3ee5168992be3e1badcb055c1ae047d002aa13395e4ca647280b86ec228694207ad9056d9931ab42d546871e2ca44884a30dc9e820fe25dd7455aa91b3c63f3556127bb27f142662f1d914578470535c75a67f5cd8b436bc4d12aefed0d51ed58ff9de9d929711f60d9c4bbccbb81a6c5e5084255dac64f0e44893ad7eb88335d07a909adc108129799007c86a645d1bdee20682b2abf37903a48b9802585b8a23b0a496976025103f5249a9e3be062e13289673d4b0521ecf6fd1fb75ae71d7f7e9fff5ca6538cc8d7a8150739edd66ee6c5667967a76431b8dc714c02cdaec2e16a78be1d475a56f54fbed03e048c7f8e3b9c63e035fca50ed952dd2992b07a7006675d29ce386f0b2c4076c12f60fde3a306a0517b6a28e577a12d102941f1c92a44a67cc8f11a2b246ed369e56ff57183b4e01a5ccbba681cc6f82ec2294107fc0d80e760564223b9626828cb13e7acaa1c96f19389781d4409581fd9943def970c47691a1cc69946da6bbe38cfbb79553c28bf708a922143b892816a0f1a048765014dd756b8e2a13cf01d8afdcfe405240ce70645174c99092e7e5a62d3a38ad025c4e64020afba560c618aff8b7cee1a0923fa57a4e718d3e3a5fe62c5f77848d6ea348f410001667d4e292f0390b299c167a069ca1b1607dc4b26bf9142c26eb98f8cf5858eb5f9ce489ebf5ab44ab115e2fdf481db3ef74ede5d85549e5087abbc2b5e01fc46944b4716b408deebdeba431ecfa18719974f6c26b7f4999d563005b84d9b20e7e450877613cbd35d071212a3c23ce36f05ff62ec63ca1a926a0e4b87bd77f87c50719b6bb8795196ff1c8a29cf4de78e45e42d257f023915434879d34e66287205b85d9dd9bedf222cf111cd8d9c7f080802d4003f7c4cd02fcf43739edefb932583d709b53ff6a30974e3aaae9c138cbd795310df5ff7a02d164f4e3662a992115034b321bc3b99575b6830ab124a9ea7635e4fe2fe2965c8437a435a3169a3e48e654bc448cd39cd229d3a43d4ca3ad95106828736ac9a5f5bc97a3802cb979cad211de4adb2aaee9878c71d30cd48351f540040fb65feb327183300e9a576dd332e403fb7de068dd2b1dd1855ff1cfdee32659533a7de48840dd0e7a64a9c21d03c43959eb90016bdd8"})

01:02:12 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000000c0)={0x2, 0x8f, "3d897dc70a2b68e4b5989858a638b8a8eaa64bdb0c1f429e36e2c1f919184f4d9914276c58632274dee41f70784675839951b9d027386a6ba7645800b7a73531a518025b2dcfbe108ea6f25c6bdfb121ab44ff6a4eee1e36dd5556d191c6772e2d712223d08322aad94624bdaabef07b5b13ada915088ae0eadeceb19b65a54b8e923ee77d43f1526fab67ba0ddc2c"})
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x1f65)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
ioctl$RTC_UIE_ON(r0, 0x7003)
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r4 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r5=>0x0, ""/256, <r6=>0x0, <r7=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r7}, {0x0, r7}, {r6}, {r6}, {}, {}, {}, {}, {}, {r6, r7}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {}, {r6, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r6}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {}, {}, {r5, r7}, {}, {}, {0x0, r7}, {0x0, r7}, {}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {r6}, {0x0, r7}, {}, {r5, r7}, {0x0, r7}, {r5}, {}, {r6}, {r5}, {}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r5}, {r5}, {r5}, {0x0, r7}, {}, {0x0, r7}, {}, {r6}, {}, {}, {}, {}, {0x0, r7}, {r6}, {}, {}, {0x0, r7}, {r5}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {r5}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {r6, r7}, {r5}, {r6}, {}, {r5}, {r5}, {r6, r7}, {}, {r5}, {r5, r7}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {r5, r7}, {0x0, r7}, {r6, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {}, {r6, r7}, {r6}, {}, {0x0, r7}, {r5}, {0x0, r7}, {r6}, {r5}, {}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {0x0, r7}, {r6}, {r5}, {}, {}, {}, {0x0, r7}, {r5, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {r5}, {0x0, r7}, {r5, r7}, {r6, r7}, {0x0, r7}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r5, r7}, {0x0, r7}, {0x0, r7}, {}, {}, {}, {}, {}, {r5}, {}, {r5}, {}, {}, {r6}, {0x0, r7}, {r6, r7}, {0x0, r7}, {}, {0x0, r7}, {0x0, r7}, {r6}, {r6, r7}, {}, {}, {r5}, {}, {r5}, {}, {}, {0x0, r7}, {}, {}, {}, {r6}, {0x0, r7}, {r5}, {r6}, {r6}, {}, {}, {r6}, {0x0, r7}, {}, {r5}, {r5}, {}, {}, {0x0, r7}, {0x0, r7}, {r6, r7}, {}, {0x0, r7}, {r5}, {r6, r7}, {r5}, {r6, r7}, {r6}, {r5, r7}, {}, {}, {}, {r5}, {}, {r5}, {0x0, r7}, {r6}, {r6}, {r5}, {0x0, r7}, {0x0, r7}, {r6}, {}, {}, {}, {}, {0x0, r7}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f0000000340)={r7, 0x0, "737fb8801548934e30292c6590c869ccfef47cc2a3a8227c2f9dea8f755b051bd92cff82087c56d1163c1117a815ae27195f732af44d9b9698ea3d53df10a906fc57379327657b583ffe2883333a944cb4d2cb690c92689354ff087b3f071ad4a63e732ced837fa3261b6c7b44d0fbb16daaa8f83c470ef8d9b46084bf84ee533885867e2083ec5c05b0142f75f2b6e585e3cb78e04200c669e12443c4bc896b8b668704e50b38a29cda99f7fe115424bcf616680a6da0a2b136141e13a97e8d64c79d95fca4b939301b3538806b6f361edb0d517c75aaefd5086463771f3ac353561a22ab18925ca4c3bce608982b0811248b1c896862a9eaac32fb7f3de05e", "13db17828be5775d3fd91da27650890cf0b08723cb1719da2e36cc145e1d16bb3eaec154c781bf2b9f1ca9ed506ca8898cb9ee035fadad299a1f29892cd5521bd37f9f622a52a294d5a6eb534d92e041ceb748e27c4be4c036741a20f62d8cdd51f3a035292842faf57db676603ad56a3306ffb9cfb8f8189d3c061db608c8b926ca8bc8ece00c1e0b13dd60e7382c288612b7e3812cf60d9970e28629ac4934fdb5981a4d5f86e7f33ca5db195487c5890c7d208468826110d8a40f07b2024610bf1a0e230c1199c7fd7cbef2c4ecf075b588073b5b86c9e889434458d2c8751b0c74ac648879610f71242549f8d12cf52bff62c32ef5d8ef414d05a70a465244b59981fbc95198d2d5c3c79680a3536c0ccc3152254d3fcfbb4187035f10449da570c917b032cbc81e9af581819891d4e0cc8858f59808a18ffb1d08af488702e67c50a390746c2d7c4441ebbc93c694210141618002d7f457d225c7cd4a6157174b9612a6784a51fedde71febaa4e81f9151d64c712d2705083d1508c395773b05dd0d00cca10c0b2eb2d37157cf3ae73652260d61d60fd1cbce35c3f70c04fec8d0f237f547940d4042f3afc77b341901e2b6f4d680126fb567a8257c8b4b30c8b21479fd5fea5e1d4557cb15afa8257ce13e7d86d96584cebcff7784a6a10f8a1e40ceb70b53edb3f28c93c9e40565d0d3a1545acbc25cbfb8fb1b07fd6120163a2fe9dc8edd7009672c19e20ae5db1563b3332de70ac7c54502b5e1d384f11c605616e5b86c03b2a78a5de6d62c1134f5f9e20159642e7585e48d79cba3cec73282c1bb17f103abb032e2d3b65106b48253a4fc26feb6a5ca3855bcea7a1aba38c27d8de41b011f9487550d93b12df3b17ae2c80a6801d133b0436a6e8fc434ddd9e24f2b1ee193ed43df916c61061b4bc7e7d35642fea3c1702893050724dd58f75036af306e8700a763d803f7897ce0a5a07408bee5bf5fb5cc7dac9a6e2c54754b1475d7fdc72b6b557c2fbbab2c65bda40b8723aacff8a5d456b80c40e1fbbf3f4f679a936acd30823a1d17cc8dc231103f90a25216268d513719cf5ee785b9a9b2da0f9cba714e3387509e29022e80a80fed9c57b0f9d24c3e4306e77bf794845cba66d283a4715174e93eed7180160e737440f0380834b6d54886f35bfb3e818812407660da2561a0491e53c4f365722f4a0c05d3f620d75807f1aa9ec44ef8ce89545ae32f32328ae3ab36ddcf5b27518aefdf198fda8869576e082a853c7e0f749c41a1295bd9cc77ac9c9cba5d2372c9341e9374684868018ac8db1574cf2e962e1732b28d39650c571748e361077da5f4ad90d37d7c09ed756c32ee1b0d251928acc4214e606155cc2bbff2a0f6683b7ae03aec243efaf35ab17829767a450792525da36a0da3819f4293080921154f3966619091278e4f0bd0ad7ffa2667d39df2a509d654dc6b22c131ae7a8029c539b4f452a6babec28166db16a88e07fa4ba9ad08b4f7fbe67883d8aa751b6db24f359f832bf5f815f8c90bc25edd19c76204f2c4abfe9adaae67c70d4f995d5a7ef03f5bf52d6f0169349de4dd41f10cba056d001012e24dd3070e52076cefc951199ff5e514161fd4b79733e630efbd8e928693ddb15e9568930e24773dc7639311d785b6d595704673cf2f8c183b73ccefced6674bfec9183f5b3eca70f61d5cd3d17b084a13ef1701501b50feeb98b7043218388b1fcb0b791dbdc0d3179d1b09e08474a8def129f10989e4e021772d1ecd7ebbc59b5c0965fd401159c097f63613cddc0d12bab66c9b9a584fd055bdb0770904693b75c888c143206e3f26b95d425ad643f166c94f25b6e99ef601b300d06fa812da7a6daddc98baa4052b951b9252ed1bb008275a8f87e9c4730855a9f2c01556030fe2768b3cd28e6dbc29882b8015d3085a3985ed70a6f2635ce739718d8f7c7e0d2a6b631e9ced3f9d647aff4f5c5e65f9355f0ea2e6541746abe4ce014759fd450d5647bd4259b530bdc69abb4ab309d588b49e3ca5ff5007e9f3fc0cf7571eb3c40b7724a1bb623779a0d5ffbdcf43e063b7039a3798fa4a783ff303ad932dcf25f4d0bb42a279cb67c0840c90a1d28dc335fe4a2bc047b3eecc333c5e31208b8db6ab66ad67b95595c08335c723d72614d48b720f3ffffeaf38f8a0f7410969c1ff500c91c5f5c4f34e93e4750e46b0e20b66ec50558757c37d8e90bb37a9bd927941c6ad41da70e1fded049e9306353be5d743130fbb977de2cefc60909d4f4aca5288a90f03bc6eb74a93f793a51ee08ff685634a520bbece9201d4f23e3b2b7b246800d0c7ad11eb9c18484e4eff6405820b9c94d78b370183b4474834de7d1df983ce4406567c3b67ea074f7ff61e0918969a5c212735a08b36b9e58da83d5fb1ddd60349df08294fe12a565887f851e04476a2b82c4ce6a0e602901d26f772091af717524b540835d827b3b30286cd28b6fc2260085dfe6461cdef373b20c16a6587f333eac5c641ea01f3a1670f4ce6378ee8db86455496fa81b5ecef65601355e3055d4cc280a400eb1b20207b220aa0fb7d5eacc93566dc7f84d9422a0fb927bf77e29251b3f1f3498a38c3be9c0326b6cec8f79fbf7ca8da39ef1fab2925e89cd3a7a1cd91a09b09734b43bbe654aad88954c16cd5b04efd23196da7b1c316f3a2611b68f1196855d658f78a41320df6f6e28aadf24b443b22b8bcad309e4cbfa1b06c96d96470cff7406c290c95e348414c6bf07f0b7d401a5f526c9935fb2508184abf6120a109b23fc73e2ac068d04950310889a6df6da85372f35b707d31a6301c974c260d44788942760624ef6f0e6dfe2022098d322508b068ce8a7b10b1632dcee8b9bf14c7c4bfffbf0e1064e80b2ddec1c3393120a77572767187e2e12045271b4454b9c5a65096790a4aeedd5fc58cc594419408ea56154bdd4d537548c66d5d41f77e42029c881859e4f8072bc15e84e050346a15b68a5a02a08e60245ec822e533cca15003e426ab35289cc256eac632a7dc02dd1d330be2e660ce4e581000ca255d33d3fb791e9e237c7afa3498e791d4afff93fb70cc07df5fc177d4788b06e9e74157e4928483a15c6b393e5f55d5c5016d369b267b854ef25c0dbb133b02f310e5293fe2632ea9357713c7094173059337fd5b326282c14997f6721ca4a1ef1daca7c77885670d021931672e2b006d45794706507f99f3337554da39980c10ccb21b16b9716514c731e898ce4a2f6394a27ff21fa18ce413beb703472ea2fd9f99a8afd752caf82a9b0d6d2bd80156e4c6ecadd2af83f1524128a3cdb29dbc05571b61134e02c97fb37d96b4d1cf0fe6b58d236de28dd1d83be1f197a07ef243d5d115036081818959e679a35f1d66e9a990b573f78c8e3a75d994d78ec71dc30c23583f4dbcee63bf6b078d76dd39ba2685fdfb32464d9b6f1d5be89adadb6ed8c3429773e2beae18c91783e523d123d650f31db86d2084f41d06d00ff0df385ca0f2718b266dc8471d6a80c38a00162a52d0f1b58a124ba6927cc822a9c8dbfc3f77ac647089c82c12947467e8dd01d659450816c216aec275c830829bd05495d57002f652d2448fd1555935154c2b2c0487bfff6c8a1cef7c9809feeb2925d469be2ce01a5d3d73efcf9cedfe0095f31cabfb47dffcae6ab7a4b951d545df7e1962a4079ef2ffb04f58d5d73fdfd10e07742f9db9138ad2d14c8f6e80d3d7ab657ce26bf2e2c9d359c0b35ae9a012fb5b438b84f87462b9af1d84f7b3c73c900a373e7e426b6b8a4b565a7bd06b26ad5248a40c9b0063ac85d864cf7e4b8bccc30e1645173e54c7307be0c8fb0f45748f4dac9a14711ed267813a7918f08283da4529b8fd85bd574af7cd02a7dcd21569e3fe5471872c06af3d7b5af8d733fa25cbef8fd8f69d45db3b5459f749b87fe7a033a443c04b40009b2f7b41c02e59bafbc98bc81e81e800d52e06479d3d9b210bfb9835452e423ae4906c382631546bf6eade98a20130a685d97cf48e61133fac10afa163e523e5fc743edd1bbd3dba95215254e205dfc1d5cfb9cf2acf268469d23dfac268549a78f0d1f80c81ec14b0f594a28055637baf86aec2158647ad852e6f50069180e6a0ef66487939cb9b22a6467d230f7016daf5965e989e293ddcd6b26f94bc943e0918f827d5b2420e7596a6d61ac3e1433aaa23cf64f108f020f09426ef7a46b8c81c5fcb3ee5168992be3e1badcb055c1ae047d002aa13395e4ca647280b86ec228694207ad9056d9931ab42d546871e2ca44884a30dc9e820fe25dd7455aa91b3c63f3556127bb27f142662f1d914578470535c75a67f5cd8b436bc4d12aefed0d51ed58ff9de9d929711f60d9c4bbccbb81a6c5e5084255dac64f0e44893ad7eb88335d07a909adc108129799007c86a645d1bdee20682b2abf37903a48b9802585b8a23b0a496976025103f5249a9e3be062e13289673d4b0521ecf6fd1fb75ae71d7f7e9fff5ca6538cc8d7a8150739edd66ee6c5667967a76431b8dc714c02cdaec2e16a78be1d475a56f54fbed03e048c7f8e3b9c63e035fca50ed952dd2992b07a7006675d29ce386f0b2c4076c12f60fde3a306a0517b6a28e577a12d102941f1c92a44a67cc8f11a2b246ed369e56ff57183b4e01a5ccbba681cc6f82ec2294107fc0d80e760564223b9626828cb13e7acaa1c96f19389781d4409581fd9943def970c47691a1cc69946da6bbe38cfbb79553c28bf708a922143b892816a0f1a048765014dd756b8e2a13cf01d8afdcfe405240ce70645174c99092e7e5a62d3a38ad025c4e64020afba560c618aff8b7cee1a0923fa57a4e718d3e3a5fe62c5f77848d6ea348f410001667d4e292f0390b299c167a069ca1b1607dc4b26bf9142c26eb98f8cf5858eb5f9ce489ebf5ab44ab115e2fdf481db3ef74ede5d85549e5087abbc2b5e01fc46944b4716b408deebdeba431ecfa18719974f6c26b7f4999d563005b84d9b20e7e450877613cbd35d071212a3c23ce36f05ff62ec63ca1a926a0e4b87bd77f87c50719b6bb8795196ff1c8a29cf4de78e45e42d257f023915434879d34e66287205b85d9dd9bedf222cf111cd8d9c7f080802d4003f7c4cd02fcf43739edefb932583d709b53ff6a30974e3aaae9c138cbd795310df5ff7a02d164f4e3662a992115034b321bc3b99575b6830ab124a9ea7635e4fe2fe2965c8437a435a3169a3e48e654bc448cd39cd229d3a43d4ca3ad95106828736ac9a5f5bc97a3802cb979cad211de4adb2aaee9878c71d30cd48351f540040fb65feb327183300e9a576dd332e403fb7de068dd2b1dd1855ff1cfdee32659533a7de48840dd0e7a64a9c21d03c43959eb90016bdd8"})

01:02:12 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f00000002c0)={0x0, 0xfffffffc, 0x0, 0x0, 0x0, "00000600"})
r4 = syz_open_pts(r3, 0x0)
signalfd4(r4, &(0x7f00000001c0)={[0x3]}, 0x8, 0x80000)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TCSETSF2(r4, 0x402c542d, &(0x7f0000000000)={0x100, 0xed4, 0x9, 0x0, 0x35, "10682c555580bb9745867ffb673a5bd157f925", 0x0, 0x80})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000040)={0x5437, 0x0, 0x13b0})
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
preadv(r2, &(0x7f00000003c0)=[{&(0x7f00000022c0)=""/176, 0xb0}, {&(0x7f0000002380)=""/231, 0xe7}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/236, 0xec}, {&(0x7f00000000c0)=""/129, 0x81}, {&(0x7f0000000340)=""/123, 0x7b}, {&(0x7f0000000240)=""/14, 0xe}, {&(0x7f0000001540)=""/111, 0x6f}], 0x8, 0x3, 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r5, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000300)={0x8, 0x4}, 0x0, 0x0)

01:02:12 executing program 0 (fault-call:9 fault-nth:58):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:12 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x74)
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000000)={0x36, 0x8, 0x7, 0x5, 0xb, 0x2, 0x3, 0x4c, 0xffffffffffffffff})
r2 = openat2(r1, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x50000, 0x40, 0x1}, 0x18)
ioctl$LOOP_SET_FD(r2, 0x4c00, r1)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  706.072944][T21818] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  706.080965][T21818] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  706.098676][T21818] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  706.106694][T21818] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  706.249756][T21860] FAULT_INJECTION: forcing a failure.
[  706.249756][T21860] name failslab, interval 1, probability 0, space 0, times 0
[  706.262410][T21860] CPU: 0 PID: 21860 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  706.272207][T21860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  706.282241][T21860] Call Trace:
[  706.285577][T21860]  dump_stack_lvl+0xd6/0x122
[  706.290164][T21860]  dump_stack+0x11/0x1b
[  706.294385][T21860]  should_fail+0x23c/0x250
[  706.298932][T21860]  __should_failslab+0x81/0x90
[  706.303697][T21860]  ? register_for_each_vma+0x372/0x890
[  706.309147][T21860]  should_failslab+0x5/0x20
[  706.313634][T21860]  kmem_cache_alloc_trace+0x52/0x320
[  706.318904][T21860]  ? register_for_each_vma+0x372/0x890
[  706.324347][T21860]  ? vma_interval_tree_iter_next+0x24c/0x280
[  706.330315][T21860]  register_for_each_vma+0x372/0x890
[  706.335584][T21860]  __uprobe_register+0x404/0x8b0
[  706.340502][T21860]  uprobe_register_refctr+0x29/0x40
[  706.345682][T21860]  probe_event_enable+0x2be/0x7d0
[  706.350741][T21860]  ? __uprobe_trace_func+0x440/0x440
[  706.356037][T21860]  trace_uprobe_register+0x88/0x410
[  706.361222][T21860]  perf_trace_event_init+0x34e/0x790
[  706.366500][T21860]  perf_uprobe_init+0xf5/0x140
[  706.371302][T21860]  perf_uprobe_event_init+0xde/0x140
[  706.376578][T21860]  perf_try_init_event+0x21a/0x400
[  706.381721][T21860]  perf_event_alloc+0xa60/0x1790
[  706.386646][T21860]  __se_sys_perf_event_open+0x5db/0x2810
[  706.392264][T21860]  ? plist_check_list+0xf9/0x160
[  706.397196][T21860]  ? finish_task_switch+0xce/0x290
[  706.402295][T21860]  __x64_sys_perf_event_open+0x63/0x70
[  706.407741][T21860]  do_syscall_64+0x44/0xa0
[  706.412175][T21860]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  706.418128][T21860] RIP: 0033:0x4665f9
[  706.422005][T21860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  706.441686][T21860] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  706.450184][T21860] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  706.458156][T21860] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  706.466110][T21860] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  706.474062][T21860] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  706.482012][T21860] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  707.005487][T21851] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  707.013498][T21851] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  707.030598][T21851] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  707.038594][T21851] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:15 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:15 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0xc3bcabc0ec532ed9, 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
dup2(0xffffffffffffffff, r3)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
syz_open_pts(r2, 0x0)
r4 = syz_open_pts(r2, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$KDENABIO(r4, 0x4b36)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
r5 = syz_open_pts(r0, 0x101080)
ioctl$TIOCGPTPEER(r5, 0x5441, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:15 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCFLSH(r2, 0x540b, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
r3 = syz_open_pts(r1, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x200000a, 0x50, r3, 0xc7fcb000)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
io_pgetevents(0x0, 0x7fff, 0x9, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000140)={0x0, 0x3938700}, &(0x7f0000000200)={&(0x7f00000001c0)={[0x1]}, 0x8})

01:02:15 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000000)={0x80, 0x1f, 0x4b71, 0x1, 0x2, "a7836454999098997011848dcb3536a5e1aad2"})
r3 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100))

01:02:15 executing program 0 (fault-call:9 fault-nth:59):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:15 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000000)={0x10000})
ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000040))
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
flistxattr(r4, &(0x7f0000000080)=""/219, 0xdb)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x85}, 0x0, 0x0)

01:02:15 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  708.832010][T21889] FAULT_INJECTION: forcing a failure.
[  708.832010][T21889] name failslab, interval 1, probability 0, space 0, times 0
[  708.844657][T21889] CPU: 0 PID: 21889 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  708.854460][T21889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  708.864539][T21889] Call Trace:
[  708.867899][T21889]  dump_stack_lvl+0xd6/0x122
[  708.872523][T21889]  dump_stack+0x11/0x1b
[  708.876701][T21889]  should_fail+0x23c/0x250
[  708.881136][T21889]  __should_failslab+0x81/0x90
[  708.885883][T21889]  ? register_for_each_vma+0x372/0x890
[  708.891398][T21889]  should_failslab+0x5/0x20
[  708.895885][T21889]  kmem_cache_alloc_trace+0x52/0x320
[  708.901216][T21889]  ? register_for_each_vma+0x372/0x890
[  708.906681][T21889]  ? vma_interval_tree_iter_next+0x24c/0x280
[  708.912715][T21889]  register_for_each_vma+0x372/0x890
[  708.918011][T21889]  __uprobe_register+0x404/0x8b0
[  708.922933][T21889]  uprobe_register_refctr+0x29/0x40
[  708.928115][T21889]  probe_event_enable+0x2be/0x7d0
[  708.933123][T21889]  ? __uprobe_trace_func+0x440/0x440
[  708.938391][T21889]  trace_uprobe_register+0x88/0x410
[  708.943625][T21889]  perf_trace_event_init+0x34e/0x790
[  708.948960][T21889]  perf_uprobe_init+0xf5/0x140
[  708.953787][T21889]  perf_uprobe_event_init+0xde/0x140
[  708.959056][T21889]  perf_try_init_event+0x21a/0x400
[  708.964207][T21889]  perf_event_alloc+0xa60/0x1790
[  708.969130][T21889]  __se_sys_perf_event_open+0x5db/0x2810
[  708.974797][T21889]  ? plist_check_list+0xf9/0x160
[  708.979723][T21889]  ? finish_task_switch+0xce/0x290
[  708.984874][T21889]  __x64_sys_perf_event_open+0x63/0x70
[  708.990320][T21889]  do_syscall_64+0x44/0xa0
[  708.994770][T21889]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  709.000651][T21889] RIP: 0033:0x4665f9
[  709.004528][T21889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  709.024233][T21889] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  709.032708][T21889] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  709.040758][T21889] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  709.048710][T21889] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  709.056665][T21889] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  709.064631][T21889] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:15 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:15 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:16 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:16 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:16 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:16 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000002c0)={r1})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000000)={r1, 0x1, 0xffffffffffffffff, 0x1})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x3, 0x1, 0x5})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000300)={<r4=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000002c0)={r4})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000100)={r4, 0x2, 0x100})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000080)={r1, 0xfff, 0x7fffffff})
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r5, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:16 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
dup2(r0, r2)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  709.591495][T21872] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  709.599500][T21872] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  709.617026][T21872] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  709.625039][T21872] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:16 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
io_setup(0x2, &(0x7f0000000000)=<r1=>0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r2=>0x0, <r3=>0x0})
io_pgetevents(r1, 0x6, 0x4, &(0x7f0000000040)=[{}, {}, {}, {}], &(0x7f0000000100)={r2, r3+60000000}, &(0x7f00000001c0)={&(0x7f0000000140)={[0x1]}, 0x8})

01:02:16 executing program 0 (fault-call:9 fault-nth:60):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:16 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_adj\x00')
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYBLOB="002a868d73d28f0ac10ac0ac871e00000000ff07000b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffffffffffff00000000000000000000770000000000010000"])
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0xfffffffffffffffe}, 0x0, 0x0)

[  709.827282][T21939] FAULT_INJECTION: forcing a failure.
[  709.827282][T21939] name failslab, interval 1, probability 0, space 0, times 0
[  709.839903][T21939] CPU: 1 PID: 21939 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  709.849734][T21939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  709.859775][T21939] Call Trace:
[  709.863050][T21939]  dump_stack_lvl+0xd6/0x122
[  709.867695][T21939]  dump_stack+0x11/0x1b
[  709.871838][T21939]  should_fail+0x23c/0x250
[  709.876244][T21939]  __should_failslab+0x81/0x90
[  709.881036][T21939]  ? register_for_each_vma+0x372/0x890
[  709.886482][T21939]  should_failslab+0x5/0x20
[  709.890968][T21939]  kmem_cache_alloc_trace+0x52/0x320
[  709.896236][T21939]  ? register_for_each_vma+0x372/0x890
[  709.901676][T21939]  ? vma_interval_tree_iter_next+0x24c/0x280
[  709.907679][T21939]  register_for_each_vma+0x372/0x890
[  709.912959][T21939]  __uprobe_register+0x404/0x8b0
[  709.917882][T21939]  uprobe_register_refctr+0x29/0x40
[  709.923064][T21939]  probe_event_enable+0x2be/0x7d0
[  709.928097][T21939]  ? __uprobe_trace_func+0x440/0x440
[  709.933376][T21939]  trace_uprobe_register+0x88/0x410
[  709.938561][T21939]  perf_trace_event_init+0x34e/0x790
[  709.943904][T21939]  perf_uprobe_init+0xf5/0x140
[  709.948759][T21939]  perf_uprobe_event_init+0xde/0x140
[  709.954090][T21939]  perf_try_init_event+0x21a/0x400
[  709.959187][T21939]  perf_event_alloc+0xa60/0x1790
[  709.964140][T21939]  __se_sys_perf_event_open+0x5db/0x2810
[  709.969761][T21939]  ? proc_fail_nth_read+0x150/0x150
[  709.974940][T21939]  __x64_sys_perf_event_open+0x63/0x70
[  709.980452][T21939]  do_syscall_64+0x44/0xa0
[  709.984914][T21939]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  709.990810][T21939] RIP: 0033:0x4665f9
[  709.994711][T21939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  710.014646][T21939] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  710.023042][T21939] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  710.031020][T21939] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  710.038991][T21939] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  710.046953][T21939] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  710.054906][T21939] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:16 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'ip_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', <r1=>0x0, 0x40, 0x87, 0xb20, 0x8e, {{0x17, 0x4, 0x0, 0x1a, 0x5c, 0x66, 0x0, 0xbf, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x10}, @remote, {[@ssrr={0x89, 0xf, 0x8, [@rand_addr=0x64010100, @rand_addr=0x64010100, @private=0xa010102]}, @timestamp={0x44, 0x20, 0xe3, 0x0, 0x4, [0x9, 0x5, 0x4, 0x0, 0x3, 0x8, 0x8]}, @rr={0x7, 0xb, 0xd6, [@local, @broadcast]}, @ssrr={0x89, 0xb, 0x8c, [@dev={0xac, 0x14, 0x14, 0x43}, @dev={0xac, 0x14, 0x14, 0x2a}]}]}}}}})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x44, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}, @BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x2c000}, 0x40)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
io_pgetevents(0x0, 0x4, 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f0000000080)={0x77359400}, &(0x7f0000000100)={&(0x7f00000000c0)={[0x2]}, 0x8})
rt_sigtimedwait(&(0x7f0000000140)={[0x1d6]}, &(0x7f00000001c0), &(0x7f0000000240)={0x77359400}, 0x8)

01:02:17 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4000)
r3 = syz_open_pts(r2, 0x121102)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r1}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100))

[  710.544243][   T22] audit: type=1326 audit(1631322137.140:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21922 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
01:02:17 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000002c0)={r1})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000000)={r1, 0x1, 0xffffffffffffffff, 0x1})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x3, 0x1, 0x5})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000300)={<r4=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000002c0)={r4})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000100)={r4, 0x2, 0x100})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000080)={r1, 0xfff, 0x7fffffff})
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r5, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  710.572994][   T22] audit: type=1326 audit(1631322137.140:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21922 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  710.594903][T21928] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  710.605268][T21928] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  710.623152][T21928] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  710.631146][T21928] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:17 executing program 0 (fault-call:9 fault-nth:61):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:17 executing program 3:
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x2)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  710.829852][T21964] FAULT_INJECTION: forcing a failure.
[  710.829852][T21964] name failslab, interval 1, probability 0, space 0, times 0
[  710.842493][T21964] CPU: 0 PID: 21964 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  710.852298][T21964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  710.862334][T21964] Call Trace:
[  710.865599][T21964]  dump_stack_lvl+0xd6/0x122
[  710.870177][T21964]  dump_stack+0x11/0x1b
[  710.874356][T21964]  should_fail+0x23c/0x250
[  710.878767][T21964]  __should_failslab+0x81/0x90
[  710.883527][T21964]  ? register_for_each_vma+0x372/0x890
[  710.888970][T21964]  should_failslab+0x5/0x20
[  710.893461][T21964]  kmem_cache_alloc_trace+0x52/0x320
[  710.898728][T21964]  ? register_for_each_vma+0x372/0x890
[  710.904182][T21964]  ? vma_interval_tree_iter_next+0x24c/0x280
[  710.910193][T21964]  register_for_each_vma+0x372/0x890
[  710.915462][T21964]  __uprobe_register+0x404/0x8b0
[  710.920383][T21964]  uprobe_register_refctr+0x29/0x40
[  710.925567][T21964]  probe_event_enable+0x2be/0x7d0
[  710.930709][T21964]  ? __uprobe_trace_func+0x440/0x440
[  710.935976][T21964]  trace_uprobe_register+0x88/0x410
[  710.941217][T21964]  perf_trace_event_init+0x34e/0x790
[  710.946494][T21964]  perf_uprobe_init+0xf5/0x140
[  710.951249][T21964]  perf_uprobe_event_init+0xde/0x140
[  710.956524][T21964]  perf_try_init_event+0x21a/0x400
[  710.961709][T21964]  perf_event_alloc+0xa60/0x1790
[  710.966646][T21964]  __se_sys_perf_event_open+0x5db/0x2810
[  710.972297][T21964]  ? finish_task_switch+0xce/0x290
[  710.977393][T21964]  __x64_sys_perf_event_open+0x63/0x70
[  710.982836][T21964]  do_syscall_64+0x44/0xa0
[  710.987242][T21964]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  710.993140][T21964] RIP: 0033:0x4665f9
[  710.997017][T21964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  711.016604][T21964] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  711.025000][T21964] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  711.032953][T21964] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  711.040908][T21964] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  711.048874][T21964] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  711.056826][T21964] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:17 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x341080, 0x0, 0x9}, 0x18)
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x16, 0x34, 0x2, 0x1a, 0x5, 0x64ca, 0x3, 0x6e, 0xffffffffffffffff})
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x1}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x4, 0x0, 0x800000000000000}, 0x0, 0x0)

[  711.507126][   T22] audit: type=1326 audit(1631322138.100:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21949 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
[  711.560227][T21955] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  711.568299][T21955] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  711.586351][T21955] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  711.594349][T21955] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  711.648449][   T22] audit: type=1326 audit(1631322138.100:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=21949 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665f9 code=0x7fc00000
01:02:19 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:19 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x10000000000, 0x0, 0x4, 0x2}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0x0)
clock_gettime(0x5, &(0x7f0000000000))

01:02:19 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)

01:02:19 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x580}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240)={[0x100000000000]}, 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x4400, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:19 executing program 0 (fault-call:9 fault-nth:62):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:19 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x300000a, 0x4010, r0, 0xcec10000)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:19 executing program 1:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0xf7ffffc4, 0x0, 0x0, 0x2d, 0x0, "b05ed32976190200"})
syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f0000000040)=0x13)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
r3 = dup(r2)
ioctl$RTC_PIE_ON(r3, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x6}, 0x0, 0x0)

01:02:19 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000ff07000b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffffffffffff00000000000000004000"/192])
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x6, 0x7, 0x1, 0x17, 0x3, 0x5, 0x2, 0xa8, 0xffffffffffffffff})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_EPOCH_SET(r3, 0x4008700e, 0x6)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
io_setup(0x3, &(0x7f0000000200)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f00000002c0)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000240)='V', 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}])
io_pgetevents(r5, 0x5, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000100), &(0x7f00000001c0)={&(0x7f0000000140)={[0x2fd7]}, 0x8})
clock_settime(0x2, &(0x7f0000000000)={0x77359400})
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x1ef9)

01:02:19 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  713.445524][T22001] FAULT_INJECTION: forcing a failure.
[  713.445524][T22001] name failslab, interval 1, probability 0, space 0, times 0
[  713.458152][T22001] CPU: 1 PID: 22001 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  713.467959][T22001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  713.478015][T22001] Call Trace:
[  713.481286][T22001]  dump_stack_lvl+0xd6/0x122
[  713.485977][T22001]  dump_stack+0x11/0x1b
[  713.490138][T22001]  should_fail+0x23c/0x250
[  713.494623][T22001]  __should_failslab+0x81/0x90
[  713.499385][T22001]  ? register_for_each_vma+0x372/0x890
[  713.504837][T22001]  should_failslab+0x5/0x20
[  713.509364][T22001]  kmem_cache_alloc_trace+0x52/0x320
[  713.514703][T22001]  ? register_for_each_vma+0x372/0x890
[  713.520154][T22001]  ? vma_interval_tree_iter_next+0x263/0x280
[  713.526223][T22001]  register_for_each_vma+0x372/0x890
[  713.531506][T22001]  __uprobe_register+0x404/0x8b0
[  713.536442][T22001]  uprobe_register_refctr+0x29/0x40
[  713.541700][T22001]  probe_event_enable+0x2be/0x7d0
[  713.546807][T22001]  ? __uprobe_trace_func+0x440/0x440
[  713.552089][T22001]  trace_uprobe_register+0x88/0x410
[  713.557276][T22001]  perf_trace_event_init+0x34e/0x790
[  713.562598][T22001]  perf_uprobe_init+0xf5/0x140
[  713.567367][T22001]  perf_uprobe_event_init+0xde/0x140
[  713.572660][T22001]  perf_try_init_event+0x21a/0x400
[  713.577771][T22001]  perf_event_alloc+0xa60/0x1790
[  713.582798][T22001]  __se_sys_perf_event_open+0x5db/0x2810
[  713.588430][T22001]  ? proc_fail_nth_read+0x150/0x150
[  713.593620][T22001]  __x64_sys_perf_event_open+0x63/0x70
[  713.599127][T22001]  do_syscall_64+0x44/0xa0
[  713.603569][T22001]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  713.609468][T22001] RIP: 0033:0x4665f9
[  713.613410][T22001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  713.633014][T22001] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:02:20 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  713.641420][T22001] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  713.649384][T22001] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  713.657392][T22001] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  713.665361][T22001] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  713.673320][T22001] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:20 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:20 executing program 4:
openat(0xffffffffffffff9c, 0x0, 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:20 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:20 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)

01:02:20 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r2=>0x0, 0x2f, 0x3f, 0xff, 0x8, 0x34, @rand_addr=' \x01\x00', @private1, 0x7, 0x80, 0x5, 0x4}})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)={0x4c, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}]}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r2}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x40)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:20 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:20 executing program 0 (fault-call:9 fault-nth:63):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  714.009160][T21982] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  714.017178][T21982] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  714.034589][T21982] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  714.042569][T21982] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  714.220103][T22048] FAULT_INJECTION: forcing a failure.
[  714.220103][T22048] name failslab, interval 1, probability 0, space 0, times 0
[  714.232731][T22048] CPU: 0 PID: 22048 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  714.242523][T22048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  714.252557][T22048] Call Trace:
[  714.255823][T22048]  dump_stack_lvl+0xd6/0x122
[  714.260429][T22048]  dump_stack+0x11/0x1b
[  714.264643][T22048]  should_fail+0x23c/0x250
[  714.269041][T22048]  __should_failslab+0x81/0x90
[  714.273798][T22048]  ? register_for_each_vma+0x372/0x890
[  714.279257][T22048]  should_failslab+0x5/0x20
[  714.283794][T22048]  kmem_cache_alloc_trace+0x52/0x320
[  714.289064][T22048]  ? register_for_each_vma+0x372/0x890
[  714.294507][T22048]  ? vma_interval_tree_iter_next+0x24c/0x280
[  714.300474][T22048]  register_for_each_vma+0x372/0x890
[  714.305755][T22048]  __uprobe_register+0x404/0x8b0
[  714.310684][T22048]  uprobe_register_refctr+0x29/0x40
[  714.315868][T22048]  probe_event_enable+0x2be/0x7d0
[  714.320880][T22048]  ? __uprobe_trace_func+0x440/0x440
[  714.326224][T22048]  trace_uprobe_register+0x88/0x410
[  714.331405][T22048]  perf_trace_event_init+0x34e/0x790
[  714.336730][T22048]  perf_uprobe_init+0xf5/0x140
[  714.341506][T22048]  perf_uprobe_event_init+0xde/0x140
[  714.346781][T22048]  perf_try_init_event+0x21a/0x400
[  714.351881][T22048]  perf_event_alloc+0xa60/0x1790
[  714.356808][T22048]  __se_sys_perf_event_open+0x5db/0x2810
[  714.362429][T22048]  ? proc_fail_nth_read+0x150/0x150
[  714.367626][T22048]  ? asm_sysvec_call_function_single+0x12/0x20
[  714.373767][T22048]  __x64_sys_perf_event_open+0x63/0x70
[  714.379238][T22048]  do_syscall_64+0x44/0xa0
[  714.383644][T22048]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  714.389608][T22048] RIP: 0033:0x4665f9
[  714.393489][T22048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  714.413082][T22048] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  714.421568][T22048] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  714.429533][T22048] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  714.437542][T22048] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  714.445500][T22048] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  714.453454][T22048] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:21 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:21 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
io_setup(0x3, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000240)='V', 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}])
clock_gettime(0x0, &(0x7f0000000040)={<r4=>0x0, <r5=>0x0})
io_pgetevents(r3, 0xfffffffffffffffb, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000080)={r4, r5+60000000}, &(0x7f0000000100)={&(0x7f00000000c0)={[0x1000]}, 0x8})

01:02:21 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_AIE_OFF(r0, 0x7002)
r1 = open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000080)={0x38, 0x32, 0x7, 0x1e, 0x1, 0x3, 0x5, 0xe6})

01:02:21 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:21 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f00000000c0)={0x15, 0x20, 0x7, 0x13, 0x2, 0x8, 0x2, 0x13b})
ioctl$RTC_PIE_ON(r0, 0x7005)
r2 = syz_open_dev$vcsu(&(0x7f0000000000), 0x5, 0x2800)
ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000040)={0x0, 0x1, {0xb, 0x3, 0x7, 0x14, 0x7, 0x10, 0x6, 0xe6, 0x1}})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000a40)='/sys/module/firmware_class', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f0000000000))
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x400802, 0x0)
fsync(r4)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r5, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000200))
syz_open_pts(r5, 0x0)
r6 = syz_open_pts(r5, 0x0)
readv(r6, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ftruncate(r6, 0x2)

01:02:21 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:21 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:21 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:21 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0xf7ffffc4, 0x0, 0x0, 0x2d, 0x0, "b05ed32976190200"})
syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f0000000040)=0x13)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
r3 = dup(r2)
ioctl$RTC_PIE_ON(r3, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x6}, 0x0, 0x0)

01:02:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
r2 = syz_open_pts(0xffffffffffffffff, 0x4a0080)
readv(r0, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000040)=0x5)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
syz_open_pts(0xffffffffffffffff, 0x0)
r3 = syz_open_pts(0xffffffffffffffff, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4068, 0xfe4}], 0x1)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0xd1bc3000)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0xfffffffc})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000288a43, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:02:21 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:21 executing program 0 (fault-call:9 fault-nth:64):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  714.966030][T22035] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  714.974052][T22035] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  714.995411][T22035] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  715.003496][T22035] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:21 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  715.202818][T22100] FAULT_INJECTION: forcing a failure.
[  715.202818][T22100] name failslab, interval 1, probability 0, space 0, times 0
[  715.215491][T22100] CPU: 0 PID: 22100 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  715.225354][T22100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  715.235552][T22100] Call Trace:
[  715.238832][T22100]  dump_stack_lvl+0xd6/0x122
[  715.243491][T22100]  dump_stack+0x11/0x1b
[  715.247630][T22100]  should_fail+0x23c/0x250
[  715.252038][T22100]  __should_failslab+0x81/0x90
[  715.256825][T22100]  ? register_for_each_vma+0x372/0x890
[  715.262283][T22100]  should_failslab+0x5/0x20
[  715.266845][T22100]  kmem_cache_alloc_trace+0x52/0x320
[  715.272162][T22100]  ? register_for_each_vma+0x372/0x890
[  715.277667][T22100]  ? vma_interval_tree_iter_next+0x263/0x280
[  715.283757][T22100]  register_for_each_vma+0x372/0x890
[  715.289027][T22100]  __uprobe_register+0x404/0x8b0
[  715.293949][T22100]  uprobe_register_refctr+0x29/0x40
[  715.299194][T22100]  probe_event_enable+0x2be/0x7d0
[  715.304209][T22100]  ? __uprobe_trace_func+0x440/0x440
[  715.309479][T22100]  trace_uprobe_register+0x88/0x410
[  715.314721][T22100]  perf_trace_event_init+0x34e/0x790
[  715.320094][T22100]  perf_uprobe_init+0xf5/0x140
[  715.324888][T22100]  perf_uprobe_event_init+0xde/0x140
[  715.330159][T22100]  perf_try_init_event+0x21a/0x400
[  715.335337][T22100]  perf_event_alloc+0xa60/0x1790
[  715.340261][T22100]  __se_sys_perf_event_open+0x5db/0x2810
[  715.345883][T22100]  ? plist_check_list+0xf9/0x160
[  715.350824][T22100]  ? finish_task_switch+0xce/0x290
[  715.355923][T22100]  __x64_sys_perf_event_open+0x63/0x70
[  715.361367][T22100]  do_syscall_64+0x44/0xa0
[  715.365849][T22100]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  715.371788][T22100] RIP: 0033:0x4665f9
[  715.375746][T22100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  715.395439][T22100] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  715.403840][T22100] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  715.411799][T22100] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  715.419844][T22100] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  715.427802][T22100] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  715.435826][T22100] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:22 executing program 1:
fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000340)={0x0, 0xfb, 0x95, 0x2, 0x0, "c5e600d85d611cc1649cf0b81aa6f584", "2af27fc14b36b3287b77205e105cb50a791acd233df0a5b7cab87fce415cf02069e2b82b251a6d8e2f0ff0dd9a868c64bd71412405894c15c8848c66115a406cfe1d16056b0b3dc37aa98b2b4086ddfe526c3444f391ca7698233f74171c9e3d2d56b2cd3b95c28e773a2594a3328a71b3234affd8e99d5ef38556bb2d35c494"}, 0x95, 0x1)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0)
io_setup(0x9, &(0x7f0000000000)=<r1=>0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_io_uring_setup(0x1dda, &(0x7f0000000080), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ee9000/0x4000)=nil, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
r5 = creat(&(0x7f0000000400)='./file0\x00', 0x0)
ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f0000000440)={0x1a, 0x9, 0x16, 0x16, 0x3, 0xffff7fff, 0x3, 0x113, 0x7fffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0}, 0x0)
io_uring_enter(r2, 0x393c, 0x0, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x40000010})
clock_gettime(0x0, &(0x7f0000000080)={<r6=>0x0, <r7=>0x0})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r8, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
epoll_wait(r8, &(0x7f0000000200)=[{}], 0x1, 0x21a63427)
io_pgetevents(r1, 0xfffffffffffffffc, 0x1, &(0x7f0000000040)=[{}], &(0x7f00000000c0)={r6, r7+10000000}, &(0x7f0000000140)={&(0x7f0000000100), 0x8})

01:02:22 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socketpair(0x2c, 0x2, 0x8, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
pidfd_getfd(0xffffffffffffffff, r2, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000001640)={0x53, 0x0, 0x4d, 0x0, @scatter={0x5, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000140)=""/218, 0xda}, {&(0x7f00000013c0)=""/57, 0x39}, {&(0x7f0000000240)=""/22, 0x16}, {&(0x7f0000000300)=""/186, 0xba}, {&(0x7f0000001580)=""/191, 0xbf}]}, &(0x7f00000000c0)="75689d2db59d502e99c5d5c3caa87e479e83968fd1eefb4ba6d941a22fb928f2f16a60e192ae2cb7afbf6e22e9fd0fe9f3f6c490df0b642685262142cd523b15e8a63a0243602599d5edb2df3f", 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c45, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001000)={0x0, ""/256, 0x0, <r4=>0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, <r5=>0x0})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r')
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
sendmsg$NLBL_CIPSOV4_C_REMOVE(r6, &(0x7f0000000240)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f00000029c0)=ANY=[@ANYBLOB="a676084547ef559e3b608b39e17e1d9f0e82de5f223294d7eeb16908925651d9944d36163cce9de0d5b22963bad7d29dabb4eb59bb331c5bb0d12259b041c8912938c958096ed965ccf6c6aa43b476bab7fe780982567193a54abf30df429ea5ae2d38fe074f50e957eb13d8c7f8da754691e46b02e20182a85a913572dd4b7eb4bbee44c37f898fe283bf190601e787d6d2003b5a0dded53b65d964f31684c31ab6834c43d9aa67c846d0c482e92f4c5dd6052ae838fd10e34afc44f3f7f5e16d36fff4f120c4382f0b4c6b57d7522e3c59f0d436edf65eef78229ad47cc8b83ee1faf2ae4aa9f730284996387ab992459e74db80ae53dd9c2949916759cccbcdc0dd5082e0055207257bbc6395a5dc597601f7aba686e04e16c0bdeccc129f1deac21905ec92be893fa308a69823e8f0217a30b8e2f3a688eecc49e5f2e5de2e4f4403ee579ac9599c6c54e9e0bdca620194ab15b9a85f2264a136ba8c25a2fee890b26233ea8922d702f6c402f44616a19ca821f3d889d1c3c7b9abcdfa22dca627136ae1360ae518d8ba58b9347b421b559c1d4d4f2033625c6866c7ae1b3b7329f238971b9e3d169fba1e7f88dbae9f09bcd18c7e13cd7ad7df100ce3b20705aa31cd9f6038a65f14c77fc01344018e928658f631d0ce4c42426ff3b8ea2b8cc5727da9cc1d13cfad7ca61fe04768878974a5ab18001988d16f23763483581683a168c8df1ec226d14e43cb0bd439be21e84ea5f2eef5284117a8febe17b10a042fce1ae79f0e5a5d88621be4c5f28b648be26ff95b35317866867f937ae366bd2d5b46b9c1375d74d81c8782f9f7c02bf64491ab92f911ce94e27c3203b27ce54c8f789c85267f64416b47dc9a6a58e4bfae9d82b4d82c3424dd47b2e5f60ad93b8ce0944c15dc88934db7d876bed4ae3bfa2781907d6aa5d6c800e246863ce7dc087289fb214a5eb40b745f0bf6b31b16f90d9f1cdd82651ab37cac49a92bc1e8fd477ffcbd243708e79d110c2176d5ffe1529fd8eb822944ec71ad13cf220892389586a4cb3fc800f0cf5606e18514548d664843567a8ebd2cc81f805c7f0783ed33a0922ae2fbfeebd4cc4d5013e047ea4c545952c3915a5d406bda65d9c369bf6ac54639ac780b39b2130913de1d0174ac6e7f51ed530afbd952d2bc517bddae7d447524ee6f5961792edd24db97e577f27e347acaa3124df708304dd55d553fd6f9055fc4de8e7232ff130904830bc74bdb312b02d8da4363f282204ba6fb7f6b8a4ec7784a1ee7f74c9f78b49419df94862c70fecca90e7d70bb69655c9c07440d74765c98f51bcbee39e0509583485d5369b9ecad6048b78919b455d580b72fc82c4280814eaa66dfdf34334e98ebf30b82f0033ad8a58fbf04e4aa4799c69afe6cd20d5ed06cffdb8e4ada08216bf2ed40d94782e3558deca45501b877b0f5cd10f272b602e71e00b79bfabc1e22a752201b06909a07a8a559cc64e05a1ec95d613c05ca97048f0e0b3a9e7f227d86ea865a7dae039ebf0a093ae4ad6a43b61c62373b18e0d06d56fc9ed9654a8b2a2363566c56f6e2d51fdaf624f51fb7e715f469fe22b995ef60d1106c9784278e19c41034fe9cb05b81a501ff2dc422704a9a49dc0cddf62728e50d850700000000000000ded19e7a71300635e2ef5f9955be8ae4d7e8319077687c955ba12db3d6068545f17b714ecfa1b5c69c25fbe4e279e91d2d19a72452f4719814831e3ae4a05976a45f955d4bd6ea0d6fda797f3f215e799787907e063f000000000000007bd778e426d04e4562cb31b61093f5ee0e8a38fb8e58b498e2577117b2854f12aa92588d6a7f9368aae35de3b965a1a30f44520f783718b4c7cfa163c1acbda149e3664ab608b2a3dd2d4331b7b8042ab5c5227d9ed2f4c6eb8f4f383ad08bfa72dcc6f944a8f0edb37ba65c527e2cbc4e45516a42cbaf236fedd66cdf6c0c4068b8fb5880fa01c9c5aad3d556efecd55271893f374fc36495831f00a17190ef9b879de707b648f9e43689638507afedebaeef99404bcd58950b9d1a5ae1ddcdd0882ef725e03ac1c43ddaea9a7726b836cb64d363ae7062d8a539d16471d7160d7bc1f8707c9aa77240189393eea889ac19a4958c56e2fdc38a7e264e6effacb0202a22a505003a6fe2352fee85cebca1d8706d00f2be8826b261b5fe6ee75fa8fa38984445e1cd4c382cf2cfe14d7c542b14a637d05e729cde31f6ceac712394137e2bb408f61d9972173b295bab2a74564236b6b6e441eeb835659caaa54404fd4706d32bbf981ced48c6e82f9e9cede593c8e063a9a789ae38c47ff9d14cd855d6eb72ea7009efd3ce318aa8c96d7d6e82925d10090c04642af652ddd9732fd01f8cddf759cc9f79308a43588df227d79f7db8750d4498be9cd4eeaf2b12435704e67c156aa74eba00bdd241f7d23652895ea54743a12ffeb606cfaae88d14400cd230d55e112891ebc96ac90183be301564d7d2fdf3d4bb7160ea889fee98a47fb4f816a2fe0cb66809ebf8763306c71203f86d6d85e7c4bd3694f71354367c69b7053ed75ca15cd441e6caebdf4ec15f3eec4f86b1e3506048c52851406897d63fe54db0100ac6eed6cad0733c941c345da94d0c6f4eec92820dab06bc330e74f52c5858fc71862701ec3b690605fb460d1f6e46f99299b4cf3df8d65f87c4a2ef8d05fa4b3841482f4572fe4773cb548ae691f12a219de1902a644f238a9f38d9913790de484a1251e3b8399a10b3e73a4895e2ae57088f38524ebd5fd2be455ceeb16b5bcf5300cfedd1e326a862c0bf3e1bef531a6c7a5895c247b12b39d9952529de825f8a31282be28ede06b7a5062c4dfefee45c52a901504723c59983d8746e84c457f8fdd18f55379189b63e5b9baaadf9a117f98538c1015f5d1da113c74f63b59545658c1df48ff840a691efd84f835a92a0a6ba2d9a4fb09a0577bdb3f888fa5ddc0abe98cdda0f0a165878e19fb99372077a605cc91e91e0bfdbd09c7b6ffa9db203000000bc6d7e572b5b46decb2e28ff71593b5bc58d21f86ed46db4e0f142af07d53c1b405511da1c80d5db99b4957443ecaacfa6e66732bcdd609e9b4531f50f5619571aa738abf0cc61eb8973be69931a6fef7e52a19f70ad318d549b0c8c805922e81e6ada33a4b59a9af96b40e563b6b147d04fec6ef7029ae8246744cf2f803432223529ad6456b188f34c00ce0dc4863beb9be26ae19b590927712db57cde87f9aa13c23fca0d1ccdfb77eb2f987a8905627b294753124a4bd6c03df81bdf014d2ba8ad181e5ee6094635ec64f04d1932359bca717bf00101e06e23fd6aa73eecca651471d875b088b4fa5a4765a9ac30725ac4032cfa77ed55229d5efff09463913195d92c4956833f2c3132a9c08588882624839502b8e83b9f700fc95d38891c25cc0e47f5865005403907d75916a5b31694f627cd90dfa2878a6044b6283febda431180c84caf8b2dc73ea016124c668e9d650449c9d272b075aaa4fc2174ebc560c10db6a6c427086a498456b8a9adc05a67389e00d2dc429a865861fe241224d9d200e92dbb8605f76f347ea4bed15a0ebae4f434fad2069ee387465f96efd2d52affc44ab011b6aa8004393d59b7ef6fb0f13568eb20fb47d9007ca13267233b6862426565b75018d3bb63912d87053ed33ffd87c48ba6bf1d8c1c2fa7103b527077a83d00ffc5cb75a76bf8861090ff984a4de3354c0bf35719f5ffe3c2fb11035ec8a525e7f73997e337b195c2ef4f36ecf498b939d47297bec7b41480c8ccb6736e523c42ce4016caf7f7883ab62b44cbfbed0e4a621d44c67027f1b5be2cec6f086c4a73148f05c0a08046d1cb991fe11c43bbaa28e0746ff121cfbae5e6c9c04a2794019bafe704e058e6020dfdce967a6b86b569b8721fc172f9ffbe9a77e70e7a998772b6de720230a40b7a5796af6188c800b7fa06c54dd6be660a050781f8e03edae98532fef635dee9917145d831519e4b1e432ad926225bc4922214658cd0615760e1aa90b1c371811e475cbb69a3ee5392336afd2b8accfc204754ef95b362b0b2a229f1857a118c74cde213571b42f3a6340cd0b165712d7b47532e65a299d2d0c9a5661adfac383b8bd2a3fa625fec436516a9147be525f05577e485dd3d70076d94d2fddfee253963e4d7f9e9af4b3948a6757033ab65cbaabe09e4c2ee4e2803b97c84a109a4aa82ed72a1994c7ac159e7e6f5c26c11728ef65503127866a4c668379f82e8db5b8934f479aaf5df687bcc7933633471ab79443d69740cd880a5375e5ece1b05c41ccb70c7ef718fcb3667260f93b4c24478ed1c2112d3fa959b421c7e4e8bd75efc1014f6c8f69b1dd7993c4d04700a475118536de33b142f1f6b21a349527ffc7ef678a7b567c78192d0cf1c1ef95bb2665eaca4f2e63a0c8ed6d5955b26931d98b8b190c36b54c6f8ae670e706a97965dec5881b070fb1341aa47ee181da6f85681c21b1bad7f8191881d920983c2ff0e523adaf3123b0773d561859a54a6a77c0eccccfef8abb808120ce27c43476b1c978985ae42c680147f092502bbb1f0e37570f876db7215b68ff453eee673519cb1d0adfcfcc477ed5663955e7d20228d0bdcb9a5a855c6a7eac601c79d91ba01f1d8575b721951e908fa72c295dcea1eb57531748875713cc6a32b3712e701b22b15d3e53337fff2271ce43c8023cab1c26130b017949a16e213e8186e6df3a1b7ba3dd63c668c3fa6542133cd30546fe519ee1dcb40f487066d2e6118e8f96705abe25f288789f38bcf8eb695e16a2c00e61f5ad1593d3c33e150ecf1d6f5a561b9698bca30a19cb71572146ff2dc771b5ae9f0e26ef2491f93d8605df6d849f4cce05e4687a5a4ed4cafb51ee94ed070aa9bbc9ea3edcbe457b518cebfa3d206dac8ec464c9a4ebc74bd951e6c38f197a915fa7b25d9d82fc2fccc36c782a249e79d73be2fa17b5929c723b88cda6b7b5e09e988ce68714fb650d8c394ca3608f101a9fb203a4c85273609343264b8e0dffd91be57f04ad2b845ac0a3b525a5160dbfd1e467f55ffb4f2543acb63855434ba7e6721aaa18c7497a6966809c0732f72a23f0de99e285a798cdfd6a59324a0969860715a06e99b338aaf99aa88d2198b99970f7d5efb123c4a66dc05c4d8cc9a53eff3bdf01a1a3202e63fe4f79a634279d95a574921f9f25466f47f59b230dbc34fd205ba57815f26e7083bd90419e21eb643f5ca893e2405118d5d6ac3dc2bdf5974cec29c824826c8197674096aa911d04fad7d149d82f6aa32c4a07ab2dcaceb575c83969e34410c4448b6cae5282cb5ca2449185985f68f66831f1eda1a722e1d036565034bf340c02999eb334ae5b79b2ca556511c2490413dd3d551a47e6a10d802d4effa55b4284c5967a479509f4efc41668e40573e6b7054f8ba005efb1fc7ca4ad7b67034fd0e4a52a2d8c78b6814560231b643df0e010422d215c73af5159d2dd51bf805b5d3642a21161e99d7966b7cfb09b1b15a63005b5dc86799b860fd048e130f084c430127494e31678f31daacb2ce8befe6e50dffd7e466448a1db97ad21086ef7cd69241ca9e49b6f18ac0f72ebec5b326ae8ffa38e7137325290fb8a60964f99893cb9924f514d9c17a79a4fbaad0b0bca44502c0ff8b7bfd4f939c6e6edb33e765a6f066a4b2a191b815ed216864e2a9fb5d29de541a092ce67e32093cf3e8d88617f77e37104a7812d056c449d299e5ae7548a1513333870bd74012efbf125b269488ed1f64223d16b2cbc13646ef03e4c016fdc2e68990e6a657600a5730169b33da458a5d736b65bcef0513a5bcd5106a44d33f5c1367e51bfc11c89386c4e492707db87887e5b86c1dba5538fbf5391f5f450a9064b6dfb04f5e7a462277cbf6810e1adf7d64acba3d5e296f5c868cac1cfd76016ca31f52d1169826cf2b4dc548fa348c4c877f9ab4c5cd8fe90452d486d455f3312fa90d3cf031abb0c9ce4fe21496de73c4453770625096a76e7ec42de4e1d12074c68d26a2a143bc762209e77244fb62b8660a62251490e0e68ffc578d27c943632f5462ffe56a0811757d7a2a9ad5c690fd7a2118b5a9d0b266493cef716ef8308d61f4d4c8f2947599294b98f0664c7ba67d5080a67d01dd227e02ed92ac5e06a3a10fed4ea3ea109bf0f23ea44c108a31c56a82c296522328198f30f528927b59a6b38a0738bc055559b83f5be231a9137f16d4fd49611fd0f205afaad2ebe2487abd230a3de428529e18bdf20c9fe6e856607cfa83e5ba0d3eed7f6ab508358604a8e762553a884e07ec2a3b60adf543d5a5e7d41519c7cfd2ce6a507cf14b8c8e3b488763846b3dd8d4b22352772a3c4259d233bd8edb9c13330866e9d5f35f0e24ccbac05fad352d1998057f108e327d4ef543088141cfd2627d0069dcc8fb36bbf190ca4a3aad7729a208654c2c733ebe6e6d3db3d29b94cbb76e4c994b411bbd4b07b6bf013c210b58af7d0df7a84c64", @ANYRES64=r5, @ANYRESHEX, @ANYRES32=r4, @ANYRESOCT, @ANYRES64, @ANYRESHEX=r3], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025)
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000340)=r5)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r1, 0x5000943f, &(0x7f0000000340)={{r0}, r5, 0x1c, @inherit={0x68, &(0x7f00000000c0)={0x1, 0x4, 0x7, 0x7, {0x21, 0x1f, 0x8001, 0x0, 0x7fffffff}, [0xcb66, 0x1, 0x2, 0xe78a]}}, @devid})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f0000000300)={0x80008}, 0x0, 0x0)
nanosleep(&(0x7f0000000000)={0x77359400}, &(0x7f0000000040))

01:02:22 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  715.745910][    C0] sd 0:0:1:0: tag#1814 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  715.755794][    C0] sd 0:0:1:0: tag#1814 CDB: opcode=0x75 (reserved)
[  715.762282][    C0] sd 0:0:1:0: tag#1814 CDB[00]: 75 68 9d 2d b5 9d 50 2e 99 c5 d5 c3 ca a8 7e 47
[  715.771307][    C0] sd 0:0:1:0: tag#1814 CDB[10]: 9e 83 96 8f d1 ee fb 4b a6 d9 41 a2 2f b9 28 f2
[  715.780337][    C0] sd 0:0:1:0: tag#1814 CDB[20]: f1 6a 60 e1 92 ae 2c b7 af bf 6e 22 e9 fd 0f e9
01:02:22 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:22 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:22 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  715.789374][    C0] sd 0:0:1:0: tag#1814 CDB[30]: f3 f6 c4 90 df 0b 64 26 85 26 21 42 cd 52 3b 15
[  715.798405][    C0] sd 0:0:1:0: tag#1814 CDB[40]: e8 a6 3a 02 43 60 25 99 d5 ed b2 df 3f
01:02:22 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0xf7ffffc4, 0x0, 0x0, 0x2d, 0x0, "b05ed32976190200"})
syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f0000000040)=0x13)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
r3 = dup(r2)
ioctl$RTC_PIE_ON(r3, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x6}, 0x0, 0x0)

01:02:22 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x2001, 0x180)
ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000280)={0x4, 0x7f, 0x0, 0x5, 0x0, 0x9412}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x100)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x4000000, 0x8000, 0x0, 0x17, "0000000060000000000004c9f00600"})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:22 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:22 executing program 0 (fault-call:9 fault-nth:65):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:22 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  715.946933][T22089] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  715.954948][T22089] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  715.972183][T22089] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  715.980314][T22089] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:22 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000ff07000b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f7fffeffffff0000000000000000000000000000000000000000ffffffffffffffff00"/192])
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_ALM_READ(r2, 0x80247008, &(0x7f0000000000))
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000000340)={0x1, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r3=>0x0}], 0x20, "469abac47beb67"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, &(0x7f0000001340)={r3, 0x0, "dabf2be9ce0822b1e6a023b71c1bd02b2682f6970811e14acb675d60866ae5c7a7527bfb5cd04562cf3203bd0a11277383998f0cf5970b2e5c2f395176582d19aabb5c0eb84ad650bdf0a4df1434e8f3bc8d8e28a142c57319c56954ccf0a09af69870c5c4b18c9e4f2f28f6628517a2591b14d616584d5a5fc2803f27cef80475b70ffc60a78c03390510ff0bf4ded82d6ce8ba3b075b219c92a0ea58d129e349df442feb3bc5fae4c5c78caca609e174d616ea189713436f8fc61dba2c2278f5d097efbe650853d30688aec9312bdbd8336b7a917474d6f7d4c1a1746a1cf3abdfbfcca8d5779f7e00506ca01ffe4dcb266fa623a7f1fa5c814682621a504b", "63b8375458248c88cb6b9c23bb11a60e0d97f74610f50cb89400046deb2881bb550e3e666e1ba8a2d1603fb1128045fdb734e01639d2984dae0be6931181fdc4fb8c815ccfdbbae4162ff9ba37746aded133f97f6f6593590d45ccf5a58c284f0103df6099701c2cd08dc5511bc3b376e56e5a8f529f9cb2c92c2651b552296561827df3751fb0a09988c0c8be3268cecdf22c8613950b9b3f5a1d9bb9df8f690fd5eac83f0482898cd2173df339a7579173f2d7c1a856e9adb3070beef5925916bc04df12641785699202fef506479003ab43987a5743cb78241632e35d68cfb76d6aaf7aa437e244897cd6fd8e51501635dfb6e52b63fbbad5681da55bd2111e5fe5f9b818761aca1ee94e0c43689242568c3c49cafef3318be43749a28b057762261a05f7e4a79b45e457658f517c53f8e37a5212bb420e915101461d91fe1483b50bfe7589fe3927369e58571bb8887677e9d5f8fc6d5058e9bb95f7a053add956ab660f884b752916f81c2782bf5812e52a2b01cd7db33a728df86d3faed3b5b3bd5f84a359bcda549ad44fe1355bf98eac4fa4590216f2b6da727a8f778718c87c440339eab073421158476db80b519a5de1046dd6567d72b2338caa6d1c42ff9126f1d04d4c32caa965090a696f6f0a5e3fd5e456ad378b0774ad1543f1aa3746d27f6743d66d02ee5f4f45220bbec88c4b0d44213a16b36020ddd2803b52fbda9aabf2f0a861df49917b72bd29b573296947df93d4f6416144ddda5751a75fdf104f53adbd63b7c00f7d0e0697ecd7fd12d9b8861c0662d802454f1e24296f82f9536228e32d909fcc6c8d3722bb74af6780bc0b60537782e652c67f70c0cacf0d6181c7d8ed7ca4cc3c06adeba52066a172c81d4b799701209ee2d8ce96795345d4a39eddf2eb850d3e6bf6e2b3ccec8ff7d15164a36d651bd213dcc2dc555d8709896f3110adee4edd5860aa819837e1d75c47307d69e89d80966fbcebb234cdfd303e631cce8d75e6028fdb77d25130c2a39979728480fb8e6f6cebed627f7eef757edf6eff493add7be3351d304adbde1ba79df409bbceeeb954f8f5870790cd97d1f45253a799c83564f42e29bc82f194a0a4b06ccd3f24d488792e95868d81cd4826d7f437688b6ddd039440d936531bcbd1d3959a1d774cc573019c52a149bcfc0f98dc5f665495655304df54ad5d4e1dfd4b4b36fa9e7eab9708b52dc8dd9a862a49a283c54ee509d6fdfc149a0c55b253bd24c54758417d1012c0255e851a63632fd0fc91721a36d0b111cb650016b1302ff332a39f3c7f7998becb6118f50a789b42c6bd378a9c5339c62b568477d9c81acc43e5ee31063a012cfe476a22d1704675860f1f40ef82a115de359b7be378d6a9c7fbb595d5458e3431d5d31c6074ce0c59d0ddc4ca667a99b224d7f28c70964872c3ca5402fbfd9a744d15c9cb1be00561023ba7c5a69353680bfea4ed4f66058633443551a7f3bf4fae533ee1d26e5ad1d74a8e44f8838cd45b72d87b80b2df68e47ece5f883bda12599e96f239d3c1f4ea639a57843c8ee75fe66bf712c3f9fd3d39d4d1b74fde79009f4df77fdd95ddb26d5ca8610a311f75a8716f7c6cabe660a0a636b035dd0d64edb912150a7d3342565fd96ae80fd2ff160b366ac508d341e1903f5f3f330b1fc828f9dfc1cebf9e30d65f3bee47254b1d24565eef1d281984b7fb5c1d09d48dd84c50c644bf987fec9c1dab5b67cd710f886d4b08489624f2f70e86fbf55bb2d83a58d6645cb70566ac7789117ac429a7258104e134282be3ba86a7bbd721bcad47249c1e8497501c2bff8494347c4caa5cf94984c8a3e199ab63b159c721663c3d070a1df47b6d35d310c97a45f01251edb85357ef566046b77a315a020bc4d0f0b8e980fb1a455f61047cb886b6f0744534e6428f8fe3a4b8924d0b431fb5f6b75f4a666a93c5729ec800e10c616a943ff1a7ebabd40286f5d5d6f690bea042f0984771a31371ce7da9cbf00f13607fb98ae5aaa59bab8f1cd3db063ab11bbc121bcf47256e27d746e4443e94e1686ee626442bf7c85e1cdc6d67f01c1003e6a44e9f0073e376fe8d8df85932a3e1e28ba00deb0a07f1c169ad2f6b81c5538b73eb9d1b05da083f29c7c098c75a5bc88a6b87ca97ff5742e6261047dddcdd1fb29d1c46a8f25fb67f0dc06ee72ea53487103f68616a8681226500b0927ce76e7bcd40be0bd8c222892d05c737fdbce120b6deb4e5ef30020b189ffdab1bc42fb2628660b0bf3324111df4cb0d26e3b65c614e32f2bfe49a625d01172dd3cbb9406014eca491cb8a6a5f26a0744f1e59e406c64fed9dd7fbc445bcc030bab5a976126002bd821f90cbed5963caeb3178be714a27d98792402d05e4a50368b2f771f35ea79f90fe45e7a00f69ee999787b325dfc84462a8fca8fe3323b89481b6656503d909a936bac53d78980f91b8755620ba4be7d4831c353dc2d66696919af5a0aa8b1f4d5e509ad4953f3e80dc5fc2ddb1a5ef46bb987f8907f4a4e62384c16a2c558a352f2da12114576d29fa0175108d3a6fc17616b1dc2bc9427406f1844e54fe01e056229ecec0687d048b6fdbc6d589542fcbba311028fa22ead6f73af71b3a6bea56dc7a942a19c1d4c2e9b0b643bb88dba3eeabb8d9cceccad42bdaf97fd2ca42db0f9ae6f236947a7e28b389e5dc8f862b76ed1bb8edc1db8c5b61ee24baca5ad3aa0b8dbf01b0430ca361c96a50581ec9d60bfc485c6e8ebc2130a8f146411fe7f444aabe6b5cf3ddf72b5735ed368234b6d834ac5389a3904fe6fe8b4a5b09d446c5a9df3f852329c0a80d51afae0b302c909b330857b0d4a90e9d915e5e58a300c6002ed1eac7154a25db4b5027cadc7a2375dad0f0593cee7b9124d614161e027cc3c89bd50c5409aa0696241ee9520c9b08123168700f9e501511001de6c003a4aa355d6d2357919192395f06f2a1c0d0ce39412ed090ff5b79e2da645d6ff482f1a8ef557eb26162c1c1b23ac32d3d028adb07f69ff47486cdfdecade89223fc6b26c0fb92fe5c3b1a61e03d50c4fe759a9784b27be8f9f6f448f0b552a8b5a3f2e2efeb7ebdad1140a30aaafb5ddec3aa8a6b1c7472bf05e82a1a108c42dbf3ffc85683524518827fdae30626ba4a5246c2ec3e28ad1e584044d97f020c9e15fed420a3a7fd7456ad4d78e83304998c816910f93bcc9fd3090f0f31cd9cfc1aeafffef48828921a58c46be5f199d106aba6323a9cbe863d8382ebe02610c31b33dfc86a88e1f0135a5a6939bc13c600afe7812f56c3ba6eaedf9fce54a4174913a121c220e665be0b60f8d4a003f64166809bf4ffbe4c323c1e58ac64433b94650e77c20a2f52dd0c1ed12120f5ee7e89e54cd6780274cc8f174be76af0ce5f17e24931f0a06a8513076cad23ff43ff28356934018482aa901863c1937363cc360315893eebc4c0cc7e9d20800cd9c5cced04d9c275f7a42c7b0ff401d7d772edc44c40df5d237549a3b2f6b37aee93ccccb420577d20120252a426e1365431447c5666bd5060a83d1dd35faa78fab9ceec95fb2f025e637b6718d3bbdd10264c83195306df2d693e5a672dfba3a7f962466e8cb0aa593a0b9f058acce5dd7bc51602251794eade7370b86d15dde9f8c786686cfad7c8ee9fa4b5730e03d870e0ef6ca458176cc7c05d8dabff8034b37d1cf8d196c9f4035069bf5178a1c9f670386a630949e3277e8d452389de67b16f35fed1fff9aae302e332e83f2372b24624ba592a82ad7a63b435353a768cd771484aba408ff17f961424526e27a3ee3485a38d8b931615e4ef1f5662544332067732e5193d463da2a6e3fa90758ecb6dbc42838c23d8b966deb5d2223fda624ef5baeb3453e4f07336509b88d6775aba8cc7461fb4b83a74e38ff5ebe0abefc8c92fd24fb64655f02ed225085f1ced9cbed813b8dc149f06851213309aa1bbb0b89f8dc6c5e41693586af470d696a7c1b9c9c0d1c92dd815efa52c451737233eb1552bd336ec2b224df0bb7ab3f3e7cce7290f696f2e753c178de977a79059d9f0e8a770f8eb76d7cf8f5b48fb9a1eb27b1180fa29e44dc7bb4fb0ea49a8759da2730722908767a96a6d6c344dfa9a90379f87b3ef0d053d6b1ceffc0623219ac854111de4f05c5a03838ad952c0a078930b6ba0a64efce08fe9c55664690a6fd079a24bd8c652333d9c83999ee8a9407e3a3c156b1b525b74c803f07ef318b0ba92ba8600f068d0b2c61fc2f09ef2459726ab8c9ed9f7f8e0e4749bccd69f8f24c1c9caa15e4853d7a423694eade1f3dd526dbe137612d38e4e5232e225e9dba1989a89b081401a157a13eb080d8e80fdf87eebe93b2eb9464e1e6f5e6a637375d9213df2db2f2aba16876299487ba09518127b34de2a48f6ad9a34756dc1d462e35912c8d3aadc54eb49c788cdddddf244ef869e6129d03ffc8bfef0f4fd652008c12a5363f0edcd461b95c8c56d8ba0c88b9b0d6ffbd862d783491d46c121f8a39a5e7bdeacaaf3de2bf3d4760410066cad2889acb0bae8ae820b0d053dbd7065a13594aa9e659fe161671f5bd943da3483ec2fff45e079612662014f57df3e503936c04f1d368e5d082762313a3d6b14bc3c347b531c06e701954fc70f3a8f51673a7d1e700c1d33529b3eba0b2532b14d5ce0b74338722d0777ac80b35925c36bab045119b9b689dec7c1ad93a51d2424bd6169e71fcfe89c52c56a5c833ae82dd2cfdaae6509e1d7f4e6b825ef3abcf9d5f62c5013baaf01670d881044cf6867c9c289ce581a1cb5fa5063097fac769c362667d92fef671be368437e957c800ab46bb4f4813a336c629597b5b62fe1da8b582c78e092f98b33ccec031fe0cb9bc187389248c81d52363c0412a94b080d098df01ac437dc56d2832e50f4f9aedda513ff837f4a43f77ea52cb8b9cef15fcb1ae2725ab54fccaa0f94f87cb7e156137496a9af4ee595745c9ce08f7ec6032843c68d88527d590e4b84cb02917c31a12d90d6569f90c05356ef3fa346fbf20e8979fe00f5e289b704492adc9fd5fd252333ea80d4f6c7a56056c0329362d9d7c657ac8d82ba795dbada5d4d37d8aa25aec93999e5efaa8df1b7aff4aae674cbabc7d28f497d7da3cb854849b003869b343e7f27b8dd185015ef7cee963d267b3fd55d5da76c4f9820393eaa1746004cb76682efaa035223f1f6c37b8dfb6cf4f09a6e3ad058a2cbccf80b2b90501fcc67875732f71a5c257b488c9938f346d09fb28088f66351c8a4fdd9758ca41ad5dc37cd6eaf80a3dea0600b4239e9347c073dd0c37cd642e773a391d9c1901cb32e0acf3fa1d1e594707c209844427d63836f6e0b87d12eb2ba1ebdd93318247e07ef7081677e702d854f95d2"})

[  716.328955][T22159] FAULT_INJECTION: forcing a failure.
[  716.328955][T22159] name failslab, interval 1, probability 0, space 0, times 0
[  716.341613][T22159] CPU: 1 PID: 22159 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  716.351413][T22159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  716.361557][T22159] Call Trace:
[  716.364902][T22159]  dump_stack_lvl+0xd6/0x122
[  716.369491][T22159]  dump_stack+0x11/0x1b
[  716.373657][T22159]  should_fail+0x23c/0x250
[  716.378065][T22159]  __should_failslab+0x81/0x90
[  716.382826][T22159]  ? register_for_each_vma+0x372/0x890
[  716.388295][T22159]  should_failslab+0x5/0x20
[  716.392809][T22159]  kmem_cache_alloc_trace+0x52/0x320
[  716.398084][T22159]  ? register_for_each_vma+0x372/0x890
[  716.403533][T22159]  ? vma_interval_tree_iter_next+0x24c/0x280
[  716.409583][T22159]  register_for_each_vma+0x372/0x890
[  716.414915][T22159]  __uprobe_register+0x404/0x8b0
[  716.419925][T22159]  uprobe_register_refctr+0x29/0x40
[  716.425120][T22159]  probe_event_enable+0x2be/0x7d0
[  716.430141][T22159]  ? __uprobe_trace_func+0x440/0x440
[  716.435424][T22159]  trace_uprobe_register+0x88/0x410
[  716.440655][T22159]  perf_trace_event_init+0x34e/0x790
[  716.445990][T22159]  perf_uprobe_init+0xf5/0x140
[  716.450755][T22159]  perf_uprobe_event_init+0xde/0x140
[  716.456040][T22159]  perf_try_init_event+0x21a/0x400
[  716.461323][T22159]  perf_event_alloc+0xa60/0x1790
[  716.466299][T22159]  __se_sys_perf_event_open+0x5db/0x2810
[  716.471936][T22159]  ? proc_fail_nth_read+0x150/0x150
[  716.477135][T22159]  __x64_sys_perf_event_open+0x63/0x70
[  716.482686][T22159]  do_syscall_64+0x44/0xa0
[  716.487105][T22159]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  716.493007][T22159] RIP: 0033:0x4665f9
[  716.496897][T22159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  716.516548][T22159] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  716.524951][T22159] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  716.532911][T22159] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  716.540884][T22159] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  716.548850][T22159] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  716.556813][T22159] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  716.578896][    C0] sd 0:0:1:0: tag#1815 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  716.588764][    C0] sd 0:0:1:0: tag#1815 CDB: opcode=0x75 (reserved)
[  716.595274][    C0] sd 0:0:1:0: tag#1815 CDB[00]: 75 68 9d 2d b5 9d 50 2e 99 c5 d5 c3 ca a8 7e 47
[  716.604413][    C0] sd 0:0:1:0: tag#1815 CDB[10]: 9e 83 96 8f d1 ee fb 4b a6 d9 41 a2 2f b9 28 f2
[  716.613438][    C0] sd 0:0:1:0: tag#1815 CDB[20]: f1 6a 60 e1 92 ae 2c b7 af bf 6e 22 e9 fd 0f e9
01:02:23 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x4042, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)={0x0, 0x0, {0x1f, 0x2d, 0x3, 0x19, 0x1, 0x4b78, 0x0, 0x98, 0xffffffffffffffff}})
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  716.622484][    C0] sd 0:0:1:0: tag#1815 CDB[30]: f3 f6 c4 90 df 0b 64 26 85 26 21 42 cd 52 3b 15
[  716.631516][    C0] sd 0:0:1:0: tag#1815 CDB[40]: e8 a6 3a 02 43 60 25 99 d5 ed b2 df 3f
01:02:23 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0xf7ffffc4, 0x0, 0x0, 0x2d, 0x0, "b05ed32976190200"})
syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f0000000040)=0x13)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
r3 = dup(r2)
ioctl$RTC_PIE_ON(r3, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x6}, 0x0, 0x0)

01:02:23 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:23 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8240, 0x4)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)

[  716.915761][T22144] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  716.923771][T22144] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:23 executing program 0 (fault-call:9 fault-nth:66):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  716.956039][T22144] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  716.964042][T22144] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  717.140183][T22185] FAULT_INJECTION: forcing a failure.
[  717.140183][T22185] name failslab, interval 1, probability 0, space 0, times 0
[  717.152825][T22185] CPU: 0 PID: 22185 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  717.162637][T22185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  717.172687][T22185] Call Trace:
[  717.175950][T22185]  dump_stack_lvl+0xd6/0x122
[  717.180605][T22185]  dump_stack+0x11/0x1b
[  717.184748][T22185]  should_fail+0x23c/0x250
[  717.189149][T22185]  __should_failslab+0x81/0x90
[  717.193900][T22185]  ? register_for_each_vma+0x372/0x890
[  717.199344][T22185]  should_failslab+0x5/0x20
[  717.203836][T22185]  kmem_cache_alloc_trace+0x52/0x320
[  717.209106][T22185]  ? register_for_each_vma+0x372/0x890
[  717.214555][T22185]  ? vma_interval_tree_iter_next+0x263/0x280
[  717.220536][T22185]  register_for_each_vma+0x372/0x890
[  717.225892][T22185]  __uprobe_register+0x404/0x8b0
[  717.230821][T22185]  uprobe_register_refctr+0x29/0x40
[  717.236041][T22185]  probe_event_enable+0x2be/0x7d0
[  717.241052][T22185]  ? __uprobe_trace_func+0x440/0x440
[  717.246323][T22185]  trace_uprobe_register+0x88/0x410
[  717.251508][T22185]  perf_trace_event_init+0x34e/0x790
[  717.256834][T22185]  perf_uprobe_init+0xf5/0x140
[  717.261586][T22185]  perf_uprobe_event_init+0xde/0x140
[  717.266861][T22185]  perf_try_init_event+0x21a/0x400
[  717.271996][T22185]  perf_event_alloc+0xa60/0x1790
[  717.276920][T22185]  __se_sys_perf_event_open+0x5db/0x2810
[  717.282541][T22185]  ? proc_fail_nth_read+0x150/0x150
[  717.287726][T22185]  __x64_sys_perf_event_open+0x63/0x70
[  717.293171][T22185]  do_syscall_64+0x44/0xa0
[  717.297580][T22185]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  717.303466][T22185] RIP: 0033:0x4665f9
[  717.307350][T22185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  717.326945][T22185] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  717.335359][T22185] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  717.343321][T22185] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  717.351277][T22185] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  717.359233][T22185] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  717.367202][T22185] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:24 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/196, 0xc4}, {&(0x7f0000000100)=""/28, 0x1c}, {&(0x7f0000000340)=""/253, 0xfd}, {&(0x7f0000000440)=""/195, 0xc3}, {&(0x7f0000000540)=""/204, 0xcc}, {&(0x7f0000000640)=""/243, 0xf3}], 0x6, 0x6, 0xffffffff)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:24 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x0, 0x4, 0x93, 0x4, 0x4, "2caf8c955ebe8d0b3e9f82708e07e4fe44bb76"})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000000))
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:24 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x480340, 0x20, 0x2}, 0x18)
dup2(r0, r1)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x40000000, 0x20000000000002, 0x600000}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x7f}, 0x0, 0x0)

01:02:24 executing program 0 (fault-call:9 fault-nth:67):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  717.879732][T22178] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  717.887768][T22178] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  717.905190][T22178] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  717.913201][T22178] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:24 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x605, r0)
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000000)={0x27, 0x32, 0xd, 0x16, 0x6, 0x9, 0x2, 0x128})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
recvmmsg(r2, &(0x7f00000045c0)=[{{&(0x7f0000000040)=@isdn, 0x80, &(0x7f0000001580)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f00000001c0)=""/180, 0xb4}, {&(0x7f0000000100)=""/76, 0x4c}, {&(0x7f0000001340)=""/71, 0x47}, {&(0x7f00000013c0)=""/81, 0x51}, {&(0x7f0000001440)=""/78, 0x4e}, {&(0x7f00000002c0)}, {&(0x7f00000014c0)=""/167, 0xa7}], 0x9, &(0x7f0000001640)=""/199, 0xc7}, 0x300}, {{&(0x7f0000001740)=@alg, 0x80, &(0x7f0000002a80)=[{&(0x7f00000017c0)=""/4096, 0x1000}, {&(0x7f00000027c0)=""/70, 0x46}, {&(0x7f0000002840)=""/5, 0x5}, {&(0x7f0000002880)=""/69, 0x45}, {&(0x7f0000002900)=""/63, 0x3f}, {&(0x7f0000002940)=""/139, 0x8b}, {&(0x7f0000002a00)=""/96, 0x60}], 0x7}, 0x6}, {{&(0x7f0000002b00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000004080)=[{&(0x7f0000002b80)=""/230, 0xe6}, {&(0x7f0000002c80)=""/82, 0x52}, {&(0x7f0000002d00)=""/50, 0x32}, {&(0x7f0000002d40)=""/23, 0x17}, {&(0x7f0000002d80)=""/236, 0xec}, {&(0x7f0000002e80)=""/132, 0x84}, {&(0x7f0000002f40)=""/25, 0x19}, {&(0x7f0000002f80)=""/231, 0xe7}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x9, &(0x7f0000004140)=""/140, 0x8c}, 0x4}, {{&(0x7f0000004200)=@nl=@proc, 0x80, &(0x7f0000004340)=[{&(0x7f0000004280)=""/145, 0x91}], 0x1, &(0x7f0000004380)=""/236, 0xec}, 0x800}, {{&(0x7f0000004480)=@xdp, 0x80, &(0x7f0000004540)=[{&(0x7f0000004500)=""/6, 0x6}], 0x1, &(0x7f0000004580)=""/3, 0x3}, 0x9}], 0x5, 0x40000000, &(0x7f0000004700)={0x77359400})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_ALM_SET(r2, 0x40247007, &(0x7f00000002c0)={0x39, 0xd, 0x8, 0xf, 0x8, 0x3, 0x2, 0xf6, 0x1})

[  718.107911][T22210] FAULT_INJECTION: forcing a failure.
[  718.107911][T22210] name failslab, interval 1, probability 0, space 0, times 0
[  718.120560][T22210] CPU: 0 PID: 22210 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  718.130379][T22210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.140418][T22210] Call Trace:
[  718.143794][T22210]  dump_stack_lvl+0xd6/0x122
[  718.148374][T22210]  dump_stack+0x11/0x1b
[  718.152615][T22210]  should_fail+0x23c/0x250
[  718.157038][T22210]  __should_failslab+0x81/0x90
[  718.161793][T22210]  ? register_for_each_vma+0x372/0x890
[  718.167236][T22210]  should_failslab+0x5/0x20
[  718.171721][T22210]  kmem_cache_alloc_trace+0x52/0x320
[  718.176990][T22210]  ? register_for_each_vma+0x372/0x890
[  718.182434][T22210]  ? vma_interval_tree_iter_next+0x24c/0x280
[  718.188431][T22210]  register_for_each_vma+0x372/0x890
[  718.193703][T22210]  __uprobe_register+0x404/0x8b0
[  718.198627][T22210]  uprobe_register_refctr+0x29/0x40
[  718.203816][T22210]  probe_event_enable+0x2be/0x7d0
[  718.208823][T22210]  ? __uprobe_trace_func+0x440/0x440
[  718.214140][T22210]  trace_uprobe_register+0x88/0x410
[  718.219383][T22210]  perf_trace_event_init+0x34e/0x790
[  718.224656][T22210]  perf_uprobe_init+0xf5/0x140
[  718.229496][T22210]  perf_uprobe_event_init+0xde/0x140
[  718.234830][T22210]  perf_try_init_event+0x21a/0x400
[  718.239934][T22210]  perf_event_alloc+0xa60/0x1790
[  718.244889][T22210]  __se_sys_perf_event_open+0x5db/0x2810
[  718.250512][T22210]  ? proc_fail_nth_read+0x150/0x150
[  718.255694][T22210]  __x64_sys_perf_event_open+0x63/0x70
[  718.261262][T22210]  do_syscall_64+0x44/0xa0
[  718.265747][T22210]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  718.271631][T22210] RIP: 0033:0x4665f9
[  718.275509][T22210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  718.295106][T22210] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  718.303503][T22210] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  718.311460][T22210] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  718.319473][T22210] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  718.327442][T22210] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  718.335395][T22210] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  718.854486][T22205] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  718.862494][T22205] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  718.879846][T22205] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  718.887926][T22205] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:26 executing program 3:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x1, 0x0, 0x0, 0x5, 0x0, 0x2}, 0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0)
io_pgetevents(0x0, 0x4, 0x2, &(0x7f0000000040)=[{}, {}], &(0x7f0000000080)={0x77359400}, 0x0)
r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x8081, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000000, 0x11, r0, 0x8b61f000)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0xbda)

01:02:26 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:26 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:26 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000000)={0x2, 0x10, 0x11, 0x12, 0x4, 0x18bb, 0x5, 0xdc})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000040)={0x80000002})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0xffffffffffff8001, 0xffaffffffffffffd, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000300)={0x8, 0x3}, 0x0, 0x0)

01:02:26 executing program 0 (fault-call:9 fault-nth:68):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:26 executing program 1:
r0 = socket$inet(0x2, 0x6, 0x1000)
setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000200)={@remote, @local, @multicast1}, 0xc)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x22280, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000340)={0x1, 0x0, {0xb, 0x15, 0xe, 0x1d, 0x3, 0x7, 0x6, 0x158}})
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10)
pipe2(&(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x0)
ioctl$RTC_ALM_SET(r2, 0x40247007, &(0x7f0000000000)={0xf, 0x74, 0x4, 0x17, 0x6, 0x15, 0x0, 0x2e, 0x3})
io_setup(0x4, &(0x7f0000000080)=<r3=>0x0)
io_pgetevents(r3, 0x40, 0x1, &(0x7f0000000100)=[{}], &(0x7f0000000140), &(0x7f00000001c0)={&(0x7f0000000180)={[0x7f]}, 0x8})
io_setup(0x1f, &(0x7f0000000240))

01:02:26 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000000)={0xffff, 0x100, 0x80000001})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  720.133036][T22243] FAULT_INJECTION: forcing a failure.
[  720.133036][T22243] name failslab, interval 1, probability 0, space 0, times 0
[  720.145669][T22243] CPU: 0 PID: 22243 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  720.155462][T22243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  720.165527][T22243] Call Trace:
[  720.168788][T22243]  dump_stack_lvl+0xd6/0x122
[  720.173451][T22243]  dump_stack+0x11/0x1b
[  720.177592][T22243]  should_fail+0x23c/0x250
[  720.182000][T22243]  __should_failslab+0x81/0x90
[  720.186748][T22243]  ? register_for_each_vma+0x372/0x890
[  720.192196][T22243]  should_failslab+0x5/0x20
[  720.196753][T22243]  kmem_cache_alloc_trace+0x52/0x320
[  720.202029][T22243]  ? register_for_each_vma+0x372/0x890
[  720.207477][T22243]  ? vma_interval_tree_iter_next+0x24c/0x280
[  720.213451][T22243]  register_for_each_vma+0x372/0x890
[  720.218766][T22243]  __uprobe_register+0x404/0x8b0
[  720.223694][T22243]  uprobe_register_refctr+0x29/0x40
[  720.228947][T22243]  probe_event_enable+0x2be/0x7d0
[  720.233957][T22243]  ? __uprobe_trace_func+0x440/0x440
[  720.239253][T22243]  trace_uprobe_register+0x88/0x410
[  720.244437][T22243]  perf_trace_event_init+0x34e/0x790
[  720.249710][T22243]  perf_uprobe_init+0xf5/0x140
[  720.254521][T22243]  perf_uprobe_event_init+0xde/0x140
[  720.259795][T22243]  perf_try_init_event+0x21a/0x400
[  720.264969][T22243]  perf_event_alloc+0xa60/0x1790
[  720.269901][T22243]  __se_sys_perf_event_open+0x5db/0x2810
[  720.275528][T22243]  ? proc_fail_nth_read+0x150/0x150
[  720.280745][T22243]  __x64_sys_perf_event_open+0x63/0x70
[  720.286257][T22243]  do_syscall_64+0x44/0xa0
[  720.290674][T22243]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  720.296564][T22243] RIP: 0033:0x4665f9
[  720.300444][T22243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  720.320107][T22243] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  720.328533][T22243] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  720.336489][T22243] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  720.344463][T22243] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  720.352448][T22243] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  720.360406][T22243] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:27 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
clock_nanosleep(0x3, 0x0, &(0x7f0000000000)={0x77359400}, &(0x7f0000000040))

01:02:27 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x2}, 0x0, 0x0)

01:02:27 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x230080, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x84, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x100000000}, 0x0, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x6]}, 0x8)
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
clock_nanosleep(0x4, 0x0, &(0x7f00000000c0)={r2, r3+10000000}, &(0x7f0000000100))
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x5000001f, 0x23, 0x14, 0x14, 0x0, 0x1, 0x6, 0xc4})

01:02:27 executing program 3:
read$ptp(0xffffffffffffffff, &(0x7f0000000080)=""/215, 0xd7)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000040)={0x28, 0x2f, 0x3, 0xf, 0x0, 0x3fd, 0x80000001, 0xee})

01:02:27 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
clock_gettime(0x0, &(0x7f00000019c0)={<r1=>0x0, <r2=>0x0})
clock_gettime(0x0, &(0x7f0000001a40)={<r3=>0x0, <r4=>0x0})
clock_nanosleep(0x1, 0x1, &(0x7f0000001a80)={r3, r4+60000000}, &(0x7f0000001ac0))
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001900)=[{{&(0x7f0000000000), 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/71, 0x47}, {&(0x7f0000000100)=""/38, 0x26}, {&(0x7f0000000140)=""/63, 0x3f}, {&(0x7f0000000340)=""/237, 0xed}], 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="340000000001007df006df02db", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x90}}, {{&(0x7f0000000200)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f00000002c0)=""/57, 0x39}, {&(0x7f0000000500)=""/166, 0xa6}, {&(0x7f00000005c0)=""/208, 0xd0}], 0x3, &(0x7f0000000700)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f00000018c0)=[{&(0x7f00000007c0)=""/194, 0xc2}, {&(0x7f00000008c0)=""/4096, 0x1000}], 0x2}}], 0x3, 0x2, &(0x7f0000001a00)={r1, r2+60000000})

01:02:27 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0xffffffffffff7fff}, 0x0, 0x0)
clock_nanosleep(0x6, 0x0, &(0x7f0000000000)={0x77359400}, &(0x7f0000000040))

[  720.888349][T22224] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  720.896375][T22224] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  720.923101][T22224] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  720.931096][T22224] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:29 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00', 0xcb})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue1\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f00000002c0)={0x0, 0x7, 0x3})
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x4a, 0x0, 0x6, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x4)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x130012, r0, 0x0)

01:02:29 executing program 0 (fault-call:9 fault-nth:69):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:29 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x40c840)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0x3f, 0x1, 0x8, 0xff, 0x5, "7c88219d105a0bac99e1e831fd92fc2da74267"})
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x20a0}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240)={[0x4]}, 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
r4 = syz_open_pts(r3, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TCXONC(r4, 0x540a, 0x0)

01:02:29 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_mount_image$nfs(&(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x400, 0x4, &(0x7f00000005c0)=[{&(0x7f00000002c0)="aa0a57e511ad06695c18", 0xa, 0x5}, {&(0x7f0000000380)="a95259faafa8890b0ae37e7f58c4aec8b8a91de1ee37adb679daa167d5ef4ceed5ced715fc5206ad20714ede98482f31d9ebbb8bbcaef287391243f4e04ed00ad86d1d5e", 0x44, 0x6}, {&(0x7f0000000400)="38d1cf2936349209ec43f2f1c54075114bb89353c82c73ffddfadc05e92450b19e88e44f6fe1e60dfd87ff05dfd7312b78e78f44c9a910b9a9ee8a26761f7bf0187f321c95371c5ded7a9401564c01d877375bdb2a50ab22f160412b21f8e2a0cfb60fec0bf0b7d4807bbb2e4f130464501e16077afc5f95ddb883", 0x7b}, {&(0x7f00000004c0)="a1d68c09e1983a8ca6f74c5c8fe53155aa8d419c28e2599bc6c3555aa869b400ff34dace84b40bfd8de8fc5ab71853df0ea0ac0da177cbe56f8c25e53aef4bc776eb4499fae83f1780c0cbd7946115e5045673ab6d5cace26385a7e7f51c2bbbc1c53677def727c34252ade7aa2a5fcc106904b88404f6ae7bbaa8e7728a4fe9d010da210f6477d48bbadd35a9e67b77d02c52275c7d75c0952bd655f8c87ba58f53f9590c1e", 0xa6, 0x2}], 0x40, &(0x7f0000000640)=ANY=[@ANYBLOB="5c2c2f6465762f7a65726f002c2c2d2c282e7d262c2a25285c27652c255b5c27252d2c5d2f24e85d2b000000002c282f2d2d292c00"])
preadv(r1, &(0x7f0000001a80)=[{&(0x7f0000000680)=""/157, 0x9d}, {&(0x7f0000000740)=""/88, 0x58}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/236, 0xec}, {&(0x7f00000018c0)=""/232, 0xe8}, {&(0x7f00000019c0)=""/147, 0x93}], 0x6, 0x7, 0x1)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f0000001b00)={0xf, 0xf, 0x35a6, 0xffffcbe4, "ce2b7eacaba7c8f9353609b4e431a8d46338c541abcf272db71750f7b5512699"})
io_setup(0x3, &(0x7f0000000200)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0xbc0, r3, &(0x7f0000000100)="568a92e874edb72663b2a8f8dcda30330fa2e794c516913ed919c7cd1c1d14a4123f3f5f638f5cb6c6d135217229f2bef49cd54a92ef6663408c7118b1185b56c7ca0983d30ea2d988db85317d0d31586f5636cd548a", 0x56}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}])
io_pgetevents(r5, 0x8, 0x4, &(0x7f0000000000)=[{}, {}, {}, {}], 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={[0x8000]}, 0x8})

01:02:29 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000240)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {0x5}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, r1, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_MAX_BE={0x5, 0x10, 0x20}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x4}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r4, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:30 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  723.480590][T22297] FAULT_INJECTION: forcing a failure.
[  723.480590][T22297] name failslab, interval 1, probability 0, space 0, times 0
[  723.493345][T22297] CPU: 0 PID: 22297 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  723.503190][T22297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  723.513232][T22297] Call Trace:
[  723.516500][T22297]  dump_stack_lvl+0xd6/0x122
[  723.521082][T22297]  dump_stack+0x11/0x1b
[  723.525229][T22297]  should_fail+0x23c/0x250
[  723.529706][T22297]  __should_failslab+0x81/0x90
[  723.534510][T22297]  ? register_for_each_vma+0x372/0x890
[  723.539957][T22297]  should_failslab+0x5/0x20
[  723.544467][T22297]  kmem_cache_alloc_trace+0x52/0x320
[  723.549796][T22297]  ? register_for_each_vma+0x372/0x890
[  723.555242][T22297]  ? vma_interval_tree_iter_next+0x24c/0x280
[  723.561298][T22297]  register_for_each_vma+0x372/0x890
[  723.566596][T22297]  __uprobe_register+0x404/0x8b0
[  723.571516][T22297]  uprobe_register_refctr+0x29/0x40
[  723.576750][T22297]  probe_event_enable+0x2be/0x7d0
[  723.581758][T22297]  ? __uprobe_trace_func+0x440/0x440
[  723.587025][T22297]  trace_uprobe_register+0x88/0x410
[  723.592205][T22297]  perf_trace_event_init+0x34e/0x790
[  723.597483][T22297]  perf_uprobe_init+0xf5/0x140
[  723.602269][T22297]  perf_uprobe_event_init+0xde/0x140
[  723.607542][T22297]  perf_try_init_event+0x21a/0x400
[  723.612645][T22297]  perf_event_alloc+0xa60/0x1790
[  723.617650][T22297]  __se_sys_perf_event_open+0x5db/0x2810
[  723.623286][T22297]  ? plist_check_list+0xf9/0x160
[  723.628225][T22297]  ? finish_task_switch+0xce/0x290
[  723.633363][T22297]  __x64_sys_perf_event_open+0x63/0x70
[  723.638811][T22297]  do_syscall_64+0x44/0xa0
[  723.643220][T22297]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  723.649177][T22297] RIP: 0033:0x4665f9
[  723.653122][T22297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  723.672713][T22297] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  723.681111][T22297] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  723.689069][T22297] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  723.697037][T22297] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  723.704993][T22297] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  723.713033][T22297] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:30 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:30 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:30 executing program 3:
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000000)={0x5, 0x8, 0x8, 0x9, 0xc, "7cc8e57f2df1adda0100d11b4ba78ac4da7726"})
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x8, 0x7d9, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x10001}, 0x0, &(0x7f0000000300)={0x100000004, 0x96, 0x0, 0x7, 0xfffffffffffffffd, 0xc5, 0x7, 0x1}, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x204141, 0x1)
ioctl$RTC_UIE_ON(r1, 0x7003)

01:02:30 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:30 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x110, r1, 0x5c30d000)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
syz_open_pts(r0, 0x0)
r2 = syz_open_pts(r0, 0x0)
fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000000))
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r3, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, &(0x7f0000000300)={0x10001, 0x1000000000000000, 0x0, 0x400000000000000, 0x0, 0x0, 0x6, 0x8}, 0x0, 0x0)

01:02:30 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:30 executing program 2 (fault-call:2 fault-nth:0):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  724.246137][T22280] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  724.254200][T22280] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  724.281093][T22280] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
01:02:30 executing program 0 (fault-call:9 fault-nth:70):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  724.289217][T22280] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  724.314034][T22342] FAULT_INJECTION: forcing a failure.
[  724.314034][T22342] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  724.327096][T22342] CPU: 1 PID: 22342 Comm: syz-executor.2 Tainted: G        W         5.14.0-syzkaller #0
01:02:30 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
syz_open_pts(r3, 0x68989a077e098f57)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
syz_open_pts(r4, 0x10801)

01:02:30 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:30 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x204002, 0x0)
pwritev2(r1, &(0x7f0000001340)=[{&(0x7f0000000340)="1cfaee11a464cfdd6ecd5db6cbca19a7ef7aa1290d4275befddaf1ce93fe70b1dd824c587a24ad08caef7a0700babd0aeccec57884716a2df2748d89e9bcbf5bc7d05549aa627e8d0b0d1275d94b33360c7ef18bbd63761ef89e15b5dea5d95c370c69569f61778f172815153a8952e52486614802453f5c343d3273bb677c0270ccff00bdaf61bdf0b606fe26d843427c97dcdcddaed4e02f1ee9c51e620a58fef811c73c763a16c0b7d3b71bc4963f8832cf37221a84fc931f5af95cf029b8a439ab62840406349da8cea238b852e7313f7bb987e6d93d052519222123c3f7943adb274442ecf1708196e9aa38a65356a3f0766f9277de53b37b5b8aecdbc928bf5716b47cce47d5b9ce6117617ad0b7392a9da78ac25fb8c41a306fd7b66c15e4041f9e5904c89200e5b283c9d78d3cea5150c68e0619abffb23e96c5fd1f50630b9e242479c0e45c9bde97f094ca54a36d891b8e78b607fba9bde9f1d7f80c4e85bf75b741ab7b80f86334edd1d63b9fb4c38b7d4b2ca98e8ab3162a8698c54f2621d2025e2a8cd5c8fbb62389bdd0378a744ad6a6e8225e35521f9a5cfee029ea2e79dcee44e0d655be2ba648de042a1920143c6145d65bb754fd1853c28cf5568008ce8acb8a0b57860ab7dc846ad92e6ae26129b4e3038ae212ee78b110b232f30885796fb7104e3921dce1bb96e76d056df50b3ec9743b196a5f5c57c48e4cbebcb81f044a84587b28c4f6d71002126460e8f507dbdfd1b398bb90dbe66be106844853129445a2e15b86196a953a8c4922cf0dea1bce43e90fa053f642cc4c647741481241a32168f357edfd6e79cba14df6f9de0fb515f35f127eb0c543b511edea6be68364b175880299c673ad779302eb763e866c4e8c62a59eae5887f82fe83886151c23968a6ed33572678bc7ab933d2f509e195fb2b7767e508e258134d7c864b2f634d40e9e53d1687cd2b5a792effae6e3f68c336304037fea6e80b8828bcb796dec71f2dd50fd7748ed3d58c5472abf08bd7e12ed87ba4c506ad9ec19431e1a6aea01b1bb5631f549ec8e0fa2dd66a88ea0d56d9c2c34e0b3a8afaa7ca70ccbf69d2b56de009ee48a94c56fd940b5b324a47eb46c517c9b11bc649769671d92afaa810a6ceaa3c11a612568ec5e855938ae68c4041e7eada47162d18b0ec07d6cb2b7ee21b6f3a99a3342bcf6ee209bc5bcfeac55ce2115bdc68f7f1e1b3ecf98dd162c54dae335e9efe15c9cb04a23aa9e94214c3e6fafab78cd16ec06b4083f6c1ed1563932db99aad8bfbeef523115cf622c506cf386d67329ecd00dfd13ad3af8f7a24b41d3f4fcae9cc24f7e6bada0f2bd00754cddb701912a5ed39b7667db5ac02035da3e1f9f310c36cdb87407f8a0871d64e8c3c66f0f0f5a2371b694d1b8353577448a84dbde23c2c02c4179a03d214b1754111e331a07eb9022477fe35f0013e40a390accc9c3e7deede226aef1296f31c22bdae014ce3d640c40be7b2b886c48d6e7753f2646f8931b01953a8c93f8e59cb3734c552eee65ce3c6986e78aa1e6da15941277cfc7964d89f2a7cb224d7d0db737e7f2ff7415f36a201e3827714ca63117cf2af06813231aae6991aee8e4b5c9a1cbf565a5efc2de694d7fefa865a805e938c2efe5f9f1cfd782552e72a93075a8e60e4f00060193d4373855843d6962ffa11577e2c9ec0dc9c32d570921fb0616a90d9c872d3602cf5f157ac09a3cbf8a2e959416d41121e2b568bc66bfe333c618ce1a45bce3d5989d830e5b53d7504e8e1aa24d897410d0f4836fabb4c7d3b0060fb6ec267322764dafdb751c80d1e4d3daacf7e677053e0b17c3051663f5a88b854b4fb3575acf98a0cf7a6da80b191838d915682315fd3c8e190f269527514e2b408a17ad86ec97ec47e929dae59f025cf70b550e5cdd3ff383b6d5c68dbd44bdf377d36244271dfea922ec62974cfd56cb4029c8180f9ed2a478eee8b7ed7c67935786a5d3c43073fe998ca5d02bc734e2c32b49fa8dd111840e26124d764b094efea5775e818f7076e46652cba8eba2043e20a2c74fd3e38e24a55226288f213392219984eae0f08232ed57e5f5f706aa4cd151e0a0648161b92f49e7385844819bcadd508d0087bef6989b7dde9ed78c0997eef8a5fbc9d37a4fd9adc3777aeaaf4a9d214ac8eb26bbed87bccf5fa3d2066b9121c2690bb050c1fa37d276fe3980925cdee198cc38f8e0558394da98bb1908285e536f20be3362306f7b282893fd871fb8e6b571c49054b119023072ee01b759272629b8385f3e3bf919ba0a48872e9d8d403c400768c10fd15a8708a4d164b689f219476ddae5173d7760cc94304c6986943a273fec4fd65df714c3602673873b0d51c46ce3353f191c80f523489267b281745bb36ae83ba75fed1bd0e54c2f69054db1bef3f11e8ab29aea161a318ac2e587fb55dacad66af6537f8946b53b48ed7c8fd866e7b6f9b1eb5dab990fb0bb2e20542ac66234321ffa47297b8c9ab5d3e22ef967260d4363eceed8930a2ac330dd514e10e4b1d94fd8ef5db49b5767e47820f547b6f39d66ddfb2a003c6d6181d8e4cc4a8d818465680a140e91b43f93495432f8dc131b9b63f4dd78fcdec1fbd67e7b110bb37efd95cb751d7198f0ad6a251d785828611f12e75f1475dad074d6052e55df0f20cdf367012fff33db995700451eccb6b75ddfd3585729bf852193e8c1da83f13055b039e2fc546267c322533766817628ac22554e78d4f974d2f999ae96bd1adf1b7978017856ee45f175f812883176f9eb1de192a44790568704f6d4aa56896a8809662a40e34a9961b82b7344c282c4e75ee6d710ec880078617a28640cb7e1c0e5cd21d6e30a3e8c40a46250d8afaa7e294846cff2eb1c444358135fbaf2b62e06f12cf835d27a97146c75f3630bd968710b817f4e204247d5fa53e29e9ce9956c8748fc521c0dc602399dfb9374b9dcaae9a5deece241401a084acb9359f2ba73f0fd7566f583bcc5a9f9caeab876f678807bc0bb93e3b99890e00aff14f8c0c3e4edcaa6969d39808656ef4f17e296cb2de7948bdd15736590f825734f4b91f59bec60808713f541511c240bf26c597d44376a1b0d481c34e6e38c179b79581e115705d1fb209e8b31f8ecd2b6339a26c1002f16e42e82317d60d39703d180f3c1b2f75ad0836fce72d1b9c29301ca549e9777a969ded489f818c31a1f79d9aabe0d4a982796513dcd5d5da426d462b50815b33e958bb2e8f30f4b8c800f9899fa2d93fe5cf169f6024c047d45a551191d0b5e83f8b80192694640cace022de8fb5237ba960dbed6ad613a99974dd4f2182157ad0d4a2d1a2cffff30c694b424d3653279a1b5246f146f71d9d7bddea84b8308a02a25610d13badd7cc3084ee5d634171822785bd98ed797fe9d7ad6bcede429370817751d4cd1e371d47c4aa0e03c7948cb715fc79888d4398febae85d313e93f4183e974bd6227d789f00125f362a9020bbab242515f3bb478bb8b407e26cce0a170f6a3b987d8fbf284270227f0ff63f17d8682779b2c894f60b0544b19dcb7e0f11658904d55aaf2e8b204379aebd9112c0027c05e9a3942cb9c2ef936e2440cfa90ebeb631b7883414ddab6816ca1848700abfa7b40c1866b2c792c9e742355e3f560caaca28ee7cdaeb8445deea81d5a702d06ad09c28eb56014c00b3ec0ba0f6f39fe126df27b5733a213ef0461eb998ad27d7dd8afdb44bdfc6ba2571d95e6f97d827429638f06c3d0d444b8da1ac139cd83071de9562c795a675583375a6a4d562c707634e733e75d04ea364645ce1aaebb4764582ab1263445bf285b8a0b8c6712631c2e2b495e9e83497adfc2fd49936d884de04d806882a0b31d3ce5c45243225b5f50ad387e6f2d48cc627ddbf07dfaa9d6efdd884f55eabc7cdc7864e3167b9c0f7cd4e0564c41ac9a63cad6336874b45847174c65f63ba1b6f8222d61e70b4d7535b39beaad85fe08de64aa86c2e3d735d2ac1e670edbe59750d007b97e0bce134392075fee2c24f944a7c4b26832846e358fb2224c4fbc075886f1e36946c9c7293c68601e210aa366560c4c3c965cb693c7dd0d3bb8c72e9aed9e827de1c80a58be73deb729fea1b40ffedcfbc987f16e08e120e1dc32c7b0921c53a314c4d1eceb831474ac9e1019441940fbb7670a0e81bc25007f5c98449173e847aebb782becded6fa997838ca11af7aa0d7833df4ec0af1a9218be9a405240b5d4d4a0411e89c663fb7b7cb40b5419ee01bba5afccb83f46c545680d47af2f93c4ede1aaa6c272830916305474ed82c7b9f4fd59e6783662a602aecdbe7b44af1ca9b8ce23718715859e4a3c2b2d570b3474702edf03edb68d352dea94e5b4e3f49bbd22856d4208fffda4988cd57893019385762a4435bab0808dcd936bd1c43b6872f611d41b659e73b9518858719a4c7e00309f5d8965955044faf61e6f738a0b2d53ad514b8c4bd2468b322ee497df9218990c4ebed0a569e22f697045ea7a86c15d93cb799643ecbdbe50a034959511e8760a24c97d47feb5ecb29b4523f0e255a8566b45f39f084be83de1b4565c5876a536fa9db419df096cdb00a2cfc1401e7cdfbb0dac6edda6503653ff28f646b345b3d61f6cd953aee25aa0298cb5192ee422fb3e1f9568b9cc6a394a1b484b336445b935c6eefbabf8f52da3f3edfbc7e00e7c621e973da0aafd93047b77a187bda63a09b110c762189870518930ea697af266ead08b1a0b45c853fd848e81fabb0b0a6290a4b7bb7c1edb06e05cd28b42c43fa8f9c58a26ba6b06a2691f70ece46ae8338f1fa9e33b846e66f24f13c15b6a4df851c585de2b359e7a8db0fd68481583d2393a9547439badb6c554b0d651c9823d9192f4fe3c9ba4a6d912b17a1a48b5e04e820452361d6ee6c8f231947c3c8026bb9df2251b5d776f1e99bc4b9216373f017001e1eab226099262dcfe028c74d6105403ea4a5cb8c06f5830670f0ae1b91b6f9b58bf81fb9e2075336581fde52d6a26ca554333febfe50335ca070ff55b36055eecf2e398bdc506ffdde2223318df5e72784d13ecd7b17c21cb16a0ad96f43745d7f0fd3e48e95027f296476c9e052c9d7b7d6cb26e6344d69a363331ada025f31752f4f7e7c272702c917d8d9d6bb6e50c20599192c0d55a2c61cb0a925f0c7447d535afa5bf02c84f1065f1fdc91d59e60e68db699b66bf32a06f48048596e3707310fa826f197e2feda5679cd226ef2dd4290440c868da36f0960f4cee2210b291a87d78d23185a79bfe641b8ec23b65ea9e9ef92337026223c9b5f5cc0bd2ed2b39bcfae919b71ff8e361c37ae3b69d2409a6bdd9348b760a413b458b7a362343caa2a34ae6199e0aca84780cf81d59a96fb69133425db96fa6b7526558eca707de7912a0c758ee207255e8fa4e41372ad497ef1a1d7d9504eccfe732be57df435db6aca9018aae9ac1ae5a05d1dda60e54ec574f30136da67c66d97758cb7fd61d963f138c63cabd3161414318dfcf718c4f03301da5d4725aa3448c5752ee015e0d9580bcad3a3aee2d19299cad1f35784a2b1d609a85e55a7fa31e808f627e8eca64aa85d03a35075a288faf923938c71e8f00f114293af818083189e25b4cbf3fe49d9ae42cfb304f09026848db2d984ad688532e7a127431e33b28a576ea4905814847086ddc71c217bb51da0e22b9a44abbd681ff258cc5aafe102b0a38c1c07c029a0add4f9c8edcd8707862cef8717bb5fc6033e6c0bac", 0x1000}, {&(0x7f0000000040)="a536718468f9364d6c9e5efcd62e0678df8048f3d8", 0x15}, {&(0x7f0000000080)}, {&(0x7f00000000c0)="7a157590c303bf950ee3a51f71b802189c2e04b3698a22c0c2e2604e96889a98c7ac9b9a13a9d2809e31cdc7295955b8b99c10031ae0ea3c4dd7b4259566acaa28ca7569205d", 0x46}, {&(0x7f00000001c0)="a041a3feb9806b5637292fecfaff1fe35bf01b287b3dae88521507f64ae0c63b1237b355320cd41f874cfac0bfcdf20ed3da97120066d66b50a5e72b6e52e20bee0f1812db596b88573bf269602b4ee51f0c9e7c755e7f5c2ae0586a02e00dd3e09e950a24ed00461fb00950eb3efc5b2a0f7f789a8cd147657aeaec24d2f2d4c13642a067fa49d1997d1ed4e0f233d0288d4ecc10b734ed96cfef9330a0b4c7153bd3ba", 0xa4}, {&(0x7f0000000140)="aec3995357744f2061179c695d70a93abd5997ec354a931b18a26a1637d0bde662b2c4b1", 0x24}], 0x6, 0xffffff7f, 0x80, 0x1)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:30 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x1386)

[  724.336906][T22342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  724.346961][T22342] Call Trace:
[  724.350239][T22342]  dump_stack_lvl+0xd6/0x122
[  724.354833][T22342]  dump_stack+0x11/0x1b
[  724.359063][T22342]  should_fail+0x23c/0x250
[  724.363476][T22342]  should_fail_usercopy+0x16/0x20
[  724.368496][T22342]  _copy_from_user+0x1c/0xd0
[  724.373118][T22342]  __sys_connect+0xe1/0x290
[  724.377619][T22342]  __x64_sys_connect+0x3d/0x50
[  724.382416][T22342]  do_syscall_64+0x44/0xa0
[  724.386836][T22342]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  724.392738][T22342] RIP: 0033:0x4665f9
[  724.396625][T22342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  724.416255][T22342] RSP: 002b:00007fa1b2c5d188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  724.424672][T22342] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[  724.432643][T22342] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003
01:02:31 executing program 2 (fault-call:2 fault-nth:1):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  724.440663][T22342] RBP: 00007fa1b2c5d1d0 R08: 0000000000000000 R09: 0000000000000000
[  724.448893][T22342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  724.456860][T22342] R13: 00007ffe7228815f R14: 00007fa1b2c5d300 R15: 0000000000022000
[  724.568556][T22361] FAULT_INJECTION: forcing a failure.
[  724.568556][T22361] name failslab, interval 1, probability 0, space 0, times 0
[  724.581217][T22361] CPU: 0 PID: 22361 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  724.591221][T22361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  724.601257][T22361] Call Trace:
[  724.604522][T22361]  dump_stack_lvl+0xd6/0x122
[  724.609103][T22361]  dump_stack+0x11/0x1b
[  724.613245][T22361]  should_fail+0x23c/0x250
[  724.617643][T22361]  __should_failslab+0x81/0x90
[  724.622393][T22361]  ? register_for_each_vma+0x372/0x890
[  724.627849][T22361]  should_failslab+0x5/0x20
[  724.632426][T22361]  kmem_cache_alloc_trace+0x52/0x320
[  724.637779][T22361]  ? register_for_each_vma+0x372/0x890
[  724.643234][T22361]  ? vma_interval_tree_iter_next+0x263/0x280
[  724.649226][T22361]  register_for_each_vma+0x372/0x890
[  724.654636][T22361]  __uprobe_register+0x404/0x8b0
[  724.659569][T22361]  uprobe_register_refctr+0x29/0x40
[  724.664754][T22361]  probe_event_enable+0x2be/0x7d0
[  724.669765][T22361]  ? __uprobe_trace_func+0x440/0x440
[  724.675072][T22361]  trace_uprobe_register+0x88/0x410
[  724.680257][T22361]  perf_trace_event_init+0x34e/0x790
[  724.685530][T22361]  perf_uprobe_init+0xf5/0x140
[  724.690287][T22361]  perf_uprobe_event_init+0xde/0x140
[  724.695632][T22361]  perf_try_init_event+0x21a/0x400
[  724.700769][T22361]  perf_event_alloc+0xa60/0x1790
[  724.705694][T22361]  __se_sys_perf_event_open+0x5db/0x2810
[  724.711317][T22361]  ? proc_fail_nth_read+0x150/0x150
[  724.716573][T22361]  __x64_sys_perf_event_open+0x63/0x70
[  724.722020][T22361]  do_syscall_64+0x44/0xa0
[  724.726428][T22361]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  724.732351][T22361] RIP: 0033:0x4665f9
[  724.736231][T22361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  724.755963][T22361] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  724.764359][T22361] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  724.772313][T22361] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  724.780269][T22361] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  724.788225][T22361] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  724.796183][T22361] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  724.884853][T22358] FAULT_INJECTION: forcing a failure.
[  724.884853][T22358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  724.897953][T22358] CPU: 0 PID: 22358 Comm: syz-executor.2 Tainted: G        W         5.14.0-syzkaller #0
[  724.907752][T22358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  724.917805][T22358] Call Trace:
[  724.921075][T22358]  dump_stack_lvl+0xd6/0x122
[  724.925688][T22358]  dump_stack+0x11/0x1b
[  724.929891][T22358]  should_fail+0x23c/0x250
[  724.934395][T22358]  should_fail_usercopy+0x16/0x20
[  724.939413][T22358]  _copy_to_user+0x1c/0x90
[  724.943879][T22358]  simple_read_from_buffer+0xab/0x120
[  724.949323][T22358]  proc_fail_nth_read+0x10d/0x150
[  724.954471][T22358]  ? proc_fault_inject_write+0x230/0x230
[  724.960101][T22358]  vfs_read+0x1e6/0x750
[  724.964256][T22358]  ? selinux_socket_connect+0x41/0x60
[  724.969644][T22358]  ? security_socket_connect+0x77/0x90
[  724.975107][T22358]  ? fput+0x2d/0x130
[  724.979063][T22358]  ? __fget_light+0x21b/0x260
[  724.983738][T22358]  ? __cond_resched+0x11/0x40
[  724.988419][T22358]  ksys_read+0xd9/0x190
[  724.992581][T22358]  __x64_sys_read+0x3e/0x50
[  724.997107][T22358]  do_syscall_64+0x44/0xa0
[  725.001527][T22358]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  725.007427][T22358] RIP: 0033:0x41937c
[  725.011314][T22358] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  725.030961][T22358] RSP: 002b:00007fa1b2c5d170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  725.039365][T22358] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000041937c
[  725.047334][T22358] RDX: 000000000000000f RSI: 00007fa1b2c5d1e0 RDI: 0000000000000004
[  725.055302][T22358] RBP: 00007fa1b2c5d1d0 R08: 0000000000000000 R09: 0000000000000000
[  725.063342][T22358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.071414][T22358] R13: 00007ffe7228815f R14: 00007fa1b2c5d300 R15: 0000000000022000
01:02:31 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:31 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000000))
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x527, 0x0, 0xffffffff}, 0x0, &(0x7f0000000300)={0x9, 0x0, 0x0, 0x200000000000004, 0x0, 0x3}, 0x0, 0x0)

01:02:31 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000000)={0x1d, 0xf, 0x7, 0x16, 0x2, 0x7, 0x5, 0xfb, 0x1})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}, 0x0, 0x0)
r1 = syz_open_dev$rtc(&(0x7f0000000040), 0x9, 0x80040)
ioctl$RTC_PIE_ON(r1, 0x7005)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
clone3(&(0x7f0000000400)={0x4081400, &(0x7f00000000c0)=<r3=>0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000140), {0x21}, &(0x7f00000001c0)=""/9, 0x9, &(0x7f0000000340)=""/159, &(0x7f00000002c0)=[0xffffffffffffffff, 0x0], 0x2, {r2}}, 0x58)
preadv(r3, &(0x7f0000001540)=[{&(0x7f0000000480)=""/155, 0x9b}, {&(0x7f0000000540)=""/4096, 0x1000}], 0x2, 0x5, 0xfffff398)
ioctl$RTC_PIE_ON(r2, 0x7005)

01:02:31 executing program 0 (fault-call:9 fault-nth:71):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  725.203279][T22345] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  725.211280][T22345] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  725.228442][T22345] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  725.236529][T22345] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:32 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x5, 0xf02, 0x80000000, 0x80000001, 0x1, "882928834930e0a7592e823ab8037fa911aadf"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:32 executing program 3:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r0=>0x0})
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x24f}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x25b}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x44005)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  725.595272][T22386] FAULT_INJECTION: forcing a failure.
[  725.595272][T22386] name failslab, interval 1, probability 0, space 0, times 0
[  725.607908][T22386] CPU: 1 PID: 22386 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  725.617722][T22386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  725.627842][T22386] Call Trace:
[  725.631156][T22386]  dump_stack_lvl+0xd6/0x122
[  725.635747][T22386]  dump_stack+0x11/0x1b
[  725.639900][T22386]  should_fail+0x23c/0x250
[  725.644339][T22386]  __should_failslab+0x81/0x90
[  725.649151][T22386]  ? register_for_each_vma+0x372/0x890
[  725.654608][T22386]  should_failslab+0x5/0x20
[  725.659116][T22386]  kmem_cache_alloc_trace+0x52/0x320
[  725.664437][T22386]  ? register_for_each_vma+0x372/0x890
[  725.669907][T22386]  ? vma_interval_tree_iter_next+0x24c/0x280
[  725.675885][T22386]  register_for_each_vma+0x372/0x890
[  725.681238][T22386]  __uprobe_register+0x404/0x8b0
[  725.686178][T22386]  uprobe_register_refctr+0x29/0x40
[  725.691399][T22386]  probe_event_enable+0x2be/0x7d0
[  725.696420][T22386]  ? __uprobe_trace_func+0x440/0x440
[  725.701702][T22386]  trace_uprobe_register+0x88/0x410
[  725.706923][T22386]  perf_trace_event_init+0x34e/0x790
[  725.712327][T22386]  perf_uprobe_init+0xf5/0x140
[  725.717151][T22386]  perf_uprobe_event_init+0xde/0x140
[  725.722437][T22386]  perf_try_init_event+0x21a/0x400
[  725.727548][T22386]  perf_event_alloc+0xa60/0x1790
[  725.732483][T22386]  __se_sys_perf_event_open+0x5db/0x2810
[  725.738120][T22386]  ? proc_fail_nth_read+0x150/0x150
[  725.743315][T22386]  __x64_sys_perf_event_open+0x63/0x70
[  725.748767][T22386]  do_syscall_64+0x44/0xa0
[  725.753252][T22386]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  725.759149][T22386] RIP: 0033:0x4665f9
[  725.763033][T22386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  725.782632][T22386] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:02:32 executing program 3:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x480, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000100))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x182, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000080), 0x8, 0x400002)
ioctl$RTC_PIE_ON(r2, 0x7005)
io_uring_enter(0xffffffffffffffff, 0x733e, 0xfd3, 0x1, &(0x7f0000000040)={[0x88]}, 0x8)

[  725.791102][T22386] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  725.799071][T22386] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  725.807033][T22386] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  725.814996][T22386] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  725.822960][T22386] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:32 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
io_setup(0x3, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000240)='V', 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}])
io_pgetevents(r3, 0x4, 0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}], &(0x7f00000000c0)={0x77359400}, &(0x7f0000000140)={&(0x7f0000000100)={[0xa947]}, 0x8})

[  726.156630][T22376] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  726.164665][T22376] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  726.182350][T22376] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  726.190431][T22376] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:34 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x3, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:34 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="d666a8f58cb2776f9d64dc10f4f509c8cbb91c2a1f791bbd8669dc976e5eeb8ae2ada979a457e2c052b0ef15288066b7c863df174daee231540e0ccb5187b341bf0951320fbc474336c635fc61564c69d8fbd17ab2fe48b66f3a3f090a99857e031cf3399a52f19d021b0a44b748bd85aa897acd1677a3f25299bcce1060f6d6d06482712607207f05ac52b73c5418a8ba12b26ea20966d131e4a911e98efbf06101872bef79ff68a5a69c60087616a1b0452473fcd5494756dcad0e7c2e13301d8f5603de2b53b0121f2a25bcf9c398dc731c02b95dc8b9db8e92a101c622e980bcdbd528", 0xe5}], 0x1, 0x7, 0x2, 0xf)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:34 executing program 0 (fault-call:9 fault-nth:72):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:34 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:34 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0xfff}, 0x0, &(0x7f0000000000)={0x8, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)

01:02:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x4, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x5, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  728.131648][T22439] FAULT_INJECTION: forcing a failure.
[  728.131648][T22439] name failslab, interval 1, probability 0, space 0, times 0
[  728.144320][T22439] CPU: 0 PID: 22439 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  728.154117][T22439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  728.164165][T22439] Call Trace:
[  728.167438][T22439]  dump_stack_lvl+0xd6/0x122
[  728.172020][T22439]  dump_stack+0x11/0x1b
[  728.176161][T22439]  should_fail+0x23c/0x250
[  728.180568][T22439]  __should_failslab+0x81/0x90
[  728.185326][T22439]  ? register_for_each_vma+0x372/0x890
[  728.190777][T22439]  should_failslab+0x5/0x20
[  728.195283][T22439]  kmem_cache_alloc_trace+0x52/0x320
[  728.200587][T22439]  ? register_for_each_vma+0x372/0x890
[  728.206033][T22439]  ? vma_interval_tree_iter_next+0x24c/0x280
[  728.212004][T22439]  register_for_each_vma+0x372/0x890
[  728.217303][T22439]  __uprobe_register+0x404/0x8b0
[  728.222328][T22439]  uprobe_register_refctr+0x29/0x40
[  728.227515][T22439]  probe_event_enable+0x2be/0x7d0
[  728.232527][T22439]  ? __uprobe_trace_func+0x440/0x440
[  728.237793][T22439]  trace_uprobe_register+0x88/0x410
[  728.242977][T22439]  perf_trace_event_init+0x34e/0x790
[  728.248299][T22439]  perf_uprobe_init+0xf5/0x140
[  728.253050][T22439]  perf_uprobe_event_init+0xde/0x140
[  728.258378][T22439]  perf_try_init_event+0x21a/0x400
[  728.263515][T22439]  perf_event_alloc+0xa60/0x1790
[  728.268437][T22439]  __se_sys_perf_event_open+0x5db/0x2810
[  728.274126][T22439]  ? proc_fail_nth_read+0x150/0x150
[  728.279306][T22439]  __x64_sys_perf_event_open+0x63/0x70
[  728.284822][T22439]  do_syscall_64+0x44/0xa0
[  728.289233][T22439]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  728.295115][T22439] RIP: 0033:0x4665f9
[  728.298990][T22439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  728.318585][T22439] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  728.326987][T22439] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  728.335002][T22439] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  728.342964][T22439] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  728.350923][T22439] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  728.358883][T22439] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:35 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x7, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:35 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x101781, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = dup3(r0, r0, 0x80000)
ioctl$RTC_UIE_ON(r1, 0x7003)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x4000000000000}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x2e6)

01:02:35 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0xa, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:35 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x7, 0x0, 0x0, 0x57bfbacb}, 0x0, &(0x7f0000000300)={0x8, 0xb9a, 0x0, 0x80000000, 0x0, 0x1, 0x100bd4, 0x2}, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x200000)
preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/252, 0xfc}, {&(0x7f0000000340)=""/255, 0xff}], 0x2, 0x10001, 0x5)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f00000001c0)={0xda, 0x5, 0xfb46, 0x81, "d4e7a42ccbbc1478f752eec3e86f34f50c35f57b9038810862ad7dfed99232f3"})

[  728.878099][T22419] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  728.886122][T22419] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  728.903964][T22419] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  728.911942][T22419] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:37 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:37 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0xc, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:37 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x2440, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_AIE_OFF(r1, 0x7002)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0xa, 0x3, 0x0, 0x0, 0x20000}, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x200001, 0x0)

01:02:37 executing program 0 (fault-call:9 fault-nth:73):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)

01:02:37 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x294401, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x52a0}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:37 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
clock_gettime(0x5, &(0x7f0000000000))

01:02:37 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  731.219597][T22486] FAULT_INJECTION: forcing a failure.
[  731.219597][T22486] name failslab, interval 1, probability 0, space 0, times 0
[  731.232249][T22486] CPU: 1 PID: 22486 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  731.242051][T22486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  731.252092][T22486] Call Trace:
[  731.255357][T22486]  dump_stack_lvl+0xd6/0x122
[  731.259936][T22486]  dump_stack+0x11/0x1b
[  731.264119][T22486]  should_fail+0x23c/0x250
[  731.268523][T22486]  __should_failslab+0x81/0x90
[  731.273286][T22486]  ? register_for_each_vma+0x372/0x890
[  731.278728][T22486]  should_failslab+0x5/0x20
[  731.283270][T22486]  kmem_cache_alloc_trace+0x52/0x320
[  731.288643][T22486]  ? register_for_each_vma+0x372/0x890
[  731.294089][T22486]  ? vma_interval_tree_iter_next+0x24c/0x280
[  731.300138][T22486]  register_for_each_vma+0x372/0x890
[  731.305444][T22486]  __uprobe_register+0x404/0x8b0
[  731.310367][T22486]  uprobe_register_refctr+0x29/0x40
[  731.315546][T22486]  probe_event_enable+0x2be/0x7d0
[  731.320562][T22486]  ? __uprobe_trace_func+0x440/0x440
[  731.325842][T22486]  trace_uprobe_register+0x88/0x410
[  731.331069][T22486]  perf_trace_event_init+0x34e/0x790
[  731.336344][T22486]  perf_uprobe_init+0xf5/0x140
[  731.341167][T22486]  perf_uprobe_event_init+0xde/0x140
[  731.346446][T22486]  perf_try_init_event+0x21a/0x400
[  731.351625][T22486]  perf_event_alloc+0xa60/0x1790
[  731.356548][T22486]  __se_sys_perf_event_open+0x5db/0x2810
[  731.362173][T22486]  ? plist_check_list+0xf9/0x160
[  731.367102][T22486]  ? finish_task_switch+0xce/0x290
[  731.372222][T22486]  __x64_sys_perf_event_open+0x63/0x70
[  731.377706][T22486]  do_syscall_64+0x44/0xa0
[  731.382263][T22486]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  731.388175][T22486] RIP: 0033:0x4665f9
[  731.392129][T22486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  731.411721][T22486] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  731.420116][T22486] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  731.428087][T22486] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  731.436045][T22486] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  731.444002][T22486] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  731.451954][T22486] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:37 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:37 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x240, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:38 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, 0x0, 0x0)

01:02:38 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:38 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:38 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, 0x0, 0x0)

01:02:38 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, 0x0, 0x0)

[  731.973053][T22462] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  731.981163][T22462] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  732.008507][T22462] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
01:02:38 executing program 0 (fault-call:9 fault-nth:74):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2}, {r2, 0x3055}], 0x2, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:38 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000340)=""/4087, 0xff7}], 0x1)
ioctl$RTC_WIE_ON(r0, 0x700f)
preadv(r2, &(0x7f0000000000), 0x0, 0xbcc, 0x4)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800a60b}, 0xc, &(0x7f0000000040)={&(0x7f0000001340)={0x14f4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7e104abb}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa3e}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x39}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffffa}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x818}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xc17}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}, @TIPC_NLA_SOCK={0x28, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x100000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80000001}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1000}]}, @TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0xbc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'ip6erspan0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1328}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'veth0_vlan\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @broadcast}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x26}}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}, @TIPC_NLA_BEARER={0xe0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xc9000000}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfb85}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2f1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}, @TIPC_NLA_NODE={0x1164, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x1004, 0x3, "548df3e30aebb0e05d397a76315de2343e542a8880c9578ced6613a8b70defdb5f213b78a24529e62af781c74af2f9d5838a319de2dfecadb22312016daeacae221dacecf95837a9458ca692ac3a3c21d21a92ba9ba1b60296094316b960f6e51189da23406c5a99da2b33814515b733c89f4200db1eac188181732f6438d49210d13f7ead7830d39ea5532ed6f6e71dc10152c091199c03a68caa1d1ee53ddce1e03f00b6be9cbe4f36af6ffe780a804af5d43a08d3ea3774cec5a1506b67833895333ecc7de04764020bfd40c9825de49243c32a4c12448a7e45059eb9c134df7a241c5f7b807f47226f666b4a5e9fe9b36f32efd8ef1b258749e8f3baaa556a3d5ddd082a27952adf39d0dfdcb3ee808d2744e884690298d2700578d8c26280e1e7077bdd8058d20c5d5636ad064f8be9a27eaf23a094fb6a2d19195e941cf3c73e0a28ebcf171bdc670780f2148c86cf6a926251c4a82f2133b74034c6ed4f79536de36a39cc40127c9e2b5a02e116935062c76a58ae6847e39b7d3907e5af003bf42c2e27a47ae2146ca2acdc0cd42d90109324a1b0cbac46a7065543405cad41ab61eca44878b41a44e91ac395de2892b81d9fa7725ede0f46d3eb658be58c898f8920161fc74cc49da09717cf787224bb4566d0dd79b160fd6d7a7c725cbff187ef7f350f8072e46128e2e81c713988f08db42e3a4ef17693cafae868e67007330de4011abfac1520b4eebdad9d73b9a12deee2bb129a185a96e5278d5d37f2ca327f86e689e0f6b8963db0a05d8c64a53d36cac4b2f507785d596e2e448976c1c1cb8ca18421bd6dac4f94ec9773300da9c2fca05d26382d995a7468197ab2747e133221e1a9986414226905427a02d4363bf7273253ba34ac1a366102510bf2a8f05183a6ea0f2d8e770f8a6fe19d1ed318dbd9c78ce4811b4e5bff2981198a68cbcde63c713ff3e24276165bef67dc4c18ef3a52bbcad3a4df00d41eb94bd3247839819e925f555c8a1f2e2a288d64ad363998a13b7b28d5742a27a0b8f1d23375396f83ccdf37f455973e73af7f82a08b83db9b2a90024665bec9fcb0393faf2a727e70fd60750cd47b335dbbaa1007f71b76e9854d658c1b71f643d1b2851f0e3646bd1d97592418420c1fa1fa1c1744c31165cfe694715871901b82a9c420bdb612e6215c72c3bbf857e2b4bb669ab0e6b229cd09b12857a4ff2af4513838d158268097f6180a4d49f4f540be9bf9e715caf452af103cd785e9e729817db1b793ca3390aaf1e2b36ac14aa5d0ba1548854cedd303288c22930252aeebc609a330f7b62f9464742fdae2ce94147cdb2d74fd086f297f28a930c68faf5c4b4786e42f4dcf5af62ea7c116686f1c123e7d26a1c9822edd8f6370cf2e651cb993d5dab37ab5a81dd5b181ff5531c885f6d526051bc974e68c3795f4ebb45be06f44d4fb90b56f791c09fb9df18f6856df579cd15c80433361725f61bfe74a34311e17e2c2ad22edfda4ebea68688cf7ebf0ebaff71d1b05d3a18a9fcb1128ea9c4c54438349300e775a74e2c9a47336794ff704035db5266cac23dfc7e9e8c84a9bcaa65e3eeebe9fe5054173e3967f271a8c6ac098f28cfd32daa72ce80bf11a7fcd9fabea0a454ded77e3764bcfbfb47b7b45c03a09074b50e2ae4bc1679185a2ea0a6dab41b078200f2b7683bb958806448e1dee5c2ebfe898f45c8109928f0d4e56a7a1d33da191ae7340928392863fad1783070307106508c4687362c4038f00cd8bd8afbc559feee0b0cc83efd26fafa2405f37c36c31b0ab806ebb3151c3bc62765abc5628034df1e35391a7f95e7f26b75b8914591cde19573c628dce18d83b63bbd5a0bd80a18a894c4bf76a6ab7b81e3dd5f86128cc8ca2593ac06d255f6e7cd7550f5a6bdffe4f4b93c9751f28ef6e134c76733523719303e32261ebcd670164d3c1fae8df819a72faf0c06512b42baba47bd911db48122569b68d5d61498758f216a5403efa4827042235dd90336e917f7c9ebf7d93652010ef7c6b8e62671cadcdc344a8c463072701416c5514d8775d69071c20391fc7bcf466e02cc4261406677b08dd8e351b1c0279a5d842a856b11015267b959dc210344a1a09e0a72df9e6ba7b275369382e780d88dbeea08f013bdee9a2418e9c928d92026665d2d5c3abf347137f3f94ea975ec5c1c5d2a0d9e5ff59c9dda0409ed82ddd8dccf51151b8bb1a334689734fa00af5b9a2bd919965042e4fd0f0a506dfcd451e326ec75baba9e32721be6bde3096932a7b38f0bde146ef5fcab2aa2c020d491bb8a5dd8c68806ed31500fb5ac379fdbd2ae8459734345a499f69e4a72b0ed748d4614e99a21fc5fb43b09f1d55a7790c5967a25dc6b830df0a0b7111a16f8a21147c9f9ff6d712a14737d857893f736f92c01c421a79e72370ae4bd0729d0c12b353c635fc4e0c5e931db646e30ef24aed5d18a1049955af0976410c37824744842db39cfffd8c0af2e16c81c4b0c560c91bb13544369c297314d1cab41bf8934999e13f795cee1418c44a321b93d79184542e0382938c3b6f0148277aa5ad1b6866a5de7b76aecc0a6f23d32518dbf411d4f918621ec3df9cbaeb3852300ac2457b6d4eee05f30eff9c7495d84e7ce85f91a58ac8dc5a8ea88f799c2ff452f6a1d5f547e6e494e1431d435225618d70d3142ef1e5855f882a52638928db523920e5bde655b4d5e5d2ecb5dc1296c59067123746fbcaeb519e9dea5f8b7a06e78930bcb2b731972e2e559e3a87c198798f27c816132cfa84354a1bfbb8750cdb71f693de3d025969bee3a83b90d7afc03e5ff8410f0d2a5571b8876cd4406f3cd2454f2f4644d74ff8317b644215137ab316ac303abe7b206f12f15cfd2f3e28c7e5c87ef988df618d7a3cd30b20700c6bc1f64b47967c2833e0803e98fbc09bb7985b967f8b701a718b1e4ba11f7ef0c4be18b6f3a2f14369cc7f581d3f21bb9c3ecddfd3dd451749d4e96345db0cf963d57da92cd7a7359c9c2f0128dbb4e1ba3454507e0fefdace3c7a10fbf5b518c841afda473fae728183bc1c8002ee5a66e466e7ac00b9a6129ea104931e95f5f7b27e23ea8303a5d578f394a958b5f7fe2e6ee2f0def10c0f097c1af51ea581207aee9df9a79062e1d981a148d1dc511f6db4319782ff108430a4de75b63236c3b78ec812984bf9d2a38ad44a682084228cf89a61d4096e0510d5dc144d4dc9a375a316e77624e15a69431cd4cc3627f753b6a3074d60c25747697a9b719fd0e8e428e2f7e0ac4f0fd94aae701833236031f7f39954f50f45ea27644d8b46aef9cf395f2fd43b7a90b29755cde864021d785b17b480ace325d54d4409e3a0ead64d7412167007b82c1a9e9d7e3d6e56934415f7061bebc0f9e7ce4b95ff6c3936e938d7e40a4b5fdc1664f4b6a9111e7f6e202a51f50cb8e1a557e1345bf7002e5ffdc80570e05561fdd6f4349ee1db7064016d28de910342490dcbe226401489a3b936bf4b6d999b89a6ac0f4815465715c1d5828e88d47f242ba602d541b0654e5e9ab7f60b2a62e8bacdb9c8ef531c819de37ce87d1ee587809d6a10f8879659d3f4654c26a70bef7061571a35d6f95f285a477fa55237f9a3cadd6c46c64fc069cacf02d1950d724322efa74c11c77cc266e4514a6b32b715db8620d9718258730701c4a966c8cd57fba4bdc719f449fe80a3072433ac0b17da6be0631819caa895d62fa01bf617314b73480b68d09ecb6d9bf6d1953369edaabeee49da17898f5d8d82431fa07a256747569b23d1917fb7635524bceafa6205143499d6dc972413cd4339768461fe75215516943efc3fd1a64b872a2a4a611bd0419744b0ee0e2d44cf132e9f724b35a79708fa49def33745af253bd6169aa1a2c461dd8806f00914300009583c41aba9f130a795cb350b9b709d1dc904ec4dec4fbde6069ba48867808d5296d91c2af51f08f6b5053cc3d2565836b0880a6680fc9c5551e8fd2101d8e1862cb89beb9bbabd653403f1004ccf1256c6b250b8d822de10c85544d5fe304a1d0ebd8c5f44a6a5fbfe7bf3d4db0a32af779ea96b49f2866b8f975fe6f7c7e97f9cef28eba6a2075a6ccf6eb0e236f2f7636092ccbc1319f44cf881c34e4745e06e7e185ec3f112a90b0e7d29b183928909c8df73f28e0494f30bf0ae8c9ecfb56f82502fed7937b74e37afd9937a275f4bd2a50758c240ede1b20e5641ae03b444c8e8df593e972a88c5e514492f900c156dbde13413d03ee381b5d742900f01523a0b504ab3e2e04ba83141ff21e9e2afaf1e7606a1f15f0792943a7b7bc6ff1ba0f821ebcd2a2e4b0708cd66f983d09ca3a4fe503534919a6e3bfb0f3ff0f4bf563419af9543f36a13bd7faf8aac61ab575f9dc1dd6a22b3929ea9f758fa753e807f0a80c875fa916638c1bd7c4e30a58e5af6703c2e3c54d16f582102b13e9ee7ff01867ec97fcab7f2a6659c1a20793fb90657ec68561ad5993db3b4cb006aa68282740924e0700e5f651598b2789883599e7f9c6394027f157eed5be95b5661c48430baa7f9ddf28c94b6b0d17bc1875cbb0f51925081f7cd850834961d767d1e194f642a108cad1faa4c1243371d3273a7cea319aeb4182273978c4e30873bd40437d037a1cf6338192d674dfafcb4401f84e489bf7870bcff8439976e43ad2440cb1d35305b47643a8503a5f04a7cbbc8638311da1c59354c9d79272342e7d94b95582f7d6f8ea680ab357bc70a59f8d6de1072ccfa5b1cd2b0af93059dec03088ff18400eee99e39199575c4792bcd6b593daf7b9636eea0414bcee509c1b84f167933e341909542af793961c6a94d7ffe22d31a68c8d9f47f462346d8142b55c014529c5a0cd6e60dc50a91b2ba5f5ba45219ed35b5e35d965fb5c13624e39d4525976110f554f188200a60f9ffcc0d76b62637903dd8835b9f306d6be972035d17acfe20f0a7b0bbfb2bf97d084adb2c685976090d716ef192f2b1b535913698e04c25bd3142d4f6291558f966aec7923c642badc012c4b7fd1cbd7c4ce32e99bb9bd8f727495079ab98e340e8b47d020c0a17e26a9da5e989b8eab9325c1507faad9aa0016d7e7c2d863d91ffc90e5f669713fe2565e810ba36cd0215a9428ac1f1bd752b9c1cf39a9143b4bb620aaa81508c9382231ab4df949164724db938836cfa829f035599c51b6b89aec008844a0bce527c8ca4829f6ef8b7fac2fd1442153e2d2548887e2ba7ce9e38b2ec322b37052ff8b5ce3f083b491132c5df23194dab536e77a1dae4905b4f911b53da7461eb337f4d75f4395ea948f901528c3f36f1ef83e43e2076bfa9ac24efc9efc66dc6d4ba2d5b6487fc95a0008abee45149ca8568728606a40b8b340fd411d2fb754fa4d3b03030df856bb9bdeade823a35421d3954c8758878dd44d907f27f2b0b1dcfc5ad52840fc90e605f0204e22c1c97c50214eab72cc0d51d2cd92ab820a962b2c375040acb5e0e79660300de97076677373f934f5eb4338242352e261380692d322a20558b08d5f0d9fc2e27dfb1acd3f7bda91d5ad0de0d1f3ab03c4a5e8854b7eba0cec1e95d5262fa5661b4c77b5cf8fc37d9fd677952afd1a00d870e109949f8f938123145bba14141deb62b25eecd31cf63b4ccb575df9e1e1dd395e4e1420fb8eca8ca9a1c08e031cd0e57a27cc8c1fcef2d9b24529678ff74605a9eb9c877638543bd98bdd779b0de4263c8d3aaa13b206e18ae50ff5b2e11fe3f7e7f68c608e6bc6541af"}, @TIPC_NLA_NODE_ID={0x61, 0x3, "8544f8c538503a407e6b86cb6195a871c680f6bdb067a6f6e4c7b6dc640a2b2a2c0d7775684db0084716ab3a2f6d3ba326a43671067daade750aaf62720b05456693f5976b2e1f235775272e963d43c2b52689fcf6906b1b317f6570cf"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "a633d5458911693542abeae4fe8ac23668ce55ff7a5d1b7159bc"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "fe44843c3665eb93ca55e6011eabebc22f43bea712e7e6aff8463027c399d7a289"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xe0c}, @TIPC_NLA_NODE_KEY={0x46, 0x4, {'gcm(aes)\x00', 0x1e, "1f14938d418a9f87c40150f58f2d115bd070c4abdc154892c08979e0435c"}}]}, @TIPC_NLA_BEARER={0x118, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e24, @private=0xa010100}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x241426df, @mcast1, 0x7fff}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x6}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x400}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x37}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x101}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1a3e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xb133}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xecf}]}]}, 0x14f4}, 0x1, 0x0, 0x0, 0x10}, 0x8804)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:38 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0), 0x0)

[  732.016534][T22462] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:38 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0), 0x0)

[  732.193358][T22533] FAULT_INJECTION: forcing a failure.
[  732.193358][T22533] name failslab, interval 1, probability 0, space 0, times 0
[  732.206053][T22533] CPU: 1 PID: 22533 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  732.215908][T22533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  732.225947][T22533] Call Trace:
[  732.229209][T22533]  dump_stack_lvl+0xd6/0x122
[  732.233861][T22533]  dump_stack+0x11/0x1b
[  732.238018][T22533]  should_fail+0x23c/0x250
[  732.242438][T22533]  __should_failslab+0x81/0x90
[  732.247202][T22533]  ? register_for_each_vma+0x372/0x890
[  732.252644][T22533]  should_failslab+0x5/0x20
[  732.257173][T22533]  kmem_cache_alloc_trace+0x52/0x320
[  732.262441][T22533]  ? register_for_each_vma+0x372/0x890
[  732.267887][T22533]  ? vma_interval_tree_iter_next+0x263/0x280
[  732.273861][T22533]  register_for_each_vma+0x372/0x890
[  732.279162][T22533]  __uprobe_register+0x404/0x8b0
[  732.284160][T22533]  uprobe_register_refctr+0x29/0x40
[  732.289345][T22533]  probe_event_enable+0x2be/0x7d0
[  732.294377][T22533]  ? __uprobe_trace_func+0x440/0x440
[  732.299647][T22533]  trace_uprobe_register+0x88/0x410
[  732.304862][T22533]  perf_trace_event_init+0x34e/0x790
[  732.310160][T22533]  perf_uprobe_init+0xf5/0x140
[  732.314962][T22533]  perf_uprobe_event_init+0xde/0x140
[  732.320241][T22533]  perf_try_init_event+0x21a/0x400
[  732.325357][T22533]  perf_event_alloc+0xa60/0x1790
[  732.330284][T22533]  __se_sys_perf_event_open+0x5db/0x2810
[  732.335927][T22533]  ? proc_fail_nth_read+0x150/0x150
[  732.341113][T22533]  __x64_sys_perf_event_open+0x63/0x70
[  732.346626][T22533]  do_syscall_64+0x44/0xa0
[  732.351175][T22533]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  732.357081][T22533] RIP: 0033:0x4665f9
[  732.360959][T22533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  732.380553][T22533] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  732.389022][T22533] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  732.396978][T22533] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  732.404934][T22533] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  732.412892][T22533] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  732.420864][T22533] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:39 executing program 4:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0), 0x0)

01:02:39 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000000))
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x38}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)

01:02:39 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x2, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:39 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:39 executing program 0 (fault-call:9 fault-nth:75):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  732.926523][T22521] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  732.934555][T22521] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  732.952282][T22521] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  732.960292][T22521] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:39 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x1c, 0x2f, 0x5, 0xf, 0x4, 0x6f88, 0x3, 0x7}})

[  733.108396][T22564] FAULT_INJECTION: forcing a failure.
[  733.108396][T22564] name failslab, interval 1, probability 0, space 0, times 0
[  733.121049][T22564] CPU: 1 PID: 22564 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  733.130910][T22564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  733.140949][T22564] Call Trace:
[  733.144213][T22564]  dump_stack_lvl+0xd6/0x122
[  733.148834][T22564]  dump_stack+0x11/0x1b
[  733.152973][T22564]  should_fail+0x23c/0x250
[  733.157439][T22564]  __should_failslab+0x81/0x90
[  733.162188][T22564]  ? register_for_each_vma+0x372/0x890
[  733.167670][T22564]  should_failslab+0x5/0x20
[  733.172163][T22564]  kmem_cache_alloc_trace+0x52/0x320
[  733.177437][T22564]  ? register_for_each_vma+0x372/0x890
[  733.182886][T22564]  ? vma_interval_tree_iter_next+0x24c/0x280
[  733.188856][T22564]  register_for_each_vma+0x372/0x890
[  733.194129][T22564]  __uprobe_register+0x404/0x8b0
[  733.199055][T22564]  uprobe_register_refctr+0x29/0x40
[  733.204239][T22564]  probe_event_enable+0x2be/0x7d0
[  733.209246][T22564]  ? __uprobe_trace_func+0x440/0x440
[  733.214539][T22564]  trace_uprobe_register+0x88/0x410
[  733.219720][T22564]  perf_trace_event_init+0x34e/0x790
[  733.225074][T22564]  perf_uprobe_init+0xf5/0x140
[  733.229851][T22564]  perf_uprobe_event_init+0xde/0x140
[  733.235125][T22564]  perf_try_init_event+0x21a/0x400
[  733.240300][T22564]  perf_event_alloc+0xa60/0x1790
[  733.245236][T22564]  __se_sys_perf_event_open+0x5db/0x2810
[  733.250872][T22564]  ? proc_fail_nth_read+0x150/0x150
[  733.256064][T22564]  __x64_sys_perf_event_open+0x63/0x70
[  733.261536][T22564]  do_syscall_64+0x44/0xa0
[  733.265969][T22564]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  733.271926][T22564] RIP: 0033:0x4665f9
[  733.275809][T22564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  733.295413][T22564] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  733.303902][T22564] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  733.311956][T22564] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  733.319920][T22564] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  733.327880][T22564] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  733.335883][T22564] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:40 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:40 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000000)={0x22, 0xc, 0xb, 0x16, 0x3, 0x80000000, 0x4, 0x85, 0x1})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:40 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x3, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:40 executing program 0 (fault-call:9 fault-nth:76):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  733.856776][T22557] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  733.864798][T22557] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  733.882699][T22557] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  733.890704][T22557] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:40 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x200000000000, 0x0, 0x0, 0x7ff}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0xa61)

01:02:40 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0xd, 0x2e, 0xe, 0xe, 0xb, 0x4, 0x2, 0x14d, 0xffffffffffffffff}})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  734.056688][T22593] FAULT_INJECTION: forcing a failure.
[  734.056688][T22593] name failslab, interval 1, probability 0, space 0, times 0
[  734.069470][T22593] CPU: 0 PID: 22593 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  734.079272][T22593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  734.089324][T22593] Call Trace:
[  734.092601][T22593]  dump_stack_lvl+0xd6/0x122
[  734.097194][T22593]  dump_stack+0x11/0x1b
[  734.101360][T22593]  should_fail+0x23c/0x250
[  734.105838][T22593]  __should_failslab+0x81/0x90
[  734.110694][T22593]  ? register_for_each_vma+0x372/0x890
[  734.116152][T22593]  should_failslab+0x5/0x20
[  734.120640][T22593]  kmem_cache_alloc_trace+0x52/0x320
[  734.125954][T22593]  ? register_for_each_vma+0x372/0x890
[  734.131399][T22593]  ? vma_interval_tree_iter_next+0x263/0x280
[  734.137367][T22593]  register_for_each_vma+0x372/0x890
[  734.142636][T22593]  __uprobe_register+0x404/0x8b0
[  734.147559][T22593]  uprobe_register_refctr+0x29/0x40
[  734.152747][T22593]  probe_event_enable+0x2be/0x7d0
[  734.157758][T22593]  ? __uprobe_trace_func+0x440/0x440
[  734.163026][T22593]  trace_uprobe_register+0x88/0x410
[  734.168210][T22593]  perf_trace_event_init+0x34e/0x790
[  734.173481][T22593]  perf_uprobe_init+0xf5/0x140
[  734.178233][T22593]  perf_uprobe_event_init+0xde/0x140
[  734.183583][T22593]  perf_try_init_event+0x21a/0x400
[  734.188683][T22593]  perf_event_alloc+0xa60/0x1790
[  734.193665][T22593]  __se_sys_perf_event_open+0x5db/0x2810
[  734.199283][T22593]  ? proc_fail_nth_read+0x150/0x150
[  734.204538][T22593]  __x64_sys_perf_event_open+0x63/0x70
[  734.209985][T22593]  do_syscall_64+0x44/0xa0
[  734.214405][T22593]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  734.220344][T22593] RIP: 0033:0x4665f9
[  734.224222][T22593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  734.243855][T22593] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  734.252250][T22593] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  734.260256][T22593] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  734.268209][T22593] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  734.276190][T22593] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  734.284144][T22593] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:41 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:41 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x40000000000000}, 0x0, 0x0)
io_setup(0x3, &(0x7f0000000000)=<r2=>0x0)
io_pgetevents(r2, 0x5, 0x5, &(0x7f0000000040)=[{}, {}, {}, {}, {}], 0x0, &(0x7f0000000140)={&(0x7f0000000100)={[0x8]}, 0x8})

01:02:41 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:41 executing program 0 (fault-call:9 fault-nth:77):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  734.806697][T22584] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  734.814722][T22584] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  734.832252][T22584] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  734.840285][T22584] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:41 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x4)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x9, 0xd, 0x16, 0x10, 0x7, 0x9, 0x1, 0x32}})

[  735.008045][T22621] FAULT_INJECTION: forcing a failure.
[  735.008045][T22621] name failslab, interval 1, probability 0, space 0, times 0
[  735.020690][T22621] CPU: 1 PID: 22621 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  735.030506][T22621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  735.040569][T22621] Call Trace:
[  735.043837][T22621]  dump_stack_lvl+0xd6/0x122
[  735.048442][T22621]  dump_stack+0x11/0x1b
[  735.052591][T22621]  should_fail+0x23c/0x250
[  735.057003][T22621]  __should_failslab+0x81/0x90
[  735.061780][T22621]  ? register_for_each_vma+0x372/0x890
[  735.067234][T22621]  should_failslab+0x5/0x20
[  735.071729][T22621]  kmem_cache_alloc_trace+0x52/0x320
[  735.077017][T22621]  ? register_for_each_vma+0x372/0x890
[  735.082461][T22621]  ? vma_interval_tree_iter_next+0x24c/0x280
[  735.088445][T22621]  register_for_each_vma+0x372/0x890
[  735.093714][T22621]  __uprobe_register+0x404/0x8b0
[  735.098634][T22621]  uprobe_register_refctr+0x29/0x40
[  735.103816][T22621]  probe_event_enable+0x2be/0x7d0
[  735.108824][T22621]  ? __uprobe_trace_func+0x440/0x440
[  735.114100][T22621]  trace_uprobe_register+0x88/0x410
[  735.119404][T22621]  perf_trace_event_init+0x34e/0x790
[  735.124675][T22621]  perf_uprobe_init+0xf5/0x140
[  735.129498][T22621]  perf_uprobe_event_init+0xde/0x140
[  735.134845][T22621]  perf_try_init_event+0x21a/0x400
[  735.139945][T22621]  perf_event_alloc+0xa60/0x1790
[  735.144884][T22621]  __se_sys_perf_event_open+0x5db/0x2810
[  735.150567][T22621]  ? proc_fail_nth_read+0x150/0x150
[  735.155870][T22621]  __x64_sys_perf_event_open+0x63/0x70
[  735.161322][T22621]  do_syscall_64+0x44/0xa0
[  735.165901][T22621]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  735.171828][T22621] RIP: 0033:0x4665f9
[  735.175715][T22621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  735.195453][T22621] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  735.203923][T22621] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  735.211892][T22621] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  735.219849][T22621] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  735.227827][T22621] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  735.235795][T22621] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:42 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:42 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
write$binfmt_aout(r2, &(0x7f0000000000)=ANY=[@ANYRESHEX=0x0], 0xffffff78)
r3 = eventfd(0x4)
io_submit(0x0, 0x1, &(0x7f0000000580)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x6, 0x9, 0xffffffffffffffff, &(0x7f0000000480)="69ef6abf08e725ce6ac3f50ae46fd1d650f89e2dc6fe60bcb9900c983ab8a5fb85b3e05a11d918eaf8f71949d25ccd1c4a70f261dfb9e7f7b23e00085b50688eac763acd8f00042b97e8bacafa74990a83ab12ca9305b89318c1d1aca0073f91268e669894b2c608c2f21539492455a09e19ff8a9afad0e44d34a7bc5c093e14157a79276366c863608b0fee08c05a7a8171e77e67ce05dd23a84608f9ebe0e09c97fc1cfaa6030b56e4d76995bda74c087e55e7dc", 0xb5}])
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000058c40)={0x1, [], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000060500)={0x341, [], 0x20, "e33e98b103fa0c"})
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000280)="e064176901cd8d729978903791267cf0666d30a49644fd17535f3be68dca462a35cf043fa805a0aacb490fcccd7388b23ca8996072c40214c6eafd1d479eeae19f557d6b43f1adb7c07a4106f62930715ec92be15d2e84a52c0ec563202da59cb8b5d51e29aa91a08e20b46b47cfcf684a37b6065cc368e8698f6c677f70e5e2a9400e070b6ae3b2ef3bd5916778abce37939299147a57fb8a2f7c8d722c0d754f625e94d2f574824b9db24465cafb44a1869f68dc4d1dc126e0", 0xba}, {&(0x7f0000000340)="cb20e61859e04c8c907c45a0bfec6822d84581b9655eb55f3ee7f15d16d2c639192fcf7c8c022930149426b39c653e20f8842401f0ff764c2cd9a7faded873003fc0e0d3b18faa38623f4764993017d81aa8852a23923474ae44356d8e8a11c57afe9596d9c1bfb6a84c03c508fa9f050c9ed2800e4104be07ad545fd954c1c932ec99f3f61050504f2cdc2132ca6323d6896b370b286428791cb70063c2543aed0b5b5bca4e50aa038a6b90ff186eefb6484f1afb3c34b7820daf0b451127b7b5fc712a403cb6412d1caebdbdf07c75938c92192773441b0b47c0664241ff8601d4", 0xe2}], 0x2)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x2, 0x0, 0x20000000, 0x5, 0x0, "080000006db100000000000000002000"})
r4 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r5 = socket(0x29, 0x3, 0x3)
r6 = accept$inet(r5, &(0x7f0000000140)={0x2, 0x0, @private}, &(0x7f00000001c0)=0x10)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r6, 0x6628)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000100))

01:02:42 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x5, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:42 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1, 0x100)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0xea7)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_UIE_OFF(r2, 0x7004)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:42 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x101a01, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x30, 0x19, 0xc, 0x13, 0x8, 0x3, 0x5, 0x74, 0x1}})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1800000, 0x8010, r2, 0x2049000)

01:02:42 executing program 0 (fault-call:9 fault-nth:78):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  735.753434][T22614] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  735.761538][T22614] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  735.778452][T22614] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  735.786538][T22614] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  735.935377][T22653] FAULT_INJECTION: forcing a failure.
[  735.935377][T22653] name failslab, interval 1, probability 0, space 0, times 0
[  735.948058][T22653] CPU: 1 PID: 22653 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  735.957898][T22653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  735.967933][T22653] Call Trace:
[  735.971192][T22653]  dump_stack_lvl+0xd6/0x122
[  735.975770][T22653]  dump_stack+0x11/0x1b
[  735.979908][T22653]  should_fail+0x23c/0x250
[  735.984314][T22653]  __should_failslab+0x81/0x90
[  735.989058][T22653]  ? register_for_each_vma+0x372/0x890
[  735.994552][T22653]  should_failslab+0x5/0x20
[  735.999068][T22653]  kmem_cache_alloc_trace+0x52/0x320
[  736.004376][T22653]  ? register_for_each_vma+0x372/0x890
[  736.009815][T22653]  ? vma_interval_tree_iter_next+0x263/0x280
[  736.015789][T22653]  register_for_each_vma+0x372/0x890
[  736.021109][T22653]  __uprobe_register+0x404/0x8b0
[  736.026029][T22653]  uprobe_register_refctr+0x29/0x40
[  736.031207][T22653]  probe_event_enable+0x2be/0x7d0
[  736.036239][T22653]  ? __uprobe_trace_func+0x440/0x440
[  736.041503][T22653]  trace_uprobe_register+0x88/0x410
[  736.046815][T22653]  perf_trace_event_init+0x34e/0x790
[  736.052088][T22653]  perf_uprobe_init+0xf5/0x140
[  736.056895][T22653]  perf_uprobe_event_init+0xde/0x140
[  736.062244][T22653]  perf_try_init_event+0x21a/0x400
[  736.067342][T22653]  perf_event_alloc+0xa60/0x1790
[  736.072324][T22653]  __se_sys_perf_event_open+0x5db/0x2810
[  736.077938][T22653]  ? proc_fail_nth_read+0x150/0x150
[  736.083301][T22653]  __x64_sys_perf_event_open+0x63/0x70
[  736.088748][T22653]  do_syscall_64+0x44/0xa0
[  736.093162][T22653]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  736.099066][T22653] RIP: 0033:0x4665f9
[  736.102940][T22653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  736.122539][T22653] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  736.130931][T22653] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  736.138897][T22653] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  736.146861][T22653] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  736.154815][T22653] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  736.162764][T22653] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:42 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
syz_open_pts(r2, 0x0)
syz_open_pts(r2, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000), 0x6e, &(0x7f0000000140), 0xd9e, &(0x7f0000000380)}, 0x40)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ppoll(&(0x7f0000000400)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}, {r2, 0x9283}, {0xffffffffffffffff, 0x200}, {0xffffffffffffffff, 0x1544}], 0x6, 0x0, &(0x7f0000000240)={[0x6]}, 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:43 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0xa, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:43 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x10}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x2, 0x0, 0xf0}, 0x0, 0x0)

01:02:43 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x1d56)

01:02:43 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x10, 0x3b, 0x11, 0x12, 0x8, 0x8, 0x2, 0xe8, 0xffffffffffffffff}})

01:02:43 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
readv(r1, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$FIONCLEX(r1, 0x5450)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x8, 0x0, 0x3}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x200, 0x0, 0x6}, 0x0, 0x0)

01:02:43 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_VL_CLR(r0, 0x7014)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:43 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0x0, 0x0, '\x00', [{}, {0xfffffffb, 0x0, 0x0, 0x2, 0xffffffffffffffff}]})
ioctl$RTC_AIE_OFF(r1, 0x7002)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:43 executing program 0 (fault-call:9 fault-nth:79):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  736.691024][T22648] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  736.699096][T22648] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  736.719429][T22648] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  736.727460][T22648] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  736.873985][T22702] FAULT_INJECTION: forcing a failure.
[  736.873985][T22702] name failslab, interval 1, probability 0, space 0, times 0
[  736.886646][T22702] CPU: 1 PID: 22702 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  736.896499][T22702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  736.906533][T22702] Call Trace:
[  736.909796][T22702]  dump_stack_lvl+0xd6/0x122
[  736.914373][T22702]  dump_stack+0x11/0x1b
[  736.918513][T22702]  should_fail+0x23c/0x250
[  736.922909][T22702]  __should_failslab+0x81/0x90
[  736.927743][T22702]  ? register_for_each_vma+0x372/0x890
[  736.933185][T22702]  should_failslab+0x5/0x20
[  736.937681][T22702]  kmem_cache_alloc_trace+0x52/0x320
[  736.942950][T22702]  ? register_for_each_vma+0x372/0x890
[  736.948401][T22702]  ? vma_interval_tree_iter_next+0x24c/0x280
[  736.954413][T22702]  register_for_each_vma+0x372/0x890
[  736.959679][T22702]  __uprobe_register+0x404/0x8b0
[  736.964599][T22702]  uprobe_register_refctr+0x29/0x40
[  736.969780][T22702]  probe_event_enable+0x2be/0x7d0
[  736.974840][T22702]  ? __uprobe_trace_func+0x440/0x440
[  736.980138][T22702]  trace_uprobe_register+0x88/0x410
[  736.985320][T22702]  perf_trace_event_init+0x34e/0x790
[  736.990615][T22702]  perf_uprobe_init+0xf5/0x140
[  736.995402][T22702]  perf_uprobe_event_init+0xde/0x140
[  737.000672][T22702]  perf_try_init_event+0x21a/0x400
[  737.005772][T22702]  perf_event_alloc+0xa60/0x1790
[  737.010692][T22702]  __se_sys_perf_event_open+0x5db/0x2810
[  737.016307][T22702]  ? plist_check_list+0xf9/0x160
[  737.021230][T22702]  ? finish_task_switch+0xce/0x290
[  737.026340][T22702]  __x64_sys_perf_event_open+0x63/0x70
[  737.031811][T22702]  do_syscall_64+0x44/0xa0
[  737.036231][T22702]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  737.042111][T22702] RIP: 0033:0x4665f9
[  737.045987][T22702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  737.065576][T22702] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  737.073969][T22702] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  737.081924][T22702] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  737.089882][T22702] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  737.097851][T22702] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  737.105803][T22702] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:43 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000000))
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100))

01:02:43 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:44 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:44 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x18, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:44 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:44 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x1c, 0x2f, 0x5, 0xf, 0x4, 0x6f88, 0x3, 0x7}})

01:02:44 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x1978)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
clock_gettime(0x4, &(0x7f0000000000))

01:02:44 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_mount_image$nfs(&(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', 0x400, 0x4, &(0x7f00000005c0)=[{&(0x7f00000002c0)="aa0a57e511ad06695c18", 0xa, 0x5}, {&(0x7f0000000380)="a95259faafa8890b0ae37e7f58c4aec8b8a91de1ee37adb679daa167d5ef4ceed5ced715fc5206ad20714ede98482f31d9ebbb8bbcaef287391243f4e04ed00ad86d1d5e", 0x44, 0x6}, {&(0x7f0000000400)="38d1cf2936349209ec43f2f1c54075114bb89353c82c73ffddfadc05e92450b19e88e44f6fe1e60dfd87ff05dfd7312b78e78f44c9a910b9a9ee8a26761f7bf0187f321c95371c5ded7a9401564c01d877375bdb2a50ab22f160412b21f8e2a0cfb60fec0bf0b7d4807bbb2e4f130464501e16077afc5f95ddb883", 0x7b}, {&(0x7f00000004c0)="a1d68c09e1983a8ca6f74c5c8fe53155aa8d419c28e2599bc6c3555aa869b400ff34dace84b40bfd8de8fc5ab71853df0ea0ac0da177cbe56f8c25e53aef4bc776eb4499fae83f1780c0cbd7946115e5045673ab6d5cace26385a7e7f51c2bbbc1c53677def727c34252ade7aa2a5fcc106904b88404f6ae7bbaa8e7728a4fe9d010da210f6477d48bbadd35a9e67b77d02c52275c7d75c0952bd655f8c87ba58f53f9590c1e", 0xa6, 0x2}], 0x40, &(0x7f0000000640)=ANY=[@ANYBLOB="5c2c2f6465762f7a65726f002c2c2d2c282e7d262c2a25285c27652c255b5c27252d2c5d2f24e85d2b000000002c282f2d2d292c00"])
preadv(r1, &(0x7f0000001a80)=[{&(0x7f0000000680)=""/157, 0x9d}, {&(0x7f0000000740)=""/88, 0x58}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/236, 0xec}, {&(0x7f00000018c0)=""/232, 0xe8}, {&(0x7f00000019c0)=""/147, 0x93}], 0x6, 0x7, 0x1)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f0000001b00)={0xf, 0xf, 0x35a6, 0xffffcbe4, "ce2b7eacaba7c8f9353609b4e431a8d46338c541abcf272db71750f7b5512699"})
io_setup(0x3, &(0x7f0000000200)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0xbc0, r3, &(0x7f0000000100)="568a92e874edb72663b2a8f8dcda30330fa2e794c516913ed919c7cd1c1d14a4123f3f5f638f5cb6c6d135217229f2bef49cd54a92ef6663408c7118b1185b56c7ca0983d30ea2d988db85317d0d31586f5636cd548a", 0x56}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}])
io_pgetevents(r5, 0x8, 0x4, &(0x7f0000000000)=[{}, {}, {}, {}], 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={[0x8000]}, 0x8})

01:02:44 executing program 0 (fault-call:9 fault-nth:80):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  737.633396][T22698] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  737.641384][T22698] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  737.662897][T22698] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  737.670906][T22698] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:44 executing program 3 (fault-call:4 fault-nth:0):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

[  737.720533][T22747] loop3: detected capacity change from 0 to 2
[  737.729110][T22747] nfs: Unknown parameter '\'
[  737.823896][T22758] FAULT_INJECTION: forcing a failure.
[  737.823896][T22758] name failslab, interval 1, probability 0, space 0, times 0
[  737.836557][T22758] CPU: 0 PID: 22758 Comm: syz-executor.3 Tainted: G        W         5.14.0-syzkaller #0
[  737.846368][T22758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  737.856475][T22758] Call Trace:
[  737.859750][T22758]  dump_stack_lvl+0xd6/0x122
[  737.864339][T22758]  dump_stack+0x11/0x1b
[  737.868489][T22758]  should_fail+0x23c/0x250
[  737.872905][T22758]  __should_failslab+0x81/0x90
[  737.877663][T22758]  should_failslab+0x5/0x20
[  737.882201][T22758]  kmem_cache_alloc_node_trace+0x61/0x2e0
[  737.887921][T22758]  ? __kmalloc_node+0x30/0x40
[  737.892591][T22758]  __kmalloc_node+0x30/0x40
[  737.897097][T22758]  kvmalloc_node+0x81/0x110
[  737.901600][T22758]  snd_seq_pool_init+0x4f/0x2b0
[  737.906519][T22758]  snd_seq_write+0x17c/0x540
[  737.911150][T22758]  ? selinux_file_permission+0x223/0x350
[  737.916902][T22758]  ? snd_seq_read+0x430/0x430
[  737.921573][T22758]  vfs_write+0x27c/0x8d0
[  737.925888][T22758]  ? __fget_light+0x21b/0x260
[  737.930560][T22758]  ksys_write+0xd9/0x190
[  737.934839][T22758]  __x64_sys_write+0x3e/0x50
[  737.939418][T22758]  do_syscall_64+0x44/0xa0
[  737.943904][T22758]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  737.949877][T22758] RIP: 0033:0x4665f9
[  737.953765][T22758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  737.973437][T22758] RSP: 002b:00007f2a93988188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  737.981846][T22758] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[  737.985793][T22757] FAULT_INJECTION: forcing a failure.
[  737.985793][T22757] name failslab, interval 1, probability 0, space 0, times 0
[  737.989813][T22758] RDX: 00000000fffffee4 RSI: 00000000200000c0 RDI: 0000000000000003
[  737.989842][T22758] RBP: 00007f2a939881d0 R08: 0000000000000000 R09: 0000000000000000
[  737.989854][T22758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  738.026269][T22758] R13: 00007ffea566292f R14: 00007f2a93988300 R15: 0000000000022000
[  738.034286][T22757] CPU: 1 PID: 22757 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  738.044129][T22757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  738.054191][T22757] Call Trace:
[  738.057468][T22757]  dump_stack_lvl+0xd6/0x122
[  738.062095][T22757]  dump_stack+0x11/0x1b
[  738.066255][T22757]  should_fail+0x23c/0x250
[  738.070670][T22757]  __should_failslab+0x81/0x90
[  738.075433][T22757]  ? register_for_each_vma+0x372/0x890
[  738.080886][T22757]  should_failslab+0x5/0x20
[  738.085463][T22757]  kmem_cache_alloc_trace+0x52/0x320
[  738.090804][T22757]  ? register_for_each_vma+0x372/0x890
[  738.096259][T22757]  ? vma_interval_tree_iter_next+0x263/0x280
[  738.102240][T22757]  register_for_each_vma+0x372/0x890
[  738.107614][T22757]  __uprobe_register+0x404/0x8b0
[  738.112544][T22757]  uprobe_register_refctr+0x29/0x40
[  738.117733][T22757]  probe_event_enable+0x2be/0x7d0
[  738.122777][T22757]  ? __uprobe_trace_func+0x440/0x440
[  738.128054][T22757]  trace_uprobe_register+0x88/0x410
[  738.133256][T22757]  perf_trace_event_init+0x34e/0x790
[  738.138629][T22757]  perf_uprobe_init+0xf5/0x140
[  738.143524][T22757]  perf_uprobe_event_init+0xde/0x140
[  738.148871][T22757]  perf_try_init_event+0x21a/0x400
[  738.153977][T22757]  perf_event_alloc+0xa60/0x1790
[  738.158975][T22757]  __se_sys_perf_event_open+0x5db/0x2810
[  738.164605][T22757]  ? proc_fail_nth_read+0x150/0x150
[  738.169794][T22757]  __x64_sys_perf_event_open+0x63/0x70
[  738.175243][T22757]  do_syscall_64+0x44/0xa0
[  738.179691][T22757]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  738.185583][T22757] RIP: 0033:0x4665f9
[  738.189471][T22757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  738.209068][T22757] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  738.217472][T22757] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
01:02:44 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x0)
syz_open_pts(r1, 0x4001)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(r3, 0x10000)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100))

[  738.225442][T22757] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  738.233409][T22757] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  738.241374][T22757] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  738.249334][T22757] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:44 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:02:45 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x24, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:45 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_WIE_OFF(r0, 0x7010)

01:02:45 executing program 0 (fault-call:9 fault-nth:81):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  738.577141][T22743] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  738.585200][T22743] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  738.602613][T22743] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  738.610598][T22743] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  738.766962][T22782] FAULT_INJECTION: forcing a failure.
[  738.766962][T22782] name failslab, interval 1, probability 0, space 0, times 0
[  738.779633][T22782] CPU: 1 PID: 22782 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  738.789430][T22782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  738.799470][T22782] Call Trace:
[  738.802736][T22782]  dump_stack_lvl+0xd6/0x122
[  738.807313][T22782]  dump_stack+0x11/0x1b
[  738.811449][T22782]  should_fail+0x23c/0x250
[  738.815870][T22782]  __should_failslab+0x81/0x90
[  738.820614][T22782]  ? register_for_each_vma+0x372/0x890
[  738.826052][T22782]  should_failslab+0x5/0x20
[  738.830534][T22782]  kmem_cache_alloc_trace+0x52/0x320
[  738.835803][T22782]  ? register_for_each_vma+0x372/0x890
[  738.841242][T22782]  ? vma_interval_tree_iter_next+0x24c/0x280
[  738.847209][T22782]  register_for_each_vma+0x372/0x890
[  738.852535][T22782]  __uprobe_register+0x404/0x8b0
[  738.857453][T22782]  uprobe_register_refctr+0x29/0x40
[  738.862638][T22782]  probe_event_enable+0x2be/0x7d0
[  738.867640][T22782]  ? __uprobe_trace_func+0x440/0x440
[  738.872905][T22782]  trace_uprobe_register+0x88/0x410
[  738.878103][T22782]  perf_trace_event_init+0x34e/0x790
[  738.883375][T22782]  perf_uprobe_init+0xf5/0x140
[  738.888134][T22782]  perf_uprobe_event_init+0xde/0x140
[  738.893403][T22782]  perf_try_init_event+0x21a/0x400
[  738.898496][T22782]  perf_event_alloc+0xa60/0x1790
[  738.903418][T22782]  __se_sys_perf_event_open+0x5db/0x2810
[  738.909034][T22782]  ? plist_check_list+0xf9/0x160
[  738.913960][T22782]  ? finish_task_switch+0xce/0x290
[  738.919051][T22782]  __x64_sys_perf_event_open+0x63/0x70
[  738.924498][T22782]  do_syscall_64+0x44/0xa0
[  738.928904][T22782]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  738.934783][T22782] RIP: 0033:0x4665f9
[  738.938654][T22782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  738.958245][T22782] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  738.966654][T22782] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  738.974607][T22782] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  738.982556][T22782] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  738.990505][T22782] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  738.998517][T22782] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:45 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:02:45 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
ioctl$TIOCGICOUNT(r1, 0x545d, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
syz_open_pts(r2, 0x3000)

01:02:45 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x58, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:46 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x100000000}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000000))

01:02:46 executing program 0 (fault-call:9 fault-nth:82):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  739.523736][T22778] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  739.531739][T22778] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  739.549131][T22778] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  739.557179][T22778] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  739.706844][T22806] FAULT_INJECTION: forcing a failure.
[  739.706844][T22806] name failslab, interval 1, probability 0, space 0, times 0
[  739.719475][T22806] CPU: 0 PID: 22806 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  739.729332][T22806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  739.739370][T22806] Call Trace:
[  739.742630][T22806]  dump_stack_lvl+0xd6/0x122
[  739.747245][T22806]  dump_stack+0x11/0x1b
[  739.751392][T22806]  should_fail+0x23c/0x250
[  739.755789][T22806]  __should_failslab+0x81/0x90
[  739.760535][T22806]  ? register_for_each_vma+0x372/0x890
[  739.765976][T22806]  should_failslab+0x5/0x20
[  739.770465][T22806]  kmem_cache_alloc_trace+0x52/0x320
[  739.775822][T22806]  ? vma_interval_tree_iter_next+0x263/0x280
[  739.781807][T22806]  register_for_each_vma+0x372/0x890
[  739.787073][T22806]  __uprobe_register+0x404/0x8b0
[  739.792046][T22806]  uprobe_register_refctr+0x29/0x40
[  739.797320][T22806]  probe_event_enable+0x2be/0x7d0
[  739.802418][T22806]  ? __uprobe_trace_func+0x440/0x440
[  739.807687][T22806]  trace_uprobe_register+0x88/0x410
[  739.812870][T22806]  perf_trace_event_init+0x34e/0x790
[  739.818203][T22806]  perf_uprobe_init+0xf5/0x140
[  739.822952][T22806]  perf_uprobe_event_init+0xde/0x140
[  739.828222][T22806]  perf_try_init_event+0x21a/0x400
[  739.833342][T22806]  perf_event_alloc+0xa60/0x1790
[  739.838263][T22806]  __se_sys_perf_event_open+0x5db/0x2810
[  739.843880][T22806]  ? plist_check_list+0xf9/0x160
[  739.848805][T22806]  ? finish_task_switch+0xce/0x290
[  739.853966][T22806]  __x64_sys_perf_event_open+0x63/0x70
[  739.859411][T22806]  do_syscall_64+0x44/0xa0
[  739.863879][T22806]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  739.869756][T22806] RIP: 0033:0x4665f9
[  739.873635][T22806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  739.893221][T22806] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  739.901614][T22806] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  739.909563][T22806] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  739.917516][T22806] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  739.925480][T22806] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  739.933434][T22806] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:46 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

[  740.463129][T22802] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  740.471126][T22802] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  740.488504][T22802] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  740.496515][T22802] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:48 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:48 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x12202, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0, 0x4000}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:48 executing program 1:
ioctl$BTRFS_IOC_DEFRAG_RANGE(0xffffffffffffffff, 0x40309410, &(0x7f0000000000)={0x9, 0x9, 0x1, 0x8, 0x1, [0x4, 0x6, 0x7, 0x3]})
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x100000000000006}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:48 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x20c, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:48 executing program 0 (fault-call:9 fault-nth:83):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:48 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  742.002026][T22836] FAULT_INJECTION: forcing a failure.
[  742.002026][T22836] name failslab, interval 1, probability 0, space 0, times 0
[  742.014712][T22836] CPU: 0 PID: 22836 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  742.024507][T22836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  742.034545][T22836] Call Trace:
[  742.037806][T22836]  dump_stack_lvl+0xd6/0x122
[  742.042483][T22836]  dump_stack+0x11/0x1b
[  742.046624][T22836]  should_fail+0x23c/0x250
[  742.051023][T22836]  __should_failslab+0x81/0x90
[  742.055773][T22836]  ? register_for_each_vma+0x372/0x890
[  742.061218][T22836]  should_failslab+0x5/0x20
[  742.065749][T22836]  kmem_cache_alloc_trace+0x52/0x320
[  742.071020][T22836]  ? register_for_each_vma+0x372/0x890
[  742.076461][T22836]  ? vma_interval_tree_iter_next+0x24c/0x280
[  742.082431][T22836]  register_for_each_vma+0x372/0x890
[  742.087703][T22836]  __uprobe_register+0x404/0x8b0
[  742.092697][T22836]  uprobe_register_refctr+0x29/0x40
[  742.097948][T22836]  probe_event_enable+0x2be/0x7d0
[  742.103040][T22836]  ? __uprobe_trace_func+0x440/0x440
[  742.108315][T22836]  trace_uprobe_register+0x88/0x410
[  742.113516][T22836]  perf_trace_event_init+0x34e/0x790
[  742.118841][T22836]  perf_uprobe_init+0xf5/0x140
[  742.123595][T22836]  perf_uprobe_event_init+0xde/0x140
[  742.128868][T22836]  perf_try_init_event+0x21a/0x400
[  742.134023][T22836]  perf_event_alloc+0xa60/0x1790
[  742.139017][T22836]  __se_sys_perf_event_open+0x5db/0x2810
[  742.144646][T22836]  ? proc_fail_nth_read+0x150/0x150
[  742.149880][T22836]  __x64_sys_perf_event_open+0x63/0x70
[  742.155327][T22836]  do_syscall_64+0x44/0xa0
[  742.159736][T22836]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  742.165692][T22836] RIP: 0033:0x4665f9
[  742.169615][T22836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  742.189205][T22836] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  742.197706][T22836] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  742.205661][T22836] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  742.213615][T22836] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  742.221580][T22836] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  742.229610][T22836] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:49 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:49 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
io_setup(0x3, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000240)='V', 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}])
io_pgetevents(r3, 0x472d, 0x3, &(0x7f0000000000)=[{}, {}, {}], 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={[0xffffffffffffffff]}, 0x8})
ioctl$BTRFS_IOC_GET_FEATURES(r2, 0x80189439, &(0x7f0000000140))

01:02:49 executing program 0 (fault-call:9 fault-nth:84):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  742.763412][T22824] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  742.771409][T22824] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  742.789374][T22824] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  742.797389][T22824] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:49 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x218, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = memfd_create(&(0x7f00000000c0)='/dev/vcs\x00', 0x2)
read(r1, &(0x7f0000000280)=""/122, 0x7a)
r2 = syz_open_pts(r0, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x1)
syz_open_pts(r3, 0x202)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000040)={0x100, 0xa3d7, 0x1, 0x7, 0xb, "50f5e81a48342608a769171842df659dcfca60"})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100))

[  742.981611][T22861] FAULT_INJECTION: forcing a failure.
[  742.981611][T22861] name failslab, interval 1, probability 0, space 0, times 0
[  742.994246][T22861] CPU: 0 PID: 22861 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  743.004048][T22861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  743.014091][T22861] Call Trace:
[  743.017353][T22861]  dump_stack_lvl+0xd6/0x122
[  743.021937][T22861]  dump_stack+0x11/0x1b
[  743.026076][T22861]  should_fail+0x23c/0x250
[  743.030480][T22861]  __should_failslab+0x81/0x90
[  743.035230][T22861]  ? register_for_each_vma+0x372/0x890
[  743.040674][T22861]  should_failslab+0x5/0x20
[  743.045166][T22861]  kmem_cache_alloc_trace+0x52/0x320
[  743.050437][T22861]  ? register_for_each_vma+0x372/0x890
[  743.055881][T22861]  ? vma_interval_tree_iter_next+0x263/0x280
[  743.061851][T22861]  register_for_each_vma+0x372/0x890
[  743.067201][T22861]  __uprobe_register+0x404/0x8b0
[  743.072186][T22861]  uprobe_register_refctr+0x29/0x40
[  743.077369][T22861]  probe_event_enable+0x2be/0x7d0
[  743.082377][T22861]  ? __uprobe_trace_func+0x440/0x440
[  743.087680][T22861]  trace_uprobe_register+0x88/0x410
[  743.092867][T22861]  perf_trace_event_init+0x34e/0x790
[  743.098163][T22861]  perf_uprobe_init+0xf5/0x140
[  743.102928][T22861]  perf_uprobe_event_init+0xde/0x140
[  743.108224][T22861]  perf_try_init_event+0x21a/0x400
[  743.113334][T22861]  perf_event_alloc+0xa60/0x1790
[  743.118260][T22861]  __se_sys_perf_event_open+0x5db/0x2810
[  743.123879][T22861]  ? plist_check_list+0xf9/0x160
[  743.128806][T22861]  ? sysvec_call_function_single+0xa/0x80
[  743.134595][T22861]  __x64_sys_perf_event_open+0x63/0x70
[  743.140040][T22861]  do_syscall_64+0x44/0xa0
[  743.144444][T22861]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  743.150465][T22861] RIP: 0033:0x4665f9
[  743.154343][T22861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  743.173949][T22861] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  743.182347][T22861] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  743.190302][T22861] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  743.198258][T22861] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  743.206214][T22861] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  743.214169][T22861] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:50 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  743.725409][T22851] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  743.733412][T22851] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000a9c291d2
[  743.748323][T22851] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  743.756340][T22851] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  743.782642][T22851] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  743.790634][T22851] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:52 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:52 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x241, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:52 executing program 0 (fault-call:9 fault-nth:85):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:52 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x2040, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000000))
clock_gettime(0x0, &(0x7f0000000240)={<r1=>0x0, <r2=>0x0})
ioctl$RTC_WIE_OFF(r0, 0x7010)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001840)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000040), 0x0, &(0x7f0000000140)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000001740)=[{&(0x7f0000000340)=""/218, 0xda}, {&(0x7f0000000440)=""/136, 0x88}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000200)}, {&(0x7f0000001500)=""/243, 0xf3}, {&(0x7f0000001600)=""/188, 0xbc}, {&(0x7f00000016c0)=""/119, 0x77}], 0x7, &(0x7f00000017c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x80}}], 0x2, 0x10000, &(0x7f00000002c0)={r1, r2+60000000})
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000018c0)=0x3251, 0x4)

01:02:52 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:52 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  745.776218][T22896] FAULT_INJECTION: forcing a failure.
[  745.776218][T22896] name failslab, interval 1, probability 0, space 0, times 0
[  745.788847][T22896] CPU: 1 PID: 22896 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  745.798641][T22896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  745.808684][T22896] Call Trace:
[  745.811950][T22896]  dump_stack_lvl+0xd6/0x122
[  745.816528][T22896]  dump_stack+0x11/0x1b
[  745.820736][T22896]  should_fail+0x23c/0x250
[  745.825136][T22896]  __should_failslab+0x81/0x90
[  745.829891][T22896]  ? register_for_each_vma+0x372/0x890
[  745.835337][T22896]  should_failslab+0x5/0x20
[  745.839827][T22896]  kmem_cache_alloc_trace+0x52/0x320
[  745.845108][T22896]  ? register_for_each_vma+0x372/0x890
[  745.850553][T22896]  ? vma_interval_tree_iter_next+0x24c/0x280
[  745.856519][T22896]  register_for_each_vma+0x372/0x890
[  745.861792][T22896]  __uprobe_register+0x404/0x8b0
[  745.866713][T22896]  uprobe_register_refctr+0x29/0x40
[  745.871971][T22896]  probe_event_enable+0x2be/0x7d0
[  745.876982][T22896]  ? __uprobe_trace_func+0x440/0x440
[  745.882359][T22896]  trace_uprobe_register+0x88/0x410
[  745.887543][T22896]  perf_trace_event_init+0x34e/0x790
[  745.892827][T22896]  perf_uprobe_init+0xf5/0x140
[  745.897591][T22896]  perf_uprobe_event_init+0xde/0x140
[  745.902916][T22896]  perf_try_init_event+0x21a/0x400
[  745.908023][T22896]  perf_event_alloc+0xa60/0x1790
[  745.912946][T22896]  __se_sys_perf_event_open+0x5db/0x2810
[  745.918600][T22896]  ? plist_check_list+0xf9/0x160
[  745.923526][T22896]  ? finish_task_switch+0xce/0x290
[  745.928664][T22896]  __x64_sys_perf_event_open+0x63/0x70
[  745.934125][T22896]  do_syscall_64+0x44/0xa0
[  745.938531][T22896]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  745.944474][T22896] RIP: 0033:0x4665f9
[  745.948349][T22896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  745.968021][T22896] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  745.976417][T22896] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  745.984372][T22896] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  745.992328][T22896] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  746.000292][T22896] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  746.008254][T22896] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:53 executing program 0 (fault-call:9 fault-nth:86):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:53 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  746.536160][T22885] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  746.544239][T22885] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  746.561356][T22885] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  746.569473][T22885] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:53 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xa, 0x13, r0, 0x8008000)
io_pgetevents(0x0, 0x2, 0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}], &(0x7f00000000c0), 0x0)

01:02:53 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x300, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  746.737191][T22921] FAULT_INJECTION: forcing a failure.
[  746.737191][T22921] name failslab, interval 1, probability 0, space 0, times 0
[  746.749832][T22921] CPU: 0 PID: 22921 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  746.759762][T22921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  746.770033][T22921] Call Trace:
[  746.773294][T22921]  dump_stack_lvl+0xd6/0x122
[  746.777890][T22921]  dump_stack+0x11/0x1b
[  746.782029][T22921]  should_fail+0x23c/0x250
[  746.786471][T22921]  __should_failslab+0x81/0x90
[  746.791220][T22921]  ? register_for_each_vma+0x372/0x890
[  746.796812][T22921]  should_failslab+0x5/0x20
[  746.801302][T22921]  kmem_cache_alloc_trace+0x52/0x320
[  746.806577][T22921]  ? register_for_each_vma+0x372/0x890
[  746.812032][T22921]  ? vma_interval_tree_iter_next+0x263/0x280
[  746.818038][T22921]  register_for_each_vma+0x372/0x890
[  746.823323][T22921]  __uprobe_register+0x404/0x8b0
[  746.828244][T22921]  uprobe_register_refctr+0x29/0x40
[  746.833488][T22921]  probe_event_enable+0x2be/0x7d0
[  746.838550][T22921]  ? __uprobe_trace_func+0x440/0x440
[  746.843948][T22921]  trace_uprobe_register+0x88/0x410
[  746.849131][T22921]  perf_trace_event_init+0x34e/0x790
[  746.854410][T22921]  perf_uprobe_init+0xf5/0x140
[  746.859204][T22921]  perf_uprobe_event_init+0xde/0x140
[  746.864543][T22921]  perf_try_init_event+0x21a/0x400
[  746.869695][T22921]  perf_event_alloc+0xa60/0x1790
[  746.874685][T22921]  __se_sys_perf_event_open+0x5db/0x2810
[  746.880380][T22921]  ? proc_fail_nth_read+0x150/0x150
[  746.885561][T22921]  __x64_sys_perf_event_open+0x63/0x70
[  746.891011][T22921]  do_syscall_64+0x44/0xa0
[  746.895494][T22921]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  746.901377][T22921] RIP: 0033:0x4665f9
[  746.905308][T22921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  746.924902][T22921] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  746.933361][T22921] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  746.941366][T22921] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  746.949431][T22921] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  746.957413][T22921] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  746.965369][T22921] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:53 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
syz_open_pts(r2, 0x0)
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$TIOCGPTPEER(r3, 0x5441, 0x16)

01:02:54 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  747.483137][T22903] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  747.491134][T22903] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  747.514964][T22903] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  747.522986][T22903] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:55 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x4, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:55 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x40000000000, 0x0, 0x1000100000000, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, &(0x7f0000000000)={0x8, 0x8, 0x5b, 0xffffffff, 0x3, 0x0, 0x0, 0x2}, 0x0, 0x0)

01:02:55 executing program 0 (fault-call:9 fault-nth:87):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:55 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x500, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:55 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xad)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x120}, {r4, 0x220}, {r1, 0x580}, {r2, 0x70}, {r5, 0x8}, {r6, 0x2}, {r7, 0x21}, {r7, 0xd488}], 0x8, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:02:55 executing program 4:
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100))

01:02:56 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
lseek(0xffffffffffffffff, 0x1ff, 0x3)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)

[  749.457788][T22960] FAULT_INJECTION: forcing a failure.
[  749.457788][T22960] name failslab, interval 1, probability 0, space 0, times 0
[  749.470454][T22960] CPU: 0 PID: 22960 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  749.480255][T22960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  749.490292][T22960] Call Trace:
[  749.493562][T22960]  dump_stack_lvl+0xd6/0x122
[  749.498150][T22960]  dump_stack+0x11/0x1b
[  749.502293][T22960]  should_fail+0x23c/0x250
[  749.506695][T22960]  __should_failslab+0x81/0x90
[  749.511451][T22960]  ? register_for_each_vma+0x372/0x890
[  749.516986][T22960]  should_failslab+0x5/0x20
[  749.521480][T22960]  kmem_cache_alloc_trace+0x52/0x320
[  749.526752][T22960]  ? register_for_each_vma+0x372/0x890
[  749.532209][T22960]  ? vma_interval_tree_iter_next+0x24c/0x280
[  749.538229][T22960]  register_for_each_vma+0x372/0x890
[  749.543519][T22960]  __uprobe_register+0x404/0x8b0
[  749.548531][T22960]  uprobe_register_refctr+0x29/0x40
[  749.553725][T22960]  probe_event_enable+0x2be/0x7d0
[  749.558741][T22960]  ? __uprobe_trace_func+0x440/0x440
[  749.564009][T22960]  trace_uprobe_register+0x88/0x410
[  749.569191][T22960]  perf_trace_event_init+0x34e/0x790
[  749.574476][T22960]  perf_uprobe_init+0xf5/0x140
[  749.579254][T22960]  perf_uprobe_event_init+0xde/0x140
[  749.584626][T22960]  perf_try_init_event+0x21a/0x400
[  749.589770][T22960]  perf_event_alloc+0xa60/0x1790
[  749.594695][T22960]  __se_sys_perf_event_open+0x5db/0x2810
[  749.600366][T22960]  ? proc_fail_nth_read+0x150/0x150
[  749.605549][T22960]  __x64_sys_perf_event_open+0x63/0x70
[  749.611022][T22960]  do_syscall_64+0x44/0xa0
[  749.615427][T22960]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  749.621305][T22960] RIP: 0033:0x4665f9
[  749.625229][T22960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  749.644818][T22960] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  749.653215][T22960] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  749.661180][T22960] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  749.669144][T22960] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  749.677107][T22960] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  749.685064][T22960] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:56 executing program 4:
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100))

01:02:56 executing program 0 (fault-call:9 fault-nth:88):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  750.223433][T22942] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  750.231479][T22942] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  750.252120][T22942] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  750.260104][T22942] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:56 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0xa00, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  750.408956][T22982] FAULT_INJECTION: forcing a failure.
[  750.408956][T22982] name failslab, interval 1, probability 0, space 0, times 0
[  750.421667][T22982] CPU: 1 PID: 22982 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  750.431519][T22982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  750.441560][T22982] Call Trace:
[  750.444822][T22982]  dump_stack_lvl+0xd6/0x122
[  750.449401][T22982]  dump_stack+0x11/0x1b
[  750.453566][T22982]  should_fail+0x23c/0x250
[  750.457980][T22982]  __should_failslab+0x81/0x90
[  750.462790][T22982]  ? register_for_each_vma+0x372/0x890
[  750.468238][T22982]  should_failslab+0x5/0x20
[  750.472763][T22982]  kmem_cache_alloc_trace+0x52/0x320
[  750.478042][T22982]  ? register_for_each_vma+0x372/0x890
[  750.483576][T22982]  ? vma_interval_tree_iter_next+0x263/0x280
[  750.489548][T22982]  register_for_each_vma+0x372/0x890
[  750.494820][T22982]  __uprobe_register+0x404/0x8b0
[  750.499758][T22982]  uprobe_register_refctr+0x29/0x40
[  750.504940][T22982]  probe_event_enable+0x2be/0x7d0
[  750.510036][T22982]  ? __uprobe_trace_func+0x440/0x440
[  750.515345][T22982]  trace_uprobe_register+0x88/0x410
[  750.520540][T22982]  perf_trace_event_init+0x34e/0x790
[  750.525825][T22982]  perf_uprobe_init+0xf5/0x140
[  750.530589][T22982]  perf_uprobe_event_init+0xde/0x140
[  750.535869][T22982]  perf_try_init_event+0x21a/0x400
[  750.540986][T22982]  perf_event_alloc+0xa60/0x1790
[  750.545913][T22982]  __se_sys_perf_event_open+0x5db/0x2810
[  750.551566][T22982]  ? plist_check_list+0xf9/0x160
[  750.556523][T22982]  ? finish_task_switch+0xce/0x290
[  750.561617][T22982]  __x64_sys_perf_event_open+0x63/0x70
[  750.567064][T22982]  do_syscall_64+0x44/0xa0
[  750.571504][T22982]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  750.577463][T22982] RIP: 0033:0x4665f9
[  750.581341][T22982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  750.600932][T22982] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  750.609333][T22982] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  750.617286][T22982] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  750.625243][T22982] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  750.633196][T22982] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  750.641147][T22982] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:02:57 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
sendmsg$nl_netfilter(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000040)={&(0x7f0000000280)={0x22d0, 0xc, 0x7, 0x101, 0x70bd2b, 0x25dfdbff, {0x1, 0x0, 0x9}, [@nested={0xbc, 0x1d, 0x0, 0x1, [@generic="8149360a6b1c54d1ad2815a9bdf612079d050243cdc52dcd", @generic="ad24153c2b094dac5b2957c619ae9fe49c1afa217102fde2b5c20c0197c6d74473057f2d81492044ab75f5647929920f3cce3390599b20341bb47b6db00d098f6cc0c9e65347f5a4ed40c3fb8f0d9fe41408a984ed9acb7adbab4cc466014ce28554d9529903c35c1b0ea0e73407380de4d5386da12aacd7900633932883d5705ae49660695647872293ff8cb5cd4c9ffd5145cf6e3ee7d2bef87fd8cfcd6946"]}, @nested={0xcb, 0x32, 0x0, 0x1, [@typed={0x8, 0x5c, 0x0, 0x0, @u32=0xffff}, @typed={0x8, 0x42, 0x0, 0x0, @fd=r0}, @generic="55b0f309b45c142e028ebef0143211e76d48de9681635837cc61fc56f7989542645e8a070a2371cf7b65dbecc523c1599f6639ce209080fb0febfe745972652807ebc01caa45aa5a031e72b32afa7b214126", @generic="4ca5c5b80b0da2ea4dc2a111d2e536487e5e9c181fb24e3356f6035253c8ff9f1c0f61c496cd458c38739362bc8d4888d3318b00b1e3be1e86199ec967c0fa49799ec9a8c968b211098e18de65bf2af344bfef6efab9096affdc3a966c43021e148b7ff7c8"]}, @typed={0xc, 0x2d, 0x0, 0x0, @u64=0x3f}, @nested={0x1062, 0x5e, 0x0, 0x1, [@generic="d0c2889638ece3629a947c84fdef62b5ddb5834c4c876359bc896d359704a6703bd36d74b4bda7f9cc34cf5e5332a123b74f26068af853af4fcab6a618dd2d584238911dac3cc61eaa4358536e3bfd65e05b5adaf6ab", @typed={0x8, 0x14, 0x0, 0x0, @pid}, @generic="722355e813d21a8b56ccfc47225233be09bc22764a980b7104910bf556eb21d6d0c6d9265f60beba28be339db0f561fdb792b46907347383fb5c6ca0c14865cf9ca51f532e89c49a943cd821b877f9b851d57f8cb55878fd6dbd6ab6b8c48932fd465c548cb5cb0078e84d011e5e93407313896b65635e3233fc0e1808c9fd9c9d3f48a6337235aebacd6ea9b6e7fa3a5ba20a8460cb354c4b088b652ae316e13cda2c10b1d41b37c4d479be40bcb434983fe119fe029c11bdbb5a315c9bc75db3190c280bd904635743e40fa13d59358a17e675c5a1b06c1c72a58749987fbd099e78d6d6ad311206fb643b87840a27a6e39284e8d7fc9d56a30432c187d49dc5d0f5b363a3b10239f546eb4c78f088ab3561e21ab27c033a0a1e52f7155be81a1deb250408891fa41679793d3482a33a29fea5885cb6b553be0098fb3bfc6c21296230cee32139a6bdb60c07fa1786601da02f3e2cfd1d0cf964df0c7893a3fefb3083aa270ba3f7e9dfabdca874ee7fa30c155f9a57b54d3b895fd40394dcbfd2afa18a17b192892900606bd0c89cb9ada00c3d00b7c2e62d60d066432f830d8c2d0a35438a54d264a654cceade5f5bdaa3d5da1a862c4052ed5723ffe7a878572e4f13b70c071099f5f09d9f9ee6713f9804f10886c843933903248851069b2036eeb083de19136d94df193e3a8e6f3ea4002ca670b9a93ee7479d211987aca3d2f53ac58d7feaa22a678b7e1141d35dd59b249e771e76eeb2ede418acbfe7fe670305d101a209c402720246e0128e33fb187d47411a3d50523f97e878dbf6a864fb0a68b7118f496a6ed5cbd2e03422d70d22932a572ffb681aa063d689a9b506b40159b854ea0940873140369c6020717a1cb699103403de3597fe7f45b558c96c751d54807480d8395435014c6e743bb7d6fe9aaceff6cac1a9d19f6541d900cf95019b4bfebe4e19485ffc80598d19e362ae41f8123d1a5f19551ddba6b82f308aa51aff148e540cb6b7405abb02c393b271ea3f031eb2feba9a3c3c25b9e5cc7627b64195b23cf0ea1ec3aca8a5a497bae6cf29219ed2bfc3302076689c4f56d448dd348e22fc28045255b1c68dbcd1f8d7d74a3b44d3870352dbc55ae086e0752802ce625bfd542b3e4e36d6ce742da5b63e1e15af4c4b0a8203eab00709d1c6ae594716a18cd9c4a20f1ebe892d4dd307060eb4947b2cf6aa6898b129d53ab1d496634c75e7b49290eb81bf0b9721667e5cf35e085b389c8d2951ba4b457582a5d63e26ae7c1c6a1aa1b96eb3fe52c82bd3a73e7418d47451a12376d1a40a9bf738416aa502d1bcc0570083e2083ffc931fa845639d5b92db03fa7b8910c30b6e5138e1f1e9f6088d449c7eb3cd8ecae15b673a9ded28104a93002d6ba34eaa64037469047e1ecf8237f6e9c6c622cd2ee99c6ef582a2341aa2d139d6b0dada453aa28dc8f39faaa1907c510c7129705b741e867c7a2028ebface09f5ddcf8904dee7e330357127a2394d04f3e477e8fbf145619b5e21dd7c45e9570dbd24b083cf528baa8f668a451073285507367736680386fde829fbdd29bcc2917e67136086f1b1dffc07aa07eb3cf586c5f9d929f20c51ff63cbcd3e50d37f260f9df3682066b8617a5e7e7d9fb884b564c3bcc4c0148e79ed1404e2f59862d2ae08ba803c63f1a9e2ee9f4732d5454ddfc79dc54f673cd3bfa334924a01b589960a98b4e809b186eacf9cc878631bed042c7aa47e863cc02780f587d2f9f4481f43ac1f61cfe712d7425d129602746823794d4511f26a33c628ef6fe878d0ea965b23687ae75abd0ecb02309bfc5e52b912881c3e4de0a8280cf5c77c3634803cfbcf8a5a88acdb8830d76846b6d0cc8890417344e106962fef0c64de5f07e9bf5a9e9f3c86f79e8b4940a029ed8ffba4770a80adf1f05d695296aabc790f77abdc7e556bf6268325ed7c518fef497e62773eeaaac2368566ff5a86cc461c7b663a22dbf754684f538f0a1b7527a1f354b4533186351604ad85e0826750bf8e862a72160bd6b51a53b2b61301b321901f820fc18ef1f76dd6d89808dfe4ff1a88919b34299bdd238851332013090d4caafd88f5a847120dbe875cc61a32ae616286d251e2a534b9dc929a964140adf29ae86e7fc6a04400e74b94ff350dd31972be7185877b986d0582e8476f6b5bd82992ef4210bf4af819a0a6062a16866f16c480da55203fc99e309a3963fbe9020f06dc2af195269903997b6b697321741b33f445e8aee685b4fe72435bc725cd0b8c88883bab7c7a41c063e27262c33fd67fbd45233bb9e4fd13f326260d8580a01b38f373f272a1a34dd8761f99e4274eeb7b1cd28ef36bf68ea293d3d03900f34f36132159f0c770300b4f05cc345e180538238412dfa56b37cbf1f58fa6c7c5fe61da1a91d39e444e90e0cfc344a0f732e296b23fd0f37580e08344d56bc41461ba8e407b9a40ef559083f393301cea9d66a85b60a88d6b3d04fc7e9fe713241e4a9265711e22cde075902fa4135bfb5568abe2b84926ee8692c6d47a5ab2e01084c0ecc44e57103a15324824f4f1e2c247d74cc24535c8b6691e6945048a9c9069ff6091e0664a94b86c3358430945bb253ef9d9a8fddc61ab126ddddc44ee6879053852e2acada36e5abc2bb2bb292ff5036f96698b4544f0fedfd0b57d525f9bfb9203e3e1f0f2db705d5b8ec27c70a6927b20cdfbd27bb61e2df0666db7905fc0fed824225a03f280f2dabaf95b92ee739918f77c10b0d1353d95c7d9d62385e614747049f702e2876b050751a34453ccd14014f98bc09f20d01942a717351d8c58e8c537f3cf07adca6050d2ff363cb1e3a9caeecffa7005aa958784d13ecfedde716555124cbf6b4d3e2e6d3d963556681a8c71d584f47643503433de0b16f79cda261fff868e72abd495e3447c44ad5ccae8d6a9445a293c56719fef6bb7ef1e5ecf04bc257c845118a766116ee24ca4954abdf9e42bfaade04bdef1b43becde3dd98f497060e01f40f64f035fee0081d0c0e72f95ebddc61703db4e187206c2ba8f832cec4a1b156540cb41d339f01bd1cc82128a2c3e6b475d9dc9589a9728a2b9d0954de620924e6481a1acd5476ee45dd821cc464d4818a8c686e41a2a1f1693393c7493439800d59e589469a922ce596d5ceb290894f186a86ddb37c7be44e2b8476337bfb9b54190929352ef1b4b53bcc59563da7e04614421364a5d0ad4703b1fdb4a76d1dff3a089096153ffbe17d18dde3eb5fbf305f46b9e714fe83cb9d0c06565c43988f12c66c0a1c9366dcd9ba0e00ad3471699a944fe0b8528f70ad82b39c84ebc6c735c3d56141350c7eb3b41c122fa24382ccb855c0147bdc2b7189d6e745a9ec13c4633595f1ea52864c715db37355b7af3d7608720dbc5cf27d12244c83402bb09e69d95efbec808ef5739950bb4611aefdd5cabd29a82fc381716caf76097ae50a359ef979471d09f9532406053fd6e9353ea1ab20d9a51910b7c8f270279fad4d1f57ce789c088a1d97d2d7372144d7d27fdf390fbac05b0495f385b866422b30218136eb3e78c3fb434fe8264af1f23f921f25450c73f6eaebfb81656b538fdbcd610a9e476025081ebf010870b99b8cac30ff075c86f070fd36f65a9bb0245a938bf6b4290fd3544915f8535de7b300861834dfab1fca5c06aa78dd43498e998e081b0ef2ff3e6dad29c3f73e344f1449a0c43f284b61cfe87002c6f3853a66962bab2696249338c9d92e4b8aad3f41a514a50fcf8cb47644ea44de209f15d3754a5347da5ada6d0157d6d048a745af85155850e1d970cac7cb51a5ccd0880004c3ef7762fccb931fb41c4a540e28d425795dc75d24b5fe80692217f94f4bd97b2d81b33dd5a38c0a1676ced197cd622e96782a9444f0ccdc6c84889d85519bffb37e4abcd7988c2d48b77c7cec2c07c5ab2ab9755a15dd4021a1e14b314a0c4a6f639c33525188f7a05065e6e5dfe84a0f03ac9fa0a3c8df57f34a988e037105e2cb8124321dd64fafc77f99a41aab28570872a8672b57da8c91f3eea1f0cc29cb473684604b86a56ce820bd895dc0bcf2adfbac39f2e05b61d131152d7e47a4efb6043b09c87a9dcc5b628633e471208d30a9ba61b1af4f202571e419cff5bdbf313876ac667e844587795f9a29ba236602b5d75b085d10addcb2a71fdd0974f6568d6d509d24d6d9eb03f95f9d3065d4d86b439e7e557a0709c63667d28c09cb7b4819d371274c43dc77cfa87cb1e1ed3b4e003052b5b05699b6fa8236374b8d9264ab234a74563d17ca9a3c732766acdd166a806909f8ccceb0e761f651a6cf1471d67f5378f15626e1b8347678bde5804d314c730951ea2087f59432ff400877afb529be4b9ba68f248f706083504ee286517f46b3c9c5683dc1c4d43c3c6f4246fb6c627e97b2b2ecf5e0d192db4f0043aa8b4b377236c243843d651b31b780f56bd14201af6c7a41eaa0ba2a88a3e7128b3b8ab5b18416e712ba8e780d174169a98dc60ac537837359971a561df28edc5840f87d290d22dab2de23b7b23e64f5a515b8b586e4a50af6f62426aa49258ed8cf1075a4e9a0ee9923b6336c00fb7e8fe6d7482e9842947375b987a0bedb4ac4de59b6119121fd16d57bf20c35351598ea9d541d8736e26e3031cb5ca3de743e2bee023fa7d2e4ab123c87eb46244013361388ce151712cf00361bdb048671968c6de3e2236e2021041de1a63fa8ce12d4d88d1fd8b8f22fc3065185c8231bf4b5e68aa8203f2ca9d10c5036ce89af6dea0b640c8131e529eddca9e76728b7911139b2a049940e1e3fed2bf24eeb33a60c1442d7c29ca9396425af1a456410960f9a2169a2a702cffe21c01d54250b549901ca557903b08b2d65b6df0589e9d0d4d59097573b62255a6344115529034c93c7adda013dd064009ed0aa603a113fa80614175815ba38753dd916604d60989149be41f04c27127d94d6b0acbab5d031961668541a26be336b6736d1f751e73b4cde0b991a7197309f9f580eeb1c609147be01ea49ee024b39b6b1b3214bc4cb50c4dc2abbdc444852a25cc3a167ee918b9d8fd7db5d8aa19c4fe7564ca04507b3ba27be9b3dc8adc5ffdee18db90e659a88d3b99fb384560a41ef182cde3f3f2a3cb7cffac9592d08630d13e4f42fc6f40430cb421947103f83790bd8ff26f48a2b18c73b5c4294b8ab11828c1c801905663d085a924d6c5365b781f5194a445b35c7f8c736732071820f0fda868a9b5cdb8fcdb6c5856f599226114c854643537d435a34214306ed4e9321a8d39e87db39e49c54b21dd92bd0983b5595e271a9a57091aa006ae2afb67cfd72d89c1346fb4268e76ee1a0f5a1fdf2065433964c5b5debd763cdc8898959b5be4f92efa865eb2e73dd4fcae841ddcd0480222946dea2b6f540d42661e3ffe741fa0ae540f5ae8d0944fffa7bceb35832315eb5d9ba25c26c4ec334293d0eb291118eaecdc54b59bba21344afc23504071693abc9a8101aabfde3c61156e5cd8c6b0a2d4159e49ab495eb95a4f3b92164082a435fc21947de11297d3c1a87ff7d7f7b84d87c4e76f76c5050765eeaba50aef158a6254ef5fa7a6543cde92dda9de9cf20def356071561178f80b85098af487095ff595cb1a2e0a3621930f94ec8ed967ff5f3c6e75852513032df8d7e655edfa2caa30c81458e2643783615fc4bfba58ca31348279469fe9ca2bd1aa208c7719dddac744619728c4767c4a787ebe7390926d3a2895e0cbe210"]}, @typed={0x8, 0x1f, 0x0, 0x0, @ipv4=@multicast1}, @generic="207de3428283d6e26c8612dc6020f88444d47da8b44a382f5fab42bc294d13c6b6e0e1262e4dc420e4ff91", @generic="b601ef614884cdb8cd95e55db42e2a2e3f7d1102077b7eb59db9259f8ae492d7cc31a170951365ae22d749076f8ee4e3801b76a995299a5d0df99e49568b2b5cd2360c4afc2872f4f002ae9b4c00a2650554068635f149be189eedea98ec06f95bcf15ab8dd28e95d96c350c06e9e1ff29ddc358cdf0f649a2014aedae9f0e2e5823cc23defe220ab0ecb02439ae709db4462198ae577e518f7ab571382fa89b93fb80b05964ff0c26b0c1f5e179a701eb1bce5288352ce696d6a2b1baee1e5e98dd5f40d222a8c867a2de6aaa113ab7fafcc87565782be94721ecbdb2ca109bf23ce17adc0b5d1ddbdffd0c8cc1065c88c75c715d3edd23fe5ebdd5995ccc836cf3e71c231a8bf302a3dd5a3b6e2fbb80525dd35a767f5316807c2232b0ddaf4c1b4d5a042910eb9fc82879accd4bb016caa5c010436775090aa8de566f35a0ceb69e99bf808736006920633589cebf2cbd5f1d62e6144f48a69d69bc804a9e88569477f06fade43f1949adc8d44d1b67b7a8dc5b2fa6a43423177f6bc043313abbf404db7126f36a377f2bff4673cfd7d81ba41b974ca9cf985b26ea3fb6d68b5feb2b88c4e1e0a57eda5c178d6c862e71a55e4d4b72ef42872118075a72b386f5a6c3da9195217c62f1d1bbf10fb26e2ccaee193a210705d6186390be1468b0d1e21d625fa5d6190f3645a0160293fc5201a03435d58e525d5943ac758b322e33e7e8e8771cb7ea43c055fe5ed248cee571a58fb4adf82e2b38bd261e7ff969687eed81901f577b87116aa1109a96da6c99309c87ade6ce0b4f3b560dee43355a9e2269c58da0a469b5ea9a80bc496784977fc0edce4c56e469b20b587385c11b1fa7a22f9ee2e52e035297e7af8a1b99589bf26e254b9d64b9d4925bac1a4d08273eefc1dec97c7d2a860d50a3c44cb165892e76cf33ec0981d5b72ba34506e32217cc8e8b3dab7e34a7278ca4bb2b92e6201cd182f97f936973491d86c756431c3231dce14b5b77932701e9599b914a4d73b4d0da3723c650a070ca1f68d63b50a9ec3c45d2f3b5fa5212015cc8aed16a9074e0b03551cf816f7548b1958f7d035a053441fc3e13533bbd5377764dfd86701e155eb38e8df47b431cbc6a262d2544c7387d159b0d95e3ce61d579f531dde466ac7967786745c334b1ac8dd2bce7763bfaa589c6cb18dcfc5c6a760a91ccfc6146e98cff623e4f466704293c4ea1bb9a4be1d0ef333fa4213b14f3d71eef791e2183b462625135037596fba668f35dc5035ac513c6de65a2dd0cc2e5f2c938815736e8d3245c81f542f1727beb4a240ab5accf9d0d6cb75f86ebd003650185fee0ddd4e349e7f028722a2d11bf09d690cab5c112c84132489739ed7fff207862d880156f73f6ffe8451a9356854e29e5dac4456ea2f250e7e49af740f1df6c4038e5146b4fdbe491c8d8e8279afdf25455c156b42b2c98fce2cfdf0634dc50a577238483602b5b952f07fd6bf4c06002b336da157f5eb06c52cf2b97f11c3f7ee94082ebb47025a1e2c9854bd84e40430b829376afade5da3744a8dfd35c1bab1089f7e7200fc452888f98aaf27ab5737efdd3cfbfb73dad19b0d20eaef4306f484410fc28f165c2a0347d5c550c71093e78fe3c73ccf2469d0b7168409990e573ea28d1630235739020411d841432fe0ff8db51890ef702b28c58f7126b0b11d80102b406bf770fd20baceb220da3b59cc3c202e79c7fd8d7fc46c76a5bfc45b5155326cc9cd38df4b186f6a73d0f3941a1fc9399fa044f8b096744bc0f7d9fb40db04ef078aa7b8a2aa0da6309abfacc7591929ff702703684037a0eba1ac3d74f41ea1d9f75b682aa262323670d2c87c27ffb17882c44eeca9847b9677431ddea5aa16520cf7a8cbba566e79a087cc4bb3438e5068327feab7857b568c321f441d362f71e232d8cccd326e22d614fed0cc80a3b5ccc17c9ffdd95306398cad2318c61c33afa5a6a84d70034f2bb69ed5de01d910bc0c7981a2aae3a39721e83a5f166813701a3f22bdd2d4fb6d48b8afcb1f4e93fff92de072bd3ea807679e79cf73d90d8555e06dcc8a798cd0557f3a9f136f3aae0b224c6e2cbdb9c2cc438512524531c9ff46ed2a3afbbc721ff9f7a291a04313eb199b79679c0dfbf676f297420ef1bf04640fe84528fe019334b84aabebba7d730675a2e06dce8078cd8a059db7a9020749a6496c383e44be4799862092b4fe70cf0702925439bcae5ad9c31f2f21670715f82211d96e24d4ef52259fd94b507b41583fb964553db4161d8278314c9974cffe6d31254a7bd18e34bf5ff8e901a05fd6bd3080233d3d873718f283696f2fc1ec66ad15690654b01ac460cc074a64d29951bc81c7471a4a97048948eb7ada2901d6502fd7b7d7da0161ca013661138e89b0ab08a6a61e51582e4d103ad91872177b11e4d9ff4f476bb6bb7f5cd856e0ed9eb769bc93d4e9c03a51928596d81e7a12238d74ca66b3d378d99f146633d00df3ae3484cac94e9c74c8c1c3aa5cfd2dbd41b8ef2decf604a7bfd2fe71da2d299f597bd9bf2f2354e38b17e33b7aa3b134651147f9da34f9aa34077fa68f771e12b001e802901faccbe2ea6ffdddcbe7766d06353d40b87a930cbecf666fc7bc6c7dd2d1482025ba67149753e3191dfb55d5f9ff04ea8b6f36bc67b1739ced00260e1cd6e6b94682435129f03469daf238ff6700f5f5a9bf36ca6b162dae0c7b70e2439cac142365b4eac2c8fee3308cefb036325f13560dda82e9a11dfab4e09751a6bc09c72be747813be37949d05bbc1eddeebba4ef1dd8c1f2ed0c55a86fe0de281e56ac625031d2ff2f027eff3e5d9206957322aab7c203724e820069b12505d72496a29102e9d0fd0f2e95568dd0d89991dd737919abc35cb1bcc84d6fdaebf9b046bc56b58880bd68445237f9b418e64c3f2e59c26852b5b5fe6db711ede22ed4144d6f575bff75d16eed7ca1490e6c83f80c97c24e7c360e4b1769355f026b023bb4435fbca20e7dc3da7fa001857be4747ce8606642cf04d6e98ec0dbc3948a77d264910cee5579b8cd43267c5e4c51953e52dca2e61628710370dd849d2923af50cf7cde55fbd21d43a63e8d5a5078618b6648f58e262334404b6046541573e66530e8760bdf7325dde91211cc9c229d980bdb47406a3d93c9109d9c4c320b1c42ebf8106c3b520cce421f1cf6372e6306b736c0fdda3993d50850eaef695dbfcdb9bf411aeefd18bb02400154ed8f0c70b3f2cceb176e12bd1f1738e97f4fb02edb9756cbfe35da2edfb881cfb5e90f8e281d70f7ed95bf354fc6a12dd57a1118ee9423fad85c9e0cd7d9457b56e94ac810d830eb13dc053eeb705f8d93375d46990c8b103fd05b3835268707e198ef21b8fb0f9f907047f1040f097d6f2b0397c1cbfb7e25fa7f7aaac335fd1b9e64accc1ec5045dfbf92fdb55d68e464ef1a4eb2ebf8d4613f63cfae74a9ac2666467cb62799d255231d50002ac602b98a88745cd5d9ce2093c523ba13630431a5e71d46794edcd431002ee0f202e9382ebe41a5f3c7140aea76ebb598cf35d3800b60212c28b7269001939c2f15082d342866c7c2183b6d92cc451f8112111b86105cb94423acc0ce7dd9ba991b810f75628680b8408de80a7f308db2606c83af4af4cb46949b8fa9b729eb096a9de1c9571ee59e06026e014be63ad68a7b348accbd0b097a6496a5cf7ce0cdf1c9fed9bdbdb0ab92dea42716bcccc48e92f60bac65044cfd7d1fc9898a8100270c8385545e7317bccf7d4c28feab827efc99e495d6a2a2eb1341468369c88a554c12febc404181e4ad5cce965d1246443024e4b8967399af58b912b6f6259f9a59cfe1ab7b78804780af93ca18501881844900580f7bc102ca1b8e2cb230764dabacafcc302d155fa57760063395a6d7c8028c13eb0cd354299b1b2284c4fe6b626fc88c022e078be5d9fbca647c71d51d8f46eb8df61fa47b6fb196824a84c2695082d91fe41a011bde1dad0ffad662ddaae9f5203af5bfe467249c88095276811d48dd0976d10949bb5c8ed81abb6cdd831234cb8af47baa9bab52d1f5e8cc1f56306668b11cb86a362156f37cf51cc9bac6e4fdea7f5c08c0cff9072f5a5b838df9f865db710ce1dac2b785129dfc869d7c68d6358395962b71a12569be5fd69eaa737f18e24f70dd221300fd1f40c4e1be80c9c35032216eafbd4d620b1f77a5f94e495e249dad5e6d95085e961db4e8c2fd3a2b72794f852fa30b08e8ef7434837d74cf32a462721339d8e58f470791f67c8d1d7d5a3f650a5dbc90fd8b3cb71ddac6d704a7b569feebd0f86dab91c9b545422ac7dae109f64bca8f43738fa718bb4863d0eec50e34d45096ad89f40f379f1f9932f6d54cdf4b8d01fcc09b0b692b9a130109cacfde105120d9874a0128a8ff369e892fdabdf02a0830c49a11ac79fc8da330e83c67f1715207fae8a6678d1facd4c87838b3fb108c97762b3e1c4c65b62a0c45133f0087ba90c6df33d7edc3ab6f0c9c8a91eba28e7d3add4ff49a4d743c8503977757dbfbf43a93616a677e889346e615ac9ef4ceeee93f9d9f7c3075552ed649856c8912f19d1682515e53965ca2bc77e8f7170986a3a13a3d207152e842f79cae2e4f8d87e48859ca592016ba46e6a8f57c01633adc5a054d37bd0f012bb60efb677002d52daf2170b34e5f875d61c71ff4116f93c77b737430bdc372488a75d40e9ce311c7bc90ff273609669b0a543be605c7e45935a3db68cc35f9d86e355212e034d9c5c3271f55376d672aa4e6f162d4508c3cf7128e2bd606c284622aa4216d9bdd4d53e1fd3a6f1c321e9f9ad3ea3bf614714a6a7f867239adefa796e5c2f5e7ef742115343c865a750e746aafc70ad93112e42710e16495b5b9c8f9196a055efb5abef084bf2542f0e621afea484cc3c81490c4c7d3199b41fd7c076ba01be9eab8a305829c66afd15eefa6428c9ce46d742a0f7bb739c4a23d7c7e2e6d0ab4060c401da21356f5e87e6d683dd3970dec5d8333cc497202662a2308bcf57a21a3febe188517fa0e41239a66cb49ca7b224cd3a86fb91172fc34bbce5d2753a78d47af3d71ae5c2f3dc1cdb918df1785d285fc3f0d74f769adc80d1d8d14cc950eebea2c1f69854a8f383d78930fa3debf157ce002e52d3c151d93a2d1c25a42fc1d05ac57d0559ee1a48e59766fb1b00e6cf56c9c459e400af72dd46e2380e97f0880820a9f20a530833c86e273c4f2a78b808a40ce5087643fde527a01e8e4617b130dd01018021ee49385e943733522956c6b69804cc872d92288a15c9a54bdb1baf852e77fee64ba3530037c2db26016f7c051e75290bc17712ea6ca472caa4da802fd3e63a9d13fc80e69d1fc88efe35c34b8ef87927aec16e4c019cf8b4780bfee9b4bd205494c40d0a7b0c4690ae29c5d95b58d503c186c1fd2555cbb1838cf2507c3506e14b9aba3c67431d94a2e81ec5ee2004571345d7ce8686d9e6a5bdfc7992d8bb1b09370029a8f77077269f13863dd788676464739e00411780c6f36ed935045b49976e4b397e231ed09779179dd1594c8e66b1962681253c278cbfdf594d34f04db144c69ba74ea6442b5ac5cead7d4197d9eb98f99c3a89db76ab2a0df783cb7b20825cfb54f527420588da138a616da87810f38a757de508376776aa6d99c7ee71273f573dc52aec5081c3a7fc4202dde0b501bf2f8631d27812c2bfcd742c89f308121f6b0a3783e8f74b8e461d318629938e1786e2ff7e3ad", @typed={0x8, 0x30, 0x0, 0x0, @u32=0x8}, @generic="c1b5e71403c554ac70c29aae21aee81ef9fb655eae2bbeafac6f39ca3043474add4187f3ab9137da11d12837e68a4c23ffb4d8e8c3df9d9b4f7f755afced8fab110b30f1dcd39c2df814b01a05308276505eebbaa910ad1383aa7f33c5df17a5a7a5c242e9554542dbea8abf35b8b502283a44d189b42432427f972648740a0a698b3dfdcde8"]}, 0x22d0}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:02:57 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000ff07000b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000002300000000000000000000000000000000ffffffffffffffff0000000600"/176])
ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000000))
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  751.164272][T22973] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  751.172289][T22973] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  751.190326][T22973] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  751.198339][T22973] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:02:59 executing program 4:
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100))

01:02:59 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x5, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:02:59 executing program 0 (fault-call:9 fault-nth:89):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:02:59 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
lseek(0xffffffffffffffff, 0x1ff, 0x3)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)

01:02:59 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:02:59 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0xc02, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:02:59 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xad)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x120}, {r4, 0x220}, {r1, 0x580}, {r2, 0x70}, {r5, 0x8}, {r6, 0x2}, {r7, 0x21}, {r7, 0xd488}], 0x8, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  753.259216][T23019] FAULT_INJECTION: forcing a failure.
[  753.259216][T23019] name failslab, interval 1, probability 0, space 0, times 0
[  753.271852][T23019] CPU: 1 PID: 23019 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  753.281649][T23019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  753.291689][T23019] Call Trace:
[  753.294957][T23019]  dump_stack_lvl+0xd6/0x122
[  753.299590][T23019]  dump_stack+0x11/0x1b
[  753.303730][T23019]  should_fail+0x23c/0x250
[  753.308131][T23019]  __should_failslab+0x81/0x90
[  753.312928][T23019]  ? register_for_each_vma+0x372/0x890
[  753.318376][T23019]  should_failslab+0x5/0x20
[  753.322871][T23019]  kmem_cache_alloc_trace+0x52/0x320
[  753.328316][T23019]  ? register_for_each_vma+0x372/0x890
[  753.333762][T23019]  ? vma_interval_tree_iter_next+0x24c/0x280
[  753.339817][T23019]  register_for_each_vma+0x372/0x890
[  753.345299][T23019]  __uprobe_register+0x404/0x8b0
[  753.350275][T23019]  uprobe_register_refctr+0x29/0x40
[  753.355460][T23019]  probe_event_enable+0x2be/0x7d0
[  753.360470][T23019]  ? __uprobe_trace_func+0x440/0x440
[  753.365775][T23019]  trace_uprobe_register+0x88/0x410
[  753.370974][T23019]  ? cpumask_next+0x1/0x80
[  753.375379][T23019]  perf_trace_event_init+0x34e/0x790
[  753.380702][T23019]  perf_uprobe_init+0xf5/0x140
[  753.385452][T23019]  perf_uprobe_event_init+0xde/0x140
[  753.390742][T23019]  perf_try_init_event+0x21a/0x400
[  753.395845][T23019]  perf_event_alloc+0xa60/0x1790
[  753.400848][T23019]  __se_sys_perf_event_open+0x5db/0x2810
[  753.406524][T23019]  ? plist_check_list+0xf9/0x160
[  753.411527][T23019]  ? finish_task_switch+0xce/0x290
[  753.416730][T23019]  __x64_sys_perf_event_open+0x63/0x70
[  753.422177][T23019]  do_syscall_64+0x44/0xa0
[  753.426586][T23019]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  753.432550][T23019] RIP: 0033:0x4665f9
[  753.436428][T23019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  753.456060][T23019] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  753.464463][T23019] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  753.472432][T23019] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  753.480387][T23019] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  753.488352][T23019] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  753.496313][T23019] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:00 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xad)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x120}, {r4, 0x220}, {r1, 0x580}, {r2, 0x70}, {r5, 0x8}, {r6, 0x2}, {r7, 0x21}, {r7, 0xd488}], 0x8, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:00 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000000)={0x26, 0x2d, 0x3, 0x13, 0x0, 0x5595, 0x0, 0xac, 0x1})
ioctl$RTC_PIE_ON(r0, 0x7005)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0)
r3 = openat$cgroup_ro(r1, &(0x7f00000001c0)='pids.current\x00', 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='net/netlink\x00')
io_submit(0x0, 0x3, &(0x7f0000000500)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x7fff, r2, &(0x7f00000000c0)="7fbb2b68e93a2e7667bc300ada371b9282b64d86749b350635b47201aaa86cf6eb9f7e67e39da34518d42315ccdbc4eb63897d55fddf6e7a929889b97578fc8306926e008bed9e7983963a95845b32786d", 0x51, 0x8, 0x0, 0x1}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x2, r1, &(0x7f0000000340)="6afe73c5156e2e9a1e5157bda38aea5a589ab5efe9a6b801f4544faea564563ebd7e787607a70c62b75211a1c760b98320dc870c8a47dae90ca4c6382b9105d502fc053f49617f50273f10e13ddf24a12f6aa87c0f05bb1261400a7f4896047f7a8974e5386b866b4ee5e41e63c0f185c6b80ed7a0f59959b23372da992f95dffd4f32040be7c22feb6488e26062de3024875fe36d186de2e0ba2f3fa4960d7ffe44b7cdfa1fd07483537a8cabeaafc5366f091d8ffeac7705274b4aa9c94029e46f5eec6f7eb31a0b6f706b879f19781135cc74f9b8562de5815de02ae6174ccda6dce035fac37f25f0c4e85cbefcd9897f688d", 0xf4, 0xf4, 0x0, 0x1, r3}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x7, r1, &(0x7f0000000440)="2f0e9b014e38ee18c162a6fc8f46a3b141b58dc5f9f7c68c6299a946be131522e11752", 0x23, 0x0, 0x0, 0x0, r4}])
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  754.002523][T23003] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  754.010552][T23003] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000985654b9
[  754.035188][T23003] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  754.043193][T23003] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:00 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x1800, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:00 executing program 0 (fault-call:9 fault-nth:90):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  754.077305][T23003] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  754.085380][T23003] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  754.242301][T23047] FAULT_INJECTION: forcing a failure.
[  754.242301][T23047] name failslab, interval 1, probability 0, space 0, times 0
[  754.254943][T23047] CPU: 0 PID: 23047 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  754.264740][T23047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  754.274777][T23047] Call Trace:
[  754.278041][T23047]  dump_stack_lvl+0xd6/0x122
[  754.282627][T23047]  dump_stack+0x11/0x1b
[  754.286765][T23047]  should_fail+0x23c/0x250
[  754.291166][T23047]  __should_failslab+0x81/0x90
[  754.295918][T23047]  ? register_for_each_vma+0x372/0x890
[  754.301366][T23047]  should_failslab+0x5/0x20
[  754.305860][T23047]  kmem_cache_alloc_trace+0x52/0x320
[  754.311135][T23047]  ? register_for_each_vma+0x372/0x890
[  754.316580][T23047]  ? vma_interval_tree_iter_next+0x263/0x280
[  754.322621][T23047]  register_for_each_vma+0x372/0x890
[  754.327893][T23047]  __uprobe_register+0x404/0x8b0
[  754.332817][T23047]  uprobe_register_refctr+0x29/0x40
[  754.338002][T23047]  probe_event_enable+0x2be/0x7d0
[  754.343012][T23047]  ? __uprobe_trace_func+0x440/0x440
[  754.348282][T23047]  trace_uprobe_register+0x88/0x410
[  754.353518][T23047]  perf_trace_event_init+0x34e/0x790
[  754.358799][T23047]  perf_uprobe_init+0xf5/0x140
[  754.363560][T23047]  perf_uprobe_event_init+0xde/0x140
[  754.368835][T23047]  perf_try_init_event+0x21a/0x400
[  754.373987][T23047]  perf_event_alloc+0xa60/0x1790
[  754.378967][T23047]  __se_sys_perf_event_open+0x5db/0x2810
[  754.384590][T23047]  ? proc_fail_nth_read+0x150/0x150
[  754.389778][T23047]  __x64_sys_perf_event_open+0x63/0x70
[  754.395303][T23047]  do_syscall_64+0x44/0xa0
[  754.399711][T23047]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  754.405596][T23047] RIP: 0033:0x4665f9
[  754.409471][T23047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  754.429062][T23047] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  754.437457][T23047] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  754.445410][T23047] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  754.453362][T23047] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  754.461370][T23047] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  754.469326][T23047] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:01 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xad)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x120}, {r4, 0x220}, {r1, 0x580}, {r2, 0x70}, {r5, 0x8}, {r6, 0x2}, {r7, 0x21}, {r7, 0xd488}], 0x8, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:01 executing program 0 (fault-call:9 fault-nth:91):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  754.995043][T23039] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  755.003075][T23039] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  755.020232][T23039] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  755.028242][T23039] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  755.386979][T23065] FAULT_INJECTION: forcing a failure.
[  755.386979][T23065] name failslab, interval 1, probability 0, space 0, times 0
[  755.399679][T23065] CPU: 1 PID: 23065 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  755.409515][T23065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  755.419578][T23065] Call Trace:
[  755.422853][T23065]  dump_stack_lvl+0xd6/0x122
[  755.427444][T23065]  dump_stack+0x11/0x1b
[  755.431592][T23065]  should_fail+0x23c/0x250
[  755.436058][T23065]  __should_failslab+0x81/0x90
[  755.440825][T23065]  ? register_for_each_vma+0x372/0x890
[  755.446285][T23065]  should_failslab+0x5/0x20
[  755.450792][T23065]  kmem_cache_alloc_trace+0x52/0x320
[  755.456084][T23065]  ? register_for_each_vma+0x372/0x890
[  755.461582][T23065]  ? vma_interval_tree_iter_next+0x263/0x280
[  755.467638][T23065]  register_for_each_vma+0x372/0x890
[  755.472931][T23065]  __uprobe_register+0x404/0x8b0
[  755.477950][T23065]  uprobe_register_refctr+0x29/0x40
[  755.483152][T23065]  probe_event_enable+0x2be/0x7d0
[  755.488189][T23065]  ? __uprobe_trace_func+0x440/0x440
[  755.493538][T23065]  trace_uprobe_register+0x88/0x410
[  755.498744][T23065]  perf_trace_event_init+0x34e/0x790
[  755.504034][T23065]  perf_uprobe_init+0xf5/0x140
[  755.508889][T23065]  perf_uprobe_event_init+0xde/0x140
[  755.514176][T23065]  perf_try_init_event+0x21a/0x400
[  755.519294][T23065]  perf_event_alloc+0xa60/0x1790
[  755.524248][T23065]  __se_sys_perf_event_open+0x5db/0x2810
[  755.529954][T23065]  ? proc_fail_nth_read+0x150/0x150
[  755.535150][T23065]  __x64_sys_perf_event_open+0x63/0x70
[  755.540610][T23065]  do_syscall_64+0x44/0xa0
[  755.545086][T23065]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  755.551151][T23065] RIP: 0033:0x4665f9
[  755.555041][T23065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  755.574749][T23065] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  755.583236][T23065] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  755.591262][T23065] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  755.599286][T23065] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  755.607256][T23065] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  755.615234][T23065] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  755.945653][T23057] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  755.953661][T23057] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  755.970945][T23057] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  755.978968][T23057] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:04 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x1802, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:04 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:04 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x8, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:04 executing program 0 (fault-call:9 fault-nth:92):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:04 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:04 executing program 1:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00', <r1=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x508, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x10000)
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)={0x12c, r0, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x30, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x5}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x9}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "e3f305aea1ff177a946148dae60fac97"}]}, @NL802154_ATTR_SEC_KEY={0x18, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "d7d60766e5905144730aacdf8ec77261"}]}, @NL802154_ATTR_SEC_KEY={0x70, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "379607f90fc51b64702a3b55fa9f1f77507f8fd705dc293e0f8588d3ebaa8837"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x1}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xf7}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x81}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "eea3ae01207f258039369de8063206df"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x9}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "2a34a67d93e276ba051dca15a8324a24"}]}, @NL802154_ATTR_SEC_KEY={0x3c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x7f}, @NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x40}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "144bf7177b03261702012b55e8cb5bfb"}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x12c}, 0x1, 0x0, 0x0, 0x880}, 0x80)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4000}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

[  757.663427][T23087] FAULT_INJECTION: forcing a failure.
[  757.663427][T23087] name failslab, interval 1, probability 0, space 0, times 0
[  757.676139][T23087] CPU: 1 PID: 23087 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  757.685934][T23087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  757.695976][T23087] Call Trace:
[  757.699251][T23087]  dump_stack_lvl+0xd6/0x122
[  757.703880][T23087]  dump_stack+0x11/0x1b
[  757.708024][T23087]  should_fail+0x23c/0x250
[  757.712423][T23087]  __should_failslab+0x81/0x90
[  757.717170][T23087]  ? register_for_each_vma+0x372/0x890
[  757.722615][T23087]  should_failslab+0x5/0x20
[  757.727109][T23087]  kmem_cache_alloc_trace+0x52/0x320
[  757.732446][T23087]  ? register_for_each_vma+0x372/0x890
[  757.737908][T23087]  ? vma_interval_tree_iter_next+0x263/0x280
[  757.743934][T23087]  register_for_each_vma+0x372/0x890
[  757.749209][T23087]  __uprobe_register+0x404/0x8b0
[  757.754149][T23087]  uprobe_register_refctr+0x29/0x40
[  757.759341][T23087]  probe_event_enable+0x2be/0x7d0
[  757.764364][T23087]  ? __uprobe_trace_func+0x440/0x440
[  757.769694][T23087]  trace_uprobe_register+0x88/0x410
[  757.774885][T23087]  perf_trace_event_init+0x34e/0x790
[  757.780163][T23087]  perf_uprobe_init+0xf5/0x140
[  757.785024][T23087]  perf_uprobe_event_init+0xde/0x140
[  757.790376][T23087]  perf_try_init_event+0x21a/0x400
[  757.795554][T23087]  perf_event_alloc+0xa60/0x1790
[  757.800486][T23087]  __se_sys_perf_event_open+0x5db/0x2810
[  757.806184][T23087]  ? proc_fail_nth_read+0x150/0x150
[  757.811369][T23087]  __x64_sys_perf_event_open+0x63/0x70
[  757.816816][T23087]  do_syscall_64+0x44/0xa0
[  757.821222][T23087]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  757.827101][T23087] RIP: 0033:0x4665f9
[  757.830981][T23087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  757.850641][T23087] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  757.859051][T23087] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  757.867005][T23087] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  757.875015][T23087] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  757.882975][T23087] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  757.890954][T23087] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:04 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:05 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:05 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x2400, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:05 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
syz_open_pts(r1, 0x0)
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0x0, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x100, 0x1, 0xffffffffffffffff}]})
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000040)={0x32, 0x13, 0x10, 0x17, 0x3, 0x1, 0x3, 0x12b, 0xffffffffffffffff})
ioctl$RTC_PIE_ON(r0, 0x7005)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
syz_open_pts(r3, 0x0)
syz_open_pts(r3, 0x0)
read(r3, &(0x7f0000000080)=""/188, 0xbc)
close_range(r0, r0, 0x2)
ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000140))
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffffffffffe}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4fb8}, 0x0, 0x0)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000000))

[  758.422514][T23074] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  758.430564][T23074] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000008dc74fd7
[  758.446051][T23074] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  758.454054][T23074] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:05 executing program 0 (fault-call:9 fault-nth:93):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  758.498292][T23074] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  758.506319][T23074] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  758.686386][T23115] FAULT_INJECTION: forcing a failure.
[  758.686386][T23115] name failslab, interval 1, probability 0, space 0, times 0
[  758.699030][T23115] CPU: 0 PID: 23115 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  758.709008][T23115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  758.719049][T23115] Call Trace:
[  758.722310][T23115]  dump_stack_lvl+0xd6/0x122
[  758.726889][T23115]  dump_stack+0x11/0x1b
[  758.731079][T23115]  should_fail+0x23c/0x250
[  758.735479][T23115]  __should_failslab+0x81/0x90
[  758.740228][T23115]  ? register_for_each_vma+0x372/0x890
[  758.745669][T23115]  should_failslab+0x5/0x20
[  758.750158][T23115]  kmem_cache_alloc_trace+0x52/0x320
[  758.755480][T23115]  ? register_for_each_vma+0x372/0x890
[  758.760921][T23115]  ? vma_interval_tree_iter_next+0x24c/0x280
[  758.766887][T23115]  register_for_each_vma+0x372/0x890
[  758.772218][T23115]  __uprobe_register+0x404/0x8b0
[  758.777139][T23115]  uprobe_register_refctr+0x29/0x40
[  758.782371][T23115]  probe_event_enable+0x2be/0x7d0
[  758.787446][T23115]  ? __uprobe_trace_func+0x440/0x440
[  758.792769][T23115]  trace_uprobe_register+0x88/0x410
[  758.797946][T23115]  perf_trace_event_init+0x34e/0x790
[  758.803232][T23115]  perf_uprobe_init+0xf5/0x140
[  758.807980][T23115]  perf_uprobe_event_init+0xde/0x140
[  758.813254][T23115]  perf_try_init_event+0x21a/0x400
[  758.818379][T23115]  perf_event_alloc+0xa60/0x1790
[  758.823300][T23115]  __se_sys_perf_event_open+0x5db/0x2810
[  758.828915][T23115]  ? plist_check_list+0xf9/0x160
[  758.833875][T23115]  ? finish_task_switch+0xce/0x290
[  758.838967][T23115]  __x64_sys_perf_event_open+0x63/0x70
[  758.844445][T23115]  do_syscall_64+0x44/0xa0
[  758.848926][T23115]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  758.854841][T23115] RIP: 0033:0x4665f9
[  758.858715][T23115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  758.878387][T23115] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  758.886834][T23115] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  758.894903][T23115] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  758.902857][T23115] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  758.910808][T23115] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  758.918761][T23115] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:05 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:06 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000000ff07000b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000000000000000026cabd50c575c2fbbf1f36b7c35c6b6c4fd6ded793a7f173bc03c626656486c008e4c9d2ddc15d2c7624f16cd3b355c0c60387c137a49775f798b54c64be4322923b1fed86cb24defdd6a8790d395542f6d3f5b98e69cbe8c1cd1559c3a36820863cb5cd162d6d6feb413b2ed2022fbee28e411bc133b5718c9f335c7748e50aca1607980b82f80d99852706f5fc1fb16a43eefe04887702f000"/345])
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x69d)
ioctl$RTC_PIE_ON(r0, 0x7005)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_PIE_ON(r2, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:03:06 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  759.411874][T23106] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  759.419868][T23106] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000088127c39
[  759.434917][T23106] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  759.442956][T23106] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  759.477319][T23106] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  759.485349][T23106] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:07 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x10, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:07 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4102, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:07 executing program 0 (fault-call:9 fault-nth:94):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:07 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:07 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:07 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nf_conntrack_ftp', 0x400, 0x100)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)

[  761.478493][T23154] FAULT_INJECTION: forcing a failure.
[  761.478493][T23154] name failslab, interval 1, probability 0, space 0, times 0
[  761.491230][T23154] CPU: 0 PID: 23154 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  761.501142][T23154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  761.511177][T23154] Call Trace:
[  761.514443][T23154]  dump_stack_lvl+0xd6/0x122
[  761.519023][T23154]  dump_stack+0x11/0x1b
[  761.523262][T23154]  should_fail+0x23c/0x250
[  761.527673][T23154]  __should_failslab+0x81/0x90
[  761.532428][T23154]  ? register_for_each_vma+0x372/0x890
[  761.537915][T23154]  should_failslab+0x5/0x20
[  761.542415][T23154]  kmem_cache_alloc_trace+0x52/0x320
[  761.547692][T23154]  ? register_for_each_vma+0x372/0x890
[  761.553142][T23154]  ? vma_interval_tree_iter_next+0x263/0x280
[  761.559111][T23154]  register_for_each_vma+0x372/0x890
[  761.564421][T23154]  __uprobe_register+0x404/0x8b0
[  761.569354][T23154]  uprobe_register_refctr+0x29/0x40
[  761.574542][T23154]  probe_event_enable+0x2be/0x7d0
[  761.579555][T23154]  ? __uprobe_trace_func+0x440/0x440
[  761.584831][T23154]  trace_uprobe_register+0x88/0x410
[  761.590016][T23154]  perf_trace_event_init+0x34e/0x790
[  761.595361][T23154]  perf_uprobe_init+0xf5/0x140
[  761.600117][T23154]  perf_uprobe_event_init+0xde/0x140
[  761.605391][T23154]  perf_try_init_event+0x21a/0x400
[  761.610506][T23154]  perf_event_alloc+0xa60/0x1790
[  761.615432][T23154]  __se_sys_perf_event_open+0x5db/0x2810
[  761.621071][T23154]  ? proc_fail_nth_read+0x150/0x150
[  761.626254][T23154]  __x64_sys_perf_event_open+0x63/0x70
[  761.631854][T23154]  do_syscall_64+0x44/0xa0
[  761.636258][T23154]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  761.642147][T23154] RIP: 0033:0x4665f9
[  761.646025][T23154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  761.665736][T23154] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  761.674132][T23154] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  761.682087][T23154] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  761.690046][T23154] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  761.698004][T23154] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  761.705958][T23154] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:08 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:08 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  762.228342][T23139] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  762.236403][T23139] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000a9c291d2
[  762.251478][T23139] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  762.259499][T23139] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:08 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x8001, 0x0, 0xed, 0x0, 0x20}, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f0000000040))

01:03:08 executing program 0 (fault-call:9 fault-nth:95):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:08 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x5800, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  762.282957][T23139] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  762.290987][T23139] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:08 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  762.483306][T23181] FAULT_INJECTION: forcing a failure.
[  762.483306][T23181] name failslab, interval 1, probability 0, space 0, times 0
[  762.495953][T23181] CPU: 0 PID: 23181 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  762.505747][T23181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  762.515870][T23181] Call Trace:
[  762.519144][T23181]  dump_stack_lvl+0xd6/0x122
[  762.523730][T23181]  dump_stack+0x11/0x1b
[  762.527872][T23181]  should_fail+0x23c/0x250
[  762.532352][T23181]  __should_failslab+0x81/0x90
[  762.537103][T23181]  ? register_for_each_vma+0x372/0x890
[  762.542548][T23181]  should_failslab+0x5/0x20
[  762.547037][T23181]  kmem_cache_alloc_trace+0x52/0x320
[  762.552309][T23181]  ? register_for_each_vma+0x372/0x890
[  762.557751][T23181]  ? vma_interval_tree_iter_next+0x24c/0x280
[  762.564243][T23181]  register_for_each_vma+0x372/0x890
[  762.569513][T23181]  __uprobe_register+0x404/0x8b0
[  762.574518][T23181]  uprobe_register_refctr+0x29/0x40
[  762.579701][T23181]  probe_event_enable+0x2be/0x7d0
[  762.584710][T23181]  ? __uprobe_trace_func+0x440/0x440
[  762.589979][T23181]  trace_uprobe_register+0x88/0x410
[  762.595163][T23181]  perf_trace_event_init+0x34e/0x790
[  762.600435][T23181]  perf_uprobe_init+0xf5/0x140
[  762.605312][T23181]  perf_uprobe_event_init+0xde/0x140
[  762.610658][T23181]  perf_try_init_event+0x21a/0x400
[  762.615755][T23181]  perf_event_alloc+0xa60/0x1790
[  762.620677][T23181]  __se_sys_perf_event_open+0x5db/0x2810
[  762.626308][T23181]  ? plist_check_list+0xf9/0x160
[  762.631235][T23181]  ? finish_task_switch+0xce/0x290
[  762.636327][T23181]  __x64_sys_perf_event_open+0x63/0x70
[  762.641781][T23181]  do_syscall_64+0x44/0xa0
[  762.646209][T23181]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  762.652147][T23181] RIP: 0033:0x4665f9
[  762.656025][T23181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  762.675646][T23181] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  762.684043][T23181] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  762.691998][T23181] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  762.699972][T23181] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  762.707927][T23181] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  762.715880][T23181] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
[  763.226223][T23167] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  763.234239][T23167] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000008dc74fd7
[  763.249427][T23167] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  763.257452][T23167] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  763.274424][T23167] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  763.282427][T23167] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:11 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x1e, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:11 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:11 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x44e82, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x1, 0x4000000000004, 0x0, 0x0, 0x0, 0x19}, 0x0, &(0x7f00000002c0)={0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xffffffffffffffff}, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000640), r2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00042dbd70000000000002000000080001000000000063d6f9563c098944597e8ee95e39cabda56011c7f6f367181292350d1cdb60fad90ffaec81ef3c7664fe843a0bfebcfd7528342524049ce1929b9f55461d999386f799e963acc6d60a93ca2c8005"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, 0x0, 0x309, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa0}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xfffe}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa0}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x40840)
ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000040)={0x2, 0x4, 0x6, 0xc, 0x1, 0x1, 0x0, 0x141})
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000e80)=ANY=[@ANYBLOB="6650749b3f1bbc601e68d26a00292d16bc0c2238942552487325a238afcad5b989c6a127864e56085a6a946d822648745ce21915637c0ec974f8e54f4ae015317d694477b1b625914cc7b3ed06ad96c084cb6404d2e22851bed9c8f53cb740416d4748ad8810887e16747821f9dee7b6ba5a77568a94eb5bbdd6180814a9d08c05e6db53d5e32c2419807959fe4af77adf359a8ca9", @ANYRES16=r3, @ANYBLOB="00012abd7000ffdbdf2501000000080002000300000064000c804c000b8008000900373ff22c080009006391a31c08000a008c9b00000800090006cc9d0608000900ffffff7f080009006816330808000a00df25000008000a0041c2000008000900887e006814000b800800090001dc825408000a00b9e30000080001000200000080000c8024000b80080009006042f71308000a00e48f000008000a002a02000008000900a369695c2c000b80080009001de40c7c080009000770b4140800090070147e3108000a000afc000008000a00b26f00002c000b8008000900f76e1c6208000900dfae3e3208000a007a1d000008000a00d60100000800090073b19f5dac0008800c00078008000600cd0000000c000780080006009200000014000780080005000d72566c08000500a7d414722400078008000600a6000000080006005d000000080006003100000008000600340000004c0007800800060045000000080006001e0000000800050094d2116c08000500a1e0d707080006002c00000008000500f520f9040800060069000000080006003c000000080005007aa548720c0007800800060068000000080002000100000024000c8014000b8008000a00b2ff0000080009002a94ba7d0c000b8008000a00b3790000c4000c8024000b80080009002c49e14e08000900bd34444208000a006e8f000008000a00bab9000044000b80080009008e21015208000a007d0500000800090047654d7b080009009674ac2c08000a00fa34000008000a00da9d00000800090045ded54e08000a00d017000024000b8008000a00ffa3000008000a00960a00000800090081eb3c290800090011c9a43734000b80080009005a290162080009006f80261508000a004c0d000008000900ab938d56080009009038d25708000a00f0a500000800020001000000"], 0x2ac}, 0x1, 0x0, 0x0, 0xc040}, 0x20004804)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r2)
ioctl$RTC_PIE_ON(r1, 0x7005)

01:03:11 executing program 0 (fault-call:9 fault-nth:96):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:11 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0xd7ff, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  765.054123][T23218] FAULT_INJECTION: forcing a failure.
[  765.054123][T23218] name failslab, interval 1, probability 0, space 0, times 0
[  765.066840][T23218] CPU: 0 PID: 23218 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  765.076633][T23218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  765.086686][T23218] Call Trace:
[  765.089947][T23218]  dump_stack_lvl+0xd6/0x122
[  765.094523][T23218]  dump_stack+0x11/0x1b
[  765.098674][T23218]  should_fail+0x23c/0x250
[  765.103138][T23218]  __should_failslab+0x81/0x90
[  765.107887][T23218]  ? register_for_each_vma+0x372/0x890
[  765.113337][T23218]  should_failslab+0x5/0x20
[  765.117826][T23218]  kmem_cache_alloc_trace+0x52/0x320
[  765.123157][T23218]  ? register_for_each_vma+0x372/0x890
[  765.128609][T23218]  ? vma_interval_tree_iter_next+0x24c/0x280
[  765.134609][T23218]  register_for_each_vma+0x372/0x890
[  765.139877][T23218]  __uprobe_register+0x404/0x8b0
[  765.144797][T23218]  uprobe_register_refctr+0x29/0x40
[  765.149979][T23218]  probe_event_enable+0x2be/0x7d0
[  765.154986][T23218]  ? __uprobe_trace_func+0x440/0x440
[  765.160314][T23218]  trace_uprobe_register+0x88/0x410
[  765.166035][T23218]  perf_trace_event_init+0x34e/0x790
[  765.171369][T23218]  perf_uprobe_init+0xf5/0x140
[  765.176119][T23218]  perf_uprobe_event_init+0xde/0x140
[  765.181393][T23218]  perf_try_init_event+0x21a/0x400
[  765.186493][T23218]  perf_event_alloc+0xa60/0x1790
[  765.191475][T23218]  __se_sys_perf_event_open+0x5db/0x2810
[  765.197090][T23218]  ? proc_fail_nth_read+0x150/0x150
[  765.202313][T23218]  __x64_sys_perf_event_open+0x63/0x70
[  765.207768][T23218]  do_syscall_64+0x44/0xa0
[  765.212214][T23218]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  765.218096][T23218] RIP: 0033:0x4665f9
[  765.221980][T23218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  765.241580][T23218] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  765.249975][T23218] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  765.257989][T23218] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  765.265942][T23218] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  765.273898][T23218] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  765.281852][T23218] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:11 executing program 1:
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, 0x0, 0x4, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xffffffff}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x20}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x14}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8001}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5a}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x4004000)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x4000000000000000}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:03:12 executing program 1:
r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80800)
getpeername(r0, &(0x7f0000000040)=@hci, &(0x7f00000000c0)=0x80)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)

01:03:12 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  765.813173][T23190] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  765.821260][T23190] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  765.848704][T23190] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
01:03:12 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:03:12 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0xff0f, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  765.856711][T23190] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:14 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x21, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:14 executing program 0 (fault-call:9 fault-nth:97):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:14 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)={0x3fcb, 0x9, 0x2, 0x8001, 0x3, 0x3})
pselect6(0x40, &(0x7f0000000280)={0x100000001, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, &(0x7f0000000040)={0x83, 0x5, 0x200000080000, 0x31ff, 0x0, 0x1}, 0x0, 0x0)
clock_nanosleep(0x0, 0x1, &(0x7f0000000080), &(0x7f00000000c0))
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x1010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x3ede, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x5}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)={0x77359400}, 0x1, 0x0, 0x0, {0x0, r5}}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000440)=@IORING_OP_RECVMSG={0xa, 0x3, 0x0, r4, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000000380)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1, &(0x7f00000003c0)}, 0x0, 0x140, 0x0, {0x3, r5}}, 0xfff)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
io_setup(0x3, &(0x7f0000000200)=<r8=>0x0)
read$eventfd(r7, &(0x7f0000000140), 0x8)
io_submit(r8, 0x2, &(0x7f0000000580)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, r7, &(0x7f0000000240)='V', 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x1}])
io_pgetevents(r8, 0x2, 0x6, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000100), 0x0)

01:03:14 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:14 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:03:14 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0xffd7, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:14 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)

[  768.244186][T23268] FAULT_INJECTION: forcing a failure.
[  768.244186][T23268] name failslab, interval 1, probability 0, space 0, times 0
[  768.256819][T23268] CPU: 0 PID: 23268 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  768.266618][T23268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  768.276653][T23268] Call Trace:
[  768.279912][T23268]  dump_stack_lvl+0xd6/0x122
[  768.284492][T23268]  dump_stack+0x11/0x1b
[  768.288632][T23268]  should_fail+0x23c/0x250
[  768.293125][T23268]  __should_failslab+0x81/0x90
[  768.297875][T23268]  ? register_for_each_vma+0x372/0x890
[  768.303391][T23268]  should_failslab+0x5/0x20
[  768.307881][T23268]  kmem_cache_alloc_trace+0x52/0x320
[  768.313165][T23268]  ? register_for_each_vma+0x372/0x890
[  768.318624][T23268]  ? vma_interval_tree_iter_next+0x24c/0x280
[  768.324593][T23268]  register_for_each_vma+0x372/0x890
[  768.329910][T23268]  __uprobe_register+0x404/0x8b0
[  768.334834][T23268]  uprobe_register_refctr+0x29/0x40
[  768.340061][T23268]  probe_event_enable+0x2be/0x7d0
[  768.345069][T23268]  ? __uprobe_trace_func+0x440/0x440
[  768.350360][T23268]  trace_uprobe_register+0x88/0x410
[  768.355596][T23268]  perf_trace_event_init+0x34e/0x790
[  768.360872][T23268]  perf_uprobe_init+0xf5/0x140
[  768.365683][T23268]  perf_uprobe_event_init+0xde/0x140
[  768.371031][T23268]  perf_try_init_event+0x21a/0x400
[  768.376168][T23268]  perf_event_alloc+0xa60/0x1790
[  768.381127][T23268]  __se_sys_perf_event_open+0x5db/0x2810
[  768.386782][T23268]  ? plist_check_list+0xf9/0x160
[  768.391706][T23268]  ? finish_task_switch+0xce/0x290
[  768.396801][T23268]  __x64_sys_perf_event_open+0x63/0x70
[  768.402245][T23268]  do_syscall_64+0x44/0xa0
[  768.406649][T23268]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  768.412558][T23268] RIP: 0033:0x4665f9
[  768.416447][T23268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  768.436037][T23268] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  768.444517][T23268] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  768.452473][T23268] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  768.460473][T23268] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  768.468423][T23268] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  768.476376][T23268] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:15 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000080)={0x0, 0x1, {0xa, 0x3b, 0x9, 0x1f, 0x4, 0x0, 0x6, 0xc9}})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x87, 0x0, 0x1, 0x0, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0xfffffffffffffbfe, 0x10001, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
openat(r1, &(0x7f00000000c0)='./file0\x00', 0xaa000, 0x1)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x1bba)
nanosleep(&(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000040))

01:03:15 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x1, 0x0, {0x22, 0x11, 0x3, 0x6, 0x1, 0x2, 0x0, 0x4, 0xffffffffffffffff}})
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x4000000}, 0x0, &(0x7f0000000300)={0x5, 0x800000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0)

01:03:15 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, 0x0, 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:15 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100))

01:03:15 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  769.002001][T23248] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  769.009994][T23248] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000770f5c2c
[  769.025159][T23248] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  769.033160][T23248] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  769.057326][T23248] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  769.065399][T23248] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:18 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x22, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:18 executing program 0 (fault-call:9 fault-nth:98):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:18 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, 0x0, 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:18 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x2}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:18 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000058c40)={0x1, [], 0x1, "2156816c73038c"})
r0 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r1=>0x0, ""/256, <r2=>0x0, <r3=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r3}, {0x0, r3}, {r2}, {<r4=>r2}, {}, {}, {}, {}, {}, {r2, r3}, {0x0, r3}, {}, {r1, r3}, {0x0, r3}, {}, {r2, r3}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {<r5=>r2}, {0x0, r3}, {r1}, {}, {r1}, {0x0, r3}, {}, {}, {r1, r3}, {}, {}, {0x0, r3}, {0x0, r3}, {}, {r1, r3}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {r2}, {0x0, r3}, {}, {r1, r3}, {0x0, r3}, {r1}, {}, {r2}, {r1}, {}, {0x0, r3}, {}, {0x0, r3}, {0x0, r3}, {}, {0x0, r3}, {r2, r3}, {}, {0x0, r3}, {0x0, r3}, {r2}, {r1}, {r1}, {r1}, {0x0, r3}, {}, {0x0, r3}, {}, {r2}, {}, {}, {}, {}, {0x0, r3}, {r2}, {}, {}, {0x0, r3}, {r1}, {}, {}, {0x0, r3}, {r1, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {r1}, {0x0, r3}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {r1, r3}, {}, {r2, r3}, {r1}, {r2}, {}, {r1}, {r1}, {r2, r3}, {}, {r1}, {r1, r3}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {r1, r3}, {0x0, r3}, {r2, r3}, {r1, r3}, {r2, r3}, {0x0, r3}, {}, {r2, r3}, {r2}, {}, {0x0, r3}, {r1}, {0x0, r3}, {r2}, {r1}, {}, {0x0, r3}, {0x0, r3}, {}, {}, {}, {}, {0x0, r3}, {r2}, {r1}, {}, {}, {}, {0x0, r3}, {r1, r3}, {}, {}, {}, {0x0, <r6=>0x0}, {}, {}, {}, {}, {r1}, {r1}, {0x0, r3}, {r1, r3}, {r2, r3}, {<r7=>0x0, r3}, {r1}, {}, {r1}, {0x0, r3}, {r2}, {r1, r3}, {0x0, r3}, {0x0, r3}, {}, {}, {}, {}, {}, {r1}, {}, {r1}, {}, {}, {r2}, {0x0, r3}, {r2, r3}, {0x0, r3}, {}, {0x0, r3}, {0x0, r3}, {r2}, {r2, r3}, {}, {}, {r1}, {}, {r1}, {}, {}, {0x0, r3}, {}, {}, {}, {r2}, {0x0, r3}, {r1}, {r2}, {r2}, {}, {}, {r2}, {0x0, r3}, {}, {r1}, {r1, <r8=>0x0}, {}, {}, {0x0, r3}, {0x0, r3}, {r2, r3}, {}, {0x0, r3}, {r1}, {r2, r3}, {r1}, {r2, r3}, {r2}, {r1, r3}, {}, {}, {}, {r1}, {}, {r1}, {0x0, r3}, {r2}, {r2}, {r1}, {0x0, r3}, {0x0, r3}, {r2}, {}, {}, {}, {}, {0x0, r3}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000054f40)={<r9=>0x0, 0x0, "a4b80581d94dab801cfc847d02f8c1a8a1e6cbe4d99932132c7dcc9f267b05d6a44067675dd4824df3d794c2082f60b1b1443256ff59aa915738608926836ea5ff291bb3805bbbd611bba5b6a208d655fe011485fe83653615483ae418da8dfed2366007ccc83714ccaa5b550fc86a546dc1420899ca93b7ab77c15df133ea13d175d9919830e8b88f600b1b7a894540fa837b1c828fc3fefbf0c8ef0cd1503a3dcb92ce45a43cdc8579a9356bb02fe84df2ffbd25cbe83ebbc0a5936b387c09baf5bf9d6cad9ba5955b5ea8a2092c88883026b6d928f733aa78e6ff75d1508f3ce80ce50260122e4144fbc7efe0463adc96baeb79bb98f20635127097805b33", "d0a139cead4d23c7fc6b805915acd692aba4398c72e16ea6999e361170a3de112795f4f511458641c803bdd2c0227fce9b0366b85846f593c660752464290b61ae77513a06bb760feeed4a78b823b34f1884539e2d9f09b2a4b9cd6204dc4410fa08b28ed2dc419ed3983730a7054bcddfb85d3095bb99eb4481fba777a58bc9cb6006da05cabb25beabc089df727368b963e2d583aacfe4609d25f446991bb5e906f6c3c4650a9849a955aa724b2f576d119b280c0c6a0bf08216b6ab249a4a0bff1bb16a2b8c04b0a4f6c23ea476be24549397ce99db9d530e2a7a5cd5532b964b824f14fa39beea929397391f3c7b73c0fbc577dffdabba3cf41bef23a21b146c30388ab2925dd97e0485856ce6a70c498ddd821fd0e6fa1858c67379be513f2df28e9bc9b240c24358e986e6818a83471076eab546601ae88eaefca1fe322a4eb18fe37711dc650ef5eb32b308205ee8632778663f105d779b101c702835296530d4bb2a2487b59d7a7504eba728e9933ac5bb4fa9e0c44f9e0dd5e86db32bb33baa236c505cf373e1ac58bbd8e2c8250b97323e2a454b421a6688088e27e9141eb9e63f50868669737af247aea0b36c6b2cd90ca0efb02437547da8ac37243648b0f4b668c01ab9ed6a236c67a2e3d592d35de1eceaf5e38f0994b47d0857543c4c262fa5f718dd536a74e0506fae250f814b04c229cbbce2ced505b20ac118fdd84bf08832176b6cdd68e1236041e0546ef44b5826c911fb0d407b2c8313bae53373de7e79880344e14ea3a0752a6724253913b0b2b69493e8256ff3678de45a3eb82eb00e4ffa2ec88b925be9abe5e6a395198a8273e569282f1285d8c298b610749b2e3b7bddd0b1bdf303d3d962f1a2b52ad0bd25ebaeea19e2fdcfbede894c0b419171e482225e2f54b709b6916b93f0190016bc699745d6641d86591a601153a84e193395bad28a3c58a6ac3db34c58f0f1f53f53cc78573758a8a865fb3d091aaa7487e855df5ac9768bf08266de6c8ea2ac4116606510af363203eab0989d1906ab95b66d6e7b081d376b392abff6f61306943dd19a038f953975a4e9d3e7569c0cd320675419055d201b5d4009e4b6fc79b52d211702022c2e605c92be99814f08cabfd439b1b63950d7a751b4cd4e7cd187b27da0b6a2cf37c0adb7382073d29a44492ccd0762eb662888a9d11db5da6b4a44151dec2dae7056db1e715528766301776bef9515b992225076393045812853d4a4442a7b444201cbf18c6b686b93007ed535d19a6d8117ce54730152a1ab5972301eff2e87e15768204f0b02f56525b255caf9df847c6fbd41d87792b8ab91cea6d743b271810bdc126f767c78a792bac9d064ff60413ce32bb78db2fb6ec325f62ac8c77da13f2b2c8a4abcea961f23c3b921e891ff580e81e2d7c85e52edaf1df676092f064c8af210ff477d996f07b8c4e1b23049a6e1d1c2e087454c300b75e4fdc63c8256640d35c04c761633a298458469a51004f32fefa0856b45ec59c868ee2fbf90a514f378e3724694afdb1df28106117d5dd02e033ce39d9d57261701d2ba6cac7f2560f5c2a6e8f1d6b7227eff0f8def51aa4913bcae4e4075fc85ab6bc199cd4c0783e917aebe0a2b98b5f2e7caf06faa25f12aa01c1a21279466fba5c401fa65720d0da2b160f1a6883bbbb15b1832c73d0cb6699584694b8eda85dd7eb8461526ceb673a6ce3389628063ca46864be4fc7ec89947399e9241a5e2b361ce1e1fc52f37f81f24dff0e584257f80d03433abbf1da44bd2a700b769991d3f6feb19b81fd58a25e292e7a781a732cfb0db4400d64b01f03cbded3b800ffb395ad9afa21edadd8afbcd3585ebcfad73512d04bd4279c363f8b82d9408a8f4ba9ca8fab48bcd08a73101fb59c844710b672acacfd4e96ef678dad280752182163f872246a31559d9f070bebe7b310630da8809bf2f45abbf1f9d1ef8cf24802b3eed4ce369e3940bb618ff4a363762a51270749ebc5137938046bca9386b94b602b11c615e129e73b65e6b54616d5d902b2a830f442ac37c1cab36bca627e95fcc6e0de5af62dedff986e1b77e709a9610da978b5ffffcf5ce21072da6abde0e888816d589ea3005db3a1c6776777d20e2e6ed7438308a9acb7e52210484540661279c53fbca1f99b0f75955816278a2bcdfa95b90976743d173608e7ec45aa451bbb7576f4dc87997ce77b60ce40e5b7b96bcdb59ac8cd8f9bff32bb0b4962b14905830478d36aef918dbf04d299186b9f4b67b97639667fa1eb019503f4ea012b3b4bde0d330ec8fe8e28a4457d3b260e569f309849c9f26207c34a378f743b230ec17f4f09122d55340b73d538d253b43e07bd30a690050a372c8b324672136b78568169fc37d272f22da9bb971a6345f814b659af53b100e8583553427c93caa4fe40407d0ab6df363583aa637774e1e1857f96b102c206f826662ea3133645de21b7476adbafffab9bd208d75cf7e32ad08002a064b2603ce82621c3b7f1b4858fa81dae2eb8c72078dddb5e06d382865a80a6460a402fc8634db5ee030e9d1057812043d35775ad5e1f1490be1ef35b8361f099502172a0f1d99bf45dd7a9b5bec1252cbb1b7eaa577512f34675f473c174eecd80956f9cf44896b690172d3acd550218878f9e2c632c1820efe7c56b48b09e1c46da97d23629a3f912d8c0f8788cde60e986d5ba6670351ec4970b6ee2f91b8538ada02e74860320e29cd35f86c49dcb19a014cfc3a0d242fce4c00865a5285953c58f9af97fb1dd0b02e56a52560bf73e5abcfcd01b45c640252466a7f29b0c6f0498ceb327cbbd275649a01823a8e77c74520bab99dc58f44a4d9fb9e6cac0a2e01bca3f228b54478809b940b1a9e9dbdaa91572fefc0ac66a99e579d254557ff96c22eadb4c614addb460e140be8435a2ae3b305a575f5f10b805c64770ef90b577f887b8cd0589369060b42214f0e713c3492869416e028c46710941c9ced962f090ca9fca536958efb9b37e26d858901b04f50a6020d25e01c2e3c6db86559ec5a7044f61c275fba34ad23d9d15b5c3b20343047a99b0dc448eae1345abe08576086571b9a7c00dac9e736bdc7674ca2b5f33572f1b9c71d84b18fcfe043abb8b2664d795bc5418200be662d837125243a84f4efced030969749afa9fd5e9a062803717aac9f17333f5e5f6fbbd39c438943298509e00db94516d58ca38fc86ab7e96ddd05e7c5fb2a41123e2f2a325d23973fac995c78d701e6f9a610d9aecc2f14ad641789e911f8835ca4f6f0c4f2fa1a6954ec3e63cbf49e07801b1464caad4a15efd7a95a4eed9bd0db24c8f905113ca809029fd6c6170e0b6c289a34740ab6f5a3d096fc701d62926eff8879083697e95edd136fbef4a4a59b4312888587e42aaf8733f6f6e5944040abeedcb4c13b628d01fd1794736bcd2c6fd373874b3ecdf08d8715a91f34fc33000b76f3fdd8d7875001db4816e0352295d0bd4672fa7da0dcf32c9bca5a02b158593d8e7ee427d0875a4298368cc748f2f01ba2489d1f3481fc5c401e201695b896ccf5ad9007c266f610ce216eef17c246ad9f2bd2a45c9333ae43b1b260b13e3e901567f1f6910dd333c681849498d36c822c0dbb925d7d4a8bce7d2747b81af5857d9931c909c91adb307b77ac0d6ae63951de2c96252662a3fecd77d996f7e25a848466e8db7e1b4e334a8c077ce552c9b6a904645e4d7a1f715a2329aa0ae645c6cc3aa6b54f373f9bc8ba88d7c6fe1e3c37e44cb0738aeeb6cc09af8ddf9d3d6b388d89a0a4793f76524a0b4f3ab7455b3c3cc832e695671d9fb58d1c3be00fa719d2d2e4d0b54b7db9b4519920973a80ffa6d47dbde590d7e44dc3a3a71ed16d96c2a17fad01d348ca06c7ba16b24597fec3db43f7e6157646596698a44f2b3cd678e5c9cf8fc0a52a00547154c1ee2c7b04aca13f66d0dab6572bb77f0ee96392604595165b5132f5408241f4e9f7427bb46a52574e563484e8b2170af990bdb001aa612dade122172cd04517b4fcae810aab76a9e04d1a8edae768e0072ac39507b2a005341be815a2037c25bf4d116df144edc2441678755dca37a718b0ed4de8b0febac551215754c93984b8b274da799ebe3f3948381e255e7ec88af11956a13838eed655e354d489cba24368eab64e7c614afec72c1123252f1733bd5798e546cad1bc5c7e2cab22b5b76f55195e0e75a37acc2668e04c2251219aa07117e904b1902da4857c89e906b62fa35952c17228b3a3f8b9dc0a4772a9f26606d36051dd410e7b88e21386d56b17d6777aa4687250e538e0da2733557ccab4eb04528bfca31bafe7bbeb79c1873d555b5d0f00218942f61b8cf7f2da9a32787627a384f2ad99e78cc04b30a407259bd85bd0362c5d8aed00422ec289dbe4a9a93e88cd116cbaaf6f897df2a9ae8da65596396445d3b477cd9b755341bbb5d5b403638351c0f50a98fc09f59ea32944bea8df452d484594ce489f0de42f0a364ca6a38367d81b69c4afca32c96402dccf45edc65f9a91d4225a2d6a81aefdc7ec519e29fb7c983212b919a00b82e1ea665bfc439344f12db6a155562c9bfc35225404c3c5dab967ef226823e85040d6d755639a783c7fe3708e2b17c8a4f39bdce7dc6216a1f21a4a03e85a8229ee4ea3439b933772a82c1b3d6f30c1b57bbfef4a4d8839289b62f2942cc154ecb74ab391d9d049e134f293357e8f21df59abeb1efe8fad225d8bc02254b2088ddfc9763902e77bd9c2102de627e4d4f333617250409906bb1e2f180097a0164ac91025aeea2a0c783d9465c6b53472b897f138b6dbcf7aa124e66d0e1db7482bb2f850686eb6dba016298f80af21ff9733e7f4c0534173db2a68abfb19e425982bb8b757511a2c482535f79f973312d08fc571d6f78dcc93b67aeac45eaa9041fb0e35de968beb409211a86f8351472333ce374f0bfafd599613850b6b8fdae54e71109bf2c203fe23f1861481e6ec7341592d798e9c894e9163384517f7ba0b0cde522a643dac15691f2b6e291771b6e746e688896665f4ce2759c75f24e8310b951dfebff003064e04433eb77de3ef8c28629d968b607785b96e1c1e85465183b3fdad902742511a1668cb69c65bfbf4e59dd78bdf288a544af2406dfc50eccaabdb17b9b2e9ebf4ff093f34ec1ce1feb514783ae6ce2727244f514076bcaf0df34f48b6fc58bd9840736400f8517aa32820f4ec60637587a3eadbb1542824330c42c5f67f9efdc92aabdabda2c00942d5f640246386e6f794bf749140e1a077e55cab3b3d61800b831560189f654516af129962e74ce14b2a0eb16522f47167f1771794394343ed655b24194fbee41b9a18b41f5a9a1e67e7a150"})
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000055f40)={{<r10=>0x0, 0x5, 0x400, 0x1b26, 0x0, 0x0, 0x1000, 0x2, 0x8, 0x5, 0xee, 0x62, 0x2, 0x0, 0x6}})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000056f40)={0x3, [{}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1, r9}, {}, {r10}], 0x4, "6ac352d1b76f87"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000057600)={0x0, ""/256, 0x0, <r11=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000057800)={<r12=>0x0})
r13 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r14=>0x0, ""/256, <r15=>0x0, <r16=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r13, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r16}, {0x0, r16}, {r15}, {r15}, {}, {}, {}, {}, {}, {r15, r16}, {0x0, r16}, {}, {r14, r16}, {0x0, r16}, {}, {r15, r16}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {r15}, {0x0, r16}, {r14}, {}, {r14}, {0x0, r16}, {}, {}, {r14, r16}, {}, {}, {0x0, r16}, {0x0, r16}, {}, {r14, r16}, {}, {}, {}, {}, {0x0, r16}, {}, {}, {r15}, {0x0, r16}, {}, {r14, r16}, {0x0, r16}, {r14}, {}, {r15}, {r14}, {}, {0x0, r16}, {}, {0x0, r16}, {0x0, r16}, {}, {0x0, r16}, {r15, r16}, {}, {0x0, r16}, {0x0, r16}, {r15}, {r14}, {r14}, {r14}, {0x0, r16}, {}, {0x0, r16}, {}, {r15}, {}, {}, {}, {}, {0x0, r16}, {r15}, {}, {}, {0x0, r16}, {r14}, {}, {}, {0x0, r16}, {r14, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {}, {r14}, {0x0, r16}, {0x0, r16}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {r14, r16}, {}, {r15, r16}, {r14}, {r15}, {}, {r14}, {r14}, {r15, r16}, {}, {r14}, {r14, r16}, {}, {}, {}, {}, {0x0, r16}, {}, {}, {}, {r14, r16}, {0x0, r16}, {r15, r16}, {r14, r16}, {r15, r16}, {0x0, r16}, {}, {r15, r16}, {r15}, {}, {0x0, r16}, {r14}, {0x0, r16}, {r15}, {r14}, {}, {0x0, r16}, {0x0, r16}, {}, {}, {}, {}, {0x0, r16}, {r15}, {r14}, {}, {}, {}, {0x0, r16}, {r14, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {r14}, {r14}, {0x0, r16}, {r14, r16}, {r15, r16}, {0x0, r16}, {r14}, {}, {r14}, {0x0, r16}, {r15}, {r14, r16}, {0x0, r16}, {0x0, r16}, {}, {}, {}, {}, {}, {r14}, {}, {r14}, {}, {}, {r15}, {0x0, r16}, {r15, r16}, {0x0, r16}, {}, {0x0, r16}, {0x0, r16}, {r15}, {r15, r16}, {}, {}, {r14}, {}, {r14}, {}, {}, {0x0, r16}, {}, {}, {}, {r15}, {0x0, r16}, {r14}, {r15}, {r15}, {}, {}, {r15}, {0x0, r16}, {}, {r14}, {r14}, {}, {}, {0x0, r16}, {0x0, r16}, {r15, r16}, {}, {0x0, r16}, {r14}, {r15, r16}, {r14}, {r15, r16}, {r15}, {r14, r16}, {}, {}, {}, {r14}, {}, {r14}, {0x0, r16}, {r15}, {r15}, {r14}, {0x0, r16}, {0x0, r16}, {r15}, {}, {}, {}, {}, {0x0, r16}], 0x1, "2156816c73038c"})
r17 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x8}, 0x0, 0x0, 0x9, 0x7, 0x7fffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)={<r18=>0x0, ""/256, <r19=>0x0, <r20=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r17, 0xd000943d, &(0x7f0000058c40)={0x1, [{0x0, r20}, {0x0, r20}, {r19}, {r19}, {}, {}, {}, {}, {}, {r19, r20}, {0x0, r20}, {}, {r18, r20}, {0x0, r20}, {}, {r19, r20}, {}, {}, {}, {}, {}, {}, {}, {0x0, r20}, {r19}, {0x0, r20}, {r18}, {}, {r18}, {0x0, r20}, {}, {}, {r18, r20}, {}, {}, {0x0, r20}, {0x0, r20}, {}, {r18, r20}, {}, {}, {}, {}, {0x0, r20}, {}, {}, {r19}, {0x0, r20}, {}, {r18, r20}, {0x0, r20}, {r18}, {}, {r19}, {r18}, {}, {0x0, r20}, {}, {0x0, r20}, {0x0, r20}, {}, {0x0, r20}, {r19, r20}, {}, {0x0, r20}, {0x0, r20}, {r19}, {r18}, {r18}, {r18}, {0x0, r20}, {}, {0x0, r20}, {}, {r19}, {}, {}, {}, {}, {0x0, r20}, {r19}, {}, {}, {0x0, r20}, {r18}, {}, {}, {0x0, r20}, {r18, r20}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r20}, {}, {r18}, {0x0, r20}, {0x0, r20}, {}, {}, {}, {}, {}, {}, {}, {0x0, r20}, {r18, r20}, {}, {r19, r20}, {r18}, {r19}, {}, {r18}, {r18}, {r19, r20}, {}, {r18}, {r18, r20}, {}, {}, {}, {}, {0x0, r20}, {}, {}, {}, {r18, r20}, {0x0, r20}, {r19, r20}, {r18, r20}, {r19, r20}, {0x0, r20}, {}, {r19, r20}, {r19}, {}, {0x0, r20}, {r18}, {0x0, r20}, {r19}, {r18}, {}, {0x0, r20}, {0x0, r20}, {}, {}, {}, {}, {0x0, r20}, {r19}, {r18}, {}, {}, {}, {0x0, r20}, {r18, r20}, {}, {}, {}, {}, {}, {}, {}, {}, {r18}, {r18}, {0x0, r20}, {r18, r20}, {r19, r20}, {0x0, r20}, {r18}, {}, {r18}, {0x0, r20}, {r19}, {r18, r20}, {0x0, r20}, {0x0, r20}, {}, {}, {}, {}, {}, {r18}, {}, {r18}, {}, {}, {r19}, {0x0, r20}, {r19, r20}, {0x0, r20}, {}, {0x0, r20}, {0x0, r20}, {r19}, {r19, r20}, {}, {}, {r18}, {}, {r18}, {}, {}, {0x0, r20}, {}, {}, {}, {r19}, {0x0, r20}, {r18}, {r19}, {r19}, {}, {}, {r19}, {0x0, r20}, {}, {r18}, {r18}, {}, {}, {0x0, r20}, {0x0, r20}, {r19, r20}, {}, {0x0, r20}, {r18}, {r19, r20}, {r18}, {r19, r20}, {r19}, {r18, r20}, {}, {}, {}, {r18}, {}, {r18}, {0x0, r20}, {r19}, {r19}, {r18}, {0x0, r20}, {0x0, r20}, {r19}, {}, {}, {}, {}, {0x0, r20}], 0x1, "2156816c73038c"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057a00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r21=>0x0}], 0x6, "de21205659d52b"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000058a00)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1, r11}, {r12}, {}, {r15, r20}, {0x0, r21}], 0x84, "ab722330ed3239"})
r22 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r22, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:03:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x3}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  771.913168][T23318] FAULT_INJECTION: forcing a failure.
[  771.913168][T23318] name failslab, interval 1, probability 0, space 0, times 0
[  771.925816][T23318] CPU: 0 PID: 23318 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  771.935625][T23318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  771.945675][T23318] Call Trace:
[  771.948941][T23318]  dump_stack_lvl+0xd6/0x122
[  771.953535][T23318]  dump_stack+0x11/0x1b
[  771.957691][T23318]  should_fail+0x23c/0x250
[  771.962107][T23318]  __should_failslab+0x81/0x90
[  771.966901][T23318]  ? register_for_each_vma+0x372/0x890
[  771.972424][T23318]  should_failslab+0x5/0x20
[  771.976917][T23318]  kmem_cache_alloc_trace+0x52/0x320
[  771.982299][T23318]  ? register_for_each_vma+0x372/0x890
[  771.987788][T23318]  ? vma_interval_tree_iter_next+0x24c/0x280
[  771.993829][T23318]  register_for_each_vma+0x372/0x890
[  771.999113][T23318]  __uprobe_register+0x404/0x8b0
[  772.004086][T23318]  uprobe_register_refctr+0x29/0x40
[  772.009278][T23318]  probe_event_enable+0x2be/0x7d0
[  772.014294][T23318]  ? __uprobe_trace_func+0x440/0x440
[  772.019568][T23318]  trace_uprobe_register+0x88/0x410
[  772.024757][T23318]  perf_trace_event_init+0x34e/0x790
[  772.030073][T23318]  perf_uprobe_init+0xf5/0x140
[  772.034855][T23318]  perf_uprobe_event_init+0xde/0x140
[  772.040143][T23318]  perf_try_init_event+0x21a/0x400
[  772.045248][T23318]  perf_event_alloc+0xa60/0x1790
[  772.050187][T23318]  __se_sys_perf_event_open+0x5db/0x2810
[  772.055817][T23318]  ? proc_fail_nth_read+0x150/0x150
[  772.061006][T23318]  __x64_sys_perf_event_open+0x63/0x70
[  772.066483][T23318]  do_syscall_64+0x44/0xa0
[  772.070964][T23318]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  772.076862][T23318] RIP: 0033:0x4665f9
[  772.080818][T23318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  772.100493][T23318] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
01:03:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x4}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  772.108975][T23318] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  772.117004][T23318] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  772.124971][T23318] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  772.132955][T23318] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  772.140912][T23318] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x5}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xa}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x18}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x24}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  772.494138][T23300] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  772.502246][T23300] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  772.529433][T23300] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  772.537454][T23300] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:20 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:20 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x23, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:20 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x58}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:20 executing program 1:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x1aa8)
pselect6(0x40, &(0x7f0000000280)={0xbb9, 0x5}, 0x0, &(0x7f0000000000)={0x8, 0x0, 0xfffffffffffffff7}, 0x0, 0x0)

01:03:20 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, 0x0, 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:20 executing program 0 (fault-call:9 fault-nth:99):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:21 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8, 0x0, 0x1ff, 0x0, 0x0, 0x100000}, 0x0, 0x0)

01:03:21 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x20c}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  774.535603][T23370] FAULT_INJECTION: forcing a failure.
[  774.535603][T23370] name failslab, interval 1, probability 0, space 0, times 0
[  774.548303][T23370] CPU: 0 PID: 23370 Comm: syz-executor.0 Tainted: G        W         5.14.0-syzkaller #0
[  774.558170][T23370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  774.568204][T23370] Call Trace:
[  774.571462][T23370]  dump_stack_lvl+0xd6/0x122
[  774.576042][T23370]  dump_stack+0x11/0x1b
[  774.580320][T23370]  should_fail+0x23c/0x250
[  774.584718][T23370]  __should_failslab+0x81/0x90
[  774.589546][T23370]  ? register_for_each_vma+0x372/0x890
[  774.594992][T23370]  should_failslab+0x5/0x20
[  774.599481][T23370]  kmem_cache_alloc_trace+0x52/0x320
[  774.604750][T23370]  ? register_for_each_vma+0x372/0x890
[  774.610242][T23370]  ? vma_interval_tree_iter_next+0x24c/0x280
[  774.616208][T23370]  register_for_each_vma+0x372/0x890
[  774.621523][T23370]  __uprobe_register+0x404/0x8b0
[  774.626495][T23370]  uprobe_register_refctr+0x29/0x40
[  774.631676][T23370]  probe_event_enable+0x2be/0x7d0
[  774.636683][T23370]  ? __uprobe_trace_func+0x440/0x440
[  774.641950][T23370]  trace_uprobe_register+0x88/0x410
[  774.647129][T23370]  perf_trace_event_init+0x34e/0x790
[  774.652421][T23370]  perf_uprobe_init+0xf5/0x140
[  774.657234][T23370]  perf_uprobe_event_init+0xde/0x140
[  774.662504][T23370]  perf_try_init_event+0x21a/0x400
[  774.667806][T23370]  perf_event_alloc+0xa60/0x1790
[  774.672729][T23370]  __se_sys_perf_event_open+0x5db/0x2810
[  774.678354][T23370]  ? proc_fail_nth_read+0x150/0x150
[  774.683537][T23370]  __x64_sys_perf_event_open+0x63/0x70
[  774.689045][T23370]  do_syscall_64+0x44/0xa0
[  774.693499][T23370]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  774.699415][T23370] RIP: 0033:0x4665f9
[  774.703299][T23370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  774.722945][T23370] RSP: 002b:00007f6c01aea188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  774.731338][T23370] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9
[  774.739326][T23370] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480
[  774.747278][T23370] RBP: 00007f6c01aea1d0 R08: 0000000000000000 R09: 0000000000000000
[  774.755231][T23370] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000003
[  774.763183][T23370] R13: 00007ffd14fd70ff R14: 00007f6c01aea300 R15: 0000000000022000
01:03:21 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x218}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:21 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x241}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:21 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x300}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:21 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x500}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

[  775.282482][T23353] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  775.290501][T23353] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  775.308707][T23353] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  775.316784][T23353] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:24 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:24 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x26, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xa00}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:24 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:24 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x20040, 0x22)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0)={0xe794af94aed2bd71})
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/75, 0x4b}, {&(0x7f0000000100)=""/99, 0x63}], 0x2, 0x0, 0x7ff)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000200))
r3 = syz_open_pts(r2, 0x0)
readv(r3, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x4010, r3, 0xdbbb6000)

01:03:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xc02}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x1800}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x1802}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x2400}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x4102}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x5800}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  778.280358][T23395] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  778.288453][T23395] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  778.316029][T23395] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
01:03:24 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  778.324046][T23395] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:26 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0xbf, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:26 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xd7ff}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:26 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:26 executing program 1:
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x4}, 0x0, &(0x7f0000000300)={0x8, 0xfffffffffffffbff, 0x0, 0x7, 0x0, 0x10000}, 0x0, 0x0)

01:03:26 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:26 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:26 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xff0f}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:27 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x7ff00, 0xb, 0x0, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}]})
ioctl$RTC_AIE_ON(r1, 0x7001)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:03:27 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xffd7}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:27 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:27 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x50000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:27 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x1000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:27 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x2000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:27 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x3000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
syz_open_pts(r0, 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:27 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x4000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:27 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:28 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:28 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200))
r2 = syz_open_pts(r1, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000200))
r4 = syz_open_pts(r3, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4071, 0xfe7}], 0x1)
r5 = fcntl$dupfd(r4, 0x0, r0)
preadv(r5, &(0x7f0000000100)=[{&(0x7f0000000000)=""/68, 0x44}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000000080)=""/81, 0x51}], 0x3, 0x9, 0x1)
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000140)={0x40, 0x75, 0x1, {0x35, "8bd2faeaf95e6c1bc8b8ec38aa4105678073a03fa3689ee69703d3a62012000f43b1fe6c8d15ef86f102f14501c06d4bb834fea22d"}}, 0x40)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:03:28 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xa000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:28 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xc020000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  781.907534][T23523] ==================================================================
[  781.915630][T23523] BUG: KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq
[  781.923006][T23523] 
[  781.925310][T23523] write to 0xffff88810293cb80 of 8 bytes by interrupt on cpu 0:
[  781.932924][T23523]  rtc_pie_update_irq+0x9b/0xf0
[  781.937772][T23523]  __run_hrtimer+0x160/0x480
[  781.942356][T23523]  hrtimer_interrupt+0x380/0xaf0
[  781.947311][T23523]  __sysvec_apic_timer_interrupt+0x6f/0x1c0
[  781.953202][T23523]  sysvec_apic_timer_interrupt+0x64/0x80
[  781.958827][T23523]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  781.964800][T23523]  __tsan_read1+0x46/0x180
[  781.969478][T23523]  snd_seq_enqueue_event+0x2d/0x2b0
[  781.974665][T23523]  snd_seq_client_enqueue_event+0x219/0x2b0
[  781.980549][T23523]  snd_seq_write+0x435/0x540
[  781.985133][T23523]  vfs_write+0x27c/0x8d0
[  781.989542][T23523]  ksys_write+0xd9/0x190
[  781.993785][T23523]  __x64_sys_write+0x3e/0x50
[  781.998368][T23523]  do_syscall_64+0x44/0xa0
[  782.002784][T23523]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  782.008679][T23523] 
[  782.010985][T23523] read to 0xffff88810293cb80 of 8 bytes by task 23523 on cpu 1:
[  782.018601][T23523]  rtc_dev_poll+0x75/0xa0
[  782.022922][T23523]  do_select+0x783/0xe60
[  782.027154][T23523]  core_sys_select+0x43b/0x6c0
[  782.031911][T23523]  __do_sys_pselect6+0x1ea/0x250
[  782.036833][T23523]  __x64_sys_pselect6+0x74/0x80
[  782.041677][T23523]  do_syscall_64+0x44/0xa0
[  782.046091][T23523]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  782.051983][T23523] 
[  782.054286][T23523] value changed: 0x00000000000a9dc0 -> 0x00000000000a9ec0
[  782.061375][T23523] 
[  782.063682][T23523] Reported by Kernel Concurrency Sanitizer on:
[  782.069812][T23523] CPU: 1 PID: 23523 Comm: syz-executor.1 Tainted: G        W         5.14.0-syzkaller #0
[  782.079606][T23523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  782.089648][T23523] ==================================================================
01:03:30 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x4, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xf1b9646}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:30 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:30 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, 0x0)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:30 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x1001, 0x10)
r1 = syz_open_dev$vcsn(&(0x7f0000000040), 0x41f, 0x20800)
ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000340)=""/4096)

01:03:30 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:30 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x5, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x18000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:30 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x8, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:30 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x10, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x18020000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x24000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x41020000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x46961b0f}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:31 executing program 5:
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100))

01:03:31 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, 0x0)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:31 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x4}, 0x0, 0x0)
io_setup(0x3, &(0x7f0000000040)=<r1=>0x0)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0xff4)
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
io_pgetevents(r1, 0xa6b1, 0xa, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f00000000c0)={r2, r3+10000000}, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x290a00, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x2, 0x1)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x20800, 0x0)
ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0x1f7a)
clock_gettime(0x6, &(0x7f0000000140))

01:03:31 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:31 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x58000000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:31 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x91ffffff}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:31 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xd7ff0000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  785.836826][T23594] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  785.844894][T23594] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  785.862405][T23594] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  785.870422][T23594] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
01:03:33 executing program 5:
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100))

01:03:33 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x1e, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:33 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xd7ffffff}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:33 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, 0x0)
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:33 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x545000)
preadv(r1, &(0x7f00000014c0)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000000040)=""/33, 0x21}, {&(0x7f0000000080)=""/163, 0xa3}, {&(0x7f00000001c0)=""/104, 0x68}, {&(0x7f0000000140)=""/11, 0xb}, {&(0x7f0000001340)=""/235, 0xeb}, {&(0x7f0000001440)=""/105, 0x69}], 0x7, 0xfffffffa, 0xfffffffe)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)

01:03:33 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x20000500, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:33 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xeda4ffff}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xf5ffffff}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xfdffffff}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xfeffffff}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xff0f0000}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xffffa4ed}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:34 executing program 5:
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000200))
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100))

01:03:36 executing program 3:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200340, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x21, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

01:03:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xffffff91}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:36 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:36 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000300)={0x8}, 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)

01:03:36 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

01:03:36 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2020}, {0xffffffffffffffff, 0x20}, {r0}], 0x3, 0x0, &(0x7f0000000240), 0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100))

01:03:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xffffffd7}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xfffffff5}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xfffffffd}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0xfffffffe}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

01:03:37 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000280)=0x400027fe, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x33)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[  790.794608][T23660] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  790.802648][T23660] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5
[  790.820083][T23660] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1
[  790.828131][T23660] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce4cb8c5